In this podcast Dean Bolton and Michael Corey from LicenseFortress discuss Oracle’s recent changes to Java licensing. We detail exactly what has changed, provide practical tips on how to assess your potential exposure, and explore options for mitigating this significant risk. With organizations facing anything from a 2x – 10x increase in Java license costs this is something which all IT Asset Managers should be taking action on now.
Welcome to the ITAM Review podcast news reviews and resources for itam, sam and software licensing professionals.
AJ Witt (00:30):
Hello everyone. Uh, welcome to this podcast from the ITAM Review. Uh, joined today by Mike Corey and Dean Bolton from LicensedFortress. Uh, I’m sure there’ll be familiar to many of you there now, veterans of doing ITAM Review podcast. I think this is at least then, at least their fourth. Um, so welcome Mike and Dean.
Dean Bolton (00:49):
Good afternoon, everyone. Good morning. Whatever the case may be. Thanks for joining us.
Michael Corey (00:54):
Uh, this is Mike Corey, thank you for joining us.
Oracle Java Changes as of January 2023
AJ Witt (00:58):
Thank you both. Um, so today we’re gonna have, um, a bit of a deep dive into the Oracle Java changes, uh, Oracle change licensing terms for Java back in January, 2023. And it we’re recording this in late March, and I think it’s safe to say that we’re still coming to terms with the impact that this has had. Um, and we’re gonna go through, uh, and have a look at kind of what we can do about it. Well, first, what the detail of the changes is and what we can do about it as item managers to really kind of reduce the risk, the financial risk in particular of having Oracle Java in your environment. So, um, let, let’s kick off. I’ll, I’ll kick off with sort of, um, what changed. And fundamentally what changed is the Oracle have moved away from processor or named user plus licensing for, for Oracle Java and switched it to employee, which is a very blunt measure, uh, and a very easy measure for Oracle to, to impose.
They just need accounts of employees. Um, so really all you need to have an exposure for this is, um, a detection of an Oracle Java version that’s licensed under this new metric. Um, and Oracle needs to know how many employees you’ve got. Well, obviously they can get that relatively easy from a variety of sources. So there’s no discovery as such. There’s no kind of like trying to move things around or optimize things here. It’s just a number of employees times a list price. Um, what we’ve seen and what we’ve heard from, from customers, um, people who have contacted us, is that typically this is leading to a 2, 2 10 time fold increase in costs when it comes to Oracle Java. So, um, it’s a big significant impact, not least in this time of rising prices and, uh, falling demand. We are in a bit of a worldwide recession at the moment.
Uh, prices are going up due to inflation. Um, uh, Oracle not least have, have put their prices up in the last year, um, using their usual, um, uh, process for that, which is in your contracts. Uh, so we’ve got rising prices falling demand, falling revenue for us, perhaps as, as, as companies falling workforces as well. Of course, there are many layoffs going on at the moment. And so this is a, a tricky time, I suppose, if you’ve budgeted for your Oracle Java licenses, um, this year, well, chances are your budget is severely under budgeted and used to do something about it. Um, so that’s kind of the background. Um, let’s get into some of the detail. Um, could we get into what’s exactly changed in a bit more detail? What versions are involved, what it means for companies and so on, um, over to you guys.
Dean Bolton (03:50):
The New Metric: Employee Count
Sure. And, and before we get into, uh, the details in there, I just wanna add one thing to that, AJ. And it’s, it’s, uh, they’ve called the New Metric employee, but the, uh, the devil’s in the details and their definition of an employee is also quite expansive. So it’s not just your full-time employees, it’s also your part-time seasonal contractors agents. Um, and so by their new metric, it is quite expansive and for a lot of, uh, customers that we’re helping a, a much larger count than they even initially realized.
AJ Witt (04:23):
Yeah, it’s, it is a good point now because of course, many organizations have pretty seasonal workforces. I mean, if you think about retail and hospitality, um, yeah, there, there’s massive changes in, in, um, in workforce at busy times. Um, now I, I, I know from my previous employer, we used to take on hundreds of extra staff for, for, for, for the start of the booking cycle in, um, in, uh, travel and tourism, for example. And retail’s the same, I guess, around holidays and so on. So, yeah, it’s, um, it’s, it’s, uh, as always w with Oracle, it’s a, um, uh, it’s not what it says on the paper <laugh>, uh, it’s, it’s a bit more detailed than that, so, yeah. Good point. Thank you. Thank you, Dean. Yep.
