Although Java started life targeted at desktops, its popularity has really grown to dominate the server and subsequently cloud spaces. Many people would dismiss Java on the desktop, but you would be surprised at the number of people and organisations still using it. The reality of “Write once, run anywhere” dramatically simplifies the deployment of complex applications (often graphical ones) across a broad range of client machines.
The desktop is often the primary target for those wishing to steal account details, sensitive information or disrupt a network. It is vital, therefore that these machines are kept up to date with all available security patches to address known vulnerabilities.
Despite having been released over five years ago, there are still vulnerabilities that need to be addressed in JDK 8. Often, the affected area is not even directly part of Java but one that is used to build it. As an example, the most recent update to JDK 8 (update 211), contained a security patch for an issue with a Common Vulnerability and Exposure (CVE) score of 9.0 (rated on a scale of 1 to 10, with 10 being the most critical). The area of weakness is in a Windows DLL and is particularly relevant to desktop systems.
Ensuring the latest patches are deployed has become more complicated with the recent changes by Oracle to the licensing of the Java runtime. JDK 11 was released under a new license, the Oracle Technology Network License Agreement (OTNLA). This license allows the Oracle JDK to be downloaded and used for development, testing and personal use without charge. For commercial application usage, however, a Java SE Subscription needs to be purchased from Oracle. Possibly of greater significance is the fact that this license is also now the one that is used for updates to Oracle JDK 8 from April this year. Oracle has committed to providing updates to JDK 8 for non-commercial users until the end of 2020. For commercial desktop Java users, to deploy Oracle JDK 8 update 211 or 212 and later will require a Java SE subscription to be purchased.
Azul has been providing commercial support for the Java runtime for over five years, with many large customers deploying Zulu Enterprise across their entire IT estates. With an increasing demand for Java support on the desktop, we have revised our pricing in this area to make it even more flexible and competitive.
The table below shows the cost per desktop, depending on the support tier chosen. For users with more than 30,000 desktops (and you’d be surprised how many of those there are), we switch to our unlimited pricing band.
(More details can be found here)
An important decision for users to make is the cost of a security breach resulting from not having up to date patches. Most commercial Java users would agree that this is likely to be far higher than the cost of Zulu Enterprise.
Feel free to contact us to discuss your needs and how we can help.