What does an Oracle audit look like? This one certainly wasn't pretty

Oracle is at least as well-known for its aggressive licensing tactics as for its namesake database technology, and a recent dispute makes it clear that that reputation isn't entirely unfounded.

In September 2014 Oracle launched what it calls a "license review" of customer Mars Inc., the confectionery company. That's a common enough occurrence, but this one turned particularly ugly. After providing a whopping 233,089 pages of documentation at its own expense in its efforts over several months to satisfy Oracle's demands, it said, Mars finally filed a lawsuit last fall in a San Francisco Superior Court petitioning the court to order Oracle to scale back its audit efforts.

Mars dropped the case in December, likely signifying that it was settled out of court.

Oracle did not respond to a request for comment. Mars declined to comment.

However it ended for the parties in question, one particularly notable result is that a trove of documents are now in the public domain that wouldn't have been there otherwise, shedding considerable new light on Oracle's licensing strategies.

"Oracle demanded information to which it is not contractually entitled regarding servers that do not run Oracle software and Mars personnel who do not use Oracle software," Mars' complaint read. "Oracle made these demands under false pretenses under false premises that non-use of software nonetheless somehow constitutes licensable use of software for which Mars owes Oracle."

In particular, Oracle asserted that because Mars was using VMware version 5.1 or higher, even servers and clusters not running Oracle must be licensed as well, Mars manager Eloise Backer explained in a declaration.

Oracle also threatened to terminate its agreement with Mars in October if its demands weren't satisfied.

The case may be the first to focus specifically on Oracle licensing on VMware, noted Dave Welch, CTO and chief evangelist with IT consultancy House of Brick Technologies, in a Sunday blog post that links to many of the court documents. 

"I’m sorry that it appears Oracle opted not to appear in court," Welch wrote. "I’m also not the least bit surprised. In my opinion, Oracle appears interested in trying to see if it can get any more money out of any of its Oracle on VMware customers. It also appears to want to do that without a court’s evaluation."

If Oracle had any contractual merit behind its VMware licensing assertions, it would have used a court case years ago to "send a clear message to the world that it would protect its intellectual property rights" rather than quietly "arguing the point one customer at a time," he added.

Mars' audit experience was not uncommon, said Robert Scott, managing partner with Scott & Scott LLP.

"Those are the standard letters that any customer being audited by Oracle would see," Scott explained.

What's less common is Mars' decision to fight back, and "frankly, more of Oracle's customers should assert these rights," Scott said.

There's nothing in the Oracle license agreement that requires a customer to spend the time and effort Mars did in its attempts to satisfy Oracle, he added. In fact, audits are supposed to be conducted at Oracle's expense.

Scott had plenty of advice for all the other Oracle customers out there.

"The biggest thing you can do is be very careful about the agreements you get into," he said. "Sometimes with Oracle it's very difficult to get a full appreciation given all the complexities and ambiguity, but that's an important place to start."

Particularly important -- and highly relevant to the Mars case -- is avoiding arrangements that require you to count processors or cores, for example, when the basis for such counts isn't completely clear, Scott said.

"Virtualization is one of the biggest areas of risk," he said. "I've helped clients avoid that issue by negotiating unlimited agreements with Oracle."

Oracle has also reportedly been offering what's known as a Perpetual User License Agreement (PULA) with flat-rate pricing for unlimited use of its database in perpetuity.

For agreements that are already established, "get your arms around them" and try to negotiate any parts you don't like. In fact, "with each order you make, you should be demanding additional concessions from Oracle," Scott said.

Finally, fighting back is an option Scott wishes more companies would use.

"If they're coming at you in a way that seems unreasonably heavy-handed, there is a mechanism, but it's underutilized because people are afraid of Oracle," he said. "I commend Mars for stepping up and doing the right thing."