Oracle database licensing / Oracle Licensing

Oracle Advanced Security Licensing is TDE Included?

Oracle Advanced Security Licensing

  • Add-On for EE: Requires Oracle Database Enterprise Edition.
  • Required Features: Covers TDE, Data Redaction, and encryption.
  • License Metrics: Available as Named User Plus or Processor-based.
  • Matching Metrics: Must align with Oracle Database EE licenses.
  • Compliance: Essential for regulatory data protection standards.

What is Oracle Advanced Security?

What is Oracle Advanced Security?

Oracle Advanced Security is a comprehensive security solution that provides encryption. The following features are part of the Oracle Advanced Security option.

Using any of these features in a production environment requires proper licensing of both Oracle Database Enterprise Edition and Oracle Advanced Security:


1. Transparent Data Encryption (TDE)

Encrypts sensitive data at rest in database files and backups to meet compliance requirements.

  • Triggers Licensing: TDE usage for tablespace or column encryption requires licensing.

2. Data Redaction

Dynamically masks sensitive data based on user roles and policies in SQL query results.

  • Triggers Licensing: Yes, using data redaction policies necessitates licensing.

3. Transparent Data Encryption for Backups

Encrypts backup files with RMAN (Recovery Manager) to secure data outside the database.

  • Triggers Licensing: Yes, encryption of backups via TDE is a licensed feature.

4. Network Encryption (Native)

Encrypts data in transit using Oracle-native network encryption protocols like AES or SHA.

  • Triggers Licensing: Yes, enabling native network encryption requires licensing.

5. Secure Sockets Layer (SSL/TLS) Encryption

Encrypts data in transit using SSL/TLS for connections between clients and the Oracle Database.

  • Triggers Licensing: Yes, SSL/TLS encryption triggers licensing.

6. Key Management Framework (KMIP)

Integrates with external key management systems that are compliant with KMIP (Key Management Interoperability Protocol).

  • Triggers Licensing: Yes, using the external key management framework is licensed.

7. Oracle Wallet for Secure Credentials

Stores encryption keys, certificates, and other credentials securely in Oracle Wallet.

  • Triggers Licensing: Oracle Wallet usage for TDE or encryption-related tasks requires licensing.

8. Tablespace Encryption

Encrypts entire database tablespaces for comprehensive data protection within a storage area.

  • Triggers Licensing: Tablespace encryption is part of the Advanced Security option.

9. Column-Level Encryption

Encrypts specific columns containing sensitive data, such as credit card numbers or personally identifiable information (PII).

  • Triggers Licensing: Yes, column encryption requires licensing.

10. Database Backup Encryption

Encrypts backups automatically when created using Oracle Secure Backup or third-party tools integrated with Oracle Database.

  • Triggers Licensing: Yes, backup encryption is a licensed feature.

11. Encrypted Data Export (Data Pump)

Enables encrypted exports of data when using Oracle Data Pump utilities.

  • Triggers Licensing: Yes, encrypted export functionality requires licensing.

Oracle Advanced Security Licensing Options

Benefits of Oracle Advanced Security

Oracle Advanced Security is an essential Oracle Database Enterprise Edition (EE) add-on. It offers advanced encryption and data redaction capabilities.

This feature ensures data security at rest and in transit, aligning with compliance requirements and safeguarding sensitive information. Understanding the licensing requirements, metrics, and associated calculations is crucial for businesses to remain compliant and cost-efficient.


Licensing Requirements for Oracle Advanced Security

  1. Add-On to Enterprise Edition (EE):
    Oracle Advanced Security is not a standalone product. It is only available as an add-on to Oracle Database Enterprise Edition. Organizations must first license the Enterprise Edition to use this feature.
  2. Licensing Necessity:
    Both Oracle Database Enterprise Edition and Oracle Advanced Security must be licensed. Advanced Security licenses cannot be purchased or used independently without an existing EE license.
  3. Licensing Metrics:
    Oracle Advanced Security is available under the following metrics:
    • Named User Plus (NUP): Suitable for environments where the total number of database users or devices is known and relatively small.
    • Processor-Based Metric: Ideal for environments with high user concurrency or when user counts are difficult to determine.
  4. Matching Metrics and Quantities:
    The metric type (NUP or Processor) and number of licenses for Advanced Security must match the licensing of the Oracle Database EE it is associated with. Mismatched licensing configurations will result in non-compliance.

Oracle Advanced Security Licensing Metrics

1. Named User Plus (NUP):

The Named User Plus metric is based on the number of unique users or devices accessing the database, regardless of whether they connect concurrently. This metric is suitable for smaller deployments with a manageable number of users.

Key Points:

  • A minimum of 25 NUP licenses per processor is required per database server for Enterprise Edition.
  • If the number of users exceeds the minimum required, the total number of NUP licenses must reflect the actual user count.

Example Calculation:

  • Scenario: A database server with four processors and 120 users accessing the database.
  • Minimum Requirement: 4 processors × 25 NUP licenses = 100 NUP licenses (minimum requirement).
  • Actual Users: 120 users. Since this exceeds the minimum, you must license 120 NUP licenses for Oracle Database EE and Advanced Security.

2. Processor-Based Metric:

The Processor metric is calculated based on the number of processor cores in the database server, adjusted by the core factor defined by Oracle’s Core Factor Table. This metric is preferred for high-concurrency environments or when tracking the number of users is difficult.

Key Points:

  • Each physical core in a processor is multiplied by a core factor to determine the licensing requirement.
  • All cores in the server running Oracle Database EE must be licensed.

