Oracle Audit - ITAMOrg.comitamorg.com/sites/default/files/20160209_-_oracle... · · 2016-03-10Start of an Oracle Audit A closer look at Oracle’s Standard Audit Clause Upon 45

Presentation Richard Spithoven

Oracle Audit Are you ready?


Richard Spithoven!2013 – present Director / Partner b.lay, the license management company

2009 – 2013 REGINAL DIRECTOR LMS Europe South

2005 – 2009 PRINCIPAL LICENSING CONSULTANT Oracle EMEA

"Understanding the facts, enables you to make informed business decissions"


Common misunderstandings & issues

What is an Oracle Audit 1. Start 2. Execution 3. Closure

Under an Oracle Audit? -  Things to consider -  Tips & Tricks

Best solution to tackle an Oracle Audit

Agenda


Common Misunderstandings & issues…


Common Misunderstandings & issues …

Not cooperating or delaying an Oracle Audit is ok !?

COLS Business Review ≠ Oracle License Review ≠ Oracle Audit.

End –users being re-active in terms of managing Oracle licenses en becoming (too late) active/ pro-active at the start of an Audit.

We are now using an Oracle Verified Tool, so we have full control?

It’s all in the details: -  No clarity on the

real license entitlements

-  No clarity on the real license deployment and licensable usage


Oracle Audit


What is an Oracle Audit? !


Start of an Oracle Audit?


http://photodune.net/item/office/1544745

Start of an Oracle Audit A closer look at Oracle’s Standard Audit Clause

Upon 45 days written notice, Oracle may audit your use of the programs. You agree to cooperate with Oracle’s audit and provide reasonable assistance and access to information. You agree to pay within 30 days of written notification any fees applicable to your use of the programs in excess of your license rights. If you do not pay, Oracle can end your technical support, l icenses and/or this agreement. You agree that Oracle shall not be responsible for any of your costs incurred in cooperating with the audit.


Oracle License Management Services (LMS)

Organizations are selected for an audit by either:

. Oracle LMS . Oracle Sales

License Compliance Risk analysis includes multiple parameters (e.g. historical metrics, purchase date, mergers/acquisitions etc.)

Start of an Oracle Audit


•  “Notification Letter” to your CIO and/or CFO.

TWO •  Oracle License

Review = Oracle License Audit!

THREE •  Objective to

determine compliance issues ($) and cross/upsell opportunities ($)

FOUR •  Single Point of

Contact

Start of an Oracle Audit

ONE FIVE •  Kick Off

Meeting / Call


Execution of an Oracle Audit Product Scope JD Edwards

Siebel

E-Business Suite

Database Database options

Database management packs

Application Server

Weblogic Server

SOA Suite PeopleSoft


Execution of an Oracle Audit

._ Oracle software programs

._ Order Nr’s/Order Dates

._ Support Start Date, End Date

._ License Metric

._ License Level

._ License Status

._ other

Lice

nse

Inve

nto

ry



Lice

nse

Inve

nto

ry

OF OLSA

SR

SP1 PD10g BP

SR SR

SP2 PD11g

SR SR

Time



Lice

nse

Inve

nto

ry Hardware Discovery 1

._ Oracle Server Worksheet (*.xls) ._ CPU queries (OS Commands) ._ Screenshot of Virtual (VMware) Infrastructure Client



Lice

nse

Inve

nto


Software Inventory 2

._ Oracle Fingerprints ._ Oracle Discovery Tool (OMT)



Lice

nse

Inve

nto



Software Configuration 3

Oracle Product Specific Queries: ._ Review Lite (Database, DB Options, DB Packs) ._ FMW Script (Weblogic, OAS) ._ Siebel Extraction Scripts (Siebel) ._ Audit Trail (E-Business Suite) ._ Remote Review Tool (JD Edwards)



Lice

nse

Inve

nto




Usage Determination 4

Oracle Product Specific Queries: ._ Application Record Form (Database & Middleware) ._ Siebel Usage Tracking feature (Siebel) ._ Usage Based.sql (E-Business Suite)



Lice

nse

Inve

nto





Non-system data 5

Other items: ._ company file ._ hosting or not? ._ $ metrics ._ geographical ._ etc.



