Oracle Licensing with VMware NSX

Thursday, 11 May, 2017

I’m sure some of you are asking how a network virtualization product can help with software licensing.  Well, if you’ve been following VLSS for a while, you know that our mantra isn’t “Trust, but verify.” It’s “Just verify,” and VMware NSX can help do just that.

There are a number of ways to track Oracle usage, but one challenge has always been capturing developers or DBAs “gone wild.” It’s pretty easy for anyone to sign-up for an Oracle Technology Network account, download the latest version of Oracle database or middleware, and cause a huge licensing issue down the road.

NSX has always supported third-party integrations that can help capture network traffic that indicates an Oracle database is being run, but some of those products carry a hefty price tag in addition to the cost of NSX. But with the recent update of VMware NSX 6.3.0 and up, it looks like more functionality is included out of the box: Flow and Endpoint Monitoring.

First, deploy guest introspection for the cluster through the NSX installation. As you can see here, we have two hosts and 3 VMs with guest introspection enabled in our lab:

From there, one can use Flow Monitoring and Endpoint Monitoring to check for Oracle traffic on ports like 1521:

Now, is that a fool-proof solution? No, we’re not sure what that traffic on 1521 actually is.  And we won’t catch anyone running Oracle traffic on a different port. But if you already have VMware NSX, it’s another tool in your toolkit for managing Oracle licensing. Check out the official VMware documentation for details on setting up Guest Introspection and using Flow and Endpoint Monitoring.