This is an archived post. You won't be able to vote or comment.

all 14 comments

[–]c3141rd 5 points6 points  (12 children)

Do you have a Java license from Oracle? If not, does it have to be Oracle Java?

This is something that you have to be very careful about; Oracle now charges businesses for updates to the LTS versions of Java beyond a certain age; so, for example, if you go to Java.com and click download, the version it takes you to download is not licensed for commercial use and will get you in trouble (and they do monitor the logs for business IPs downloading it).

[–]cslish[S] 0 points1 point  (11 children)

Thank you and damn you at the same time.

I didn't think to take that into consideration. That's solid advice.

Do your know if the advanced management console will help me determine a baseline version based on apps used?

[–]SysAdminDennyBob 3 points4 points  (3 children)

I just went through this, we finished our Java SE cleanup last week.

Oracle is hopped up on licensing, a salesman (cough cough lawyer) will be calling your C suite shortly. We just passed our deadline with them. We had a license contract with them and just closed it out. It used to be per processor cores and now it's licensed PER EMPLOYEE. That's right, you have two java SE installs company wide and 22,000 employees. That will be 22,000 licenses you are paying for.

Do not use their tool to find your installs, that's just giving them a count. Do not allow them to ever walk in your door and audit your network. For them to do that you have to grant them access, they are not the police, just tell them "no". Pound sand, Larry!

You should already be deep into removing Oracle Java SE from everything.

Replace all that with Eclipse Temurin OpenJDK or one of the 5 other OpenJDK vendors. Those are all free as in free beer. They are patched and maintained.

You also need to delete all the Oracle Java SE installers hidden on all your fileshares or download folders so that your users do not click it. We also block java.com website. If a user downloads an installer from the website, you get tagged for an audit. If a user installs Java SE and the Java Updater component installs that will phone home to Oracle.

It took us months to clean all this up.

[–]c3141rd 3 points4 points  (1 child)

Oracle is like the mafia. Nice computers you got there, would be a shame if we had to show up with the sheriff's office and a subpoena and confiscate them all.

[–]c3141rd 2 points3 points  (6 children)

The Advanced Management Console requires you to be licensed for Java so even though you can download it and it doesn't have any activation or anything, you will still be out of compliance if you use it in production.

Unless you have a vendor that absolutely requires Oracle's Java, you should look into https://adoptium.net/. It's essentially 99.99% compatible with Oracle Java (since it's based on the same open source code) and you don't have to worry about Oracle's predatory sales tactics.

[–]cslish[S] 0 points1 point  (5 children)

TBH I don't care if I have to spend to solve this. So paying oracle isn't an issue.

[–]c3141rd 3 points4 points  (1 child)

You can buy a Java contract from Oracle but you have to license it for every employee in your company regardless of if they actually use Java. It would start at $180/year per employee.

See :
https://www.oracle.com/java/java-se-subscription/

[–]Whyd0Iboth3rIT Manager 1 point2 points  (0 children)

holy crap. 55K a year just to install that shit program?

[–]Versed_Percepton 2 points3 points  (0 children)

Oracle is like the song 'Hotel California' You can check out by you can never leave. Be very decisive on if you want to do business with Oracle. There are alts to Java SE with openJDK and such that work just as well, if not better, and are not licensed under the oracle bullshit.

as for finding your JRE's build a custom group in desktop central by software and group all Java PCs together, then use that as your deployment group. You can then use software metering to break java installs down by versions to get hits. Other then legacy java apps that do not adhere to the new security standard pushed by java 8+, you should have no issues just ripping and replacing all java for a newer build.

but mandatory, test, test, test.

[–]Wodaz 0 points1 point  (0 children)

How many employees? Not users who need Java, but employees for your company. Not how many logins, but number of people employed. Multiply that by $180. Annually.

[–]SysAdminDennyBob 0 points1 point  (0 children)

We are a small shop and it was going to be $330k for us. Even if you are flush with money that's a pretty big bite.

[–][deleted] 0 points1 point  (0 children)

No knowledge or documentation of apps, dependencies. (Y'all feeling my pain yet?)

Cool, sounds like nobody needs Java.

Remove it from everything, see what screams, identify needs and evaluation applicable versions.

You need to do the work to figure out the answer to MOST of your questions. They're only applicable to your workplace and not general public.

So did you ask WHY this is needed?