Oracle Proprietary Application Hosting Dangers in AWS RDS

by | Oct 13, 2020 | AWS, Cloud, Cloud Computing, Oracle Licensing, Uncategorized | 0 comments

, Oracle Proprietary Application Hosting Dangers in AWS RDSby Nick Walter, Principal Architect and Joe Grant, Principal Architect

At House of Brick we field a multitude of questions from our partners and clients about Oracle licensing pitfalls and traps. In some recent conversations a new wrinkle on an old danger, Proprietary Application Hosting, has come to our attention.

Proprietary Application Hosting, as described in the Oracle Technology Hosting policy document, is the right to use a licensed Oracle database in service bureau model as the backend for a hosted SaaS offering containing end-user data. This is distinct from a normal Oracle database full-use license that only allows a licensee to leverage Oracle technologies for their internal data and internal business operations.

In order to obtain and use a Proprietary Application Hosting right, an organization must acquire the correct number of Oracle licenses and, most crucially, go through a process with Oracle to register their SaaS product. This registration process is mandatory in order to receive a Proprietary Application Hosting right.

A New Challenge

None of this is new. In fact, Oracle has been using this process for Proprietary Application Hosting rights for over a decade. However, there is a new challenge for organizations utilizing the Amazon Relational Database Service (RDS) Oracle License-included model as a backend for their SaaS offerings hosted in AWS. The problem, simply put, is that the RDS License-included Oracle offerings from AWS do not include any form of Proprietary Application Hosting rights. AWS outlines this quite clearly in Section 10 of the AWS Service Terms.

Section 10 concerns the use of the RDS product from AWS, and more specifically, section 10.3 “Using Oracle Software”, and 10.3.1 “License Included”. Section 10.3.1 states the allowed use of Oracle software in RDS. Even more helpful, is the short list of disallowed uses of the RDS Oracle License-included model. Two points that stand out in the disallowed list in Section 10.3.1 are that a user of RDS License-included may not:

  • use the Oracle Software for rental, timesharing, subscription services, hosting, or outsourcing
  • make the Oracle Software available in any manner to any third party for use in the third party’s business operations

In practical terms, this means that an organization cannot use an Amazon RDS instance with Oracle License -included to support a SaaS product, or any other product, hosted for their customers. Doing so is clearly a violation of these terms. Of course, the challenge is that many organizations bringing SaaS products to market are not equipped to deal with the complexities of Oracle licensing and may find themselves in this situation completely by accident, in spite of their best intentions to properly license and use all software.

Recently, House of Brick has seen both private and public references to Oracle discovering these inappropriate hosting situations and reaching out directly to the AWS customer involved. A few simple web searches can quickly confirm that multiple organizations are reporting this behavior on Oracle’s part. An older example, found here, demonstrates that this has been issue for quite some time.

A more recent example, found here, indicates that Oracle has continued to reach out directly to users that are in violation of the Amazon RDS License-included terms and conditions in order to make a license sale to rectify the issue. This may be alarming for an organization that needs to correct their use of RDS Oracle License-included for SaaS solutions, as Oracle may be willing to lean on their reputation as an intimidating negotiator to pressure not only RDS users, but AWS directly, as a way to enforce compliance.

Clearly, any organization that finds themselves in this predicament needs to quickly evaluate their alternatives, and be prepared to execute on them, in order to avoid any costly disruption of their SaaS business.

Switch to BYOL

The simplest solution, from an engineering perspective, is to execute a license purchase agreement with Oracle, that includes a Proprietary Hosting right. This would mean that organizations would need to switch their RDS instances to Bring-Your-Own-License (BYOL) instead of License-included. This is a relatively straightforward modification to an RDS instance, so this solution is very quick to implement from an engineering perspective.

