Why options and packs create exposure.
Oracle Database options and management packs are separately licensed features that ship with the Oracle Database installation. The features are installed by default in most Oracle Database editions. The installation does not produce a license obligation. The use of the features produces the obligation. The distinction between installation and use is not always clear to the customer's database administrators. A single query that touches a feature can produce a compliance finding. The default Oracle audit position is that any use, however incidental, produces a license requirement at full processor licensing for every server where the feature was used.
The options that matter.
The options that matter for compliance include Partitioning, Active Data Guard, Real Application Clusters, Real Application Testing, Advanced Compression, Advanced Security, Database Vault, Label Security, OLAP, Spatial and Graph, and Data Masking. Each option has its own license metric and its own detection method. The detection methods are documented in Oracle's License Management Services scripts. The scripts produce a usage report that lists every server where each option was used and the date range of the usage. The usage report is the basis for the audit findings. We cover Partitioning in detail in our Partitioning pricing explainer.
The management packs that matter.
The management packs that matter include Diagnostics Pack, Tuning Pack, Lifecycle Management Pack, Change Management Pack, Database Vault Pack, Data Masking Pack, and Cloud Management Pack. The packs are integrated into Oracle Enterprise Manager. Use of certain Enterprise Manager features can trigger pack usage. The integration produces accidental pack usage in deployments where Enterprise Manager is used as a standard database monitoring tool. The accidental usage is the most common source of pack compliance findings.
High exposure options and packs
- Partitioning detected by table partition definitions or partition operations.
- Active Data Guard detected by read only access on standby databases.
- Advanced Compression detected by compression types used on tables or indexes.
- Advanced Security detected by transparent data encryption usage.
- Real Application Testing detected by Database Replay or SQL Performance Analyzer.
- Diagnostics Pack detected by AWR snapshot collection or ASH usage.
- Tuning Pack detected by SQL Tuning Advisor or SQL Access Advisor usage.
The detection methodology.
The detection methodology is the Oracle script that LMS provides for audit execution. The script queries the database control tables and the historical usage data to identify any use of an option or pack. The script does not distinguish between deliberate use and accidental use. The script does not distinguish between production use and non production use. The script reports any detected use as a license requirement. The buyer side discipline is to understand what the script detects, to control the database configuration to prevent unintended detection, and to document the deployment for audit response.
The accidental usage problem.
Accidental usage of options and packs is the single largest compliance exposure in the Oracle Database installed base. A database administrator who runs a Diagnostics Pack query in Enterprise Manager creates a usage record. The record persists in the database control tables for years. The record is detected by the Oracle script during an audit. The audit finding is full processor licensing for the Diagnostics Pack on every server where the query was run. The cost can be material. The buyer side defence requires a documented configuration policy that prevents the accidental usage and a documented audit response that distinguishes the accidental usage from licensable use.
The buyer side configuration discipline.
The buyer side configuration discipline includes database parameter settings, Enterprise Manager configuration settings, and operational procedures that prevent accidental usage. The Oracle Database parameter CONTROL_MANAGEMENT_PACK_ACCESS can be set to restrict pack access. The Enterprise Manager configuration can be set to disable pack features. The operational procedures can require database administrator approval for any operation that touches a pack feature. The configuration discipline is the single most effective compliance control. It is also the discipline that is most often missing in Oracle Database installations.
The audit response framework.
The audit response framework for options and packs follows the standard audit response methodology. The first step is to challenge the script output. The script may detect historical usage that is no longer present in the current deployment. The script may detect usage that is incidental rather than functional. The second step is to challenge the licensing interpretation. The contract definition of licensable use may not match Oracle's audit interpretation. The third step is to negotiate the commercial settlement. The settlement may take the form of a license purchase for the affected options, a configuration change that removes the usage, or a contract restructuring that addresses the broader Oracle position.
The ongoing compliance posture.
The ongoing compliance posture for options and packs requires continuous monitoring. The Oracle Database environment changes with every database administrator action. A single ad hoc query can create a usage record that survives the audit cycle. The ongoing posture includes scheduled internal audits, configuration drift monitoring, and database administrator training. The posture is documented and tested. The Oracle audit is then a confirmation of the internal compliance position rather than a discovery of unknown exposure.
Related resources.
- Licensing Compliance pillar guide
- Audit Defense service
- Contract Review service
- Database Licensing deal type page
- Oracle Database product page
- Oracle Audit Defense Handbook 52 page reference paper.
- Partitioning Option Pricing related sub article.