ar130405 - Fotolia
Open source technologies are now an increasingly common sight in enterprise software stacks, with organisations using them to stand up their customer-facing and line-of-business applications, and power their infrastructure.
Despite the best efforts of commercial software suppliers to position open source software as insecure, unreliable and ill-suited for enterprise use, large companies are using it avoid lock-in, drive down costs and speed up their software developments cycles.
As stated in The Forrester wave: software composition analysis, Q1 2017 report, organisations commonly turn to open source to act as the bedrock of their applications, so they can bring them to market sooner and, in turn, respond more quickly to changing customer needs.
“In their haste to create applications, developers use open source components as their foundation, creating applications using only 10% to 20% of new code,” says the report.
In the light of these benefits, it is hoped enterprises will not only see fit to consume open source software, but contribute code of their own back to the communities that created it for myriad reasons.
First of all, the creativity and health of all open source communities rests heavily on having an engaged user base, that regularly contributes code and user feedback to the community to inform the next iteration of the product.
Without steady and reliable input from contributors, the output of the community as a whole – both from a product quality and quantity perspective – may be compromised.
And those contributions are not just limited to code. Without feedback on how the technology is used in the real world, future releases may prove to be out of step – from a functionality standpoint – with what users want from it.
Also, if enterprises experience issues when trying to use this hypothetical technology at scale, such problems can often be solved more quickly by drawing on the collective brainpower of the community than trying to solve them alone.
Enterprise appreciation on the up
The benefits of being an active contributor (rather than a passive consumer) in the open source realm are not lost on enterprises, says Jonathan Bryce, executive director of the OpenStack Foundation.
For proof of this, he points to the growing number of enterprise OpenStack users who are engaging with its community of contributors to shape future releases of the open source cloud platform.
“These companies have historically just bought proprietary software or open source from a commercial open source vendor, and the shift we’re seeing is they are now interested in getting more actively involved and putting their intellectual property out there to help others,” he says. “Not necessarily to monetise it, but just to be part of the broader open source community ecosystem.”
And industry research bears this out, with the 11th edition of Black Duck Software’s annual report into enterprise open source usage revealing that 66% of the 819 respondents regularly contribute to open source projects. Also, just under half (48%) said the number of individual contributors within their organisation was set to rise.
“[Contribution] is a way to not just share the concepts around those best practices, but also share the tools and the code these companies have built and from a very user-centric place, because that is where open source works best: when you have users driving the direction, it is the true north that makes sure you’re solving the right problems,” says Bryce.
The idea of sharing something (in this case, software code) produced in-house with people from outside the company is a concept not all enterprises are comfortable with, he admits.
Some are of the view, for example, that anything created in-house should stay there, in the interests of preserving the organisation’s intellectual property, making it nigh on impossible for developers to contribute their code.
“The default for most companies is that everything you do – as an employee – is owned by the company in perpetuity and never leaves the proverbial walls of the office,” says Bryce.
Ban employees from GitHub
This view is shared by Nigel Kersten, chief technical strategist at open source automation software supplier Puppet, who claims that some organisations ban employees from accessing GitHub via their work computers for this reason.
To sidestep these bans, it is not unheard of for people to get someone from outside the company to submit their code, so they can still do their bit without incurring the wrath of senior management.
“There are a lot of people in large enterprises who find it difficult to get code out,” says Kersten. “There are internal processes that may not have quite caught up with the idea that you’re not losing any intellectual property by applying a four-line fix to a [specific] module.”
These scenarios are the exception, rather than the norm, he says. On the whole, enterprises are becoming a lot more understanding about the need to participate in the open source communities whose products they use – particularly when it comes to recruiting and retaining top developer talent.
“As more and more people move between companies, and, in general, I think job fluidity has increased a lot, you see people demanding [the right to contribute] as a condition of employment,” says Kersten.
“They’ll say to whoever is hiring them: ‘If you want me, and you want my skills, one of the conditions is that I have these four open source projects and I want to keep contributing to them, and you need to approve that before I start working here.’ And that creates its own kind of momentum as well.”
Engagement through education
In the eyes of some enterprises, sharing the code that underpins their line-of-business or customer-facing applications is on par with handing over commercially sensitive information about how the company runs. And for that reason, senior management are wary of allowing staff to make contributions.
To address this, education about the benefits that enterprises stand to gain from becoming engaged members of the open source community is important, says Bryce.
“It’s about educating why it is valuable to spend time on this, [and making senior management aware] that we’re going to get more value back if we take something we created and put it out there because other people in the community are going to help us make it better,” he adds. “It also means we won’t bear the sole burden of maintaining this.”