Additional Considerations

Beyond the engineering aspects however, there are other implications to consider. Switching to BYOL involves contacting Oracle Sales and executing a license purchase agreement directly with Oracle. This means that instead of being bound by the AWS Service Terms for the license, the organization has a direct contractual relationship with Oracle. Key pieces of advice House of Brick would offer organizations that may be new to negotiating with Oracle include:

  • Sometimes better discounts are available when Oracle sales professionals are motivated to close deals, which is typical for all software vendors. A quick web search on when Oracle’s next fiscal year (or quarter) ends may suggest excellent times to negotiate for better discounts.
  • Do not be inadvertently misled by an Oracle representative claiming that use of more expensive versions of the product can avoid the need for the Proprietary Application Hosting right. Oracle’s registration for hosting rights are complicated and some Oracle sellers may not have experience with the program. Any organization that hosts a SaaS solution in Oracle RDS, or any other on-premises or cloud solution, needs to insist on getting the Proprietary Application Hosting right added to their licenses.
  • Be aware that Oracle sales may make a variety of claims, as is standard in technical sales, to attempt to convince any customer interested in purchasing Oracle Standard Edition 2 licenses (with the Proprietary Application Hosting right) that they actually need to purchase additional products or licenses. Typically, the pitch is an upsell into a more expensive edition of the product or a migration to Oracle Cloud.
  • Organizations operating in an on-demand flexible cloud environment, such as Amazon RDS, may need a buffer of additional licenses in order to account for growth, or for short-term bursts of increased operational activities. This may include activities such as temporarily cloning databases for testing, or for refreshing non-production environments that require additional usable Oracle licenses to perform effectively.

The final thing to be aware of when evaluating a strategy of purchasing licenses directly from Oracle for RDS usage is that many organizations find it uncomfortable to be in a contractual relationship with Oracle. A prerequisite to executing any licensing agreement with Oracle is to execute an Oracle Master Agreement (OMA), which gives Oracle the right to audit the customer’s use of their software, in addition to a variety of other terms and conditions. As a search of House of Brick’s blogs will illustrate, the Oracle audit can be a difficult exercise for customers due to Oracle’s history of making non-contractual audit claims, as well as a lack of software controls that automatically limit the use of unlicensed software or features. This last challenge, of unintentionally using features that are unlicensed, is the number one issue we have found during the hundreds of Oracle audits where we have defended our clients.

An Intriguing Alternative

An organization that does not wish to purchase Oracle licenses and Proprietary Application Hosting right has an intriguing alternative available. They can migrate away from Oracle and choose to run an open source database on the Amazon RDS platform as the new back-end database for their SaaS product. It may take a bit of effort, but ultimately Oracle is not the only game in town. When compared to the ongoing costs of maintenance fees on Oracle licenses, and the ongoing efforts to maintain Oracle license compliance, this may be a very attractive alternative from a long-term, return-on-investment perspective.

House of Brick recommends that organizations already using AWS to strongly consider the feasibility of an Amazon Aurora/PostgreSQL solution as a migration target away from Oracle. PostgreSQL is the closest open source database engine to Oracle in terms of feature comparisons. House of Brick has an excellent track record of success, with multiple clients, in demonstrating that a move to Aurora/PostgreSQL from Oracle is not as daunting as initially feared.

When migrating to Aurora/PostgreSQL, there are almost always adjustments to be made at the application layer, as well as refactoring of stored procedures and function codes inside the database. The good news is that AWS offers the Schema Conversion Tool (SCT), which can automate the majority of the drudgery of such conversions, requiring human intervention in only the most complex cases. When using SCT, most functions, packages, and procedures will migrate with very few manual modifications.

There are advantages, both operational and financial, to migrating off of Oracle entirely. Obviously, using an open source database engine allows SaaS vendors in AWS continued use of a familiar pay-as-you-go model. This may eliminate the need to update operational procedures and introduce strict license compliance controls. It also provides access to the superior performance and scalability of Aurora, which can be a powerful way to ensure that the success and growth of SaaS offerings do not turn into problems down the road.

For those customers who need or want to stay on an Oracle platform, House of Brick offers automated license compliance monitoring through our parent company, OpsCompass. By deploying OpsCompass license monitors on RDS or other instances, organizations can rest assured that we will identify any rogue database feature usage that could end up costing millions of dollars in unexpected license fees. OpsCompass also proactively monitors cloud usage to detect configuration issues that may lead to security problems or regulatory non-compliance.

Quick Plan of Action

Regardless of which solution is most attractive, House of Brick encourages all organizations offering SaaS products backed by Amazon RDS Oracle License-included to evaluate their options and determine a quick plan of action. House of Brick has considerable experience in assisting clients with both Oracle licensing complexities in the public cloud, as well as migrations to non-Oracle platforms. If your organization is impacted by this licensing situation, feel free to reach out to us with questions and concerns. We will be happy to discuss how House of Brick can assist in quickly identifying alternatives or in implementing a plan to pursue either a license purchase or database migration.

 

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *