An Oracle Java SE to Eclipse Temurin migration is the cleanest contractually independent route off the Java SE Universal Subscription Employee Metric. Temurin is the TCK-certified, free, production-ready OpenJDK distribution maintained by the Adoptium Working Group at the Eclipse Foundation — a vendor-neutral foundation backed by IBM, Microsoft, Red Hat, Azul, BellSoft, and others. The neutrality matters when procurement requires that the runtime not be tied to a specific cloud provider, or when third-party software vendors prefer a non-single-vendor OpenJDK for their support certification. This playbook lays out the buyer-side migration framework we use to defend our clients through Java SE displacement onto Temurin: the forensic discovery sequence, the deployment plan, the commercial support options, the third-party software compatibility matrix, and the audit defence on the historical Oracle Java footprint. Every step is benchmarked against real engagements — 600+ Oracle programmes, $1.8B in advised spend, and a 100% Java audit defence record across the Java engagements we have run.
Eclipse Temurin is the OpenJDK distribution that wins on neutrality. Where Amazon Corretto is supported by AWS, Microsoft Build of OpenJDK is supported by Microsoft, and Azul Zulu is supported by Azul, Temurin is governed by the Adoptium Working Group at the Eclipse Foundation. The working group includes IBM, Microsoft, Red Hat, Azul, BellSoft, Karakun, New Relic, Alibaba and others. No single vendor controls the project. The vendor neutrality matters in three scenarios: procurement requirements that prohibit a single-vendor runtime, regulated industries where governance transparency is a compliance requirement, and third-party software vendors who certify against Adoptium as the neutral reference.
Temurin is also the OpenJDK distribution that most third-party software vendors have explicitly certified. The Adoptium Working Group inherited the AdoptOpenJDK community project and its decade-long history of vendor certification. Atlassian, Adobe, Spring, Pivotal, IBM, Red Hat, and many financial services platform vendors list Adoptium / Temurin in their supported runtime matrices. For organisations whose third-party software ecosystem requires explicit vendor certification, Temurin minimises the renegotiation overhead during migration.
Where Temurin is less obviously the right default: AWS-heavy estates where Corretto is bundled with AWS support at no cost, Azure-heavy estates where Microsoft Build of OpenJDK is similarly bundled, and estates with very high-performance latency requirements where Azul Zulu Prime (the commercial pauseless GC distribution) is technically differentiated. The decision framework on every engagement compares the customer's operational reality against these distributions and recommends accordingly. For most enterprise estates the answer is Temurin. See the Oracle Java licensing guide for the broader Employee Metric exposure that drives the entire decision.
The Adoptium Working Group governance model is a procurement-grade safeguard against single-vendor risk. Eclipse Foundation working groups operate under formal charters with member voting rights, transparent decision-making, and contributor governance. The Adoptium project ships TCK-certified Temurin builds for every long-term support release, maintains the Adoptium build infrastructure independent of any member vendor, and operates the temurin.org and adoptium.net distribution channels under foundation control.
The governance model protects the customer against the single-vendor scenarios that have repeatedly damaged enterprise Java users in the last decade. Oracle's commercialisation of Java SE in 2019 is the obvious example. Less obvious but equally consequential: when a single-vendor OpenJDK distribution changes its support terms, raises its commercial pricing, or alters the licence terms, customers running on that distribution are exposed to vendor lock-in at scale. The Adoptium foundation governance reduces that exposure. The Eclipse Foundation has been the steward of open-source Java tooling for two decades; its governance model has held up across multiple major vendor changes.
Buyer-side note: Vendor neutrality is a procurement, compliance, and risk-management benefit. It is not a technical benefit — at the bytecode level, all TCK-certified OpenJDK distributions are interchangeable. Choose Temurin when the neutrality matters for procurement; choose another distribution when bundled vendor support is the deciding factor.
We score your estate against Temurin, Corretto, Microsoft OpenJDK, and Azul to identify the right runtime per workload. Buyer-side methodology, ten-day turnaround.