Dean Bolton (05:07):
Background on Oracle’s acquisitions
Um, just kind of as an overall background of, of, you know, what’s happened and how we got here, right, was Oracle purchased Sun, uh, back in 2009. Um, about eight years after that, they decided they were gonna try and monetize, uh, Java as part of that acquisition. They announced that, uh, in 2019, uh, starting in April of 2019, uh, non-public releases would be under a new, uh, contract and a new subscription model. Um, and that applied and, and still applies to, uh, versions that were, um, released after then. So, uh, it’s Java six pass, version 45, Java seven pass version 80, uh, Java eight pass version 2 0 2 and Java 11 pass the base release. Uh, so anything after that, uh, requires a, uh, Java subscription potentially if it’s not covered by another, uh, licensing restricted use included usage. Uh, some examples of that are something like if you’re using it for another Oracle product, like Forms and reports, or e-business PeopleSoft, um, that usage is covered by the terms and conditions of the other application.
Uh, s a P has an agreement, VMware has an agreement. A lot of the big vendors went ahead and made a commercial agreement with Oracle to cover usage for that. So those instances don’t require a subscription. Um, but anything else on that would, and in 2019, the, the ver the options, as you mentioned AJ, were either, um, the Java SE subscription, which was processor slash core account based, um, or the desktop subscription, which was named user, um, plus base in there. Uh, and so you had a lot of customers who were working to kind of control where it was installed and running. Um, limit the, uh, the usage there and procure just what they need, uh, from Oracle, um, on that in January of this year, they changed it yet again. And as you mentioned, it’s no longer based on installations. Uh, it’s no longer based on named users. It is that full count of employees both full-time and part-time, as we just discussed, across your entire organization, whether they’re technical, um, or not. Uh, and, uh, that’s a, a very simple metric where you go out and and procure those subscriptions, uh, if you need it. Uh, it is just, as you mentioned, also maybe not the most cost effective metric for a lot of customers. And that’s mirroring what we see when we’re helping customers evaluate the, the usefulness of these, uh, products going forward.
Michael Corey (07:47):
And just to kind of put a perspective on it, if you were an organization of about 3000 people, you would be looking at about $400,000 US a year. If you were an organization at 10,000 people, you would be looking at starting at about a million dollars a year. And so this can very quickly go up. The only good news is that if they come after you for past usage, they have to rely on the old metrics. They can’t enforce you the new metrics on you for past usage, but moving forward, if they find one use that isn’t licensed, then you have a very quickly escalated cost. And a lot of the application vendors were really cute in that, in their installation guys, they said to you, install Java now install our application. Well, by doing it in that sequence of events, they put the burden of the license on you and took it away from themself. And so you really do have to weed through which vendors include it, which vendors don’t, and then come up with a plan because they are gonna come knocking. There’s just too much money. Java is everywhere. Oracle knows that. Yeah,
Speculating on why Oracle chose to make this change
AJ Witt (08:54):
Yeah. Yeah. I, I mean, I would say that it’s everywhere is, is perfectly accurate. It every, everything is using Java, isn’t it? And, and yeah, like you say, because because it’s a development framework and, and, and underpinning technology as such, um, yeah, you have that method where you install Java to, to, to, to run, to run the application you actually want to run. Um, so yeah, it’s, um, it’s, it’s everywhere. And Oracle know. So I, I guess from their perspective, what this does is makes it really easy for them to just monetize that purchase they made way back when, when they, um, when they purchase Sun Market Systems. It’s, it, it, it is, there’s no, there’s no discovery required. Um, I, I suppose as well, I mean, I, I’m sure they could say that it greatly simplifies it from a customer perspective as well. You know, you don’t have to do discovery and work out well, what’s OEM and what’s, what’s, what does need licensable and what versions and so on. Um, because it, it is, as soon as there’s just one version of a program that’s licensed to one of this new metric, that’s it. Right. That, you know, you, you’re paying the bill for everything.
