Introduction
Oracle has been aggressively pursuing Java sales outreaches to their customer list, and non-Oracle customers whom they can identify from software download logs. Their claims of deficiency are often unreasonably excessive. It is critical to warn your teams not to respond to Oracle requests for data until they have been thoroughly reviewed by IT, software procurement/vendor management (SPVM), and/or legal personnel in your organization. This brief goes into the details of what we are seeing in our customer engagements and provides some action items that you can consider to reduce organizational risk.
Executive Summary
- Starting in 2024, Oracle dramatically ramped up pressure on companies that they suspect are using license-required versions of Java SE. Even if you are not an Oracle customer, they are tracking Java downloads and matching the IP addresses to commercial or public sector organizations.
- For customers with existing Java subscriptions, they are often allowing the term to expire, and then pressuring those customers to move to the vastly more expensive employee-based pricing model. House of Brick customers in this category are seeing proposed annual price increases of 1,000% or more.
- For non-Oracle customers, or Oracle customers without a previous Java subscription, they are aggressively pursuing sales of the employee-metric model. A small to medium-sized business might see proposals in the range of $100k to $500k per year. Larger organizations are running into the millions of dollars in proposed annual expense.
- Oracle is using their License Management Services (LMS) personnel to conduct “license compliance reviews” that they assure their customers are not formal audits. Providing information in an informal audit increases the risk to the organization over the formal audit process.
- If you are receiving Java-related communications from Oracle it is critical that you be careful what you share with them. If you have not yet received an outreach, you will! Please caution everyone in the company (DBAs, Sys Admins, IT Directors, CFOs, CEOs, anyone for whom Oracle may have contact information) not to respond to Oracle’s request for information without it being fully vetted.
- House of Brick can help. Let us know and we can schedule a free call to discuss the situation and give you recommendations for responding.
Java Licensing Background
From the time Oracle acquired Sun Microsystems, until April 15, 2019, the ability to download, install, and use the latest versions of Java software (JDK, JRE, etc.) was free. Oracle later started offering paid-for support for enterprise customers. In 2019, however, Oracle changed their licensing policy for Java. Rather than free-to-use, Java SE usage for end-users and servers now required an annual license subscription. As we have published previously, they also designated certain Java SE releases as the “last free version” that people could use, typically updates released prior to April 15, 2019.
The license metrics for the new Java subscriptions were the familiar Processor (with applicable core factor applied), and Named User Plus (one for each individual end-user or non-human device that accesses the software). This was certainly a shock for organizations to start paying for something that was free before, but overall, our customers seemed satisfied with the increased support and development attention they were receiving from Oracle.
Then came January 23, 2023. Seeing license revenues declining from core products, and apparently wanting to increase recurring subscription revenue, Oracle changed the license terms for Java dramatically by introducing the Universal Subscription model. Oracle claims that the “Java SE Universal Subscription is a simple, low-cost monthly subscription that includes Java SE Licensing and Support for use on Desktops, Servers or Cloud deployments.” It may be simple, but it is anything but “low-cost.” We have customers whose annual subscription fee proposals have increased by 1000% or more over the previous year.
In the Universal Subscription Model, rather than counting actual users and server cores where the Java software is installed and/or running, a customer is required to count Employees. Oracle’s definition of Employee is extremely expansive, “Employee for Java SE Universal Subscription: is defined as (i) all of Your full-time, part-time, temporary employees, and (ii) all of the full-time employees, part-time employees and temporary employees of Your agents, contractors, outsourcers, and consultants that support Your internal business operations.”
There are ways to avoid or minimize the pricing impact, but you have to be vigilant against the Oracle playbook, and extremely careful with the information that is shared. Of course, if you are using Oracle technology, then it is appropriate for them to ask for adequate license coverage. Oracle seems to often confuse “adequate” with “the highest amount we can possibly justify.” Oversharing your information can lead to extreme difficulties in the negotiated resolution process.
Escalating the Pressure in 2024
This year, Oracle’s Java sales pressure has escalated considerably. In discussions with leading industry analysts, we have learned that Oracle started the year with their entire customer list, and a list of all non-customers to whom they can track Java downloads. They are aggressively contacting each one. These analysts indicated that as of last month, they estimated that Oracle was 15% through these lists.
Nick Walter, House of Brick’s CTO and Professional Services executive was quoted in The Register explaining Oracle’s approach, “Java is expanding the customer base for Oracle because even if the customer is not using Oracle database, there is a chance that they’re using Java either on user desktops or laptops or in server environments. Oracle is aggressively knocking on the doors of people and claiming non-compliance with Java.“
These contacts are not simple emails either. Oracle often starts with a DBA, a System Administrator, or Asset Manager for whom they have contact information, and requests a meeting. Oracle tells them that they need an urgent report of all installations that contain the word “java” in any context, and a full list of all VMware or other virtualized platform hosts, whether they have Java installed or not. These diligent professionals, not wanting to put the organization at risk, often reply to Oracle’s request by providing a complete list of Java installations and virtual hosts. This gives Oracle all the information they need to develop claims of non-compliance that will be nonsensically high.
