ITAM | SAM | SaaS | Cloud - November Insider by Certero
Microsoft Licensing Terms Update
Microsoft has introduced several important updates to its product terms and privacy policies as of October 1, 2024:
Key changes in privacy & security terms
Microsoft Purview: As part of the reorganization of privacy and security terms, Microsoft has updated Microsoft Purview in the Core Online Services table. Microsoft Purview is a set of solutions that help businesses govern, protect, and manage their data across various environments. By bringing these terms under one section on the Product Terms site, Microsoft aims to improve accessibility for customers who manage compliance and data protection through Purview.
SQL Server & Windows Server updates
Self-Hosting and Disaster Recovery Clauses: Microsoft has introduced significant updates to the licensing terms for customers with subscription licenses for Windows Server. These changes include a new Self-Hosting and Disaster Recovery clause, which allows organizations to use their subscription licenses to set up disaster recovery environments. This update benefits customers by providing more flexibility in deploying SQL Server and Windows Server solutions across different hosting environments, including customer-owned infrastructure or third-party hosting providers.
Self-Hosting: This clause enables customers to deploy Windows Server on their own hardware or through an authorized hosting provider under their existing subscription license.
Disaster Recovery: The disaster recovery addition allows for the creation of passive disaster recovery instances, improving readiness for business continuity without requiring additional licensing for such instances. This is particularly valuable for organizations seeking robust backup and recovery solutions in their infrastructure.
Microsoft 365 & GitHub enhancements
Microsoft 365: Microsoft has expanded its offerings for educational institutions by adding Microsoft 365 A5 Security for students. This update improves security tools and monitoring capabilities for educational users, offering enhanced protection features.
GitHub Copilot Enterprise: In the GitHub Offerings, GitHub Copilot Enterprise has been added to the Availability Tables. GitHub also added clauses covering Core Online Services and outlined its Security Practices and Policies for these services, ensuring better alignment with enterprise security expectations.
Project renaming
Project Plan Updates: Microsoft has renamed Planner and Project Plan 3/5, which is now reflected in the updated Availability Tables. This renaming aligns the offerings more clearly with their intended use and licensing.
Anaconda Python no longer free?
Over recent months it’s come to light that more and more companies are being contacted by Anaconda and being asked to procure paid for Business or Enterprise licenses. Anaconda is a widely used Python distribution that includes libraries, data science packages and tools used for data science.? The software is available to download without an initial payment and the freemium business model is forefront when it comes to the download process, what companies are falling foul of is this term:?
2.1 Organizational Use.??Your registration, download, use, installation, access, or enjoyment of all Anaconda Offerings on behalf of an organization that has two hundred (200) or more employees or contractors (“Organizational Use”) requires a paid license of Anaconda Business or Anaconda Enterprise. For sake of clarity, use by government entities and nonprofit entities with over 200 employees or contractors is considered Organizational Use.? Purchasing Starter tier license(s) does not satisfy the Organizational Use paid license requirement set forth in this Section 2.1. Educational Entities will be exempt from the paid license requirement, provided that the use of the Anaconda Offering(s) is solely limited to being used for a curriculum-based course. Anaconda reserves the right to monitor the registration, download, use, installation, access, or enjoyment of the Anaconda Offerings to ensure it is part of a curriculum.
The 200-user limit has for the past few years been a component of the terms, what’s relatively new is the last sentence, which in effect means Anaconda are now paying attention to who is downloading their IP and what organization they are a part of.? This has likely taken the form of a list of email domain suffixes gathered when users enter their email to download the software.? These suffixes are then cross referenced to companies that have more than 200 employees and a hitlist of organizations to be contacted is collated.? Depending on how much Anaconda is being used the initial fees we have seen range in the hundreds of thousands of dollars (always of unbudgeted spend).?
This highlights the issue of Shadow IT, that is unsanctioned software used within an organization without explicit approval, knowledge, or support from the IT department.? Fortunately, tools such as Certero for SaaS Discovery can help identify these risks to allow customers to take proactive steps to mitigate unexpected spend.
Microsoft October Patch Tuesday fixes 118 flaws, including 5 ‘Zero-Days’ vulnerabilities
Microsoft’s October 2024 Patch Tuesday addressed 118 security vulnerabilities, including five actively exploited zero-day flaws. These critical vulnerabilities affect various Microsoft products, such as Windows, Microsoft Office, and Exchange Server, and include three high-risk remote code execution (RCE) flaws, which could allow attackers to gain unauthorized access. One of the most severe, CVE-2024-43468, targets Microsoft Configuration Manager and can be exploited through unauthenticated network attacks. Other significant issues include a vulnerability in Visual Studio Code that could allow attacks on unpatched systems and an RCE in the cURL command-line tool impacting users of open-source components.?
Microsoft urged users and organizations to implement patches quickly due to the immediate risks, particularly for systems relying on Hyper-V and Microsoft Management Console, which are affected by privilege escalation vulnerabilities. Proactively managing these updates is essential to prevent unauthorized system access and maintain security integrity across devices and applications.?
