Linux rises to every challenge

What is it that makes users flock to use Linuxwhen they are threatened by costly licensing measures and doubts over security...

Despite the high-profile problems Linux has faced recently, it is still the fastest-growing operating system. What is it that makes users flock to use it when they are threatened by costly licencing measures and doubts over security standards? Candice Goodwin discovers why Linux continues to gain popularity in the enterprise

Complicated legal wranglings and concerns about lack of user support and security have failed to dampen enterprise users' enthusiasm for Linux. Once an outsider in the server operating system race, Linux is now "a mainstream choice for many infrastructure workloads", according to research firm IDC. It has also predicted annual growth rates of 28% for Linux over the next three years.

Other industry analysts echo IDC's positive view and the Linux community can now point to a number of high-profile enterprise users which include Deutsche Bank, Safeway and Orange, while last year the UK government said it would consider open source for any future IT projects to help avoid supplier lock-in. But as Linux matures into a viable option at enterprise level, it has had to answer several hard questions from users and even now it is still experiencing growing pains.

A year or so ago, one of the main concerns users had about Linux's suitability for commercial applications was getting enterprise-strength support for multinational instal-lations. The leading Linux distributors, Red Hat and SuSe, have set up enterprise support services for their customers and provide services such as automatic patch updates.

They are both modest-sized organisations: Red Hat has revenues of $90m (£56m) and 600 employees, while SuSe is privately held and has 380 employees. Contrast that with Microsoft, with its multibillion-dollar revenues and thousands of staff worldwide.

But this is less of a concern now that major firms such as IBM, Hewlett-Packard and Oracle have announced their commitment to providing global support for Linux installations. HP, for example, is a Red Hat partner and delivers first and second tier support for Red Hat Linux worldwide, while IBM provides global support for SuSe Linux. "We support three server operating environments - HP-UX, Microsoft and Linux - and we view those environments as equal from a support point of view," says HP UK Linux business manager Russell Coombes.

Orange does not need multinational support and is happy to buy its UK support from Red Hat. The telecoms company recently announced that it was moving its business-critical content delivery and subscriber databases to a cluster of four Dell Poweredge servers running Oracle 9i under Linux.

"We are not able to take any risks as far as support is concerned and Red Hat is one of the few Linux suppliers authorised by Oracle," says Paul Thompson, head of technical operations at Orange's multimedia division.

The Intel-Linux cluster Orange chose is 10 times cheaper than an equivalent proprietary Unix system, allowing the company to make "unbelievable" cost savings on the technology.

However, Thompson says Linux users should expect to pay the same costs for support services as they would in any other operating environment. "People cost what they cost," he says. But he also points out that Orange has made savings in staff training costs through using Linux. "A lot of IT people have grown up with Linux as hobbyists. We are giving them an operating environment they can maintain with their eyes shut, whereas before we sent them on expensive courses," he says.

The issue of cost and open source software is picked up by Brian Gammage, an analyst at Gartner, who says it is important for IT managers to see through the hype when it comes to the total cost of ownership and Linux.

"People have been kidded into thinking they can get something for nothing but there is no such thing as a free lunch," he says. "While they may make savings at the acquisition stage, there will be a cost involved in managing and supporting the system and also any application development."

Outwitting the enemy

But just when you thought it was safe to pick up the Linux penguin, legal complications have cast a shadow of doubt over Linux's viability at corporate level. In August, Unix supplier SCO announced that all users of software containing the Linux kernel 2.4 or above will need to buy SCO Intellectual Property Licences for Linux or face legal action.

SCO has also taken on the might of IBM claiming, among other things, that IBM gave away SCO's intellectual property to the Linux community. IBM has countered this attack with a claim against SCO. Red Hat has also filed a lawsuit against the SCO Group to show that its technologies do not infringe on SCO's intellectual property and to hold SCO accountable for "unfair and deceptive actions".

Despite warnings from industry watchers, the likes of Orange are pressing ahead with their Linux plans. Gartner has advised that users should "minimise Linux in complex, mission-critical systems", but until the merits of SCO's claims or any resulting judgments become clear, as yet, suppliers are reporting no slackening in demand. "Linux is already taking off in a big way - 60% of new servers are running Linux," says Jonathan Eales, operating systems manager at Bull UK. "I do not see that this will be more than a blip."