Educating senior management on the benefits of contribution is an area where the OpenStack Foundation is regularly asked for help by developers, says Lauren Sell, the foundation’s vice-president of community services.
“When we meet with users and sit down with their teams, they will often say they are trying to convince the management team about why they should be contributing, rather than just consuming the software,” she says.
“And then they’ll ask us: can you give us some materials, or talk to our vice-presidents or whatever the case may be to help us do that.”
Secret sauce versus open source
For IT leaders looking to change senior management minds on open source contributions, education is likely to be needed in other areas, too, says AT&T vice-president Amy Wheelus, who heads up the telco giant’s cloud and network function virtualisation (NFV) initiative, Domain 2.0. This is particularly needed on the point that embracing open source does not necessarily mean everything a company produces in-house has to be made publicly available and shared, she says.
“It doesn’t mean there aren’t some things we still protect the intellectual property of,” says Wheelus. “We continue to do that, and continue to work to determine what things we believe are secret sauce and things we want to keep internally, and the things we want to open source. The secret sauce is a small bottle, not a big one.”
The Domain 2.0 project that Wheelus oversees has seen AT&T develop a wholehearted appreciation for all things open source, as it moves away from using customised hardware to expand the capacity of its network in favour of taking a more software-centric approach.
Read more about open source
- The OpenStack Foundation opens up about the work it is doing to address the open source cloud platform’s identity crisis and integration issues, as part of its continuing pursuit to improve the technology’s enterprise-readiness.
- We look at how to deploy OpenStack on hyper-converged infrastructure and how HCI suppliers’ products can support deployment of the open source cloud in the datacentre.
On the back of this, the company is now working towards having 75% of its network assets virtualised by 2020, to ensure it is equipped to cope with the exponential growth in mobile data to which AT&T’s infrastructure is subjected each year.
Wheelus describes AT&T’s decision to put open source technology at the heart of its NFV strategy several years ago as a “major culture shift” that has since paved the way for its developers to make sizeable contributions to the community.
These include publishing details in 2016 about the infrastructure delivery platform, dubbed ECOMP, that it is using to automate various service delivery, performance management and software-defined networking tasks. The idea is to garner feedback from cloud providers and other telcos about its plans, and inform their own strategies for tackling similar issues in their organisations.
Buoyed by the success of this endeavour, AT&T made the code underpinning its Open Networking Automation Platform (ONAP) available to the open source community in April 2017.
“We created and birthed [ONAP] within AT&T Labs and then gave it away. In the long history of AT&T, that is unheard of,” Wheelus said during a roundtable discussion at the recent OpenStack Summit in Sydney.
Opening up to achieve more
What these projects have in common is that they are looking to address problems other players in the telco and cloud provider space are encountering, which is an acknowledgement that solving the problems will be harder for AT&T to achieve if it goes it alone.
“We believe that in order to be a leader in the industry, we have to have a healthy ecosystem and have that open community working together to do that,” says Wheelus.
Multinational insurer Insurance Australia Group (IAG) shares a similar view, having released its first open source application at the start of this month.
Dubbed Data Pipeline, IAG’s application is designed to make it easier for the organisation to process data in real time housed on legacy mainframes and transactional systems and merge it with other datasets.
Eddie Satterly, the firm’s leader of product engineering and data operations, says getting IAG to agree to open source the technology and permit members of his team to become active and ongoing contributors, has been an involved process.
“It’s been an interesting challenge, changing cultural things and with many layers of lawyers to get through,” Satterly said during a user roundtable at the OpenStack Summit in Sydney.
“Within my team, there are 11 people who currently contribute to various open source projects – spanning data, infrastructure and automation – and when my team was brought in 18 months ago, there was zero.
“It has caught on quite heavily and now, not only can you be a contributor to something that doesn’t relate to insurance intellectual property, you can also have a project built wholly in-house that can be open sourced.”
One of the arguments used to justify why the project should be open sourced centred on the fact that this technology could benefit a wide range of organisations, without IAG losing any of its competitive edge, says Satterly.
“Nobody really derives any really cool thing from insurance on the back of doing this, and it can be leveraged just as equally by any other organisation to do the same thing. It took a phenomenal amount of convincing them of that.”
When sign-off was secured to go public with it, Satterly describes it as a sea-change moment for IAG, and if a company of its heritage can see the value in throwing its weight behind open source, there is no reason why other enterprises should not consider following suit, he says.
“We’ve all had big parties about the fact that a 160-year-old insurer understands you can open source something and you’re not giving away the company.”