Oracle’s Proposal for Compliance
With the dramatic claims of current and past deficiency, the Oracle sales team will make a proposal to migrate to the Universal Subscription model. This proposal will typically be for a three or five-year term, with claimed discounts from the public pricing. If the customer accepts the longer-term proposal, then Oracle will agree to waive past Java usage that they claim was non-compliant.
The numbers that Oracle presents in their proposals are very large. They seem to count on an even larger number for claimed past usage to motivate customers into accepting the expensive Universal Subscription offer. While calculating the Universal Subscription pricing is a fairly straightforward calculation based on publicly available employee counts, the past usage calculations are almost always dramatically incorrect.
In our experience, Oracle has always counted three years of past usage using Employee metric. The absurdity of using the Employee metric for claimed deficiencies in 2023, 2022, and 2021, is that this pricing model did not even exist until January 23, 2023! How can they ethically charge a customer for a pricing model that did not exist for at least two of the three years of claimed deficiency?!
What Can I Do Now?
Your options for how to proceed depend on several factors, including:
- Whether you have had a paid Java SE subscription in the past using the Processor and/or NUP licensing metrics.
- The quantities in the Subscription Ordering Document for each of those metrics.
- Your internal or third-party dependence on Oracle’s versions of Java SE.
- The level of effort required to get to a zero-license footprint for Oracle licensable Java SE
These factors for your Oracle response strategy will be broken into two categories, customers with existing Java SE subscriptions using Processor and NUP metrics (even if Oracle has allowed that subscription renewal to go past the termination date while they try to move you to the expensive Universal model), and those customers without an active (or recently termed) subscription.
Customers With an Oracle Java SE Subscription
If you have had a paid subscription for Java SE, even if Oracle has allowed the term date to expire while they propose migrating to the Universal model, you have more options available to you than an organization that did not have a subscription.
Renewing on the Legacy Subscription Metrics
The day after the Universal Subscription was introduced on January 23, 2023, Oracle published a list of frequently asked questions. When it was first published, the second question and answer was as follows (emphasis added):
What is the difference between a Java SE Universal Subscription and the legacy Java SE Subscription and Java SE Desktop Subscription products?
The Java SE Universal Subscription replaced the now legacy Java SE Subscription and legacy Java SE Desktop Subscription as of January 23, 2023. Customers of the legacy Java SE Subscription products continue to receive all the original benefits and may renew under their existing terms and metrics.
Sometime between July 24, 2023, and September 12, 2023, Oracle changed the emphasized FAQ text in a detrimental way for existing subscription customers (changes in bold):
What is the difference between a Java SE Universal Subscription and the legacy Java SE Subscription and Java SE Desktop Subscription products?
The Java SE Universal Subscription replaced the now legacy Java SE Subscription and legacy Java SE Desktop Subscription as of January 23, 2023. Customers of the legacy Java SE Subscription may, to the extent permitted in their existing order, renew their legacy Java Subscription, subject to confirmation that current usage is reflective of license counts in such existing order.
The challenge that this modified language introduces is that Oracle is now likely to resist allowing legacy Java SE customers to easily renew if any of the following conditions exist:
- The customer had a subscription for one metric (e.g., NUP), but not the other one (e.g., Processor).
- The customer had a subscription for both metrics but needs to increase the quantities for one or both.
- The customer had a subscription for both metrics but due to usage contraction, desires to lower the cost of the next-year’s subscription.
In our experience, we would still try to negotiate a legacy subscription renewal at the appropriate metric levels, even though Oracle would be initially resistant to do that.
Since it is not likely referenced by your Subscription Agreement, The FAQ cited above, is not a binding contractual document. There is a reference to Java subscription renewals in a document that is referenced by your agreement, and that is Oracle’s License Definitions and Rules Booklet. As of the time that this brief is published, the latest update on that booklet is March 15, 2024. Under the Section “License Subscription” on page 16 (not the Java SE Subscription sections on previous pages), it states the following:
At the end of Your license subscription, You may renew Your license subscription, if available, at the then current fees for the applicable license subscription.
Looking at this section instead of the sections on the Universal Subscription is important because this is the one that applies to the Legacy Java model. A potential pushback from Oracle on this is the qualifier, “is available.” They may claim that the legacy subscription is no longer available. Our rebuttal is that the statement does not say that it is “publicly available,” only that it is “available” (even privately). It is worth it to expend every effort to renew on the legacy subscription metrics.