Challenges with subscription based licensing model
Michael Corey (10:02):
It also like That’s exactly right. Yeah. I was gonna say, it also illustrates what are the problems with a subscription based licensing model. There are certainly advantages, I’m not gonna discount that, but under a perpetual model, had you a perpetual licenses and you didn’t agree with what the vendor stated for the new pricing, you could just stop paying support, use those license models with a legal right to do that, but you couldn’t get your updates and then figure out a course of events to get yourself off that vendor. With a subscription model, you have a problem. Cuz if you don’t pay that support, they just shut you off. Right. And Computer Associates, I would argue is doing that really started this, acquire a company, change the pricing model, extract your, your, you know, that extra money out of the customers Broadcom, uh, acquired them. And that there’s a real concern of what’s Broadcom gonna do with the VMware licensing, which is all subscription based moving forward. Yeah, right. But make no mistakes. A vendor does have a right to charge what they want, and you have little recourse with a subscription, you either pay it or don’t use the software.
AJ Witt (11:13):
Yeah. It’s, it’s an important trend. It’s something, something we discussed, um, just recently at the, um, where’s the North America conference? Um, particularly around Broadcom and VMware. I mean, I know that’s still kind of subject to regulatory approval, um, but they’re looking to pretty much double VMware’s revenue, um, without really spending too much money on r and d and without spending so much money on promoting it. So, well, how are they gonna do that if they’re not developing new versions and they’re not, they’re not kind of trying to go out for new customers. Well, they’re gonna monetize their existing customers, and this is what you, we are, see, we’ve saw it also with, um, OpenText and Microfocus, for example. You have these legacy applications. I mean, VMware is not by the by means is a legacy application, but, but quite often it’s the case you have these legacy applications which people rely on, don’t really pay attention to from a management perspective. Um, and they’re sat there like this ticking time bomb of compliance risk. Um, uh, and that wa that that particular sort of bomb has gone off when it comes to Java, I think, um, and to sort of close out that point, um, of course, yes, this is subscription based stuff. When, when does this start applying to customers that have either either got existing processor licenses or nut licenses, or maybe they haven’t licensed Java correctly already. When does this, when does this really sort of start kicking in for, for customers?
Dean Bolton (12:37):
Um, so there’s a great question in there for the customers that have existing licenses. Um, everything we’ve seen so far is that you can still renew on those old metrics that your subscription will just roll over to the next year, and you can still, uh, take advantage of that. And there’s been communications from Oracle that, that, that is the case now. How long will that continue is the question, um, in there? And so, um, we’re basically telling people that, that you should be okay for this renewal in 2023. Um, anything after that in the longer contracts, uh, I would expect that those would be migrating to the new metrics and, and doing your calculations based on that. Um, so that’s where kind of your existing contract seems to fit in for the customers who, who never completed the deal or, or didn’t engage and don’t have a contract yet.
Those are the ones where, uh, it, it’s really difficult because all of the, uh, cards are kind of in Oracle’s favor, right? They’ve made this change. So if you want to go get a new subscription for Java from them, it is, uh, their discretion on whether they offer even that old metric, um, to customers. We have seen some customers still get it, um, post, uh, the, the, uh, January update in there. Um, but I wouldn’t anticipate that, uh, that happening for too many more months and, and new customers all being forced onto this new metric, um, and really having to make the difficult decision of, uh, whether they want to procure the, uh, the Java subscription for everybody in their company, um, or undertake the, uh, sometimes equally difficult, uh, and expensive task of, of moving to an alternative or getting rid of the product entirely.
AJ Witt (14:16):
Yeah. Okay. Yeah. We’ll, we’ll, we’ll get onto that in a sec. I, I’m just wondering, um, if you can share, sort of share in general terms, what are you hearing from your customers? Um, you know, are, are you getting people, uh, phoning up going, please help, you know, this, this looks like a massive exposure. What, what’s been the impact out there in sort of the corporate world to this?
