SCO's lawsuit against IBM and concerns about security
have failed to dampen enterprise users' enthusiasm for the
open-source software.
Once an outsider in the server OS race, Linux is now “a
mainstream choice for many infrastructure workloads”, according to
research firm IDC, which predicts annual growth rates of 28% for
the open-source operating system over the next three
years.
Other industry analysts echo IDC’s positive view, and the Linux
community can now point to a number of high-profile enterprise
users including Deutsche Bank, Safeway Stores and Orange.
But just when you thought it was safe to pick up the Linux
penguin, legal and security issues around Linux have cast a shadow
over the open-source route.
A year or so ago, one of the main concerns concerning Linux for
commercial applications was the issue of getting
enterprise-strength support for multinational installations.
Both the leading Linux distributors, Red Hat and SuSE, have set
up enterprise support services for their customers, and provide
services such as automatic patch update.
They are both, however, modest-sized organisations; Red Hat has
revenues of $90m and 600 employees, while SuSE is privately held
and has 380 employees. Contrast that with Microsoft, with its
multibillion revenues and thousands of staff worldwide.
But this is less of a concern now that heavy hitters such as
IBM, Hewlett-Packard and Oracle have announced their commitment to
providing global support for Linux installations.
HP, for example, is a Red Hat partner and delivers Tier 1 and 2
support for Red Hat Linux worldwide, while IBM provides global
support for SuSE Linux.
“We support three server operating environments – HP-UX,
Microsoft and Linux – and we view those environments as equal from
a support point of view,” says HP UK Linux business manager Russell
Coombes.
'Unbelievable' cost savings
Mobile phone company Orange does not need multinational support,
and is happy to buy its UK support from Red Hat. The company
recently announced that it was moving its business-critical content
delivery and subscriber databases on to a cluster of four Dell
PowerEdge servers running Oracle9i under Linux.
“We're not able to take any risks as far as support is
concerned, and Redhat is one of the few Linux suppliers authorised
by Oracle,” says Paul Thompson, head of technical operations for
Orange’s multimedia division.
The Intel-Linux cluster Orange chose works out 10 times cheaper
than an equivalent proprietary Unix system, allowing the company to
make “unbelievable” cost savings on the technology itself.
However, Thompson says Linux users should expect to pay the same
costs for support services as they would in any other operating
environment. “People cost what they cost.”
He points out, though, that Orange has made savings in staff
training costs through using Linux.
“A lot of IT people have grown up with Linux as hobbyists. We're
giving them an operating environment they can maintain with their
eyes shut, whereas before we would have had to send them on
expensive courses."
Implications of SCO's actions
But as the spectre of inadequate Linux support is being laid to
rest, SCO’s lawsuit against IBM has come along to spook Linux
users. As well as arguing that IBM illegally used some of SCO’s
intellectual property in the Linux kernel, SCO has warned that
legal liability for using of Linux could extend to commercial
customers too.
Despite warnings from industry-watchers such as Gartner, which
has advised that users should “minimise Linux in complex,
mission-critical systems" until the merits of SCO's claims or any
resulting judgments become clear, the likes of Orange are pressing
ahead with their Linux plans for the time being, and suppliers
report no slackening in demand - yet.
“Linux is already taking off in a big way; 60% of new servers
are now running Linux,” says Jonathan Eales, operating systems
manager at Bull UK. “I don’t see that this will be more than a
blip.”
Phil Dawson, program director for Meta Group’s infrastructure
service, is rather more sceptical. “We think this is a massive
distraction which only benefits one vendor – Microsoft,” he
says.
“But if users are really concerned about the legality of Linux,
they should seek legal advice – they could offset the legal fees
against the cost of the Microsoft licences they haven't had to
buy.”
With suppliers including Novell and Lindows joining the fray
with counter-claims of their own, the SCO-IBM dispute has turned
into a legal bunfight, the outcome of which may not be clear for
some time to come.
Other issues to consider
But David Naylor, a partner with lawyers Morrison and Foerster
(MoFo), believes there are other legal issues that Linux users need
to clarify.
“A common misconception is that Linux isn't licensed,” he says.
“It is, and under the terms of the Linux General Public Licence
[GPL] you're only allowed to make improvements to and develop
open-source software if you also license that on.
"A potential consequence of that is, if you incorporate open
source code in your own proprietary software, you must license that
out as well. This is a critical business issue and companies need
to be very careful about making sure they understand the
implications at both board and technology level.”
Any technology involves risks and benefits – and, as Dawson
points out, “People considering Linux over Unix may be more
tolerant of risk anyway.“
But it makes sense for users to follow Gartner’s advice to
“perform due diligence on Linux or other open-source code … as a
prerequisite to adoption in the enterprise.”
Users should also bear in mind that the open-source GPL does not
include any warranty or indemnity protection, and check to see
whether their Linux distributor offers separate warranties.
Security testing costs money
Security issues have been another bugbear for the Linux
community. Unlike Windows and Solaris, Linux does not yet have
high-security clearance by the Communication Electronic Security
Group (CESG) in the UK and the National Criminal Intelligence
Service (NCIS).
While locking it out of the niche market for top-security
systems, this has not been a barrier to its deployment in a number
of government applications, and the US National Security Agency
(NSA) is working on a security-enhanced version called SE
Linux.
“Not having CESG clearance doesn’t mean Linux isn't secure –
just that the Linux community hasn’t paid out to put it to the
test,” says Malcolm Yates, strategic alliance/ISP manager at SuSE.
“The issue is that testing costs a lot of money.”
Meanwhile, Eales argues far from providing an open door to
hackers, the open nature of the Linux kernel makes it more secure
by increasing the likelihood that the “good guys” will spot and
close potential security loopholes before hackers can exploit
them.
But last year a new security spectre was raised – that
Microsoft’s “Palladium” trusted computing initiative, also known as
Digital Rights Management (DRM), could lock Linux out of future
desktop computers. DRM uses both software and hardware controls
built into the PC motherboard to ensure that only approved software
can run on the machine.
Linux suppliers point out that with Linux being the
fastest-growing operating system on Intel platforms, it is hardly
in Intel’s interest to develop a product on which Linux will not
run.
Intel, for its part, says that initiatives such as DRM would
happen in the context of its LaGrande technology which, according
to Intel president and chief executive officer Paul Otellini, will
deliver “protected execution, protected memory, and protected
storage” at a hardware level. LaGrande will work in conjunction
with DRM software, but will not be designed to work with any
particular supplier.
Perhaps the most compelling evidence for Linux’s
enterprise-readiness is that it has got Microsoft running scared,
with measures such as its “special fund” to offer discounted
Microsoft software to customers considering Linux adoption.
Both the SCO lawsuit and the DRM initiative have helped
Microsoft by spreading fear, uncertainty and doubt among Linux
adopters. But the momentum behind Linux is now such that the FUD
factor is likely to only slow, not stop, its adoption in the
enterprise.