Oracle Java Review!
Forward
From January 2019*, Oracle have stated that Java SE updates will no longer be available to commercial organisations Free of Charge. This document’s purpose is to help the reader assess the impact on their organisation and avert risk.
*Please note that at the time of writing and publishing this article, BCS’s research into this subject hadn’t been able to establish a specific date in January 2019.
Executive Summary
Post 2019, you may need to purchase a subscription licence or Support Agreement or move to an Open Source Java option before updating installations of Java SE.
This change in itself does not present an immediate risk of non-compliance with current licensing agreements i.e. if you are non-compliant now post January 2019 you will still be non-compliant and vice versa.
Therefore, our recommendations for commercial environments is to focus on the operational sustainability of business critical software.
This document provides an overview on how this could be achieved.
Key Challenges
To date, most organisations have enjoyed free ‘public’ updates to Oracle Java SE. From January 2019 this will stop. Java SE updates will only be available to commercial organisations having the appropriate (chargeable) contracts in place.
As a result of Oracle’s announcement, regarding the availability of Java SE public updates, it has also come to light that from a software licence compliance perspective, the reader should be aware that optional commercially licensable Java SE features exist and may have been installed.
Therefore, the perceived view that Oracle Java SE is “completely free” is simply not the case.
There is no getting away from the fact that this announcement poses a potentially major operational and security risk to organisations. If an Organisation uses Java on their end user computing environment (desktops / laptops etc.) or if Java underpins business critical applications, they must assess the impact of loss of updates post January 2019 from both an operational and security perspective.
Will the lack of updates impact operational sustainability? i.e. will your business-critical applications remain operational and functionally capable?
Will the lack of updates create security vulnerabilities? i.e. will your business-critical applications suddenly expose your corporate network to serious security risks?
Important Note for Existing Oracle Customers
Something customers should be asking is “I’m an Oracle Customer, how am I affected??”
Oracle’s feedback is ‘You’re covered for your use of Java SE within an Oracle product having a Java SE dependency.’
Therefore, it stands to reason that Oracle customers should be assessing their existing Oracle agreements and the use of Oracle Java as part of the current Oracle product deployments.
There could potentially be no risk whatsoever associated with the current Java deployments and updates i.e. Java updates may be available via their existing support arrangements at no additional cost.
Understanding the Risks – Recommended Steps
Discovery and Analysis Phase
- Customer identifies what Java SE is installed
- Versions
- Editions
- Features
- Customer Identifies Java dependent applications (both Commercial and Bespoke)
- Customer rates the Java applications business criticality.
Testing Phase
- Customer tests all business-critical Java applications on OpenJDK or alternative Java solutions.
Licensing Phase
- Customer should create an inventory of Java Licences and support agreements
- Customer should establish if Java Applications are licensed / supported via existing Oracle agreements
- Customer should establish if they have third party licence ‘grants’ (most likely bundled with OEM / Bespoke solutions)
- Customer weighs up the costs and feasibility of switching to OpenJDK vs SE subscription costs.
- Customer estimates the cost of subscription options where applicable
Housekeeping Phase
- Customer removes Java Runtime Environment (JRE) where it has been established that there are commercially licensable features installed / enabled and not licensed / required.
- Unless required for business criticality Customer’s should remove Java SE / JRE from standard builds.
If you need assistance on any aspects of Oracle Java SE (from Discovery / Analysis through to Housekeeping as detailed above then please contact us using the form below
References
Oracle Java SE Price list (published August 2018)
http://www.oracle.com/us/corporate/pricing/price-lists/java-se-subscription-pricelist-5028356.pdf
Oracle Java SE Release Cadence
https://blogs.oracle.com/java-platform-group/update-and-faq-on-the-java-se-release-cadence
Oracle Java SE Support Roadmap
https://www.oracle.com/technetwork/java/java-se-support-roadmap.html
FAQ’s published by Oracle https://www.oracle.com/technetwork/java/javaseproducts/overview/javasesubscriptionfaq-4891443.html
Disclaimer Notice
The information contained in this document is for general guidance on the matter of Oracle Java licensing only. Given the changing nature of laws and licensing rules and the fundamental exposure of electronic communications, there may be omissions or inaccuracies in information contained in this document. Accordingly, the information contained in this document is provided with the understanding that the authors are not herein engaged in providing legal advice. As such, it should not be used as a substitute for consultation with professional legal advisors. Before making a decision or taking action, you should consult your professional legal advisors.
While we have made every attempt to ensure that the information contained in this document has been obtained from reliable sources, Business Continuity Services Ltd is not responsible for any errors or omissions, or for the results obtained from the use of this information. All information in this document is provided “at face value”, with no guarantee of completeness, accuracy or future relevance of the results obtained from the use of this information.