It’s common knowledge that using a 3rd party hosting provider creates a unique set of challenges for the customer who is trying to be in compliance with their Oracle software license contracts. These third party vendors will often use virtualization technologies that run afoul of Oracle’s partitioning policies. What surprises many people, however, is how using Oracle’s own OnDemand service offerings can lead to compliance issues with Oracle itself. This is something we’ve seen firsthand at Palisade Compliance.
Let’s first set a baseline. When you use Oracle OnDemand you are buying the rights to use their infrastructure. You must still purchase the licenses separately. You have all the compliance obligations of an on premise client, just less control of the infrastructure.
The first problem is that Oracle customers have a false sense of compliance security when using OnDemand. They either think they won’t be audited by LMS (wrong) or that Oracle will take some responsibility to ensure compliance because you are using their servers (wrong again). What we’ve seen is that Oracle OnDemand will pretty much do what you ask as long as you keep paying. If your environment utilizes Diagnostics Pack, Advanced Compression, Partitioning, etc, Oracle OnDemand is not looking to see if you have the correct licenses. They will run what you tell them to run.
The second issue is that Oracle OnDemand also has specific service level agreements with their clients. If systems are not performing then they very well may throw more horse power behind your environment and once again cause you a potential compliance issue. Remember, they don’t appear to go back and check your license entitlement. (Correct me if I’m wrong please.)
The third problem using OnDemand is that Oracle knows about the first two problems. Oracle knows about the compliance challenges. They know about the customer’s false comfort level. They know about the lack of license validation within OnDemand. LMS also knows all the customers who use OnDemand. What’s even more problematic to the Oracle OnDemand client is that you most likely gave OnDemand the right to send data to LMS for the purposes of reporting compliance issues. How far Oracle will take that without going to a client is a mystery.
Maintaining compliance with Oracle licensing is always the client’s responsibility regardless if you are utilizing Oracle’s OnDemand services or you are hosting your applications on premise. As more businesses move into a hosted cloud environment they are taking their eye off the compliance football. That is something you can never do. Even (or especially when) you are hosting your environment with Oracle.
One final note, if you are being audited by Oracle and you have your environment on Oracle’s OnDemand services then there are specific ways you should respond and proceed with the audit that will give you a better result. There is an added level of complexity and opportunity in these audits. If you are concerned that you are not in compliance with Oracle, contact us for a free consultation.