How the Oracle Java change has impacted organizations decision making
Dean Bolton (14:35):
Um, that’s it, right? And, and what it’s really done is just accelerate, um, the decisions. I think, I think customers were kind of taking a wait and see approach on the old metrics, um, since 2019, obviously as the years went by getting a little bit more serious about it. Uh, now with these new metrics, uh, and with customers doing kind of a quick calculation that, uh, if it was X dollars before it’s five x or 10 x now, um, that becomes a much more important issue to address. Um, so we’re spending a lot of time helping customers, uh, evaluate exactly where, um, Java is installed so they can help understand what the usage is, um, and then helping ’em with the overall big picture of, of planning for, for how to engage in a, a subscription purchase from Oracle, um, or how to, um, take one of these alternative paths and, and, uh, move down, um, that choice instead. Yeah.
AJ Witt (15:30):
Okay. So, so what should be the approach then of, uh, if you are, you are faced with, maybe this is the first time you’ve heard of this, um, what, what should you do first to kind of, um, start dealing with this problem?
Dean Bolton (15:44):
Uh, I think the very first thing you have to do is get a clear understanding of where Oracle Java is installed in your environments and which of those installations would truly require a subscription, right? Mm-hmm. <affirmative>, uh, and so understanding that you can start to put values to it, right? It’s, it’s, we need this for this application, right? And you look at what the price is gonna be, and then you can start making decisions about, you know, is this the right option for us? Um, and, and I think that’s really the key point is, is getting a, a, a look at where you’re currently at, um, to, to start planning that roadmap in there. Now there’s also the issue of, of back usage in there, and that comes into play as well. Um, as Mike mentioned, uh, the, the usage prior to January, 2023 is on those old metrics. So the, the quantities and dollar values can be different on there, but that key piece is, is getting an understanding first of where you’re at today. Um, so you can start making decisions about where you want to go going forward based on, um, what the dollar figures would look like, or buying the subscription or, or going in a different route.
Watch out for third-party exposure
Michael Corey (16:51):
And, and I guess I’d add to that, for those third party vendors that you need that use Java, starting to put them on notice to say, look, uh, I, I need a different version of Java to work with your application, or I’m gonna have to seriously consider ripping your application out for those customers that aren’t gonna continue on with an Oracle Java subscription. So really getting a list and putting them on notice and getting them to help you start solving this problem. But having that roadmap so you can prioritize what you, if you decide you’re gonna move away, what you’re going to rip out and what can stay because it’s covered by an existing license.
AJ Witt (17:28):
Okay. So it is not, this isn’t just about your own sort of direct use of Oracle Java, it’s potentially those, those applications that are relying on an old version, um, be because, because I’m, I’m right in saying there’s certain versions which are exempt from this and, and, and want others that are in scope. So, but it is, I I, you know, I I, I know from personal experience, um, it’s quite common for applications to be stuck on an old version, which makes you liable. Um, so yeah, I, I, I see that there, there leads to that conversation with, with that service provider to, to say, well, what can we do here?
Michael Corey (18:06):
And then even after you solve the problem, you’ve got a different problem, which is, how do I make sure that Oracle Java doesn’t accidentally somehow get inside my organization that requires a license and get detected during a routine audit, which is probably gonna happen every three to five years, right? And create a serious business risk, just like any other unlicensed software. The only difference here is you now know what the metric is. You’ve been put on me notice every employee, every agent, every consultant, every part-time employee, right? That’s a, you can do the math very quickly and see what it could cost you.
AJ Witt (18:43):
And, and this is the thing, isn’t it? It’s just a single installation. It’s suddenly you are, you’re exposed to that massive risk with, with, with, with sort of traditional Oracle compliance risk around database or middleware or whatever. Um, it’s quite easy for you to ha have that audit notification and do something about it. I guess, you know, you, you can be creative about where you’re deploying it. You can, you can have a conversation about whether that option was, was actually being used, for example. Uh, all these things. It’s more of a negotiation, right? Um, which isn’t the case here, I imagine. Um, so I guess next question is we’re talking about kind of like, well, let’s have a look at what’s out there. How easy is it to detect Java out in your environment and to know that it’s a particular point release that may or may not be subject to these new rules?
