Oracle Java Audit Questions:
- Which versions of Java SE are you running, including patch numbers?
- How many employees are in your organization, including part-time, temporary, and contractors?
- What are the install dates for your Java installations?
- How do you deploy and update Java?
- What are the installation paths for your Java installations?
- Which applications are utilizing Java?
- Have you included DR servers in your Java scans?
- Which tool did you use to scan your environments?
- Can you share scans of your desktops and servers?
- What are your legal entities within the corporation?
10 Key Oracle Java Audit Questions You Need to Be Prepared For
When Oracle conducts a Java audit, their questions can seem straightforward. However, each one is designed to uncover specific details about your Java usage that can lead to significant licensing costs.
Understanding these questions and preparing your responses is crucial for navigating an Oracle audit successfully.
1. Which versions of Java SE are you running, including patch numbers?
This question aims to identify if you’re running licensable versions of Java.
By asking for the specific versions and patch numbers, Oracle can determine if your deployments require a license.. If you’re running a version that requires a license and haven’t procured one, you could be liable for backdated fees.
Tip: Keep a detailed inventory of your Java installations, including version numbers and patch levels. Review it monthly to ensure you do not accidentally update to a licensable version.
2. How many employees are in your organization, including part-time, temporary, and contractors?
Oracle’s licensing model often includes a per-employee metric for full-time and part-time, temporary, and contractor employees. This question will allow Oracle to calculate the number of licenses your organization needs.
Tip: If you already bought an employee license, Ensure your employee counts are accurate and comprehensive. Include all staff categories to avoid underestimating your licensing needs.
3. What are the install dates for your Java installations?
By knowing the install dates, Oracle can determine the duration you should have been licensed. Oracle will use this for demands for retroactive licensing fees, potentially spanning several years. The longer the unlicensed use, the higher the backdated costs Oracle will request.
Tip: Maintain records of all software installation dates. This can help negotiate and verify any retroactive licensing claims Oracle might make.
4. How do you deploy and update Java?
Oracle is interested in your deployment and update processes to see if you use commercial features like the MSI Enterprise Installer. These features require licenses, even for older Java versions. This question helps Oracle assess whether your deployment methods necessitate additional licensing.
Tip: Review your deployment and update processes. Avoid using commercial features unless you have the necessary licenses.
5. What are the install paths of your Java installations?
Oracle asks for install paths to verify that Java is not embedded in other products, which could be a defense against some licensing claims. Understanding the install paths allows Oracle to determine whether your Java usage is separate and licensable.
Tip: Document and standardize your Java install paths. Differentiate between Java installed as part of other licensed products and standalone Java installations.
6. Which applications are utilizing Java?
Only a few applications have license-included agreements with Oracle. By identifying the applications using Java, Oracle can quickly check if these applications are covered or if additional licenses are needed.
Tip: Compile a list of all applications that use Java in your organization. Verify if they are covered under any license-included agreements with Oracle. As a rule of thumb, only well-known industry software giants have such agreements with Oracle.
7. Have you included DR servers in your Java scans?
Disaster Recovery (DR) servers and any installations on desktops or servers require employee licensing. Oracle wants to ensure that all environments, including DR servers, are accounted for in your licensing.
Tip: Include all servers, including DR servers, in your Java scans and inventory. This ensures you have a complete picture of your licensing needs.
8. Which tool did you use to scan your environments?
Oracle asks this to determine if your scanning tool can accurately identify all Java installations. If your tool is inadequate, Oracle may not accept your scan results, leading to further scrutiny and potential non-compliance issues.
Tip: Use a robust and recognized scanning tool to audit your Java installations. Ensure it fully scans your environment. Remember, Oracle has records of downloads and updates.
9. Can you share scans of your desktops and servers?
Oracle requests scans to validate the data you provide. This is to cross-verify that your reported Java installations match what’s deployed in your environment.
Tip: Regularly perform scans of your desktops and servers. Keep records and consider what you share with Oracle if anything.
10. What are your legal entities within the corporation?
Oracle needs this information to ensure that all legal entities within your corporation are properly licensed. Licensing one entity but not others can result in non-compliance if those entities use Java.
Tip: Don’t underestimate the risk of Java employee metric if you have subsidiaries that may be using Java that require a license.