The forensic discovery phase is the same regardless of which OpenJDK distribution the customer migrates to. The audit defence framework requires a complete inventory of every Java installation in the estate identified by vendor, version, deployment context, and licensing surface. Most organisations underestimate their Java footprint by a factor of three to ten because Oracle Java is bundled inside dozens of third-party products and gets installed by default by package managers and developer tooling.
| Discovery surface | What to look for | Audit exposure |
|---|---|---|
| Endpoint inventory (workstations) | Oracle JRE / JDK on Windows / macOS / Linux desktops | Employee Metric applies regardless of usage |
| Server-side application servers | Tomcat, Jetty, JBoss, WAS, custom application JVMs | Production Java SE installations |
| Batch and ETL processing | Informatica, DataStage, custom Java batch | Server-side Java SE installations |
| Build and CI tooling | Jenkins, GitLab Runner, Bamboo, Maven, Gradle | Developer tooling Java; usage of Oracle binaries triggers metric |
| Third-party software with bundled Java | Trading platforms, mapping, scientific, BI tooling | Oracle Java bundled inside the vendor's deployment package |
| Container images | Docker images on private registries | Each image with Oracle Java multiplies the surface |
| Cloud deployments (BYOL Java) | EC2 / EKS / Lambda / Azure / GCP / OCI | Cloud Java installations counted toward the same metric |
| OT and ICS environments | SCADA, manufacturing, embedded engineering tooling | Often-overlooked Java footprint with high audit value |
The forensic discovery has to be performed under audit-defensible methodology. We use a combination of endpoint scanning, package manager inventories, container registry scans, third-party software vendor inventories, and manual interview of OT / engineering teams to surface the embedded footprint. The output is a complete, evidence-based Java installation register that drives both the migration plan and the audit defence. The Java Licensing service covers the discovery framework end to end and includes the audit defence work that follows. The Oracle Java to Amazon Corretto migration article covers the same discovery surface in the AWS context.
Temurin itself is community-supported by the Adoptium Working Group. The community support model is appropriate for many production estates — quarterly security updates ship on schedule, GitHub issues are responded to actively by Adoptium contributors, and the documented release lifecycle gives operational teams the predictability they need. Where commercial support is required — typically regulated industries, 24x7 mission-critical production, or organisations with strict vendor-backed SLA requirements — multiple vendors offer commercial Temurin support contracts.
Pricing for commercial Temurin support typically runs 15 to 35 percent of equivalent Oracle Java SE Employee Metric pricing for similar enterprise SLA coverage. For most enterprise estates the commercial support contract on Temurin lands at $200K to $800K per year for the full Java footprint, against an Oracle Java SE Employee Metric exposure that would run $2M to $8M per year for the same footprint at typical enterprise scale. The structural saving justifies the migration on commercial grounds alone, before the audit defence benefit is added.
The Temurin deployment plan follows the same wave-based sequence we use for any OpenJDK migration. Pilot deployment to non-critical workloads, performance baseline against the Oracle binary, wave 1 deployment to low-risk workloads, wave 2 to mid-risk, wave 3 to high-risk, endpoint rollout, Oracle Java removal, and audit-defensible documentation. The technical deployment is straightforward because Temurin is bit-for-bit compatible with Oracle's binary at the Java SE specification level.
| Phase | Duration | Activity |
|---|---|---|
| 1. Pilot deployment | 2 weeks | Deploy Temurin on 3 to 5 non-critical workloads; functional validation |
| 2. Performance baseline | 2 weeks | Compare GC behaviour, throughput, latency against Oracle Java baseline |
| 3. Wave 1 deployment | 4 weeks | Deploy Temurin to 20 to 30 percent of low-risk workloads |
| 4. Wave 2 deployment | 6 weeks | Deploy Temurin to mid-risk workloads; retain Oracle Java fallback |
| 5. Wave 3 deployment | 8 weeks | Deploy Temurin to high-risk workloads; full rollback plan |
| 6. Endpoint rollout | 4 weeks | Workstation Java replacement via endpoint management tooling |
| 7. Oracle Java removal | 3 weeks | Forensic removal of Oracle Java binaries; verification scan |
| 8. Audit-defensible documentation | 2 weeks | Evidence package of removal for the future Oracle audit defence |
The performance baseline phase is the one most worth scoping carefully. Temurin and Oracle Java SE produce functionally identical bytecode behaviour, but garbage collection tuning parameters that were optimised against the Oracle binary may require minor adjustment on Temurin. We have seen workloads run 2 to 5 percent better and workloads run 2 to 5 percent worse on Temurin compared to Oracle Java SE at the same JVM tuning — the variance is workload-dependent, not distribution-dependent. The baseline phase identifies the workloads where retuning is necessary before production deployment.