Hardware Discovery 1




Contract

Analysis

Non-system data 5

Manual Data Gathering & Analysis

T o o l i n g / s c r i p t s


Oracle LMS – Final Report

•  Oracle Compliance Policy ( 30 days policy

•  Back Support Fees

Oracle Sales – Commercial Resolution

Full details of Oracle’s Compliance Policy can be found through: http://www.oracle.com/us/corporate/license-management-services/policy/index.html

Closure of an Oracle Audit

13&X2GB22NO


Example: End-user has 2 Processor licenses Oracle Database Enterprise Edition but is found to make use of 3 Processor licenses Oracle Database Enterprise Edition for a period of 6 years:

List License: $ 47,500

List Support: $ 10,450

Standard Discount: 10%

Net License: $ 42,750

Net Support: $ 9,405

Back Support ( 6 years) 6 years x $ 9,405 = $ 56,430

Total Fees: $42,750 + $9,405 + $56,430 = $108,585

Why you should care, the cost of even ONE Processor license, out of compliance?


Thing to consider Tips & Tricks


Under Audit? Things to consider…



IRM involvement (sensitive, confidential data)?

Can data gathered leave your premises?

Which results are shared

when, and with whom from

Oracle Sales? What is the performance

impact of the Oracle Audit tools proposed?



Make sure that you understand before the data is collected!

How will this data be used?

Why is this data collected?

What data will be collected?

Where is this data collected from?


Enforce you know what will happen with the data before you share it:

•  What will Oracle do with the data collected?

•  Where will Oracle store the data collected?

•  Who can access the data collected by Oracle?



Quick Risk Assessment

•  Share and manage the expectations towards C-level

Internal Governance, Communication and Escalation Model •  Oracle Project Team

•  SPOC (Project Manager)

•  Legal, Purchasing/Vendor Management, IT Depts, Outsourcer

•  Steering Committee

•  C-level / Members of the Board

Data sharing within your company (leaking results externally)

Do your own research before (and during) the audit!

What to do to let things run smooth?


Best solutions


Best Solution to tackle an Oracle Audit?

How?

Be pro-active and take the control yourself

don’t wait until you get audited by Oracle!

Perform regular internal license

reviews

determine your license compliance position

& mitigate financial,

operational and legal risks.


Some take-aways…

Create an internal software license management team of multiple disciplines (procurement, legal, DBA, Infrastructure Managers, Business Application Mangers, Outsourcers) with C-level sponsorship and review on a regular basis:

Make software license management a priority at C-level and budget for the proper software license management practice, tailored to the specific needs of your organization.

•  your real license entitlements (incl. OD, OLSA, SR, SP, PD, BP)

•  your real deployment and (licensable) usage of the software

•  reconcile your license entitlements with your license deployment and usage in order to identify and address software license compliance issues proactively!


①  Oracle License Review or License Audit Answers to your Top 20 Questions

②  Oracle Licensing Guide: Your quick Oracle Licensing Guide

③  Oracle Unlimited License Agreements (ULA): An overview of the major risks you should be aware of

④  Oracle Pool of Funds Agreements: An overview of the ins & outs of this type of agreement

⑤  Oracle E-Business Suite: An overview of the most common license compliance issues

Further reading on www.b-lay.com


Questions?


Audit Support Support during your audit

Contract Management Knowing what you can do with your rights

License Management Benefit from your rights

Documents

Oracle Audit - ITAMOrg.comitamorg.com/sites/default/files/20160209_-_oracle... · · 2016-03-10Start of an Oracle Audit A closer look at Oracle’s Standard Audit Clause Upon 45