There are multiple scenarios that can trigger an Oracle Audit but failing to properly count the number of Named User Plus (NUP) users that are accessing Oracle software is one reason you may find yourself unknowingly out-of-compliance. Getting this wrong can lead to significant financial exposure if you do not have enough license entitlements in the event of an audit. To correctly count the number of Oracle NUP licenses you require, be sure to avoid making any of these three common mistakes.
Mistake #1: Referring to License Entitlements Instead of Counting Users with Access
Too often, we see organizations look at how many user licenses they have purchased for a set of given products in their contracts and assume this is the number of licenses they are using. However, license entitlements are not the same as actual users with access. You very well could be underutilizing or overutilizing your licenses and neither is an ideal situation.
Mistake #2: Forgetting to Count Devices
Assuming that you only need to count how many human users are accessing Oracle software when counting NUP licenses is another common mistake to avoid. According to Oracle’s licensing policies, some devices are considered users and must be counted as well. Specifically, all non-human operated devices that can access Oracle software must also be counted as a NUP user in addition to all individuals authorized to use the programs.
In the example below, you would need to include the number of human and non-human devices in your count. In this case you would count the 20 human users + 100 heat sensors accessing the Oracle database to get a total of 120 required NUP licenses. However, stopping here could also result in an inaccurate count of licenses unless you keep the next common mistake in mind as well.
Mistake #3: Forgetting to Account for Minimum Requirements
Some of Oracle’s products require a minimum number of licenses to be purchased based on the configuration of the physical machine (server) where those products are deployed. For instance, Oracle Enterprise Database Edition has a minimum requirement of 25 NUP licenses per processor. Therefore, a machine that would usually be licensed for 6 processors, would need to have at least 150 NUP licenses (6 x 25) assigned to that server. The key here is “at least”. The 150 NUP licenses is just the minimum and it is possible that more than 150 NUP users (human or non-human devices) are accessing the server.
When it comes to minimum requirements, we typically see organizations make two types of mistakes:
1. They properly count the number of cores x the minimum requirements and assume that the minimum count represents their utilization number, even though they are using more than the minimum requirement. Doing this would put you out of compliance for not having enough NUP licenses.
2. They are unaware of the minimum requirements, so they properly count the number of users accessing the Oracle software, but that number ends up being lower than the minimum requirements. Again, making this mistake would put you out of compliance for not having enough NUP licenses. The example below illustrates how this can happen.
- Using software asset management (SAM) tools to assess your utilization may provide an inaccurate count. While these tools can be helpful in many ways, we recommend against solely relying on them to assess utilization and to take the time manually to count your license requirements.
- It’s also very important to remember that you do NOT have to run scripts of your system environment and send them to Oracle, even if they ask for it. Doing so will provide Oracle with unnecessary visibility into your IT environment that could ultimately do more harm than good. Instead, we recommend conducting a self-assessment of your license utilization. This will also provide your organization with the ability to make adjustments to your system environment, if possible, to reduce your potential overutilization.
Unfortunately, there is no quick and easy way to accurately count your Oracle license requirements. You must invest time and resources to count all users (human and non-human operated devices) accessing Oracle software on the front end. Though this probably isn’t what you want to hear, it truly is the best way to reduce your potential compliance exposure and ensure you’re properly licensed.