[anonoholic]

> RedHat has joined them in turning license audits into a profit center.

If a company is using licenses it hasn't paid for, and so isn't entitled to, why is the vendor the bad guy for catching them out?

Maybe I'm the odd one out here as an individual in paying for the movies I watch, and the music I listen to; but I would expect a business to pay for the software it's using, irrespective of your stance on "big media".

[SteveNuts]

Oracle makes their licensing model intentionally impossible to be compliant. It's not just "you run x number of instances you owe us y dollars".

It's "you enabled x feature on your database times y users oh and use this handy CPU core count chart to calculate how many cores you're using. Oh and you're running your database in a virtual machine with a clustered hypervisor so you owe us for every cpu core in your cluster".

Then they tell you how much they owe you but "it will all go away if you migrate some of your stuff over to our 'cloud'" and the process starts all over again in 2 years, or less.

Fuck Oracle.

[heyyyouu]

Oracle does some evil shit. Their sales tactics can be outrageous. It really doesn't seem like they give a crap about their clients/servicing them.

[nobleach]

The biggest tactic I've seen is their inability to be consistent. In 2 years, I spoke to 3 Oracle reps and received vastly different quotes for the same hardware, features, processors/cores, etc.

[mathattack]

Oracle’s pricing is “whatever we can get from the customer.”

Their salespeople are so hyper-agressive that I can tell which vendors have ex-Oracle reps.

[heyyyouu]

Definitely! We actually dropped one vendor because it was all ex-Oracle salespeople, and their negotiation tactics were outrageous. They tried to hold us over a barrel and instead we made a major platform change in six weeks just so we could tell them to f-off.

[justinclift]

> ... one vendor because it was all ex-Oracle salespeople

Mellanox?

[curt15]

Any other companies set their licensing structure like they are laying landmines?

[SteveNuts]

Microsoft, with SQL server. But when you deal with their auditors you just settle your bill and you're done. They don't turn it into an extortionate sales pitch.

[dx87]

I've heard Microsoft's is pretty complicated, they even have a certification exam to prove you understand their licensing.

https://www.microsoft.com/en-us/learning/exam-70-705.aspx

[jm4]

It hasn’t been that bad for me. I give them an updated user count and tell them what else I’m using once per year and they give me a bill. They’ve never pushed back on anything. We start with a conference call, I send over a spreadsheet and that’s it. They have software I can run on my network, but they have always let me give them the numbers from my asset tracking system. Frankly, they’re one of the easiest software vendors I deal with.

[fragmede]

"User count" sounds so simple when you put it that way. That spreadsheet isn't trivial to build, and the situation on what's in it may be foreign to some readers here (it was to me).

A Microsoft shop needs licenses for each laptop/desktop running windows, but in an office using Microsoft Server to operate its LAN and the requisite services - DNS, DHCP, SMB file sharing, VPN, email, etc - basically any device that touches the Windows Server machine needs a Client Access Licences (CAL), which is available in user-based and device-based flavors.

Let's say the company operates a website and has developers. The development/QA environment requires an (expensive) MSDN account (or whatever it's called now) per-developer. In production, unlimited anonymous/unauthenticated users are allowed to hit IIS (web server). Authenticated access by employees to IIS needs a user CAL, authenticated customer access requires an External Connector (EC) license. But don't worry, the backing MS SQL Server database for the website also needs to be licensed, with per-cpu-core-per-machine licensing available. Except everything's a VM theses day, so the servers sit on top of a VM host (Microsoft Hyper-V), so there's some additional licensing intricacy there to deal with.

On top of that, there's the Services Provider License Agreement (SPLA) licensing model available for ISVs, but OEM licenses cannot coexist wth SPLA licensing on the same system (VMs + host).

Just to make it more fun, different Microsoft reps will have different answers on how some of the more subtle intricacies even apply!

https://www.microsoft.com/en-us/licensing/product-licensing/...

https://www.microsoft.com/en-us/licensing/licensing-programs...

[jm4]

I don’t know. I don’t think it’s that bad. I don’t put together the spreadsheet from scratch. Been doing it a long time though. We start with what I had last year. I just have to fill in my numbers for each license. Then they come along and tell me I need an external connector because I’m doing this or that. I groan a little bit and pay.

They’re pretty easy because you only have to do it once a year. It drives me nuts when a vendor wants me to manage individual licenses as people are coming on board. I end up having to keep extras on hand. At least let me reconcile quarterly or something. It’s even worse when each seat has its own key.

Microsoft makes the license management and reconciliation so easy. The only negative about their licensing is they double dip with the desktop OS and CAL stuff.

[lunchables]

I see you have never been through a SAM audit.

We've been on EA for years and the amount of complexity and shifting rules year by year is absurd. It is nearly impossible to stay in compliance. Even the companies who have "owned" our EA (partner responsible for managing it) are wrong frequently about licensing rules, later contradicted by Microsoft.

If you have a handful of licenses on a Select agreement, or O365 (I don't know, we dont use it) maybe it is simple. But a large enterprise customer? It's a fucking nightmare.