Phil Dawson, programme director for Meta Group's infrastructure service, is rather more sceptical. "We think this is a massive distraction which only benefits one supplier - Microsoft," he says. "If users are really concerned about the legality of Linux, they should seek legal advice. They could offset any legal fees against the cost of the Microsoft licences they have not had to buy."

But David Naylor, a partner with law firm Morrison and Foerster, believes there are other legal issues Linux users need to clarify. A common misconception is that Linux is not licensed," he says. "It is, although there is no charge. The important point is, that under the terms of the Linux General Public Licence, if you modify the the GPL code or incorporate open source code into your own proprietary software, you must license that under the same non-commercial terms as well. This is a critical business issue which could destroy any plans you have to charge for software developments. Companies need to ensure they understand the implications at both board and technology level."

Any technology involves risks and benefits and, as Dawson points out, "People considering Linux over Unix may be more tolerant of risk anyway." But it makes sense for users to follow Gartner's advice to "perform due diligence on Linux or other open source code... as a prerequisite to adoption in the enterprise".

Users should also bear in mind that the open source GPL does not include any warranty or indemnity protection and check whether their Linux distributor offers separate warranties.

The costs of security testing

Security issues have been another bugbear for the Linux community. Unlike Windows and Solaris, Linux does not yet have high-security clearance by the Communication Electronic Security Group in the UK, which vets communication and information systems on behalf of the ministry of defence and other government departments.

However, earlier this month IBM and SuSe Linux gained certification for the International Common Criteria standard. According to IDC analyst Chris Christiansen, the move "raises the viability and increases the trust level of Linux in government contracts". He says that while commercial buyers do not usually give Common Criteria standards more than passing notice, "the government market is very large".

But even prior to the recent IBM and SuSe announcement, Linux has been deployed in a number of government applications, while the US National Security Agency is working on a security-enhanced version called SE Linux.

"Not having CESG clearance does not mean Linux is not secure. It is just that the Linux community has not paid out to put it to the test," says Gammage. "The difficulty about assessing security is that we can't evaluate it until there has been a breach. There are a dozen security accreditations out there. My guess is that eventually Linux distributors will look to gain as broad a set of accreditations as possible to reassure users."

Meanwhile, Eales says that far from providing an open door to hackers, the open nature of the Linux kernel makes it more secure. There is an increased likelihood the "good guys" will spot and close security loopholes before they are exploited by hackers.

But last year a new security predicament came to light. Microsoft's "Palladium" trusted computing initiative, also known as Digital Rights Management, could lock Linux out of future desktop computers. DRM uses both software and hardware controls built into the PC motherboard to ensure that only approved software can run on the machine.

Linux suppliers point out that as Linux is the fastest-growing operating system on Intel platforms, it is hardly in Intel's interest to develop a product on which Linux will not run. Gammage also thinks it highly unlikely that Linux will be locked out of the desktop.

Intel, for its part, says that initiatives such as DRM would happen in the context of its LaGrande technology which, according to Intel president and chief executive Paul Otellini, will deliver "protected execution, protected memory and protected storage" at hardware level. LaGrande will work in conjunction with DRM software, but will not be designed to work with any particular supplier.

Perhaps the most compelling evidence for Linux's enterprise-readiness is that it has got Microsoft running scared through offers such as its "special fund", which offers discounted Microsoft software to customers considering Linux adoption.

Both the SCO lawsuit and the DRM initiative have helped Microsoft by spreading fear, uncertainty and doubt among Linux adopters. But the momentum behind Linux is such that any "FUD factor" is likely to only slow, rather than stop, its adoption.

Linux at a glance   

As Linux has matured, it has had to convince users that it can pass muster in several key areas: 

User support   All major Linux distributors now offer enterprise level support. 

Legal issues   Commentators see the current legal wranglings Linux is encountering as a blip on the road to maturity for the GNU General Public Licence, which governs the use of open source software, including Linux. 

Security  Linux has already been adopted by several government departments and a new security-enhanced version of the operating system is in the pipeline.

Read more on Operating systems software