Oracle Database – top 10 compliance issues seen

Home Risk & Audit Software

by | August 25, 2017

Forty years after its first release, Oracle Database is still one of the most popular database systems for the world’s largest companies. Almost every organization, however, struggles with the complex contracts and constantly changing conditions, with all the financial risks involved.

In this article, I sum up the ten most common compliance issues seen with Oracle Database.

Oracle’s policy is that its Database software must always be directly available to use – 24 hours a day, seven days a week. Everyone can download the software and use it without any technical restrictions. This in fact happens in many organizations. In terms of speed and user-friendliness, the benefits are evident, but many end users do not realize their organization is responsible for meeting the conditions set by Oracle. For the IT department, it is difficult to keep an overview and ensure agreement and practice are in line.

As a compliance issue can result in major financial consequences, managing and understanding contracts is absolutely necessary. The two well known contractual documents many organizations deal with are the ordering document, which includes the number of licenses purchased and the license metric, and the license agreement, that provides the conditions under which the software may be used. In addition, there are program documentations, support renewals, technical support policies, online license documents and online guidelines.

To know exactly, from a contractual perspective, what you can do with your Oracle Database software, you must know the fine print. This is challenging for many organizations and compliance issues tend to appear daily. A lack of knowledge on how software needs to be licensed within a particular hardware infrastructure often causes problems, but things can also go south when installing or configuring software. The following Oracle Database compliance issues are most commonly seen by large organizations.

1. Incorrect interpretation minimum number of licenses
For each person who gets access to the Oracle Database software, a so-called Named User Plus license is required. Oracle thereby applies a minimum required amount. This number differs per version, changes regularly and is calculated in different ways: Standard Edition Two includes 10 Named User Plus licenses per server, while Enterprise Edition includes 25 Named User Plus licenses per processor. Many organizations go wrong when counting the minimum number of licenses they require, resulting in a compliance issue. Note: If more people than the minimum required have access to the software, then additional licenses must be purchased.

2. Incorrect counting of processors
Counting processors, as required by Oracle Database Enterprise Edition, sounds easy, but too many organizations make mistakes here. Oracle has set up a method, which takes into account several factors when counting: not only the number of CPUs, but also the number of cores and the type. A small miscalculation can lead to a shortage of, for example, 25 licenses, which in the case of Enterprise Edition equals to around $ 1 million.

3. Server virtualization with VMware
The fact that Oracle is not a VMware fan is already known amongst most IT professionals – the 2016 trial with Mars is a good example of that. Oracle does not accept VMware as a technology to reduce the number of licenses required: all physical cores and processors on which the virtual server can be hosted must be licensed. However debatable this may sound, for years it has been Oracle’s default position in the licensing discussion. Nevertheless, for many organizations it is still a surprise when a compliance issue of several millions arises. Surely because different rules apply for licensing VMware version 5.0, 5.1 – 5.5, and 6.0 or higher.

4. Server virtualization with Oracle VM
As a non-fan of VMware, Oracle is pleased if you were to use Oracle VM, its own virtualization software, instead. From a licensing perspective, this technology includes the ability to limit the number of licensable ‘cores’. However, in practice, this often does not happen, and organizations fail to remember that the “peak use” (high-watermark) must be licensed. In addition, organizations are not aware that with other virtualization software each technology has its own rules (such as IBM Logical Partitions).

5. Less control through cloud computing and outsourcing
Many organizations today choose to outsource their hardware infrastructure to external parties. However, as an organization, you remain responsible for the correct licensing of Oracle Database, even though it is installed externally. There is less control with this type of cloud computing, while usually the same complex rules apply as for virtualization. Although outsourcing offers clear financial benefits, out-of-compliance situations still lurke. It is therefore sensible to agree with the outsourcer in advance who is responsible for the correct purchase of licenses, and to be informed in advance, as an end user, of the implications of transitioning to the (public) cloud.


Subscribe To Our Newsletter

Subscribe To Our Newsletter

ITAM Channel brings the best news and views from the ITAM industry. Sign up for the newsletter and get them straight to your inbox

You have Successfully Subscribed!