[jm4]

We are on an EA. Annual spend is in the 200-250 range. We have pretty tight asset management so it’s not difficult to get precise numbers. We have grown substantially over the past 7 or 8 years and our license count has gone up accordingly so I’m sure that helps too. Maybe we ran their software once or twice to confirm counts. It’s kind of a non-event. I’ve never experienced any kind of full blown audit where they challenge our numbers and go looking for hidden software. We keep track of what we use, pay for it during true up and renewal, and that’s about it.

[mathattack]

IBM is very guilty. Then they hire Deloitte to chase their customers for breech.

[hackeraccount]

That. Oracle lost my companies business because of chickenshit like the parent post.

[xeeeeeeeeeeenu]

Oracle products are outrageously expensive, but I wouldn't call their licensing complicated. Microsoft's model (with CALs) is much more opaque and they refuse to clarify it. I can't comment on IBM licensing though, unfortunately I know nothing about it.

[SteveNuts]

Oracle has the exact same thing, they just call it "Named users" or "NUP's" rather than "CAL".

https://www.peakindicators.com/blog/oracle-licensing-nups-pe...

[hermitdev]

I don't know about current IBM licensing, but for DB2 UDB server on Windows circa 2001, it was was something like $150k per CPU per year (pre multicore, only SMP at the time).

[PhilWright]

Being caught out using software you did not correctly license is not the problem. That would be fair enough. It is the burden of proof and the time it consumes when you have done nothing wrong.

It would be like the police turning up to your house and demanding you have a receipt for every item in your house. Any item you do not have a receipt for is assumed to be stolen and you have to pay for it. The burden of proof is placed on you to prove you did not steal it. Normally the burden of proof is on the police to prove you have stolen, suddenly it has been turned upside down.

Can you prove you have purchased every copy of every software instance on every computer in your organization? Maybe you can because you have excellent record keeping but most are not so efficient. Maybe the invoice cannot be found because it was not forwarded to the right person. Or a paper invoice has been filed incorrectly and nobody can find it. You KNOW you paid for it but cannot prove it. Sorry, but you are guilty and have to pay $10,000 for that server license again. Try explaining that to your boss.

[qes]

> It would be like the police turning up to your house and demanding you have a receipt for every item in your house. Any item you do not have a receipt for is assumed to be stolen and you have to pay for it. The burden of proof is placed on you to prove you did not steal it. Normally the burden of proof is on the police to prove you have stolen, suddenly it has been turned upside down.

So, under what legal authority can Oracle or Microsoft or Red Hat or IBM _force_ you to submit to an audit?

[lmm]

It's in the contract you sign with them to get their software in the first place.

(Of course, if you're smart you don't. I worked for a place that had a sales pitch from Oracle, wanted to use their product, but cut off all contact once our lawyers got a look at the contract they were proposing)

[op00to]

Your police analogy only makes sense if you shop at a warehouse club. You sign a contract (subscription) that agrees to let you take whatever you want (content) from the warehouse store (vendor), but at the end of the year (subscription term), you agree to let the warehouse club work out what you took (true-up) from the store by looking in your garbage (logs, DB, whatever you use to track usage).

If you then are so disorganized at your job that you empty the trash, throw out the receipts, then sit dumbfounded as your contractual obligations come to roost, maybe that conversation with your boss should probably be uncomfortable.

[__jal]

There is a huge gulf between wanting your customers to pay what they owe you and this sort of "audit".

I make a serious point of doing what I can to steer my employers away from any outfit that believes adversarial relations with their own customers are ideal.

Screw that; I want to compete with my real competitors, not waste money on lawyers fighting my own supply chain.

So yeah, I want to see if they go full-Larry Ellison here, but I likely longer recommend anything Redhat and will look at moving away from the things we do use.

Sad, really.

[hermitdev]

I turned down a job offer with such an adversarial company this year, only interviewed so my recruiter would keep sending interviews.

I knew the company by reputation: that they had a habbit of suing customers for patent violations. The commute would have been easier. Bit longer (train) than the job I took (driving 15 miles opposite traffic).

The job I took pays $20k less a year, but is worth it when factoring in less unpaid overtime, shorter commute amd reduced stress. My wife wanted me to take the higher paying job, but after explaining that, per hour, I'd be making less and only home for 1 waking hour during the week, she agreed. Also have better health insurance at the lower paying job.

[mathattack]

It’s not about counting licenses. It’s the hassles of responding to proving you’re not in breech or complex contracts signed over decades when the vendors change product names, definitions and terms every few years.

It’s gotten so complicated that these vendors hire specialized firms to go after their customers, who then have to buy software to prove they’re not stealing.

This activity fills IBM’s coffers while distracting their customers.

[privateSFacct]

Oracle made a business of squeezing lots of unreasonable corners here, so folks have soured a bit on what would be an otherwise reasonable process. Best would be some kind of random third party CPA firm or something do a balanced audit against standards without the screw you upsell to avoid total destruction on the license fee side.

[pmart123]

Well, I believe some of the licensing was combative to many realities of best 21st century business practices. SAP had several lawsuits against some of its biggest clients, and as a result, changed its pricing methodology. In that particular case, I believe SAP was trying to count every automated process or algorithm that needed access to the data for reporting and analytics as a user versus now where there’s a cost to create a new entry in an ERP system, but zero added cost to read records. Some of the hatred that has developed around licensing seems to be that the vendor is working directly against the interests of its customers.