Oracle to require a subscription for Java SE
If you use the Java SE (Standard Edition) platform, brace yourself. As of January 2019, the platform will no longer be free.
This change will affect most, if not all, commercial users of the platform. Non-commercial users will have to start paying in January 2020.
This is a major adjustment and we’re sure you have some questions. Here are the most important ones to keep in mind and what you should be doing right now to get ready.
What is changing with Java SE?
In January 2019, Oracle will require that all commercial users of Java SE purchase an annual Java SE Subscription to obtain any future patches and updates, or other support services, for Java SE release 8 or higher.
The new annual support subscription will also include the rights to use the Java SE enterprise deployment tools that were previously available under the Java SE Advanced product offerings.
The Java SE Advanced perpetual license offerings are no longer sold or available from Oracle except by special approval on an exception basis.
What do these changes mean for current commercial users of Java SE?
The most significant change is that the new support subscription is not free. For larger customers, the support will be costly, so the necessary budgetary planning and approval process should start as early as possible. An enterprise with 20,000 seats, for example, might have to pay several hundred thousand dollars per year to maintain support.
In addition, organizations will have to accurately count and identify all of the Java SE instances present in their data centers and that are in use. That’s necessary to calculate the quantities of either physical desktop computers or the physical servers where the software resides.
The Java SE Subscription will be licensed either by the physical number of desktops where Java SE is deployed or by the Oracle processor metric for physical servers where it is deployed.
How is this different from before?
The Java Development Kit (JDK) and Java Runtime Environment (JRE) were free to download and install since the release of Java SE version 1.0 in 1996. All updates and patches were readily available through the Java.com website. This strategy led to widespread adoption and use of Java as an application development platform and made it one of the most popular programing languages in history.
It’s been business as usual for Java SE users ever since, even after Oracle’s 2010 purchase of Sun Microsystems, which included the Java language and development platform. After that, users could also download and install the JDK, JRE, and several other Java enterprise deployment tools from the Oracle Technology Network website in addition to Java.com.
Up to now, there has been no requirement to purchase support or maintenance from Oracle to access updates or patches for the current releases of Java SE.
Customers did have to purchase continued support for older releases once they reach end of life, and for Java SE Enterprise deployment tools such as the Advanced Management Console, which are licensable under the Java SE Advanced support product name. That support contract, however, wasn’t necessary to receive updates and patches.
Can I just continue using an older version of Java SE without support?
It’s technically possible, but definitely not recommended.
While the Java SE platform will technically run without patches and updates, that’s a security risk you don’t want to take. In the lifetime of version 7, over 300 security patches, including some very serious ones, were issued.
If you need further convincing, just look at Equifax, which had a Java patch for the Apache Struts vulnerability sitting in a queue to be applied when criminals exploited that vulnerability. The result was one of the biggest data breaches in history.
In more regulated industries like financial services or health care, laws may require that you maintain support.
What should Java SE users do now?
Current commercial users should prioritize getting a handle on their actual Java SE install base. The asset management tools large organizations have around Cisco and other manufacturers aren’t designed to find Java. The best bet is to have a third-party ITAM provider audit your systems for all instances.
Once that information is available, consider reducing your Java footprint by deleting any unnecessary or unused instances of Java SE in the desktop environment, or by resizing physical servers to lower the CPU/core counts and reduce the potential support subscription costs.
While there are options like Open JDK that exist as alternatives to Java, and some organizations already use Open JDK, switching requires reprogramming in a lot of situations. Because it’s open source, the lack of 24/7 support also eliminates this option for many organizations.
The next step
Since Java is considered a no-cost IT expenditure by most commercial users, some of them haven’t kept track of the actual Java deployment across their data center or enterprise and may need assistance from a third-party ITAM services provider to understand the potential exposure that may exist.
Now’s the time to learn your exposure, determine your needs, and plan for this purchase before the January 2019 change.
Have more questions? Want to know how much you might have to pay for Java SE come January? Need an assessment from our ITAM team? Contact your SHI Account Executive today.