SCO's lawsuit against IBM and concerns about security have failed to dampen enterprise users' enthusiasm for the open-source software.
Once an outsider in the server OS race, Linux is now “a mainstream choice for many infrastructure workloads”, according to research firm IDC, which predicts annual growth rates of 28% for the open-source operating system over the next three years.
Other industry analysts echo IDC’s positive view, and the Linux community can now point to a number of high-profile enterprise users including Deutsche Bank, Safeway Stores and Orange.
But just when you thought it was safe to pick up the Linux penguin, legal and security issues around Linux have cast a shadow over the open-source route.
A year or so ago, one of the main concerns concerning Linux for commercial applications was the issue of getting enterprise-strength support for multinational installations.
Both the leading Linux distributors, Red Hat and SuSE, have set up enterprise support services for their customers, and provide services such as automatic patch update.
They are both, however, modest-sized organisations; Red Hat has revenues of $90m and 600 employees, while SuSE is privately held and has 380 employees. Contrast that with Microsoft, with its multibillion revenues and thousands of staff worldwide.
But this is less of a concern now that heavy hitters such as IBM, Hewlett-Packard and Oracle have announced their commitment to providing global support for Linux installations.
HP, for example, is a Red Hat partner and delivers Tier 1 and 2 support for Red Hat Linux worldwide, while IBM provides global support for SuSE Linux.
“We support three server operating environments – HP-UX, Microsoft and Linux – and we view those environments as equal from a support point of view,” says HP UK Linux business manager Russell Coombes.
'Unbelievable' cost savings
Mobile phone company Orange does not need multinational support, and is happy to buy its UK support from Red Hat. The company recently announced that it was moving its business-critical content delivery and subscriber databases on to a cluster of four Dell PowerEdge servers running Oracle9i under Linux.
“We're not able to take any risks as far as support is concerned, and Redhat is one of the few Linux suppliers authorised by Oracle,” says Paul Thompson, head of technical operations for Orange’s multimedia division.
The Intel-Linux cluster Orange chose works out 10 times cheaper than an equivalent proprietary Unix system, allowing the company to make “unbelievable” cost savings on the technology itself.
However, Thompson says Linux users should expect to pay the same costs for support services as they would in any other operating environment. “People cost what they cost.”
He points out, though, that Orange has made savings in staff training costs through using Linux.
“A lot of IT people have grown up with Linux as hobbyists. We're giving them an operating environment they can maintain with their eyes shut, whereas before we would have had to send them on expensive courses."
Implications of SCO's actions
But as the spectre of inadequate Linux support is being laid to rest, SCO’s lawsuit against IBM has come along to spook Linux users. As well as arguing that IBM illegally used some of SCO’s intellectual property in the Linux kernel, SCO has warned that legal liability for using of Linux could extend to commercial customers too.
Despite warnings from industry-watchers such as Gartner, which has advised that users should “minimise Linux in complex, mission-critical systems" until the merits of SCO's claims or any resulting judgments become clear, the likes of Orange are pressing ahead with their Linux plans for the time being, and suppliers report no slackening in demand - yet.
“Linux is already taking off in a big way; 60% of new servers are now running Linux,” says Jonathan Eales, operating systems manager at Bull UK. “I don’t see that this will be more than a blip.”
Phil Dawson, program director for Meta Group’s infrastructure service, is rather more sceptical. “We think this is a massive distraction which only benefits one vendor – Microsoft,” he says.
“But if users are really concerned about the legality of Linux, they should seek legal advice – they could offset the legal fees against the cost of the Microsoft licences they haven't had to buy.”
With suppliers including Novell and Lindows joining the fray with counter-claims of their own, the SCO-IBM dispute has turned into a legal bunfight, the outcome of which may not be clear for some time to come.
Other issues to consider
But David Naylor, a partner with lawyers Morrison and Foerster (MoFo), believes there are other legal issues that Linux users need to clarify.
“A common misconception is that Linux isn't licensed,” he says. “It is, and under the terms of the Linux General Public Licence [GPL] you're only allowed to make improvements to and develop open-source software if you also license that on.
"A potential consequence of that is, if you incorporate open source code in your own proprietary software, you must license that out as well. This is a critical business issue and companies need to be very careful about making sure they understand the implications at both board and technology level.”
Any technology involves risks and benefits – and, as Dawson points out, “People considering Linux over Unix may be more tolerant of risk anyway.“
But it makes sense for users to follow Gartner’s advice to “perform due diligence on Linux or other open-source code … as a prerequisite to adoption in the enterprise.”
Users should also bear in mind that the open-source GPL does not include any warranty or indemnity protection, and check to see whether their Linux distributor offers separate warranties.
Security testing costs money
Security issues have been another bugbear for the Linux community. Unlike Windows and Solaris, Linux does not yet have high-security clearance by the Communication Electronic Security Group (CESG) in the UK and the National Criminal Intelligence Service (NCIS).
While locking it out of the niche market for top-security systems, this has not been a barrier to its deployment in a number of government applications, and the US National Security Agency (NSA) is working on a security-enhanced version called SE Linux.
“Not having CESG clearance doesn’t mean Linux isn't secure – just that the Linux community hasn’t paid out to put it to the test,” says Malcolm Yates, strategic alliance/ISP manager at SuSE. “The issue is that testing costs a lot of money.”
Meanwhile, Eales argues far from providing an open door to hackers, the open nature of the Linux kernel makes it more secure by increasing the likelihood that the “good guys” will spot and close potential security loopholes before hackers can exploit them.
But last year a new security spectre was raised – that Microsoft’s “Palladium” trusted computing initiative, also known as Digital Rights Management (DRM), could lock Linux out of future desktop computers. DRM uses both software and hardware controls built into the PC motherboard to ensure that only approved software can run on the machine.
Linux suppliers point out that with Linux being the fastest-growing operating system on Intel platforms, it is hardly in Intel’s interest to develop a product on which Linux will not run.
Intel, for its part, says that initiatives such as DRM would happen in the context of its LaGrande technology which, according to Intel president and chief executive officer Paul Otellini, will deliver “protected execution, protected memory, and protected storage” at a hardware level. LaGrande will work in conjunction with DRM software, but will not be designed to work with any particular supplier.
Perhaps the most compelling evidence for Linux’s enterprise-readiness is that it has got Microsoft running scared, with measures such as its “special fund” to offer discounted Microsoft software to customers considering Linux adoption.
Both the SCO lawsuit and the DRM initiative have helped Microsoft by spreading fear, uncertainty and doubt among Linux adopters. But the momentum behind Linux is now such that the FUD factor is likely to only slow, not stop, its adoption in the enterprise.
This was first published in June 2003