We know from many conversations that companies are still struggling with Java licensing. We therefore think it makes sense to write a short article about the mistakes that should be avoided when reviewing Java licensing.
FIRST AVOIDABLE ERROR: “IGNORANCE OF THE LICENCE CONDITIONS”
Many companies have not dealt with the fact that Oracle JDK was released under defined licence terms. The BCL (Oracle Binary Licence Agreement) applies to old or unpatched Java versions under certain conditions of use and the OTN SE (Java Technology Network License Agreement for Oracle Java SE) applies to newer Java versions. When organisations begin to review Java licensing, many make the mistake of first investigating whether security updates/support are required or whether they have used commercial features.
Instead, we recommend starting with a review of the licence terms to understand under what circumstances you are complying with licence terms. This should be done before you review the need for security updates or commercial features.
If, when reviewing the licence terms, you find that you are already not compliant based on the BCL or OTN SE terms, all other activities become largely irrelevant.
SECOND AVOIDABLE MISTAKE: “DO NOT CARRY OUT A COST-BENEFIT ANALYSIS”
In our first Java projects, we realised that it can be very time-consuming, if not impossible, for large companies to find out why Java is installed on servers.
You realise that Oracle JDK (Java) is running on a server
You realise that it is running on a physical server with 4 Intel cores, which requires the purchase of 2 processor licenses in the Java SE subscription ($600 per year). Now you should pause – and think: “How much time should I spend investigating this problem when it has so little value?” Are you going to spend weeks researching this server, or just sign up for a subscription? Below we list the steps that would need to be taken for an evaluation. You, the reader, can estimate how much time you would need for these activities.
Identify which applications are running on the server that is also running Java.
You need to find out which applications are dependent on Java (time consuming as you may need to call the application vendor to get an answer).
Some application vendors are hard to reach and you could spend hours trying to get answers.
Some application providers say you don’t need Java. Then you need to understand if you have made any customisations or integrations yourself that require Java.
Now is the time to talk to the person responsible for the application: Do they need security updates? You could say yes – then you could have saved the time for the above-mentioned activities if you had known that you had to purchase a subscription.
The application owner says they don’t want to take out the subscription and asks to investigate the options for switching to OpenJDK. This requires further investigation.
Is it possible to switch to OpenJDK? How much time and testing is needed to investigate? One company was told by their application provider that they could indeed migrate to OpenJDK. But after they started the migration, their users reported performance issues and they had to cancel the migration. All that testing and migration time was for nothing…
You could potentially spend 100 hours together (your time and the application owner’s time) – the hours add up quickly. Surely you have more meaningful ways to spend your time.
The image below tries to capture this:
THIRD AVOIDABLE MISTAKE: “FORGOT THAT MSI ENTERPRISE INSTALLER TRIGGERS THE LICENCE OBLIGATION”
Almost every organisation we come across uses the Java MSI Enterprise Installer, but many do not realise that this is a “commercial feature” of Java. It allows organisations to mass deploy security patches and upgrades for Java. If you use this tool, you must have a Java SE subscription, no matter what you think about the licence terms or the need for security updates.
FOURTH AVOIDABLE MISTAKE – “LACK OF A LICENSING STRATEGY FOR THE FUTURE”
Don’t build your Java licensing strategy around the BCL agreement. The future lies in Java OTN SE. Weigh the pros and cons of a mixed environment, the compliance risk and the time you have to spend monitoring patches.
The most practical bottom line recommendation:
Review your Java installations (Java licensing position)
Uninstall what you can or make changes to optimise licensing.
For remaining Oracle JDK -> Purchase a subscription
The Author
Kirsten Springer
Managing Director and Licensing expert SAMtoa GmbH