Oracle’s Aggressive Audit Tactics Draw Increasing Media Attention

“In hindsight, I should have involved our legal team immediately, since they were requesting information that had nothing to do with Oracle.”

Wise words.

A recent article published by Business Insider (here) is the latest in a run of recent media attention (more here) that Oracle has received regarding the software audit practices of its License Management Services (LMS) compliance arm. In particular, the article details how Oracle’s sales teams may use the weight of oppressive LMS audit findings to drive customers toward the recurring-revenue business model embodied by Oracle’s expanding cloud services.

The “enthusiasm” with which LMS pursues undeserved windfalls from previously loyal customers is nearly legendary. The Business Insider article describes the LMS tactic of determining that all hosts in a VMware cluster must be licensed to capacity for an Oracle technology product – even if there is only one VM running the product on a single host in the cluster – simply because Oracle does not recognize VMware as an approved “hard partitioning technology.” Never mind the fact that this effective prohibition on the use of VMware with Oracle products may not be mentioned anywhere in the applicable license agreements or in any document incorporated in those agreements. In effect, LMS merely applies the assumption that since VMware makes it so easy for VMs to migrate to other hosts, the processors on those hosts must be licensed for the Oracle software.

Another favorite tactic is to surprise customers with licensing fees associated with product options that the company never actually used. Many Oracle products – such as its ubiquitous Database software – are deployed from installation files that include a catalog of added-cost options. Those options sometimes inadvertently may be enabled during the installation process or at some point thereafter and then turned off without ever having been used. However, the software’s usage logs record the enabling of the options, and that log data usually is among the information demanded by LMS during an audit. If LMS determines that the options were enabled at any time – even if only once, seven years or more before the audit data were collected – it is common for those options to be included among the audit findings.

Businesses considering significant Oracle software investments need to factor the costs associated with Oracle audits into their TCO calculations. In addition, they need to plan to be assiduous in documenting exactly what Oracle products will be installed on what systems and in studying and understanding the licensing obligations that those decisions entail. Finally, if working with an Oracle implementation partner, it makes sense whenever possible to shift the burden of non-compliant deployments to the vendor, forcing the other party to represent and warrant that the final implementation will be consistent with the license rights purchased by the company.

Oracle software licensing is full of traps. Businesses need to understand the risks associated with those traps and to proceed with caution.