I’ve never been through a licensing audit at work, but I have been worried about them a few times in my career. A few bosses have warned me about them possibly coming. While I’ve tried to ensure that the organizations I worked for were compliant, I’ve always worried about losing track, making a mistake, or mis-interpreting the EULA rules. Those EULA rules and licensing guidelines are not written for most people to understand, and the verbiage is ambiguous at times.
I saw an article containing advice on going through a licensing audit that caught my eye. This was for an Oracle audit, but I suspect the advice would be similar if this were for SQL Server or any other product. Since an audit is a legal proceeding, it’s worth treating any licensing audit as you would a legal matter.
I am not a lawyer, and don’t take this to be advice or a recommendation. These are just my thoughts. For me, I would try to go slow with everything. Not to delay, but to be careful and sure of what I was doing. I would concentrate and read all documents carefully, being sure that I know what they mean, asking for clarification if there is any doubt, and ensuring my organization’s legal representative was available for questions.
I’d especially be careful about only answering questions and not being overly talkative and volunteering information. I’ve seen plenty of people get into trouble because they talk more than necessary. That might be good advice for life in general: listen more; talk less.
SQL Server, unlike many products, can be tricky because no license key is really checked. I’ve seen scripting and manual processes use the same product key for ever installation. There’s nothing fundamentally wrong with this, but it does mean that someone is still responsible for ensuring that licenses are being tracked against installations and upgrades.
While I have no desire to deal with licensing, I know that if I act as a DBA in any way, it’s likely part of my job. I would (and have) tried to get someone in an Accounting role to keep track of purchases and usage of licensing, updating them whenever I install or decommission an instance. At least then we have more than one person tracking the data and potentially another person that might be in charge of handling the audit ;).