Example Calculation:

  • Scenario: A database server with four processors, each with eight cores, using Intel processors (core factor = 0.5).
  • Core Calculation: 4 processors × 8 cores = 32 cores.
  • Core Factor Adjustment: 32 cores × 0.5 = 16 processor licenses required.
  • Licensing Requirement: Oracle Database EE and Advanced Security require 16 processor licenses each.

Cost Considerations for Oracle Advanced Security

The cost of Oracle Advanced Security depends on the licensing metric and quantity, which must match the Oracle Database EE license.

Below is a summary of factors influencing costs:

  1. Licensing Metric:
    • Named User Plus (NUP): The cost is proportional to the number of users or devices, making it ideal for deployments with fewer users.
    • Processor-Based Metric: Costs are typically higher for larger deployments based on the number of processor licenses.
  2. Matching Licenses:
    The number of licenses purchased for Oracle Advanced Security must match the quantity and metric of the Oracle Database EE license.
  3. Support and Maintenance:
    Oracle charges annual support and maintenance fees, typically 22% of the license cost. These fees ensure access to updates, patches, and support services.

Practical Scenarios for Licensing Oracle Advanced Security

Scenario 1: Small Business Deployment (NUP Metric)

  • Setup: A business has a database server with 2 processors and 50 users.
  • Licensing Calculation:
    • Minimum NUP Requirement: 2 processors × 25 NUP licenses = 50 NUP licenses.
    • Actual User Count: 50 users (matches the minimum).
  • Licensing Requirement:
    • 50 NUP licenses for Oracle Database EE.
    • 50 NUP licenses for Oracle Advanced Security.

Scenario 2: Enterprise Deployment (Processor Metric)

  • Setup: A large organization runs a database server with 6 processors, each having 10 cores, using AMD processors (core factor = 0.5).
  • Licensing Calculation:
    • Total Cores: 6 processors × 10 cores = 60 cores.
    • Core Factor Adjustment: 60 cores × 0.5 = 30 processor licenses.
  • Licensing Requirement:
    • 30 processor licenses for Oracle Database EE.
    • 30 processor licenses for Oracle Advanced Security.

Common Licensing Pitfalls to Avoid

  1. Mismatched Metrics:
    The licensing metric for Oracle Advanced Security must match that of Oracle Database EE. For example, you cannot license Oracle Database EE on a processor metric and Advanced Security on a NUP metric.
  2. Underestimating User Counts:
    When using the NUP metric, ensure accurate user/device counts to avoid compliance issues. If in doubt, consider the processor-based metric.
  3. Neglecting Support Fees:
    Remember to account for Oracle’s annual support and maintenance fees when budgeting for Advanced Security licenses.
  4. Incomplete Licensing:
    Oracle Advanced Security licenses are invalid without a corresponding Oracle Database EE license.

How to Check if Advanced Security Is Enabled

To check if Advanced Security is enabled in an Oracle database, an Oracle DBA should query the V$OPTION View.

This view contains information about the various database features and options and their status.

By querying this view, the DBA can look specifically for entries related to Oracle Advanced Security features like ‘Oracle Advanced Security,’ ‘Transparent Data Encryption’, or similar terms. The query result will indicate whether these features are enabled or not.

FAQ: Oracle Advanced Security License

What is Oracle Advanced Security?
It is an add-on for Oracle Database Enterprise Edition that provides encryption, data redaction, and secure network features.

Which Oracle Database editions support Advanced Security?
Only Oracle Database Enterprise Edition supports Advanced Security as an add-on.

What licensing metrics are available for Advanced Security?
You can license it based on Named User Plus (NUP) or Processor metrics.

Do Advanced Security licenses need to match Database EE licenses?
The licensing metric and quantity must align with Oracle Database EE licenses.

What features trigger an Advanced Security license?
Using features like Transparent Data Encryption (TDE), Data Redaction, and network encryption requires licensing.

Is Advanced Security included in Oracle Database Standard Edition?
No, it is only available for Oracle Database Enterprise Edition.

How does Named User Plus licensing work for Advanced Security?
Named User Plus licenses cover individual users or devices accessing the database. There must be a minimum of 25 NUP licenses per processor.

How is Processor-based licensing calculated?
Processor licenses are determined by the number of processor cores multiplied by the core factor listed in Oracle’s Core Factor Table.

Does encryption of backups require Advanced Security?
Yes, using TDE to encrypt database backups is a licensed feature under Advanced Security.

What are the key benefits of licensing Advanced Security?
It ensures compliance with regulatory standards, protects sensitive data, and secures data at rest and in transit.

Is network encryption part of Advanced Security?
Both native network encryption and SSL/TLS encryption require Advanced Security licensing.

Can I use Advanced Security without licensing the database?
No, both Oracle Database EE and Advanced Security must be licensed together.

What is the cost difference between Named User Plus and Processor metrics?
NUP is more cost-effective for environments with fewer users, while Processor licensing suits high-concurrency scenarios.

Does Oracle Wallet usage trigger Advanced Security licensing?
Using Oracle Wallet for key management or credential storage requires Advanced Security licensing.

How can I ensure compliance with Oracle Advanced Security licensing?
Match the licensing metric and quantity with your Oracle Database EE and review usage of licensed features regularly.

Do you want to know more about our Oracle License Management Services?

Please enable JavaScript in your browser to complete this form.
Author
  • Fredrik Filipsson brings two decades of Oracle license management experience, including a nine-year tenure at Oracle and 11 years in Oracle license consulting. His expertise extends across leading IT corporations like IBM, enriching his profile with a broad spectrum of software and cloud projects. Filipsson's proficiency encompasses IBM, SAP, Microsoft, and Salesforce platforms, alongside significant involvement in Microsoft Copilot and AI initiatives, improving organizational efficiency.

    View all posts