Negotiating a Legacy Subscription Renewal
When finally conceding that you will be allowed to renew on the legacy subscription metrics, Oracle will provide a list of information that they want documented and sent to them. If they happen to get information from any source in your organization before it has been reviewed and vetted, they will inflate the findings
There are some things that you should know about the process Oracle goes through to determine their “estimate” of your non-compliance, especially with overshared information:
- If there is Java installed on even one server in a virtual environment, they will
count every physical host, regardless of whether any Oracle Java is installed there. - They will ignore or minimize the Java entitlement that you may have from other
Oracle software products, or even bundled Java entitlement from other vendors,
like IBM. - They do not consider the production vs. non-production status of the servers or
desktop users. - They do look at Java version numbers, but often do not dig deeper to see if those
truly require a license.
What To Do If You Have Not Had a Legacy Subscription
Admittedly, this situation is quite a bit more difficult. Here are some of the situations you may be in:
- If Oracle Java SE is strategic and necessary for your organization, then you will likely need to subscribe using the Universal Subscription model. The only way to reduce this annual fee is to negotiate with Oracle on a discount from the published rate, with a potentially multi-year deal.
- If Oracle Java SE is not strategic nor necessary for you, then you should consider the effort of getting to a zero-licensed footprint as discussed below. You may still need to pay Oracle some backdated fees for prior unlicensed usage.
- If the only Java SE you have is due to a third-party application vendor requirement, then you should check with them. Some vendors bundle Java SE into their product releases, and most vendors are getting pressure to offer an open-source solution, such as OpenJDK.
Outlook for Oracle’s Java Campaign
If your organization does not have a subscription for Java, then you will likely be contacted by Oracle in the next 3 to 9 months with pressure to enter into one. Even if you are not an Oracle customer, they are tracking product downloads and matching the IP addresses to your organization. Oracle has deployed a whole team of people in India that are contacting organizations worldwide with claims of non-compliant Java SE usage.
If you are in the middle of an Oracle “license compliance review” or are getting pressure from Oracle to enter into a costly subscription, then please reach out to us. We are having a lot of success right now helping customers reduce or eliminate the claims Oracle is making.
If you have not been contacted yet, you will be. It is far better to prepare now for that eventuality than it is to wait until Oracle knocks on your door or starts snooping around. If you do not have a legacy subscription, and are most closely aligned with category 2 above, here are some things you can do:
Strategies for Zero-Licensed Java Footprint
Here are some ideas for tracking and updating your Java installations to ensure that you do not need a license subscription from Oracle:
- Downgrade or upgrade to a version of Oracle’s Java SE that does not require a paid subscription. Get very familiar with the post from House of Brick’s Joe Grant showing which versions are free and which are not. If you are going the route of upgrading to version 17 or higher, then please make sure you read this post from David Woodard and Tactical Law Group’s Pam Fulmer.
- Categorize your Java SE usage into production vs. non-production environments. Oracle’s Java SE Universal Subscription Datasheet (which is likely a contractually binding document since it is listed by Oracle as Java Program Documentation), states the following on page 3 (emphasis added):
Java 8 updates have been released by Oracle since April 2019. These releases, when used for production, require a subscription unless it is being used with an Oracle product (personal and development use do not need a subscription).
- Carefully document the publisher of the Java software you are using, and where possible, move to an open source or freely available publisher. These include free versions from IBM (IBM SDK for Java, and Semeru Runtime), and various distributions of OpenJDK, such as Corretto from AWS, and AdoptOpenJDK from Adoptium.
- Evaluate Oracle or third-party software to determine whether it comes with an included entitlement to Java SE. There are several Oracle products that come with an included Java entitlement, such as E-Business Suite, and WebLogic Server. You should consider each one, and the rules associated with how the Java can be used. Third-party software vendors may also provide a Java entitlement that should be reviewed.
As outrageous as it may seem, even if you have only one instance of licensable Java SE in your environment, then Oracle may have a claim on you to enter into the Universal Subscription for all your employees and contractors.
Even if you get to a zero-licensed Java footprint, if Oracle has any details about past unlicensed usage of Java SE, they will pressure you to make a considerable payment of back fees. This claim should be carefully analyzed as well, because they will likely try to bill for the Employee metric for years where it was not even publicly introduced.
House of Brick Can Help
If all of this seems crazy, and a little overwhelming, you are not wrong. House of Brick has the tools, the processes, and the expert support personnel to help you deal with Oracle’s demands. On the Java demands alone, we have helped reduce our customers’ fees by 10’s if not 100’s of millions of dollars already.
Please feel free to contact your account director, or reach out to us online. We would be happy to schedule a free consultation call to review your situation and provide recommendations for how to proceed.