Openness of Oracle licensing and audit tools questioned

Verified third-party tools do not guarantee compliance position


Oracle customers can only use its licensing tools after the company has started to talk to them about software audits or offered license advice. Meanwhile, third-party tools that have been verified by Oracle do not help users in terms of license compliance.

In what may seem a double bind for users in the complex and often costly business of Oracle licensing, Garrick Brivkalns, program manager for Oracle Global Licensing and Advisory Services, made plain Big Red's position during a recent webinar held by the International Business Software Managers Association (IBSMA).

He described a set of software tools customers can employ to better understand their position in terms of software usage and licensing compliance.

They include the Oracle Collection Tool, which detects and collects usage data on a broad range of Oracle products like E-Business Suite enterprise applications, databases, Fusion middleware, application server WebLogic, and BI tools. It also offers standalone scripts specific to the product and an Oracle Server Worksheet to declare all the Oracle products customers have installed.

But these tools are not available unless a conversation has already started with Oracle's Global Licensing and Advisory Services (Glas) team, he said.

"Glas in-house tools... [are] not made generally available to the public; they're provided to customers and partners, only when strictly necessary, in connection with a Glas engagement of some sort," he said.

He added that when the "engagement" was over, customers were "free to keep [them] post-engagement and many users do leverage them to become a bit of an internal management tool."

Oracle has vetted third-party tools, but these also do not help Oracle customers understand their compliance position before the ominous conversation begins.

Big Red has run a third-party verification program since 2010, and ramped it up from 2019. Vendors on the list include ServiceNow, Micro Focus, Aspera, Certero, Eracent, Flexera, Snow, and Matrix42. While these tools might offer insight into compliance, that does not mean it is a version of reality Oracle will accept.

Brivkalns said: "When we work with a tool vendor to verify the accuracy of their tool, we're only looking at the raw usage data. I just want to be clear about that. We're not working to verify any other aspects that the tool might possess such as entitlements tracking, matching entitlements, the usage, and compliance position determinations."

Craig Guarente, founder and CEO of Oracle licensing advisory firm Palisade Compliance, said: "You can't get access to Oracle's tools unless you work with their audit team. What does that say about Oracle wanting customers to stay in compliance on their own?

"Second, there is a list of third-party tools that Oracle endorses. Unfortunately, none of these tools are endorsed by Oracle to give you a compliance position. What's the point?"

New cloud services

Oracle has launched a raft of 11 new cloud services addressing compute, networking, and storage on its Oracle Cloud Infrastructure.

OCI Compute gives customers the option to deploy on bare metal or virtual machines. New services include Container Instances that help customers to use containers without directly managing the hosting VM or requiring Kubernetes orchestration. AMD E4.Dense Compute Instances enables customer workloads that benefit from attached NVMe drives for low-latency storage, Big Red said.

OCI Networking is said to allow users to connect securely to OCI's virtual cloud network (VCN) and dynamically create isolated, secure environments for their workloads.

OCI Storage offers customers "high-performance and low-cost" cloud storage options through object, file, block, and archive storage, Oracle said.

In a pre-canned quote, Dave McCarthy, research vice president for Cloud and Edge Infrastructure Services at IDC, said: "The promise of the cloud has always been paying for only what you need, but customers continue to over-provision due to rigid configuration options in most cloud platforms.

"OCI has made significant strides to address this problem by introducing new flexible compute, storage, and network infrastructure services over the last year. OCI customers can reduce costs by more accurately matching consumption to demand." ®

Similar topics

Broader topics


Other stories you might like

  • Experts: AI should be recognized as inventors in patent law
    Plus: Police release deepfake of murdered teen in cold case, and more

    In-brief Governments around the world should pass intellectual property laws that grant rights to AI systems, two academics at the University of New South Wales in Australia argued.

    Alexandra George, and Toby Walsh, professors of law and AI, respectively, believe failing to recognize machines as inventors could have long-lasting impacts on economies and societies. 

    "If courts and governments decide that AI-made inventions cannot be patented, the implications could be huge," they wrote in a comment article published in Nature. "Funders and businesses would be less incentivized to pursue useful research using AI inventors when a return on their investment could be limited. Society could miss out on the development of worthwhile and life-saving inventions."

    Continue reading
  • Declassified and released: More secret files on US govt's emergency doomsday powers
    Nuke incoming? Quick break out the plans for rationing, censorship, property seizures, and more

    More papers describing the orders and messages the US President can issue in the event of apocalyptic crises, such as a devastating nuclear attack, have been declassified and released for all to see.

    These government files are part of a larger collection of records that discuss the nature, reach, and use of secret Presidential Emergency Action Documents: these are executive orders, announcements, and statements to Congress that are all ready to sign and send out as soon as a doomsday scenario occurs. PEADs are supposed to give America's commander-in-chief immediate extraordinary powers to overcome extraordinary events.

    PEADs have never been declassified or revealed before. They remain hush-hush, and their exact details are not publicly known.

    Continue reading
  • Stolen university credentials up for sale by Russian crooks, FBI warns
    Forget dark-web souks, thousands of these are already being traded on public bazaars

    Russian crooks are selling network credentials and virtual private network access for a "multitude" of US universities and colleges on criminal marketplaces, according to the FBI.

    According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves.

    "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

    Continue reading

Biting the hand that feeds IT © 1998–2022