IBM announce Windows Server 2012 no longer eligible for sub-capacity measurement in ILMT
Windows Server 2012 is no longer eligible for IBMs' sub-capacity licensing, which impacts organizations that rely on IBM’s License Metric Tool (ILMT) to track and limit their licensing costs in virtualized environments. IBM’s sub-capacity licensing allows clients to license software based only on virtualized processors used rather than the full physical host capacity, helping to save costs when using virtual machines. However, servers running Windows Server 2012 now need to be licensed at full capacity, significantly increasing potential licensing costs for those still using this operating system version in virtualized infrastructures.?
IBM customers are urged to regularly review IBM’s schedule of sub capacity eligible technologies:?
Nevada court says Oracle are entitled to $58.5m in legal fees in Rimini copyright case?
Oracle Corporation is entitled to more than $58.5 million in attorneys' fees and costs from rival Rimini Street (RMNI.O), in their long-running copyright dispute over Rimini's alleged theft of Oracle software, a Nevada federal court decided in September 2024.?
A US District Judge found that the award was justified, with Oracle's success in the litigation and Rimini's repeated infringement and misconduct.?
This is another chapter in the long running court cases between the two companies but has shown that Oracle will take legal action where 3rd parties have illegally downloaded and misused its software and support materials for their clients. The effect of this case makes customers think more carefully when considering the use of 3rd party providers, as it could cause license compliance risks.?
Thoma Bravo (who owns Flexera & Snow software) acquires USU?
Thoma Bravo, a leading software investment firm, announced on 1st October 2024 the acquisition of a majority stake in USU Product Business (“USU Product”). USU Product will continue to operate under the leadership of its existing management team. Benjamin Strehl, currently Co-CEO of USU Software AG, will become CEO of USU Product and Bernhard Oberschmidt will join the board of directors.?
USU Product provides customers around the world with IT management solutions that enable mastery of disparate IT landscapes and workflows. The company has served as a strategic partner to clients by enabling them to lower cost, increase productivity, and manage growing technological complexity. Thoma Bravo’s extensive network and industry experience will support USU in the development of its product portfolio and the expansion of its geographical footprint, with the goal of making the USU Product a leading pan-European provider of IT management solutions.??
Customers however, may feel differently as traditionally, Independent Software Vendors (ISV) being snapped up by investors increases the monopoly effect that results in reduced competition, higher prices, decreased quality and innovation.?
Like Certero, both companies are also Oracle Third Party Tool Vendors (3PTV) covering Oracle Database, Fusion Middleware & Java. The planned acquisition reduces the amount of choice available to customers when considering Oracle Audit Defence solutions.?
Oracle Database Cloud Services are now available on AWS
As of August 2024, Oracle Database Cloud services were only available on Microsoft Azure and Google Cloud. But now, AWS customers can access Oracle's cloud database services with licensing included, marking a significant moment for both Oracle and AWS.?
For years, Oracle and AWS have publicly fought each other out, but they’ve finally made peace with a strategic partnership. What does this mean? Customers can now purchase Oracle Database services using their existing AWS commitments.??
They can leverage Oracle’s license benefits, such as Bring Your Own License (BYOL), and discount programs like Oracle Support Rewards (OSR).?
Here’s what the new partnership brings to the table:?
Oracle takes legal action against customers for unlicensed Java
Certero is seeing more & more clients facing legal action from Oracle for potentially using unlicensed Java software. Oracle's litigation team are increasingly contacting organizations about the Java versions they have been downloading and / or the running of Java software without properly licensing themselves, prior to using the licensed software. Oracle are pushing for resolution through retroactive licensing payments / future Multiyear (up to 10 years) agreements which lock customers into paying Oracle irrespective of their usage. Certero for Oracle Java is an Oracle 3rd verified party tool vendor (3PTV) which can proactively assist customers in understanding what Java they have installed on each host, so they can reduce their compliance risks alongside using the data in Audit defence scenarios.?
If Oracle have contacted you (probably by email), then please do not ignore it as Oracle have you in their sights. Get in touch so, we can help you defend your position and avoid any unnecessary costs and disruption.?
VMware now considering late fees for subscription?
VMware customers have been experiencing a licensing nightmare since Broadcom acquired the software company nearly a year ago.??
As well as massive price increases, some customers are being hit with a late fee of around 20%, according to information we have. Customers have been caught off guard because these are net new subscriptions. The exact late fee charged by VMware depends on factors like their specific deal with Broadcom and which products they use.?
It's unclear when these late fees were introduced. We are hearing that it's impacting some customers transitioning to a subscription when they miss their perpetual license renewals and even customers who still have existing support and subscriptions (SnS) that haven't expired, but they haven't yet signed up for new subscriptions.?
Organisations should proactively manage their VMware licensing and maintenance renewals to ensure that they are not paying penalties because a perpetual licenses and associated maintenance has lapsed, prior to purchasing replacement subscription licenses.?