At Risk for an Oracle Audit? We Can Help

Has Your CEO Received a Letter from Oracle Recently?

by | Mar 26, 2021 | OpsCompass, Oracle, Oracle Licensing | 0 comments

Oracle has started a new sales campaign where they are reaching out to AWS RDS-License Included (RDS-LI) customers to harass them about their use of Oracle software through AWS.

Interestingly, Oracle seems to be heading straight for the C-suite with their threatening emails. Here is a high-level overview of what they are including in these unsolicited communications:

  • The email comes from an existing or new Oracle Account Executive (sales)
  • They acknowledge that the customer is using the RDS-LI service from AWS.
  • Oracle then claims that the customer’s application and usage of RDS-LI is not in compliance with section 10.3 of the AWS Service Terms.
  • They indicate that the customer must switch to a Bring Your Own License (BYOL) model.
  • They then claim that they can offer licenses for BYOL that will bring down the overall cost (this is not likely as you can see in my colleague Steve Faith’s blog post).
  • They may also indicate that the customer could save money by running in the Oracle Cloud instead of AWS.
  • The first email, or possibly subsequent emails may become very aggressive, with threats of legal action against the customer.

Key Principles to Understand

If you, or your CEO has gotten any communication like this from an Oracle employee, or expect that you might, you need to understand a few key principles:

  1. If you are an RDS-LI customer, your agreement to use the Oracle software is entirely with AWS, and not with Oracle. The AWS Service Terms do not contain an audit provision from Oracle, and so any action Oracle wishes to engage with you on must come through AWS and not directly with you.
  2. The AWS Service Terms contain a list of prohibited activities for customers using their Oracle RDS-LI service. Their list of prohibitions includes the following:
  • You may not “use the Oracle Software for rental, timesharing, subscription services, hosting, or outsourcing;” and
  • You may not “make the Oracle Software available in any manner to any third party for use in the third party’s business operations.”

Oracle seems to believe that every software provider using RDS-LI must inherently be in violation of these restrictions. That is not the case. While the expectations and restrictions are not well-defined, a rule-of-thumb that we employ is to ask these questions, “Is my application storing my data, and do my customers interact with the application to utilize my business services?” If yes, then you are likely in compliance with the RDS-LI provisions. On the other side, if you answer yes to “Does my application store my customers’ data, and does my application act as a service bureau to allow my customers to provide services to their customers?” then you may be in violation of the AWS Service Terms.

What Should You Do?

Unfortunately, anytime that Oracle gets involved in making threats and overreaching claims, it is cause for concern. You should not, however, become overly worried. We can help you through this.

Here are some recommendations:

  • Talk to your legal advisors to validate that your usage of RDS-LI is governed by the AWS Service Terms and not by another Oracle license agreement (which you may or may not also have in addition to the RDS-LI licenses).
  • Do not rush to share (or especially to overshare) information with Oracle. Remember, this is a sales campaign. They are fishing for prospects and will put more attention on those that bite.
  • Independently evaluate your application using RDS-LI to determine if it falls outside of the bounds of the AWS Service Terms
  • If you feel like you might be outside of those restrictions, then you might need to consider a BYOL licensing strategy. You may have existing licenses that you could use, or you may consider a purchase from Oracle (or an authorized reseller). You may also consider migrating off of Oracle Standard Edition to AWS Aurora PostgreSQL as an alternative (and less expensive) database platform.
  • If you feel like you are within the RDS requirements, then you can effectively ignore, or push back on Oracle. You might remind them that you do not have any agreement with Oracle with respect to these included licenses, so if they want to review your usage, they will need to approach you through AWS. It is always wise to consult your legal advisors in this case, especially if Oracle responds with a more aggressive threat.
  • If you have purchased your own licenses from Oracle, in addition to the RDS-LI licenses, then it is possible that you could be subject to a license audit from Oracle for your existing licenses. They may demand to audit your use of RDS-LI in the course of this audit. This is an overreach. Please check out my previous blog post to get a little more detail on why those RDS-LI licenses do not need to be included in an audit.

How Can House of Brick and OpsCompass Help?

We are running into the situation described in this blog post quite frequently. Of course, this is the time of year, as we approach Oracle’s fiscal year-end when they engage in all manner of crazy tactics to try to drum up revenue and hit their annual targets. Here are some ways that we are helping other clients:

  1. We can work with you to independently evaluate your application to determine if it is a third-party service bureau, or whether it is okay to run in RDS-LI.
  2. We can advise your legal team on what is going on and make recommendations on the best way to respond. We can even draft response communications for you.
  3. If you need to BYOL, we can review your use of Oracle software and recommend the minimum number of licenses that you will need in RDS.
  4. Since BYOL will introduce you to the lovely audit clause in the Oracle license agreement, we can validate your use of the Standard Edition software to ensure that you are not using any enterprise features. This is done with our OpsCompass License Manager (OLM) software solution. We can also provide audit defense services to make sure you are not taken advantage of in an Oracle audit.
  5. Of course, OLM can also automatically monitor your use of Oracle software in AWS ongoing, and alert if you ever start using anything that would put you out of license compliance.

If you are an RDS-LI customer, there is a very strong chance that you either have received, or will receive, a letter from Oracle like we have discussed here. We are here to help! Do not worry or get overly concerned. We have been through this before, and can help ensure that you are not bullied into any inappropriate actions for your business. Please contact us if you have any questions.