We sequence the Temurin wave-based deployment against your operational risk tolerance and audit-defence priorities. Buyer-side methodology, ten-day turnaround.
The migration to Temurin closes future Oracle Java SE exposure. It does not close the historical exposure. Oracle's GLAS / LMS Java audit team reviews the customer's historical Oracle Java SE deployment to determine retroactive Employee Metric exposure. The audit defence framework is the same regardless of which OpenJDK distribution the customer migrated to.
The forensic defence framework contains four lines of argument. First, the licensing model in effect at the time of deployment was the historical metric (Processor / NUP), not the 2023 Employee Metric — Oracle's retroactive application is contestable and we have contested it successfully multiple times. Second, the actual Oracle binary deployment count, not the inferred deployment from desktop installation telemetry, is the basis for any back-licence claim — Oracle's audit methodology routinely overstates by a factor of two to four. Third, the Oracle Java No-Fee Terms and Conditions (NFTC) that applied to JDK 17 between September 2021 and September 2024 created a covered-deployment window that excludes those deployments from back-licence claims under the prior commercial subscription. Fourth, the bundled-Java distributions of Oracle Java that came with Oracle products (Database, WebLogic, Fusion Middleware) carry application-specific entitlement and cannot be treated as standalone Java deployments.
We hold a 100% Java audit defence record across the engagements we have run since 2019. The defence framework only works when the customer engages before the audit progresses to formal claim — once the claim is in writing the negotiating position is materially weaker. The Audit Defence service covers the full engagement framework. The Oracle audit guide covers the broader evidence-based defence methodology that surrounds Java and the rest of the Oracle portfolio.
Yes. Eclipse Temurin is the TCK-certified, free, production-ready distribution of OpenJDK maintained by the Adoptium Working Group at the Eclipse Foundation. The Adoptium project ships long-term support builds for Temurin 8, 11, 17, 21, and 25 with quarterly security updates aligned to the Java SE specification. Temurin is the default OpenJDK distribution recommended by many software vendors including Microsoft, IBM, Red Hat, and Pivotal because Adoptium is a vendor-neutral foundation rather than a single-vendor distribution.
Temurin is the right default when the customer does not have a strong tie to a specific cloud provider, when vendor neutrality is a procurement requirement, or when third-party software vendors have explicitly certified Temurin / Adoptium. Corretto is the right default for AWS-heavy estates where Corretto support is bundled with AWS support. Microsoft Build of OpenJDK is the right default for Azure-heavy estates where Microsoft support is bundled. The three distributions are functionally equivalent at the Java SE specification level; the choice is operationally and contractually driven.
Temurin itself is community-supported by the Adoptium Working Group. Commercial support for Temurin is available from multiple vendors: IBM (which created the original AdoptOpenJDK project), BellSoft, Azul, and Red Hat. Pricing for commercial Temurin support typically runs 15 to 35 percent of equivalent Oracle Java SE Employee Metric pricing for similar enterprise SLA coverage. For organisations with strict 24x7 vendor-backed support requirements, the commercial support contract is an essential component of the Oracle Java SE to Eclipse Temurin migration plan.
Most do, and the list is growing. Atlassian, Adobe, Spring, Red Hat, IBM, Pivotal, and many financial services platform vendors have explicitly certified Temurin. Some legacy software with Oracle Java SE-only support contracts requires renegotiation. We maintain a compatibility matrix on every engagement and confirm vendor coverage in writing before migration. Vendors that refuse Temurin coverage are usually willing to accept Corretto or Microsoft Build of OpenJDK; the compatibility matrix helps customers choose the runtime that maximises vendor coverage.
The audit defence framework is the same regardless of which OpenJDK distribution the customer migrated to. Oracle's audit team examines the historical Oracle Java SE footprint, applies the Employee Metric retroactively, and publishes a back-licence claim. The defence framework reduces or eliminates the claim through four lines of argument: contesting the retroactive application of the new metric, contesting the inflated installation count from telemetry, applying the NFTC covered-deployment window for JDK 17, and excluding bundled-Java distributions that carry application-specific entitlement. We hold a 100% Java audit defence record across engagements run since 2019. The Oracle Java SE to Eclipse Temurin migration plan should include the audit defence work alongside the deployment.
Twice a month. Oracle pricing moves, audit-defence tactics, migration economics, ULA exit playbooks. Written by former Oracle insiders, never marketing.
No spam. Unsubscribe any time. Independent — not affiliated with Oracle Corporation.