blay oracle audit defence_ itam review audit defence workshop amsterdam april 2016
TRANSCRIPT
Richard Spithoven b.lay, the license management company
ITAM Review Audit Defence Workshop, Amsterdam, 12th April 2016
ITAM Review Audit Defence Workshop, Amsterdam, 12th April 2016
Introduction
Richard Spithoven b.lay, the license management company
2013 – 2016 b.lay Director 2009 – 2013 Oracle LMS Europe South 2005 - 2009 Oracle Principle license consultant
Agenda - Common misunderstandings….. - What is an Oracle Audit?
- Start - Execution - Closure
- Under an Oracle Audit?
- Things to consider…. - Tips & Tricks
- Best solution to tackle an Oracle Audit?
ITAM Review Audit Defence Workshop, Amsterdam, 12th April 2016
Common misunderstandings…
- Not cooperating or delaying an Oracle audit is ok !?
- COLS Business Review ≠ Oracle License Review ≠ Oracle Audit !? - We are now using an Oracle Verified Tool, so we have full control !?
- End-users under-estimating the level of detail and knowledge, needed in order to understand the real license entitlements.
- End-users under-estimating the level of detail and knowledge, needed in order to understand the deployment and (licensable) usage of the different software programs/componens/features. - End –users being re-active in terms of managing Oracle licenses and becoming (too late) active/pro-active’ at the start of an audit.
ITAM Review Audit Defence Workshop, Amsterdam, 12th April 2016
Start of an Oracle Audit
A closer look at Oracle’s Standard Audit Clause: Upon 45 days written notice, Oracle may audit your use of the programs. You agree to cooperate with Oracle’s audit and provide reasonable assistance and access to information. You agree to pay within 30 days of written notification any fees applicable to your use of the programs in excess of your license rights. If you do not pay, Oracle can end your technical support, licenses and/or this agreement. You agree that Oracle shall not be responsible for any of your costs incurred in cooperating with the audit.
ITAM Review Audit Defence Workshop, Amsterdam, 12th April 2016
Start of an Oracle Audit
- Oracle License Management Services (LMS) - Organizations are selected for an audit by either:
Oracle LMS Oracle Sales
- License Compliance Risk analysis includes multiple parameters (e.g. historical metrics, purchase date, mergers/acquisitions etc.)
ITAM Review Audit Defence Workshop, Amsterdam, 12th April 2016
Start of an Oracle Audit
- “Notification Letter” to your CIO and/or CFO.
- Oracle License Review = Oracle License Audit! - Objective to determine compliance issues ($) and cross/upsell opportunities ($) - Single Point of Contact
- Kick Off Meeting / Call
ITAM Review Audit Defence Workshop, Amsterdam, 12th April 2016
Execution of an Oracle Audit
Product Scope: - Oracle Database, Database Options, Database Mgmt Packs - Oracle Application Server - Oracle Weblogic Server - Oracle SOA Suite - Oracle JD Edwards - Oracle Siebel - Oracle E-Business Suite - Oracle PeopleSoft
Note: Other products can be included, but are typically not included.
Legal Entity Scope: - Which legal entities are included in the scope of the audit
ITAM Review Audit Defence Workshop, Amsterdam, 12th April 2016
Execution of an Oracle Audit
License Inventory
._ Oracle software programs
._ Order Nr’s/Order Dates
._ Support Start Date, End Date
._ License Metric
._ License Level
._ License Status
._ other
ITAM Review Audit Defence Workshop, Amsterdam, 12th April 2016
Execution of an Oracle Audit
ITAM Review Oracle Seminar, London 21st Nov 2014 License
Inventory
OF OLSA
SR
SP1 PD10g BP
SR SR
SP2 PD11g BP
SR SR
Time
Execution of an Oracle Audit
Hardware Discovery 1
License Inventory
._ Oracle Server Worksheet (*.xls) ._ CPU queries (OS Commands) ._ Screenshot of Virtual (VMware) Infrastructure Client
ITAM Review Audit Defence Workshop, Amsterdam, 12th April 2016
Execution of an Oracle Audit
Hardware Discovery 1
Software Inventory 2
License Inventory
._ Oracle Fingerprints .- Oracle Discovery Tool (OMT)
ITAM Review Audit Defence Workshop, Amsterdam, 12th April 2016
Execution of an Oracle Audit
Hardware Discovery 1
Software Inventory 2
Software Configuration 3
License Inventory
Oracle Product Specific Queries: - Review Lite (Database, DB Options, DB Packs) - FMW Script (Weblogic, OAS) - Siebel Extraction Scripts (Siebel) - Audit Trail (E-Business Suite) - Remote Review Tool (JD Edwards)
ITAM Review Audit Defence Workshop, Amsterdam, 12th April 2016
Execution of an Oracle Audit
Hardware Discovery 1
Software Inventory 2
Software Configuration 3
Usage Determination 4
License Inventory
Oracle Product Specific Queries: ._ Application Record Form (Database & Middleware) ._ Siebel Usage Tracking feature (Siebel) ._ Usage Based.sql (E-Business Suite)
ITAM Review Audit Defence Workshop, Amsterdam, 12th April 2016
Execution of an Oracle Audit
Hardware Discovery 1
Software Inventory 2
Software Configuration 3
Usage Determination 4
License Inventory
Non-system data 5
Other items: .- company file .- hosting or not? .- $ metrics .- geographical .- etc.
