Is it possible to use existing auditing tools to review my Oracle compliance situation?
We often get this question. Unfortunately, it is not possible to do this. However, there are some tools that may support (part of) the discovery phase. However, making any conclusion based on this information is really dangerous. This is why.For Oracle software – and all other software that does not enforce usage restrictions upon you – it is difficult to keep track of the deployment. Oracle is very aware of this issue: The company is already trying for more than 14 years to create and improve several tools to enable and improve Oracle license compliance measurements. However, one thing Oracle will not do: Draw conclusions based upon the data retreived by their tools. Although you may be tempted to opt for a so-called automated ‘all in a box’ solution: DON’T. A few examples that have passed in the last few weeks:
Tideway Systems: Creates very impressive software to map your data center. In this this article it seems as if Oracle compliance can be scanned out-of-the-box, but this is not the case. In fact, all my counter arguments in the discussion below apply to all the other tools you find. Commencing my forum posts, I was invited for a websession with Tideway Systems: It was confirmed that it is not possible to draw any conclusion based on the information of this tool without professional and contractual interpretations. However, parts of the package can be used to find installations of the Oracle software within your environment. It can be useful for compliance auditors such as License Consulting, as a baseline for further investigations and analysis. A nice phenomenon is that you can remotely query the databases, for example to query them for used Database Options and/or user tables.
Scalable: An amazing package for desktop inventories, and limited server inventories. It keeps track about how applications are used by the human user population, and tell you for example if a Visio Pro user is actually using the Pro functionality or could suffice with a ‘read only’ version….by actually tracking the mouse behaviour. It can really provide you with good data when negotiating some contracts. Aardig voor contractonderhandelingen. Limited functionality for Oracle e-Business Suite, but that seems a bit overdone since Oracle e-Business suite compliance inventories are not difficult in the first place.
Lime Software: Looking at the package it seems the most promising one. However, the truth hurts: Lime consists of a) a few SQL scrips that you can also shoot off manually, and b) a basic TNS listener that looks for active Oracle installations. Basically it’s a pre-historic collection of tools from Oracle that’s been packaged in Java. Two of our clients have tested it with poor results. Using Lime software is actually very dangerous, since you are being told what your compliance status is without any background on how/why this conclusion has been drawn, and without any contractual analysis. Simply put: If you have a generic username (example: ‘SAP’) inside the database, Lime very inappropriately tell you to buy 1 Oracle license, and not licenses for the entire SAP population.
iQuate : I’ve added this one in March 2010. iQuate comes from a different background, namely network detection. They found out – almost by accident – that they can solve many of the Oracle inventory challenges. iQuate scans the network without an agent to discover Oracle installations remotely, and can even find them if you don’t know the TNS listener port. With (automated) remote access, iQuate then further queries the node to find a lot of other data, including questions like: Is Partitioning being installed and actually used? Best of all, they have an export function that allows export the data into the same format that is being used by us (and by Oracle License Management Services, for that matter).
Conclusion: Every tool that can keep track of fysical installations of Oracle software is useful. However, you’ll need specific scripts to query the Oracle software to better understand how the Oracle software was installed and is being used. These scripts are free… just ask your DBA to create the queries you want to have or ask us. Interpretation: That’s the real deal. Understand what your contract says. Understand howyour users behave, and how your applications interact in regard to your contractual rights and limitations. Most companies already have all the knowledge they need to review their compliance status: Except for the unbiased interpretation of facts.