Nmedia - Fotolia

Take care when reaping rewards of open source

Moving into the open source world can be a rewarding experience, but some due diligence is required

In 1998, Christine Peterson put forward the term "open source" as a means of describing software that was created in a manner that encouraged sharing of ideas and code among an open group of people.

Such sharing had been going on for a long time anyway, but the emergence of a common term allowed for a movement to grow up that had a (relatively) common focus point.

The main areas where open source became known were through the emergence of the operating system Linux, and through the work of the Apache Software Foundation (ASF) with its work on the Apache HTTP web server.

ASF has since grown its project reach into a number of areas, providing many parts of a technology stack that organisations are now using.

Indeed, the original free, open source software (Foss) stack was the LAMP stack - Linux, Apache, MySQL and PHP - used as a common web server platform, particularly in the service provider markets. 

Not necessarily cheaper

A necessary side discussion is required here. Although one of the main tenets of open source is that the software should be freely available and be usable without a licence cost, this does not necessarily make it cheaper than commercial, off-the-shelf software (Cots). This is because the main cost of any software is the lifetime cost of management, not the upfront licence costs.

As most organisations will want to take a subscription out for Foss software (often equivalent to the maintenance charge on Cots), the overall cost of Foss may be the same as Cots - and in some cases, such as where skills availability is an issue, could be more.

Read more about enterprise open source

Gartner has reported a bigger focus on subscription-based licensing and open-source platforms in the middleware marke

It’s round two in the fight between open source and commercial software, and open source is punching well above its weight

The other major strength of Foss can also be its weakness. The software is completely open, so anyone can make changes to it and introduce a new distribution. They have to stick with the original terms of the open source licence (a list of the most popular is available here, and some have pretty complex and constraining terms - suppliers such as Black Duck have created a niche for themselves in checking code for hidden licence issues), but you can find distributions of open source packages that sound great, but are not well supported and become a dead fork in the development process.

Patch a weakness

It can also lead to complexities when looking to patch a weakness in the software. As a community-driven environment, unless you have a fast-response subscription with a supplier that will ensure critical faults are patched quickly, you need to find the patch out there yourself - or write it yourself.

Imagine searching through the community for such a patch. Will it work? Can you trust the developer to have done a good, efficient job? Is the developer a good person, or are they taking the opportunity to drop some malware into your systems? A high degree of due diligence is required if you are going down the path of unsupported open source.

Back to how open source is being used by organisations, though. As virtualisation and cloud computing become more widespread, organisations are looking to options other than standard licensing methods, particularly where those licences are based on the number of processor cores - or virtual cores - being used. This is becoming a driving force for open source - and the major suppliers have noticed it and are finding ways to monetise the move.

For example, OpenStack is making strides as a private and public cloud platform. With many public cloud providers basing their clouds on OpenStack, having a private cloud based on it allows better workload portability across the hybrid cloud. Cisco, Dell, HP and IBM use OpenStack as part of their cloud offerings, moving from licence plus maintenance to subscription usage costs. This is also driving a move to alternative hypervisors. Whereas VMware ESX and Microsoft Hyper-V still have the lion's share of the market, the growth in the use of the open source KVM technology is noticeable.

The big systems suppliers have been quicker than they were with Linux to see the opportunities of offering OpenStack and KVM services alongside their less open source ones. With Linux, it took a while for these companies to realise that moving to provide Linux services not only meant they did not have to pay licence fees to third parties, but they also gained far more control over the direction of the operating system itself. Each supplier could choose to create its own distribution (which a few tried and then dropped) or to add extra functionality through callable libraries developed either directly by themselves or by the open source community.

Then there has been the rise of big data. Here, Hadoop has had a major impact on how a mixed variety of data types can be dealt with. Most suppliers now have a component of Hadoop in their big data strategies, whether this is the use of MapReduce as a filtering mechanism or as a persistent data store.

For those using MapReduce only, there remains a need for a persistent store. Here, the NoSQL options of open source offerings such as MongoDB, Couchbase, Riak and Apache Cassandra are stressing the markets for relational-only Cots database suppliers such as Oracle, Microsoft and IBM.

Indeed, many of the NoSQL (which doesn't mean "no" SQL, but "not only" SQL) databases are becoming highly performing SQL databases as well as a means of dealing with less structured data. In particular, Riak is showing promise as a one-stop database, covering formal and less formal data needs along with data filtering.

This brings us more to the applications that sit on top of the stack. Although it is a truism that there will be an open source alternative to any enterprise application you are running, this is one area where open source has been less successful. Noticeable successes, however, include business intelligence software Jaspersoft (now owned by Tibco) and Pentaho (now owned by HDS). SugarCRM has succeeded in the customer relationship management space, as has Alfresco in the content and process management space and Talend in the application integration area.

At the desktop level, Apache OpenOffice and the Document Foundation's LibreOffice offer alternatives to Microsoft Office, although the need for organisations to ensure fidelity in round-tripping documents between them and their suppliers and customers has often proved difficult.

For those using Linux as a desktop operating system (OS), the choice of open source software is massive - and as most using a fully open Linux distribution (as opposed to an Android, less-open OS) will tend to be more technically competent than the average Windows user, the use of less intuitive/friendly interfaces with only community support will be less of an issue.

Forward-looking environment

The same goes for development tools. Increasingly, developers are moving towards open source tools such as Python, Ruby on Rails, Chef and Puppet to provide them with a more flexible and forward-looking environment than their existing Cots tools.

While it is theoretically possible to go for a 100% open source organisation, at this stage it is not recommended. As more Cots suppliers move towards a subscription-based model and a more open development style, the differences between "pure open source" and "less open source" will become less noticeable. The key is to make sure that what you choose is fit for purpose.

As such, avoid ivory tower arguments over whether open or closed source is more secure (in both cases, the answer is that it depends on quality of coding). Avoid arguments over whether Oracle, Microsoft and SAP are evil empires and the open source community are the saviours of the universe. Make sure the chosen systems provide the functionality demanded by the business in a way that is fully usable by the users.

Open source is not a magic solution in itself. Many have been burnt as interesting open source projects have fizzled out when the main (often only) developer realises some form of commercial model is required to pay for their house, bringing up their kids and so on. Others have found the cost of maintaining systems onerous, with the good skills tending to be acquired by the service providers and large technology suppliers who need them for their own offerings.

But for those who have taken the plunge into a fully supported open source world, it will have tended to prove positive and they will have found a far more flexible platform. Don't expect all open source software to be equal; expect some to be pretty ugly under the hood. Carry out the right due diligence and make sure you fully understand what is required to maintain open source platforms.

And then, in the spirit of a recent blockbuster film - may the open source be with you.

Clive Longbottom is found of analyst Quocirca

Read more on Open source software