Dean Bolton (19:39):
Um, unfortunately the answer is probably not the easiest. Um, and, and there’s a couple reasons. One of ’em is the scale on the Java side, right? For other Oracle products or products from these vendors, you’re talking a lot of business critical applications, right? Those tend to be, uh, uh, complex to set up. They require care and maintenance in there. And so generally, you know, customers have rogue installations, rogue setups occasionally, um, but you know, nothing compared to the scale of something that’s on the client side, right? It can really be everywhere. Every single, uh, desktop, laptop, mobile phone, uh, can support Java and can be subject to having an installation that could, um, require a Java subscription from Oracle. So, so the scale, I think is a huge component of it. Hmm. Uh, the other piece of it is, is the usage factor, right? Um, a lot of the, uh, uh, restricted usage from Oracle and other vendors, um, uh, allow you to use it for these specific purposes. Um, and the hard part is also determining what those purposes are in documenting that, right? Tracking that for your own purposes, because oftentimes it will be a common install in there. And then how are you showing, or how do you know that that is part of, um, your usage for something like e-business, right? Yeah. Or sap, um, right. And so putting processes in place to control that, to document that, um, uh, makes it challenging as well.
How to remove and/or limit your Oracle Java risk?
AJ Witt (21:16):
Okay. Yeah. So, so we’ve kind of gone through that discovery thing and realize that that’s, that’s quite tricky to do. Um, you, you’ve gotta detect whether it’s permitted usage, maybes, oem, maybe it’s actually is, and, and, and, and then you need to know no versions and point releases. What, what’s the next step? I mean, it, it, it feels to me like it’s almost impossible for companies to avoid paying this charge. You know? It’s almost like a, like a form taxation <laugh>. Um, it’s as such, you know, it’s, um, because it’s so ubiquitous. Um, what else can they do to, to, I guess, what are the options for them to follow? What are the possibilities that they can, they can sort of follow to, to, um, remove this risk?
Dean Bolton (22:04):
Yep. Um, well, there’s, there are a lot of alternatives out there, un unfortunately, um, because it is ubiquitous, I wouldn’t say any of them are, are truly a free option because it takes work to, um, make changes and it takes work to maintain those changes. Uh, but you can always move to the open JD k uh, version, uh, of Java for your needs if it’s supported for your third party applications or your usage. Um, there are other vendors out there, uh, Carretta azu that offer, um, a, a version of Java with support and, and more frequent updates in there that’ll probably keep your security and compliance teams happy. Uh, and even Oracle has versions that are under different contracts. So currently, uh, Java 17, uh, is under a, um, no fee license, uh, model, uh, when Java 21 comes out later this year, um, that’ll be the latest long-term release. So the, uh, no fee licensing will switch to that so customers could upgrade to those, um, and use that from Oracle. Um, but, but again, it’s, it’s, uh, it, it just takes work because of how, um, long people have been using Java before these terms came into play, and the scale of, of where Java can exist in any customer’s, uh, ecosystem.
AJ Witt (23:26):
Yeah. Because I guess if you, yes, if you are, if you, if it is possible to go up to seven to Java 17 or, or, or to 21, um, that’s great, but you still need to make sure that you’ve eliminated all those versions of seven, eight, and 11, you know, because it, otherwise, otherwise you haven’t done the job,
Dean Bolton (23:44):
I guess. A hundred percent. Yep. Yeah.
AJ Witt (23:46):
Michael Corey (23:46):
It’s why it requires some sort of proactive monitoring to make sure that you stay at those versions that are covered. Yeah. It’s just very easy for you to accidentally upgrade something and trigger now a huge license based on headcount.
AJ Witt (24:00):
Yeah. And, and, and on that subject, I mean, I know this is something that the, you do proactive monitoring with, um, Oracle database, uh, and so on. Is this something that that, that you can probably adapt to with your tools for, uh, for also looking at this problem of Java?
