Don’t answer this question to the list, but you need to think about why is a
licenses audit being performed? Normally a license audit is only performed when
it is believed you are in violation your licenses, such as turning on the OEM
push back of data to Oracle Support for your databases, uploading files you
provided during a recent SR, Talking to Oracle sales folks about what you are
doing in your company including using products that they know are unlicensed,
your company is in negotiation to reduce licensing cost or there is some other
negotiation going on.
For you, it would have been helpful to ask for the list’s support the moment
your company was given notice that Oracle was demanding a license audit. We
could have helped you in advance and eliminated the foreboding you are feeling .
For now, you need to take a moment and breathe.
Once a license audit has started things are out of your hands and normally in
the hands of Chief Legal Counsel and the CFO (sometimes the CIO) of your
company.
Having done licenses audits when I worked for Oracle Consulting, companies I
have worked for (second thing I do normally starting with a company) and now in
my own consultancy, what is being looked for normally relates back to that
question up above. It really depends on the skill of the Oracle consulting
person sent as to what breadth your audit will take as there is no training
course in Oracle Consulting on how to do a license audit and there is nothing
in the contract that determines how a license audit will be performed from a
technical basis.
Some pointers during the license audit
1. Your technical personnel should not be talking to the auditor,
including not going to lunch with them. Only a management level person normally
part of the Legal or Finance team if not the Chief Legal Counsel or the CFO
themselves, who will relate to the technical team what is needed from them for
the audit to be performed.
2. Your team should only provide Oracle what is required. You do not have
to fulfill all requests from Oracle as they normally overreach in their
requests. Your upper management will help with that decision.
3. They should not have to have direct access to your servers if you
provide a person to run the commands. Normally technical person is accompanied
by lower management level person to ensure the conversation is only run this
command and put output here, instead of the broader questions Oracle Consulting
will want to ask.
You can send me a private email and I can provide you with a list of things to
check for in unconventional places to verify license compliance.
As to your question of defense, having worked for a variety of Chief Legal
Counsels, some of who were previous prosecutors, you again need to breathe.
The defense can be impeded by the answer to the first question, but if your
license snafu is a single database server and a human has made a mistake, the
defense is simple and your Chief Legal Counsel will deal with it.
If this is one of a variety of license violations then the defense gets more
complicated, versus it is single error committed on a single server or across
the whole fleet. Single error type versus multiple error types.
I have worked with Oracle Sales on a variety of license issues, but normally I
am telling them when an issue occurred instead of them finding something in a
licenses audit. There are a variety of things that you can do to help your
Chief Legal Counsel which includes gathering up your logging information
listener.logs and alert.logs on your databases before they roll off and
interpreting the data for them.
Some examples of license violations I have encountered.
1. Those new server replacements had twice the cores as the previous
servers and the DBA team and management was oblivious to that when the upgrades
were done. This basically was a 32 core addition that including EE Edition,
RAC, Partitioning, ASO, Management packs etc. It took a couple of weeks to get
back into license compliance.
2. A standby or primary server crashed and another server was pressed
into service to maintain HA and the other server actually had a higher core
count than the previous server.
3. Databases were flipped off of servers to new servers and the previous
servers were never deprecated or used again, but the Oracle SW was still
installed.
4. A set of test servers utilized production licensing for testing, then
when the production servers were built, someone forgot to turn off the servers
with still running databases in test.
5. A UNIX/Linux admin mistakenly put the deployment line in Chef/Puppet
code and deployed Oracle SW to the fleet left there until I did a license audit.
6. A UNIX/Linux admin moved multiple physical servers to a VM Ware
servers and spread the databases across the entire physical server fleet, which
took 2 months to shuffle things around and condense the Oracle part of the
fleet onto a smaller number of physical VM Ware hosts.
Matthew Parker
Chief Technologist
Dimensional DBA
425-891-7934 (cell)
D&B 047931344
CAGE 7J5S7
Dimensional.dba@xxxxxxxxxxx
<http://www.linkedin.com/pub/matthew-parker/6/51b/944/> View Matthew Parker's
profile on LinkedIn
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On ;
Behalf Of Michael Cunningham
Sent: Monday, February 08, 2016 5:01 PM
To: Andrew Kerber
Cc: oracle-l@freelists org
Subject: Re: Accidental Use of Oracle Active Data Guard
Thanks Andrew.
On Feb 8, 2016 4:42 PM, "Andrew Kerber" <andrew.kerber@xxxxxxxxx> wrote:
Contact house of brick technologies. They have done quite a bit of work with
oracle audit defense.
Sent from my iPad
On Feb 8, 2016, at 5:37 PM, Michael Cunningham <napacunningham@xxxxxxxxx> wrote:
Hello all, we have an Oracle audit going on and we are being told we are going
to get charged for using Active Data Guard.
Has anyone been successful in working with Oracle to have them realize these
were unintentional and not deliberate?
Technically the feature was enabled, but it was by accident and incorrect
configuration of srvctl. As it happens, we had one standby database configured
with db_startoption=open, and the other standby database with
db_startoption=read only.
The first was as a result of requiring a "failover" to physical standby and we
missed setting the db_startoption=mount when we rebuilt the standby on the
server that used to be primary.
Each of the problems have been corrected, but Oracle is working on a bill and
I'm looking for some advice from the group.
--
Michael Cunningham