Got Oracle? Got VMware? Going Cloud? You Could Be Stung For Huge Licensing Fees

Story Source and Credit: Gavin Clarke, The Register
First Published: 24th February 2016

Oracle has been telling a number of organisations running its database software that they are breaking the company’s licensing rules – and therefore owe it millions of dollars in unpaid licence fees.

The issue hit the headlines in January after US confectionery giant Mars took Oracle to court in the US over claims Mars had broken the rules. Mars had been audited by Oracle and developed a response plan with compliance specialist Palisade Compliance. The case settled before going to trial.

Dave Welch, chief technology officer and chief evangelist of House of Brick Technologies assessing the case, estimated a $100m spend by Mars on Oracle over a three year period – covering license, software update and support.

Mars was fighting a claim by Oracle that could, conservatively speaking, have doubled that – according to Welch.

But that’s nothing. The Register understands Oracle has gone to customers with claims five times that figure. One contact at a major channel reseller partner told The Reg he is encountering more and more customers running VMs being charged by Oracle for their entire estate.

“Life is very interesting for lots of customers,” our source said.

Not all Oracle database users are at risk; it’s those running Oracle’s premier database in conjunction with VMware’s virtualization software. Given VMware is the largest virtualization spinner and Oracle is the single largest relational database provider, however, the space for conflict in this Venn-style overlap is massive.

The reason Oracle is targeting the VMware base is Oracle does not accept VMware’s world view on licensing, and therefore its definition, of hardware partitioning. An Oracle partitioning document, here, shows Oracle only accepts Solaris Containers, IBM’s LPAR and Fujitsu’s PAR. VMware is not on the list of hard partitioning partners.

Since VMware’s release of vSphere 5.1 in August 2012, Oracle has insisted that you cannot simply license its database to a given number of virtual machines. Rather, you must license your entire server estate, on the basis that you have the potential to run Oracle on all those servers and cores, should you wish.

That could mean servers in the same room or servers in data centres on opposite sides of the world.

The problem is that most VMware users are simply unaware of Oracle’s rules, or are buying into VMware’s definition – and world view – of what’s possible and what’s allowed.

Full Story Here…..

EnterpriseDB’s Tom Kincaid – why did SalesForce.com hire PostgreSQL expert?

Story Source and Credit: Dan Kusnetzky for Virtually Speaking
Originally Published: 28 May 2013

EnterpriseDB’s Tom Kincaid discusses why Salesforce.com hired Tom Lane, well-known contributor in the PostgreSQL community. It could mean many things. What’s clear is that Salesforce.com is embracing the open source database for a very large, enterprise-class workload.

Tom Kincaid, EnterpriseDB’s Vice President, Products and Engineering, and I enjoyed a 30 minute conversation about Salesforce.com’s recent moves to embrace the PostgreSQL open source database. We discussed what the move towards PostgreSQL could mean.

The discussion started with the fact that Salesforce.com has hired a top PostgreSQL community contributor, Tom Lane, and the fact that late last year, Salesforce.com posted a job ad for 40-50 PostgreSQL experts to help build out what was described as “core systems.” Kincaid pointed out that EnterpriseDB employs about a half-dozen key contributors to PostgreSQL.

Here are a few thoughts from the discussion:

  • Salesforce.com, although a major use of Oracle’s database and development software, wants to have a viable alternative. Companies that have a viable alternative can often negotiate better pricing and business terms than those who don’t. Bob Young, former CEO of Red Hat, called this the “Red Hat Discount”.
  • Salesforce, for strategic reasons, wants a second source for important technology. Being reliant on a single source can cause problems. If one source offers better technology at a specific point in time, Salesforce.com’s development efforts can take advantage of that technology.
  • Salesforce.com wants to contribute to the PostgreSQL community and also to help guide the direction of the open source project.

It was a very interesting discussion. I hope I have the opportunity to speak with the good Mr. Kincaid in the future.

Source

AWS Vulnerabilities and the Attackers Perspective

Story Source and Credit: Kyle James, Rhino Security Labs, February 16, 2016

AWS Shortcomings And Security Vulnerabilities

Amazon Web Services (AWS) provides an easy-to-manage cloud platform to store your digital assets, host servers and more. Its simple client interface in tandem with extensive documentation makes it a popular choice amongst developers to host their applications. Amazon also has many settings for security controls including firewalls to block incoming and outgoing traffic and different identity and access management (IAM) accounts with varying levels of privileges. However, misconfigurations in your web application can allow an attacker to pivot into your cloud and exfiltrate both company and consumer data.

Application Permissions – Traditional Vs AWS Options

In the past, developers used hard-coded passwords to access different services, such as MySQL or FTP, to retrieve client data. Amazon realized this poor security practice and implemented what is called the Amazon Metadata Service. Instead, when your application wants to access assets, it can query the metadata service to get a set of temporary access credentials. The temporary credentials can then be used to access your S3 assets and other services. Another purpose of this metadata service is to store the user data supplied when launching your instance, in-turn configuring your application as it launches.

As a developer, you stop reading here – an easily scalable infrastructure with streamlined builds, all of which executing from the command line? Done. If you’re a security researcher, you continue to read the addendum: “Although you can only access instance metadata and user data from within the instance itself, the data is not protected by cryptographic methods.”