Dean Bolton (24:17):
Oh, yeah. And we’ve actually been doing it for a number of years now. Um, so, uh, our system, uh, it’s really just a change to the license key to enable it to monitor, uh, Oracle Java and help customers get, uh, an idea of where they’re at currently, um, and make sure that, uh, they stay in compliance by not getting any rogue installations, uh, down the road.
Michael Corey (24:39):
And by the way, think about this. Let’s say somebody has a Windows desktop and they’ve got a policy that prevents you from downloading it, they go home. Nothing prevents them from doing that while they’re outside the corporate office, but then when they, right, so my point is, you really do have to proactively look for this because it will show up in places you don’t expect it to show up, and you need to find it before the vendor finds it and becomes a very expensive bill.
AJ Witt (25:05):
Yeah. And, and, and those kind of controls are increasingly, uh, looser than it than they used to be. I, you know, now we’re off, now we’re off of our corporate networks quite often. We’re just collecting direct to the internet. Um, yeah, we’re, we’re con consuming all of our, all of our business applications might be maybe via the internet via SaaS, whether it’s stead easy then to, to, to end up with just downloading something may even be for personal use on, on, on, on a corporate laptop, which is, um, you know, I’m sure increasingly common. So yeah. So it’s that, it feels to me like you almost need to kind of engage with your security team here and say, treat this like, treat this like a virus, treat this as as rogue software. Um, and because you need to, as actually say, you need to get, get on it quick, um, to squash any instances that, that are sort of spreading, really, it does almost feel that way. Like you need to just get on onto a block list, um, you know, prevent downloads sort of in the corporate network and prevent installs in the corporate network. Um, yeah, wondering what you think about that?
Dean Bolton (26:10):
I, I think there are some, some valid uses for it, right? And, and there’s some business needs, but, uh, I, I definitely get the analogy and we’ve definitely had some customers who have pretty much treated it like a virus in there and putting blocks and configuration management and, uh, all of their monitoring on it in there. So if, if that’s, uh, what works for your company, cuz you, you don’t have those usages, um, then that’s not a bad approach.
AJ Witt (26:38):
Yeah. I, I guess as well, there’s, there’s, there’s an element, uh, education here as well. We, we, we’re gonna need to tell, we’re gonna need to tell our users about this, our employees about this, to, to warn them of the risk. Um, because it’s not something that you download, you don’t have to go, go and download it consciously, right? I mean, it, it, it’s, if it’s required for an application, it’s gonna tell you go and download Java somewhere. Um, so I guess, I guess there’s a role to play there of just kind of telling people the risk,
Beware of auto-update functionalities
Dean Bolton (27:11):
Uh, yeah. With the one caveat that unfortunately, uh, a lot of the desktop systems have auto update functionality in there.
AJ Witt (27:20):
Dean Bolton (27:20):
Yeah. And, and so you might have had an old version that was totally fine, did the job, um, for valid security compliance reasons, you wanna be up to date, you go ahead and update past some of those releases, and then boom, you’ve got the, you’ve got the problem in there for the entire organization. Okay. So, uh, it, it, it, it has a, uh, a number of different angles in it that make it very tricky
Michael Corey (27:42):
Mm-hmm. <affirmative>. And so to me, really it’s, there’s two sides to the problem. Where am I using Java today? Run the calculation, should I get a subscription or not? If not, how do I rip it out and replace it with something that meets the needs, given all these applications that use it, right? And keep it where it’s covered by an existing license. And then there’s the flip side is how do I make sure that if it accidentally comes into my environment, it’s detected, removed and documented so that you can demonstrate to the vendor, no, you are proactively making sure that you’re not using software that you haven’t licensed.
