Despite the high-profile problems Linux has faced recently, it
is still the fastest-growing operating system. What is it that
makes users flock to use it when they are threatened by costly
licencing measures and doubts over security standards? Candice
Goodwin discovers why Linux continues to gain popularity in the
enterprise
Complicated legal wranglings and concerns about lack of user
support and security have failed to dampen enterprise users'
enthusiasm for Linux. Once an outsider in the server operating
system race, Linux is now "a mainstream choice for many
infrastructure workloads", according to research firm IDC. It has
also predicted annual growth rates of 28% for Linux over the next
three years.
Other industry analysts echo IDC's positive view and the Linux
community can now point to a number of high-profile enterprise
users which include Deutsche Bank, Safeway and Orange, while last
year the UK government said it would consider open source for any
future IT projects to help avoid supplier lock-in. But as Linux
matures into a viable option at enterprise level, it has had to
answer several hard questions from users and even now it is still
experiencing growing pains.
A year or so ago, one of the main concerns users had about Linux's
suitability for commercial applications was getting
enterprise-strength support for multinational instal-lations. The
leading Linux distributors, Red Hat and SuSe, have set up
enterprise support services for their customers and provide
services such as automatic patch updates.
They are both modest-sized organisations: Red Hat has revenues of
$90m (£56m) and 600 employees, while SuSe is privately held and has
380 employees. Contrast that with Microsoft, with its
multibillion-dollar revenues and thousands of staff
worldwide.
But this is less of a concern now that major firms such as IBM,
Hewlett-Packard and Oracle have announced their commitment to
providing global support for Linux installations. HP, for example,
is a Red Hat partner and delivers first and second tier support for
Red Hat Linux worldwide, while IBM provides global support for SuSe
Linux. "We support three server operating environments - HP-UX,
Microsoft and Linux - and we view those environments as equal from
a support point of view," says HP UK Linux business manager Russell
Coombes.
Orange does not need multinational support and is happy to buy its
UK support from Red Hat. The telecoms company recently announced
that it was moving its business-critical content delivery and
subscriber databases to a cluster of four Dell Poweredge servers
running Oracle 9i under Linux.
"We are not able to take any risks as far as support is concerned
and Red Hat is one of the few Linux suppliers authorised by
Oracle," says Paul Thompson, head of technical operations at
Orange's multimedia division.
The Intel-Linux cluster Orange chose is 10 times cheaper than an
equivalent proprietary Unix system, allowing the company to make
"unbelievable" cost savings on the technology.
However, Thompson says Linux users should expect to pay the same
costs for support services as they would in any other operating
environment. "People cost what they cost," he says. But he also
points out that Orange has made savings in staff training costs
through using Linux. "A lot of IT people have grown up with Linux
as hobbyists. We are giving them an operating environment they can
maintain with their eyes shut, whereas before we sent them on
expensive courses," he says.
The issue of cost and open source software is picked up by Brian
Gammage, an analyst at Gartner, who says it is important for IT
managers to see through the hype when it comes to the total cost of
ownership and Linux.
"People have been kidded into thinking they can get something for
nothing but there is no such thing as a free lunch," he says.
"While they may make savings at the acquisition stage, there will
be a cost involved in managing and supporting the system and also
any application development."
Outwitting the enemy
But just when you thought it was safe to pick up the Linux penguin,
legal complications have cast a shadow of doubt over Linux's
viability at corporate level. In August, Unix supplier SCO
announced that all users of software containing the Linux kernel
2.4 or above will need to buy SCO Intellectual Property Licences
for Linux or face legal action.
SCO has also taken on the might of IBM claiming, among other
things, that IBM gave away SCO's intellectual property to the Linux
community. IBM has countered this attack with a claim against SCO.
Red Hat has also filed a lawsuit against the SCO Group to show that
its technologies do not infringe on SCO's intellectual property and
to hold SCO accountable for "unfair and deceptive actions".
Despite warnings from industry watchers, the likes of Orange are
pressing ahead with their Linux plans. Gartner has advised that
users should "minimise Linux in complex, mission-critical systems",
but until the merits of SCO's claims or any resulting judgments
become clear, as yet, suppliers are reporting no slackening in
demand. "Linux is already taking off in a big way - 60% of new
servers are running Linux," says Jonathan Eales, operating systems
manager at Bull UK. "I do not see that this will be more than a
blip."
