Now That the Dust has Settled, How You Should Respond to Oracle Java’s Licensing Changes

Now that the dust has settled after Oracle’s Java bombshell to switch to employee count licensing, we spoke with Dean Bolton and Michael Corey from LicenseFortress discuss the changes to Java licensing.

In this podcast we detail exactly what has changed, provide practical tips on how to assess your potential exposure, and explore options for mitigating this significant risk.

With organizations facing anything from a 2x – 10x increase in Java license costs this is something which all IT Asset Managers should be taking action on now.

Introduction

Narrator:
Welcome to the ITAM Review podcast—news, reviews, and resources for ITAM, SAM, and software licensing professionals.

AJ Witt:
Hello, everyone. Welcome to this podcast from the ITAM Review. Today, I am joined by Mike Corey and Dean Bolton from LicenseFortress. Many of you are likely familiar with them from previous podcasts. I believe this is at least their fourth appearance. Welcome, Mike and Dean.

Dean Bolton:
Good afternoon, everyone. Good morning, depending on where you are. Thanks for joining us.

Michael Corey:
Thanks for having us. This is Mike Corey, excited to talk with you all today.

Understanding the Oracle Java Licensing Shift

AJ Witt:
Today, we’re diving into Oracle’s changes to Java licensing, which occurred back in January 2023. We’re recording this in late March, and many are still grappling with the impact. We’ll break down these changes and explore how IT asset managers can mitigate financial risks from Oracle Java in their environments.

So let’s begin with an overview of what changed. Fundamentally, Oracle switched from processor or named user plus licensing to an employee-based model. This approach simplifies things from Oracle’s perspective—just count the employees and apply the list price. Unfortunately, this has led to a 2-10 fold increase in costs for many customers, especially in today’s economic climate of rising prices and layoffs.

Can we dig into these changes a bit more—specifically what versions are involved and what this means for companies?

Details of the New Java Licensing Model

Dean Bolton:
Certainly. One key detail to note is that Oracle’s definition of “employee” is broader than just full-time staff. It includes part-time, seasonal workers, contractors, and agents. Many companies find themselves with a much larger employee count than expected, which increases costs significantly.

AJ Witt:
That’s a critical point, especially for industries like retail or hospitality with fluctuating workforces. Many organizations experience seasonal spikes, which means they might suddenly face higher costs when their employee numbers rise temporarily.

The Origins of Oracle’s Licensing Monetization Strategy

Dean Bolton:
Exactly. To give some context, Oracle purchased Sun Microsystems in 2009 and attempted to monetize Java starting in 2019. They introduced a new subscription model for non-public releases starting from April 2019. This applied to specific Java versions—Java 6 beyond version 45, Java 7 past version 80, Java 8 beyond version 202, and Java 11 after the base release.

If you’re using Java as part of other Oracle applications like PeopleSoft, SAP, or VMware, you may not need an additional Java subscription. But beyond these, anything else requires one.

In January 2023, they switched to an employee-based metric, which applies to all employees—whether they use Java or not. It’s a straightforward model but not always the most cost-effective for customers.

Michael Corey:
To give you an idea, if you’re a company with 3,000 employees, your annual cost could be around $400,000 USD. A company with 10,000 employees might pay up to $1 million per year. The good news is that for past usage, Oracle has to rely on the old metrics. But moving forward, if they find one unlicensed use, your costs will skyrocket.

Impacts on Different Sectors and Practicalities of Compliance

AJ Witt:
Java is everywhere, and Oracle knows it. In some cases, companies use Java as part of a larger application stack without even realizing they need to license it separately. I guess from Oracle’s point of view, this shift is about monetizing that ubiquitous presence.

Michael Corey:
Exactly. But it also highlights the downside of subscription-based licensing. Under perpetual licenses, if you disagreed with a vendor’s pricing, you could simply stop paying for support. You’d lose access to updates but still have the right to use the software. With subscriptions, if you stop paying, your access is cut off entirely.

AJ Witt:
And with Broadcom’s acquisition of VMware, there are concerns about similar changes coming to VMware’s pricing model. Vendors are looking for ways to monetize their customer bases more aggressively.

When Will the Changes Start Affecting Customers?

AJ Witt:
Let’s talk about timing. When will these new metrics start impacting customers who already have existing licenses under the older models?

Dean Bolton:
For existing customers, Oracle has communicated that renewals will still use the old metrics for now. However, we don’t know how long that will last. By 2024 or 2025, I expect most renewals to shift to the new employee-based metric.

For customers without existing contracts, it’s tougher. They’re already being pushed onto the new metrics. Some have been able to negotiate, but those cases are becoming fewer. These companies now have to decide whether to pay for Java across their entire workforce or migrate to alternatives.

Customer Reactions and First Steps

AJ Witt:
What are you hearing from customers? Are they panicking about this?

Dean Bolton:
Yes, definitely. Customers are accelerating their decisions around Java. Many were taking a wait-and-see approach since 2019, but with the new metrics, they’re realizing the cost could be five or ten times higher now.

The first step is to determine exactly where Java is installed and what installations actually require a subscription. Once you have that information, you can make more informed decisions about whether to pay for the subscription or explore alternatives.

Michael Corey:
I would add that companies should also notify third-party vendors that rely on Java and ask them to address their usage. If a vendor can’t provide a solution, companies may need to replace those applications.

The Importance of Proactive Monitoring

AJ Witt:
This isn’t just about managing your own direct use of Oracle Java, is it? It extends to third-party applications using Java, especially older versions that might still expose you to licensing costs.

Michael Corey:
Absolutely. Even after solving the problem internally, companies need proactive monitoring to ensure Java doesn’t slip into the environment. Oracle conducts audits every three to five years, and a single unlicensed installation can create a massive liability.

Dean Bolton:
We’ve actually been helping clients monitor Java for several years. It’s a simple change to our existing database monitoring tools. But even with the best monitoring, companies need strict controls to prevent unauthorized installations. A Windows desktop, for example, might have policies preventing Java installation, but a user could download it from home. It’s a constant risk.

Navigating Oracle’s Audits and Future-Proofing Your Compliance

AJ Witt:
The key takeaway here is that this isn’t just a one-time project. Companies need continuous monitoring to ensure they remain compliant. In an audit situation, showing Oracle that you have proactive policies in place might help, but you still have to prove compliance.

Michael Corey:
Exactly. It’s about demonstrating to Oracle that you’re managing Java usage effectively. This involves both knowing where it’s used today and planning how to replace it or cover it under licenses moving forward.

Dean Bolton:
In short, if you haven’t addressed Java yet, it’s time to start. There are alternatives, but they all require planning and investment.

Final Thoughts and Recommendations

AJ Witt:
To summarize, this licensing change is significant and needs immediate attention. Start by auditing where Java is installed and then look into continuous monitoring to avoid non-compliance. This risk can escalate quickly, so it’s crucial to involve senior stakeholders and potentially seek external help.

Michael Corey:
And remember, Oracle isn’t obligated to let you continue licensing under the old metrics forever. Eventually, everyone will need to move to the new model.

Dean Bolton:
Yes, it’s about planning for the long term and ensuring you’re always compliant.

AJ Witt:
Thank you, Mike and Dean, for your insights today. This is a critical issue for our listeners. We have resources and calculators to help estimate your costs, and I encourage anyone with concerns to reach out to experts like LicenseFortress. Thanks again, Mike and Dean.

Dean Bolton:
Thank you.

Michael Corey:
Thank you.