Oracle Licensing with VMware NSX
I’m sure some of you are asking how a network virtualization product can help with software licensing. Well, if you’ve been following VLSS for awhile, you know that our mantra isn’t “Trust, but verify.” It’s “Just verify,” and VMware NSX can help do just that.
There are a number of ways to track Oracle usage, but one challenge has always been capturing developers or DBAs “gone wild.” It’s pretty easy for anyone to sign-up for a Oracle Technology Network account, download the latest version of Oracle database or middleware, and cause a huge licensing issue down the road.
NSX has always supported third-party integrations that can help capture network traffic that indicates an Oracle database is being run, but some of those products carry a hefty price tag in addition to the cost of NSX. But with the recent update of NSX 6.3.0 and up, it looks like more functionality is included out of the box: Flow and Endpoint Monitoring.
First deploy guest introspection for the cluster through the NSX installation. As you can see here, we have two hosts and 3 VMs with guest introspection enabled in our lab:
From there, one can use Flow Monitoring and Endpoint Monitoring to check for Oracle traffic on ports like 1521:
Now, is that a fool-proof solution? No, we’re not sure what that traffic on 1521 actually is. And we won’t catch anyone running Oracle traffic on a different port. But if you already have NSX, it’s another tool in your toolkit for managing Oracle licensing!