The potential fall out of the new metric change
AJ Witt (28:19):
Yeah. That, that, that’s the key, isn’t it? It’s not, this isn’t a project that you can say, okay, we’ve done that. Now you need that continuous monitoring, that continuous compliance to prove that you are, um, you’re doing, I, I mean, I’m sure in an audit situation, if you say, if you say to Oracle, well, we have a policy that says we don’t use Oracle Java, and we have these measures in place, um, Oracle probably still won’t care. <laugh>, they’ll still send, try and send you a bill. Um, so, um, yeah, you know, it it it’s a continuous process. We’re gonna have to do this forever basically, um, to, to, to, to, to run to make sure we avoid discharge. Um, so we kind of sort of talked about technical things here quite a bit and kind of what we need to do. I’m curious, what, what do you think Oracle’s, uh, purposes behind this? Is it just about making money? Um, because it sound, it feels to me like it’s going to seriously annoy a large number of very, very large customers, particularly in the us. Um, you know, the scale of scale of businesses there. Um, I imagine there’s gonna be some complicated conversations at quite high level between, you know, the boards and, and, and, and the Oracle board on this.
Dean Bolton (29:38):
Um, I wouldn’t be surprised if for some of strategic vendors, even though the, uh, the list price dollar and even the list price has this bucket of over 50,000 employees call us. Right? Um, but I wouldn’t be surprised if for those, uh, true large customers, critical customers, um, that the discounts, uh, offered will bring this back into a, um, reasonable range to kind of lower the temperature and, and not bring it to the kind of board to board conversation level. Mm-hmm. Um, but uh, yeah, uh, I mean, I think the tactic is that, uh, Java is everywhere. Uh, everybody needs it. And so this is the new, uh, simple way of being able to get it and then not having to worry about these, uh, issues of installs and controlling, um, all of that anymore. Um, so I think that’s kind of their approach is just saying this is the, uh, you know, shorthand, the u l A of it unlimited licensing model that they have, um, uh, and, and trying to keep that price point down probably so that it doesn’t, uh, uh, ruffle too many feathers
Oracle’s intentions may not be as nefarious as some believe
Michael Corey (30:45):
<laugh>. Yeah. And I just in Oracle’s defense a little bit, I don’t think that they consciously set out to do this. I think this was, we have something that we know has value. We announced to the world that they’re gonna have to pay for the licenses and expected the world to line up to pay for those licenses, and the world didn’t mm-hmm. <affirmative>, so they never really realized the value of this investment. Then they started doing audits and they said, oh my God, this is complex. Java is everywhere. We don’t have really any easy way to deal with this. Yeah. And then they kind of took a step back and said, well, is there a way that we can license this? The problem is it sounds great from a vendor perspective, but from a customer perspective, wait, what do you mean? I have to pay five, 10 times what I used to pay? And then I look at some of the stuff that’s going out there in Forbes and other publications, customers wanted a simpler way to determine licensing costs. Yeah. I sure I want a simple way to determine license costs, but I don’t want my cost to go up tenfold
AJ Witt (31:45):
Michael Corey (31:47):
Right. And, and you know, and then there was a, there was a, a Forbes article that talked about how the fact that Broadcom is not going to do this with VMware because VM licensing, well, maybe the vendor stops giving you 20% discounts and they’ll only give you 5% discount. What’s the net effect of the customer? You’re gonna pay more. Yeah. Yeah. So in Oracle’s defense, I don’t think they went down this path initially purposely to just drive the cost up to an extreme saying, you have nowhere else to go. But now they’re here and they’re saying, we, we have to monetize this. We have a right to get paid for our software, and they put a stake in the ground. It’s just unfortunate where they started.
AJ Witt (32:26):
Yeah. And, and, and now the, the metric that they’re using, that’s the metric that they do use elsewhere, then I, I’m sure they use it in e-business. So, you know, e-business metrics can be things like number of expense claims, certainly number of employees for Oracle hr, for example. So, so I can kind of get their reasoning behind it. Well, let’s make it simple. Um, but yeah, I, the issue is the five to 10 fold increase in pricing. Um, something else i, I did wanna touch on, um, I saw mention of the fact that, um, it’s also potentially a lever to, to sell you Oracle cloud infrastructure because, uh, Oracle Java is, is free to use in, in, in oci. Is is that the case and is that really practical to kind of think about, well, we’re, we’re gonna start deploying our Oracle Java apps in, in OCI to get around this?