ITAM Review Audit Defence Workshop, Amsterdam, 12th April 2016
Execution of an Oracle Audit
Source: b.lay BLM program
Hardware Discovery 1
Software Inventory 2
Software Configuration 3
Usage Determination 4
Contract
Analysis
Source: b.lay BLM program
Non-system data 5
Manual Data Gathering & Analysis
T o o l i n g / s c r i p t s
ITAM Review Audit Defence Workshop, Amsterdam, 12th April 2016
Closure of an Oracle Audit
- Oracle LMS - Final Report
- Oracle Compliance Policy (30 days policy) - Back Support Fees
- Oracle Sales - Commercial Resolution Full details of Oracle’s Compliance Policy can be found through: http://www.oracle.com/us/corporate/license-management-services/policy/index.html
ITAM Review Audit Defence Workshop, Amsterdam, 12th April 2016
Why you should care: cost of even one PROC out of compliance?
Example: End-user has 2 Processor licenses Oracle Database Enterprise Edition but is found to make use of 3 Processor licenses Oracle Database Enterprise Edition for a period of 6 years: List License: $ 47,500 List Support: $ 10,450 Standard Discount: 10% Net License: $ 42,750 Net Support: $ 9,405 Back Support ( 6 years) 6 years x $ 9,405 = $ 56,430 Total Fees: $42,750 + $9,405 + $56,430 = $108,585
ITAM Review Audit Defence Workshop, Amsterdam, 12th April 2016
Under Audit? Things to consider..
- IRM involvement (sensitive, confidential data)?
- Can data gathered leave your premises?
- Which results are shared when, and with whom from Oracle Sales?
- What is the performance impact of the Oracle Audit tools proposed?
ITAM Review Audit Defence Workshop, Amsterdam, 12th April 2016
Under Audit? Things to consider..
- Make sure that you understand before the data is collected:
- Why is this data collected?
- What data will be collected?
- Where is this data collected from?
- How will this data be used?
ITAM Review Audit Defence Workshop, Amsterdam, 12th April 2016
Under Audit? Things to consider..
- Enforce you know what will happen with the data before you share it:
- What will Oracle do with the data collected?
- Where will Oracle store the data collected?
- Who can access the data collected by Oracle?
ITAM Review Audit Defence Workshop, Amsterdam, 12th April 2016
Under Audit? Tips & Tricks..
What to do to let things run smooth?
- Quick Risk Assessment - Share and manage the expectations towards C-level
- Internal Governance, Communication and Escalation Model - Oracle Project Team
- SPOC (Project Manager) - Legal, Purchasing/Vendor Management, IT Depts, Outsourcer
- Steering Committee - C-level / Members of the Board
- Data sharing within your company; (leaking results externally)
- Do your own research before ( and during) the audit(!)
ITAM Review Audit Defence Workshop, Amsterdam, 12th April 2016
Best Solution to tackle an Oracle Audit?
ITAM Review Audit Defence Workshop, Amsterdam, 12th April 2016
Best Solution to tackle an Oracle Audit?
Be pro-active and take the control yourself, and don’t wait until you get audited by Oracle!
How?
Perform regular internal license reviews;
determine your license compliance position and mitigate financial, operational and legal risks.
ITAM Review Audit Defence Workshop, Amsterdam, 12th April 2016
Some take aways…..
Make sofware license management a priority at C-level and budget for the proper software license management practice, tailored to the specific needs of your organisation . Create an internal software license management team of multiple disciplines (procurement, legal, DBA, Infrastructure Managers, Business Application Mangers, Outsourcers) with C-level sponsoship and review on a regular basis: - your real license entitlements (incl OD, OLSA, SR, SP, PD, BP)
- your real deployment and (licensable) usage of the software
- reconcile your license entitlements with your license deployment and usage in order to identify and adress software license compliance issues proactively!
ITAM Review Audit Defence Workshop, Amsterdam, 12th April 2016
Further reading on www.b-lay.com
1. Oracle License Review or License Audit Answers to your Top 20 Questions
2. Oracle: Your quick Oracle Licensing Guide.
3. Oracle ULA: An overview of the major risks you should be aware of.
4. Oracle Pool of Funds: An overview of the ins & outs of this type of agreement
5. Oracle E-Businesss Suite: An overview of common license compliance issues
ITAM Review Audit Defence Workshop, Amsterdam, 12th April 2016
ITAM Review Audit Defence Workshop, Amsterdam, 12th April 2016
Contact
Richard Spithoven b.lay, the license management company [email protected] T: +31 (0) 8 80 23 3702 M: +31 (0) 6 10 40 6619 W: www.b-lay.com L: nl.linkedin.com/pub/richard-spithoven