What You Don’t Know about Oracle and Java Licenses Could Cost You Millions
A breaking story at the end of 2016, as Gavin Clarke reported in The Register, is Oracle’s increasingly aggressive enforcement of Java software licenses. It has increased staff in its License Management Services, and longtime Java users are receiving bills requiring hefty per-user and per-processor payments.
It’s an open secret in the IT industry that there is big money in licensing true-ups (that is, making sure you pay for what you actually use): tens and sometimes hundreds of millions of dollars are often at stake. The worst situations emerge from misunderstandings:
- Thinking software is free when it isn’t
- Changing your usage style (e.g., moving the license from a physical to a virtual machine) and assuming there is no change in your licensing obligation
Java is a classic example of the first misunderstanding. Because it can be easily downloaded and there seems to be no mechanism in place for billing, people assume that it’s free. If you are a small organization, then you may well be able to sail beneath the radar for the foreseeable future. Larger scale use, however, is more difficult to conceal, especially when people are hired to discover whether you’ve paid for your Java licenses.
There are multiple products typically downloaded with Java, some of them free, some not. As Clarke stated, “There’s no way to separate the paid Java SE sub-products from the free Java SE umbrella at download as Oracle doesn’t offer separate installation software.”
More broadly, different parts of Java may or may not be free, but at any point that is Oracle’s decision –it owns Java and can do what it likes, including changing the terms and conditions for future versions. Oracle has now apparently put in place effective audit methods and created a hit list of big users; if your use of Java is significant, you could receive an audit notice from Oracle any day.
This is not a new issue. During the past five years, reports have continually surfaced of companies paying massive audit penalties to IBM, Oracle, Adobe and others (just attend a SAM summit if you want to hear the stories). Companies moving from physical to virtual computing have incurred some of the biggest charges. For example, a large enterprise may have a long relationship with a major software vendor, who provides a critical software product used widely for many purposes. The price for this product is based on the power of the computer running it. A license costs less for a computer with 4 cores and 1 gigabyte of RAM than it would for a computer with 16 cores and 8 gigabytes of RAM. The largest computers naturally require the most expensive licenses.
During a three-year period, the enterprise virtualizes thousands of formerly physical computers, each of which had been running the vendor’s software; however, the physical computers were, in general, smaller machines. The new virtual farms were clusters of 16 of the most powerful computers available on the market. After a review, the vendor insisted that EACH of the thousands of instances of its software running on the virtual machines was liable for the FULL licensing fee applicable to the most powerful machine!
Even though each of the virtual machines could not possibly have been using the full capacity of the virtual farm, the vendor insisted that the contract did not account for that, and it was impossible to know whether any given VM had been using the full capacity of the farm at some point.
“True-up” charges in the millions of dollars have resulted. Major software vendors have earned massive amounts in such charges and continue to audit aggressively for these kinds of scenarios.
This is why managing your IT asset data is so important. You must genuinely understand what products you are using, and their associated licensing models. This knowledge starts with the data in your provisioning, configuration management and discovery tools, and it is no small feat to get all this information right. Motivated software auditors will find those redundancies, omissions and inaccuracies, and you must know about them before they do.