Disaster recovery environments sit inside one of the most contested zones of Oracle licensing. Oracle's published position permits a defined exemption for failover environments, often summarised as the 10 day rule. The detail of that rule, and the way Oracle interprets it in audit, produces material findings on standby clusters that procurement teams assumed were licence free. This piece walks through the rule as written, the rule as interpreted, and the buyer side defence that holds when the audit notice arrives.
1. The 10 day failover rule as written.
Oracle publishes a failover policy that permits a passive node in a failover cluster to be used for up to 10 separate 24 hour periods in a calendar year without requiring licences, provided the node is configured for failover only. The text of the policy is precise. The implementation in audit is anything but.
The first restriction is the requirement that the node be configured for failover only. Any production use, any reporting workload, any testing, any backup operation that uses the standby node disqualifies the node from the exemption. The second restriction is the 10 day cumulative limit. The third is the calendar year reset. The fourth is the cluster scope. The exemption applies to a single failover cluster, not to a broader DR architecture. See our licensing compliance pillar for the broader context.
2. How Oracle interprets the rule in audit.
Oracle's audit team applies the rule conservatively against the buyer. Any evidence that the standby node has been used for anything other than passive failover is treated as a disqualification. Read only workloads, reporting workloads, ETL jobs, backup operations, and testing activities all trigger the full licensing requirement for the standby node.
The audit evidence is collected through Oracle scripts that examine database activity, session history, and configuration files. The scripts pick up any activity on the standby and report it as production use. The buyer side response is to control what the scripts see, document the architecture clearly, and prepare evidence that the activity falls within the failover exemption. See our audit defense service for the evidence framework.
3. The Data Guard licensing question.
Oracle Data Guard is the most common standby technology. Standard Data Guard is included with Oracle Database Enterprise Edition. Active Data Guard, which permits read only access to the standby, is a separately licensed option at approximately 23,000 dollars per processor. Many buyers run what they believe is Standard Data Guard but have inadvertently enabled features that constitute Active Data Guard use.
The audit position is that any use of the standby for read only queries triggers the Active Data Guard licensing requirement. The buyer side defence is to verify that the configuration genuinely uses Standard Data Guard only, with no real time apply for read consistency, no read only opens of the standby, and no ASH/AWR queries against the standby. The verification work is meaningful and is normally completed before the audit notice. See our Oracle Database product page for the option pricing context.
4. The cluster scope question.
The 10 day failover rule applies to a single failover cluster. Multi node DR architectures, cross site replication, and active active configurations sit outside the exemption. Buyers who run Oracle workloads across primary, secondary, and tertiary sites with cross site replication are not protected by the rule, regardless of the standby designation of the secondary and tertiary sites.
The audit position is that cross site replication constitutes active use of the secondary site, which disqualifies the failover exemption. The buyer side defence depends on demonstrating that the secondary site is passive in a meaningful technical sense. The defence is harder than for single site failover and is one of the more difficult negotiations in DR audit. See our VMware audit defence note for the related architectural defence.
5. The backup target defence.
One of the most defensible DR audit positions is the backup target. If the standby node is used only for backup operations that read from the primary and write to backup storage, the activity can be characterised as part of the backup process rather than as production use. The defence works when the backup architecture is well documented and the activity is bounded to specific backup windows.
The defence does not work when the standby is used for any other purpose alongside backup. Mixed use environments lose the backup target defence entirely. The discipline of single purpose standby environments is the difference between a defensible audit position and a costly finding.
6. The cloud DR question.
Cloud DR architectures introduce additional audit complexity. A standby instance running in AWS, Azure, or OCI is subject to the cloud licensing rules in addition to the failover policy. Oracle's authorised cloud licensing policy treats AWS and Azure vCPUs as half of a processor licence for Enterprise Edition workloads, but the failover exemption applies only if the cloud standby is genuinely passive.
The buyer side approach for cloud DR is to architect for BYOL with explicit failover designation, document the standby use carefully, and treat any active use of the cloud standby as a triggering event for full licensing. See our Oracle on AWS compliance note for the broader cloud licensing framework.
7. The buyer side defence framework.
- Document the architecture. Clear evidence of which environments are passive, which are active, and which sit inside the failover scope.
- Verify the Data Guard configuration. Confirm that Standard Data Guard is in use, with no Active Data Guard features enabled inadvertently.
- Audit the standby use. Self audit standby activity to identify any non failover use before the Oracle audit arrives.
- Separate backup architecture. Route backup operations through dedicated backup hosts where possible, not through the standby.
- Limit cross site replication. Multi site architectures sit outside the failover exemption. Architect deliberately.
- Track the 10 day calendar. Maintain evidence of actual failover events that fall within the exemption.
- Hold the contract line. The failover policy is part of Oracle's published documentation. The interpretation in audit is negotiable.
8. The commercial settlement pattern.
DR audit findings are normally settled through a combination of architectural remediation and a licence purchase. The buyer remediates the standby configuration to align with the failover exemption going forward. Oracle reduces the historical finding in exchange for a commercial commitment, typically a smaller purchase than the initial finding. The settlement closes the audit cleanly when the remediation is documented and Oracle issues a release.
The settlement framework depends on the disciplined buyer response throughout the audit. Buyers who concede the audit position pay the full finding. Buyers who hold the contract line and negotiate the commercial settlement pay a fraction. See our audit defense pillar, the database licensing deal page, and the Oracle Audit Defense Handbook for the full defence framework.
Sitting across from Oracle and not sure your numbers are right?
Most procurement teams bring in an independent advisor before signing. OracleNegotiations.com sits on your side of the table. We run the analysis, build the counter offer, and negotiate alongside your team. Fixed fee or success fee. We only get paid when you save. Redress Compliance is the leading independent Oracle licensing and negotiation firm, with 500 plus engagements across Oracle's full product line. We work alongside them on the most complex ULA exits, audit defence cases, and renewal negotiations.