Dean Bolton (33:20):
Uh, I mean, it, it, it is true. Um, I just don’t know if, given the scale of, of where customers are really using Java, um, if that’s gonna be a deciding factor, right? Because yes, you could start deploying your, uh, Java applications and O C I, um, but then where, where’s the other side of that, the users that are, uh, connecting to it? And, and it’s kind of the end user side of things that I think is, is driving that. And so, um, from, from what we’ve seen, what we’ve heard from customers, um, it, it doesn’t really do, uh, do the trick to just move things into oci I to kind of get rid of this issue.
Review of the Oracle Java changes
AJ Witt (33:57):
Okay. Cool. Thanks. I think we should probably sort of wrap up and summarize here now. Um, so, so no, this change has happened, it happened in, in January 23. It’s applicable now to, uh, anyone going through a renewal phase. Um, particularly if you, if you don’t actually already have Oracle Java licenses under processor or, or, or, or, or named user plus license models, um, it’s really important to go out and do a quick audit of where you are in, in, in your, um, environment, what’s deployed out there. Um, if you find a single copy, then get ready to pay a bill if Oracle will come knocking. Um, and so we, we then kind of sort of touched on thinking about continuously monitoring that to kind of solve that, that risk here of, you know, rogue installations perhaps of Oracle, Java being out there. Um, yeah. Anything to add to that? Um, Dean and Mike?
Michael Corey (34:54):
Yeah, I guess I would just add that you definitely have to get a handle on how you used it in the past and mitigate that business risk, right? Yeah. Because how you explain to Oracle, you deployed Java is gonna have a huge impact in what that past usage cost would be, and you can bring that down just being smart about how you did it and then moving forward, just having a plan in place so that you don’t get caught during your next audit when they start asking questions about Java.
Dean Bolton (35:21):
Yeah. I I think the, uh, that point is right, is that, um, if you had your head in the sand before it, it’s now become, uh, a something that needs to be addressed in a, in a proactive way. Um, there’s a lot of alternatives out there, um, but it really needs to be, you know, reviewed and planned for, um, and not just, you know, kicking the can down the road anymore.
AJ Witt (35:43):
Yeah. And, and I would just wrap up with that and say that no, this is a, this is a big risk. This is one, to try and handle yourself as an IT asset manager. You need to alert your senior stakeholders. If you haven’t done so already, then you kind of need to do that right now because this is a substantial financial risk for, for, for most organizations. And I would also say as well, um, you know, don’t try and handle this in-house. Go out there and, um, and, and, and look for help talk to the experts, um, on this because it, you know, it’s a, it’s, it’s a complex, uh, risk to manage. You’ve gotta think about, um, can, can we move applications onto versions which aren’t chargeable? Uh, can we move off of Oracle jar even can, no, these are all very big projects and very big conversations to have with, with architects, with your, with your board members or certainly with your IT leadership. Um, and also you are gonna need help. I, I, I would say to, to, to, to actually address this problem,
Michael Corey (36:44):
And I guess I’d add one last thing, which is, if you do have Java licenses, how long do you expect Oracle to continue to let you license into the old metrics? Yeah. Because nothing obligates them on a renewal to say, oh yeah, we’re gonna let you use that old metrics moving forward.
AJ Witt (37:01):
Yeah, that’s a very good point to wrap up on. Actually, of course, being a subscription, they can change the rules. Uh, it’s not how it was with a perpetual license. So as I think, Mike, you said earlier, if you have a perpetual license, well, you can carry on using that on the terms that you, you agreed to when you purchase that license and, and, and, and put it into use. And that’s no longer the case with the subscription. No, the, the, the goalposts can be moved multiple times. Um, so you have to really fax that into your long-term decisions about using any software, not least Oracle.
So. Great. Thank you. Um, thank you both. Thank, thank, thank you, Mike. Thank you Dean. I hope, hope that’s really raised the profile, um, of this issue. Uh, for our listeners, um, we have a number of articles around this, this subject, uh, including a nice handy little calculator for, um, calculating a sort of a ballpark risk cost around this based on employees or, or, or whatever that other metric you, you are using. Um, so yeah, reach out to us, reach out to Mike and Dean, um, if you need help with this and, uh, we’ll be more than willing to help. Thank you both.
Dean Bolton (38:11):
Thank you. Thank you.