AWS “Metadata Service” Attack Surface

From the attacker’s perspective, this metadata service is one of the juiciest services on AWS to access. The implications of being able to access it from the application could yield total control if the application is running under the root IAM account, but at the very least give you a set of valid AWS credentials to interface with the API.

Full Story Here

EnterpriseDB Webinar: Non-Relational Postgres for Creative Developers with Bruce Momjian

Date: Thursday, June 9th, 2016
Time: 8:00am – 9:00am Eastern Time (US), 1:00pm – 2:00pm Eastern Time (US)
Presenters: Bruce Momjian, Co-founder of the PostgreSQL Global Development Team & Sr. Architect at EDB

Postgres is well known as a relational DBMS, but did you know that it supports many non-relational data types including arrays, geometry and JSON for NoSQL use cases? Join Bruce Momjian to learn how you can use these data types to overcome restrictions of relational storage to support new innovative applications, specifically by storing and indexing multiple values, even unrelated ones, in a single database field.

Who Should Attend?

This technical presentation is intended for individuals involved with the development of innovative applications or the design and management of Postgres databases.

Register for Session 1 on June 9 at 8am ET (US)
Register for Session 2 on June 9 at 1pm ET (US)

EnterpriseDB Webinar: Postgres Integrates Effectively in the Enterprise Sandbox

Date: Thursday, May 12th, 2016
Time: 8:00am – 9:00am Eastern Time (US), 1:00pm – 2:00pm Eastern Time (US)
Presenters: Matt Cicciari, Director, Product Marketing + Jason Davis, Sr. Director, Product Management

Are you ready to handle the digital transformation, or do you want to be like 60% of CIOs that are doing nothing to account for the change? This 45 minute presentation will cover the Postgres solutions, services, and best practice recommendations you need to be a leader in today’s complex digital environment.

Register and attend this webinar to learn how you can plan and navigate today’s complex digital environment! Topics discussed include:

  • Connect to multiple sources of data to support your growing business
  • Integrate with existing incumbent systems that power your business
  • Share siloed data among your technical teams to address strategic objectives
  • Learn how customers integrated EDB Postgres within their corporate ecosystems that included Oracle, SQL Server, MongoDB, Hadoop, MySQL and Tuxedo

Who Should Attend?

The presentation will interest both business and technical decision-makers or influencers responsible for the overall strategy and execution of a PostgreSQL and/or EDB Postgres database.

Register for Session 1 on May 12 at 8am ET
Register for Session 2 on May 12 at 1pm ET

EnterpriseDB Webinar: Managing your EDB Postgres Workload

Date: Thursday, April 21, 2016
Time: 8:00am – 9:00am Eastern Time (US), 1:00pm – 2:00pm Eastern Time (US)
Presenter: Tom Gendron, Sales Engineer, EDB

Attend this presentation to understand the tools available in the EDB Postgres Management Suite that help DBAs succeed in various Postgres administration tasks such as managing, monitoring and tuning your Postgres environment, back up and recovery, and high availability.

Tom Gendron, Sales Engineer, will discuss how the EDB Postgres Management Suite can help you to:

  • Improve queries by verifying you have the right indexes in place
  • Troubleshoot issues by tracing SQL and execution statistics
  • Identify performance bottlenecks by checking database and server metrics
  • Plan for future hardware requirements by keeping an eye on capacity forecasts
  • Speed up morning checks by setting up standard and custom alerts
  • Sleep well knowing failover in case of an incident is automated
  • Reduce stress level when restoring from a backup
  • See a demo of EDB Enterprise Manager in action
  • Tips on how to DBA’s can get a good night’s sleep

EnterpriseDB’s (EDB) developers are dedicated to provide you with useful, enterprise-ready tools, such as EDB Postgres Enterprise Manager, EDB Postgres Backup & Recovery and EDB Failover Manager.

EDB Postgres Enterprise Manager provides DBAs with the tooling they need to manage, monitor, and tune a Postgres environment. No other tool offers so many integrated features in one graphical interface.

EDB Enterprise Manager now also incorporates EDB Postgres Backup & Recovery as well as monitoring for EDB Postgres Failover Manager.

Who should attend?

This presentation will interest technical roles such as DBAs involved in the set up, maintenance and testing of a Postgres database. Architects and developers may also be interested in this topic based on their involvement with workloads. If you are currently using PostgreSQL you will see what EDB is providing outside of the Community.

Register Now

EnterpriseDB Webinar: Reducing the Risks of Migrating Off Oracle

Date: Wednesday, April 13, 2016
Time: 8:00am – 9:00am Eastern Time (US), 1:00pm – 2:00pm Eastern Time (US)
Presenter: Gary Carter, EnterpriseDB Director of Field Marketing

Register and attend this presentation to explore cost-effective substitutes for Oracle® database management systems.

Join Gary Carter, Director of Field Marketing, as he surveys some of EDB Postgres Enterprise’s more important features and techniques employed to reduce migration risk:

  • Reduce Technical Risks
  • Reduce Re-training Risks
  • Reduce Integrations Risks

Together, these risk reductions allow organizations to lower their costs and redirect savings to innovative business initiatives such as digital, analytics, mobile, and application development. Join the webinar at 8 am or 1 pm and hear the details.

Who Should Attend?
This presentation will be valuable to organizations researching Postgres, as well as current Oracle customers considering migrating to an open source-based database management system such as EDB Postgres. The presentation will highlight key points for both business and technical decision-makers and influencers.

Register for Session 1: 8:00am ET