Phil Dawson, programme director for Meta Group's infrastructure
service, is rather more sceptical. "We think this is a massive
distraction which only benefits one supplier - Microsoft," he says.
"If users are really concerned about the legality of Linux, they
should seek legal advice. They could offset any legal fees against
the cost of the Microsoft licences they have not had to buy."
But David Naylor, a partner with law firm Morrison and Foerster,
believes there are other legal issues Linux users need to clarify.
A common misconception is that Linux is not licensed," he says. "It
is, although there is no charge. The important point is, that under
the terms of the Linux General Public Licence, if you modify the
the GPL code or incorporate open source code into your own
proprietary software, you must license that under the same
non-commercial terms as well. This is a critical business issue
which could destroy any plans you have to charge for software
developments. Companies need to ensure they understand the
implications at both board and technology level."
Any technology involves risks and benefits and, as Dawson points
out, "People considering Linux over Unix may be more tolerant of
risk anyway." But it makes sense for users to follow Gartner's
advice to "perform due diligence on Linux or other open source
code... as a prerequisite to adoption in the enterprise".
Users should also bear in mind that the open source GPL does not
include any warranty or indemnity protection and check whether
their Linux distributor offers separate warranties.
The costs of security testing
Security issues have been another bugbear for the Linux community.
Unlike Windows and Solaris, Linux does not yet have high-security
clearance by the Communication Electronic Security Group in the UK,
which vets communication and information systems on behalf of the
ministry of defence and other government departments.
However, earlier this month IBM and SuSe Linux gained certification
for the International Common Criteria standard. According to IDC
analyst Chris Christiansen, the move "raises the viability and
increases the trust level of Linux in government contracts". He
says that while commercial buyers do not usually give Common
Criteria standards more than passing notice, "the government market
is very large".
But even prior to the recent IBM and SuSe announcement, Linux has
been deployed in a number of government applications, while the US
National Security Agency is working on a security-enhanced version
called SE Linux.
"Not having CESG clearance does not mean Linux is not secure. It is
just that the Linux community has not paid out to put it to the
test," says Gammage. "The difficulty about assessing security is
that we can't evaluate it until there has been a breach. There are
a dozen security accreditations out there. My guess is that
eventually Linux distributors will look to gain as broad a set of
accreditations as possible to reassure users."
Meanwhile, Eales says that far from providing an open door to
hackers, the open nature of the Linux kernel makes it more secure.
There is an increased likelihood the "good guys" will spot and
close security loopholes before they are exploited by
hackers.
But last year a new security predicament came to light. Microsoft's
"Palladium" trusted computing initiative, also known as Digital
Rights Management, could lock Linux out of future desktop
computers. DRM uses both software and hardware controls built into
the PC motherboard to ensure that only approved software can run on
the machine.
Linux suppliers point out that as Linux is the fastest-growing
operating system on Intel platforms, it is hardly in Intel's
interest to develop a product on which Linux will not run. Gammage
also thinks it highly unlikely that Linux will be locked out of the
desktop.
Intel, for its part, says that initiatives such as DRM would happen
in the context of its LaGrande technology which, according to Intel
president and chief executive Paul Otellini, will deliver
"protected execution, protected memory and protected storage" at
hardware level. LaGrande will work in conjunction with DRM
software, but will not be designed to work with any particular
supplier.
Perhaps the most compelling evidence for Linux's
enterprise-readiness is that it has got Microsoft running scared
through offers such as its "special fund", which offers discounted
Microsoft software to customers considering Linux adoption.
Both the SCO lawsuit and the DRM initiative have helped Microsoft
by spreading fear, uncertainty and doubt among Linux adopters. But
the momentum behind Linux is such that any "FUD factor" is likely
to only slow, rather than stop, its adoption.
Linux at a glance
As Linux has matured, it has had to convince users that it can
pass muster in several key areas:
User support All major Linux distributors now
offer enterprise level support.
Legal issues Commentators see the current
legal wranglings Linux is encountering as a blip on the road to
maturity for the GNU General Public Licence, which governs the use
of open source software, including Linux.
Security Linux has already been adopted by
several government departments and a new security-enhanced version
of the operating system is in the pipeline.