Oracle has created a separate Java sales team that is separate from their application and technology sales teams and their LMS audit teams. We have heard from many Oracle customers expressing concerns about receiving Java inquiries. Some of these inquiries come in the form of a typical sales call, while others are more geared toward ensuring security of your IT environment. This latter approach is one that can be more troublesome and challenging to handle, as the inquiry is typically sent to your CISO or head of IT security, who may not be someone accustomed to software negotiations and sales calls.
On these security-type inquiries, the Java sales representative will discuss the importance of security and that running older versions of Java leaves your IT environment exposed to threats. They will then position that upgrading to a Java cloud subscription model will ensure your environment is always running the latest, most secure version of Java. The Java sales representative will then offer you a free quote for your consideration, and since most people do not see the harm in getting a price quote, they agree.
This is where things get tricky. For Oracle to prepare a Java quote, they will request a copy of your system architecture and a list of the different applications you are using that run Java. Based on this non-threatening set-up that starts with a discussion on security and evolves to soliciting a free price quote, some organizations make the mistake of sharing this information, which not only leads to a Java price quote, but also ignites an aggressive sales cycle. Here are the three things to know:
1. Sharing Your System Architecture Can Potentially Lead to a Technology Audit
If your system architecture uses virtualization technology that does not meet Oracle’s definition of hard partitioning, such as VMware, then per Oracle’s policy, ALL processors within the entire virtualized server farm must be licensed, not just the processors where Java or your Oracle database and related Oracle technology products are installed.
While the Java quote for your entire server farm can run anywhere from a couple hundred thousand dollars to a few million dollars per year as a result of a heavily virtualized environment, the much larger exposure comes from the database technology stack. In some scenarios, we have learned of situations where the potential “list price” database technology exposure can be in the hundreds of millions of dollars.
Your Java sales representative is not compensated on the technology products, so they will simply focus on the Java deal. But once you sign that Java deal, which in essence serves as an affirmation that you have a virtualized environment, you can expect to have your Oracle technology sales representative contact you or you could potentially receive an audit letter from Oracle’s LMS team.
Even if you have shared your system architecture with Oracle, you still have options to avoid paying a large fee, but it does become more challenging and time consuming.
2. Sharing Your Java Applications Can Potentially Require You Purchase a Java Subscription
There’s a difference between considering a Java upgrade for security reasons versus being found out-of-compliance and now required to purchase a Java cloud subscription. There are two scenarios at play here.
First, if you are running third-party applications that come with Java, it is important to know whether they come with a Java license from the third-party application provider or whether you are required to obtain your own Java license. Many older versions of Java are downloadable at no charge; however, the scope of those no-charge licenses are very limited and do not include the right to run applications in a production environment. The no-charge Java versions are allowed for personal use and development purposes, but not for accessing the commercial features of Java and running applications in production. If the third-party application provider does not have a Java reseller license agreement with Oracle, then you will be required to purchase Java licenses.
The second scenario is similar but applies if you are downloading no-charge Java versions to run homegrown applications in production. Oracle is able to track recent Java downloads to your IP address. If they see recent Java downloads for updated releases of older Java versions from your organization, Oracle has been known to inquire into the reason why your organization is downloading these updates. Oracle’s thought process is that most organizations would not be downloading older versions of Java unless they are using Java to run applications in production. If it turns out that you are using no-charge Java licenses to run homegrown or third-party applications in production, then you will be required to purchase Java licenses.
Please keep in mind that in both scenarios, if Java is being used in a virtualized environment, then ALL processors in the server farm must be licensed.
3. Do Not Run Oracle Scripts
Some customers are unsure of exactly where they are running Java and therefore, do not know their Java requirements. Oracle, of course, can offer a solution for you by having you run scripts that will identify your Java usage throughout your organization, including the use of virtualization technology within your system architecture. The same pitfalls identified above apply to this situation as the scripts will disclose everything Oracle needs to not only provide you with a Java price quote, but also to identify any Java utilization that requires a Java subscription, as well as potential database technology compliance issues.
Java sales representatives have been known to apply very aggressive tactics and will not hesitate to escalate within your organization, demanding answers to their questions. Remember, you are not under audit unless Oracle provides you with a formal audit notice. Even if you are under a formal audit, Oracle’s agreements do not require you to run scripts, they only require you to reasonably cooperate with providing information relative to the audit – there’s a big difference.
We are not suggesting that customers should willfully violate Oracle’s licensing rules. But there is enough ambiguity with respect to Oracle’s licensing rules and the contractual applicability of Oracle license policies that many customers may find themselves unwittingly in a potential non-compliance situation that can be reasonably disputed. Therefore, we recommend customers exercise caution in sharing information with Oracle so as not to unnecessarily trigger an overly aggressive sales approach. Oracle is very good at stirring up a hornet’s nest and applying undue pressure to create and close a sale that may actually be unnecessary and not warranted.
If you are concerned about your Java compliance or you are engaged in a Java sales or security inquiry and would like to learn more, please contact us. We can discuss your unique situation and provide you with advice that is on point with your specific circumstances.
Post a comment below, follow me on Twitter @jeffrey_lazarto, find my other UpperEdge blogs, and follow UpperEdge on Twitter and LinkedIn. Contact me at [email protected]edge.com or learn more about our Oracle Commercial Advisory Services.