Until recently, Tom Jeffery didn’t give a damn about open-source software.
What concerned him was finding 10,000 new cash registers (essentially PCs with cash drawers) for 1,300 KB Toys stores and a new software system to run them because his old vendor was going to stop supporting the system he had.
But then a funny thing happened. "We sent out final [RFPs] to six vendors and narrowed it down to three," he recalls. "The only thing they had in common was they were all written in Java. And ran on Linux."
To Jeffery, vice president of IT for the Pittsfield, Mass.-based toy retailer, it didn’t matter what OS the new system used. What mattered was having a simple user interface, the ability to integrate with multiple systems inside KB Toys and the flexibility to modify the systems without relying on a vendor to do the job. The only registers that had all of that used GNU/Linux, the operating system built piecemeal over the Internet by a community of volunteer developers.
Jeffery was vaguely aware of the roots of this community, how it began in 1984 when a cantankerous software programmer named Richard Stallman wrote some brilliant software designed as an alternative to the Unix operating system. It was software that anyone could use and change and distribute?as long as he promised to share any changes he made with everyone else. In 1991, a Finnish college student named Linus Torvalds added a complex kernel to Stallman’s and others’ programs to instruct them to act as the unified operating system that most have come to associate with Torvalds’ pet name for the project, Linux.
Jeffery didn’t start caring about any of this until 2001, when he was forced to.
He didn’t care because for years open source has been dismissed as pie-in-the-sky, a toy for geeks. But today open source is undergoing a business revolution.
In a November 2002 CIO survey of 375 information executives, 54 percent said that within five years open source would be their dominant server platform. Today, major enterprises are running mission-critical functions on open source, big vendors have lined up to support it, and reliable applications have emerged.
And CIOs who have implemented it report huge total-cost-of-ownership (TCO) reductions.
It’s now clear that within five years, open source will transform how software is developed, sold and supported.
When CIOs need help with their systems and software, they don’t have to depend on vendors with their own agendas because when an open-source app doesn’t work, administrators can look at the source code, figure out why and write a fix themselves. If they’re having trouble, help is just a newsgroup away.
So far, the community that has grown up around popular open-source applications such as Linux have proven to be highly disciplined, ethical and extremely competitive, with pecking orders that exclude?sometimes brutally and profanely?all but the best contributors. (For more on this community, see "Who Are Those Guys?" Page 57.)
"Heroism in these communities means proposing an interesting improvement and getting everyone to acknowledge it," says John Sarsgard, vice president of Linux sales programs at IBM in Armonk, N.Y. "That’s the way these guys get their strokes?everyone recognizes that their way of doing it is the best way." When bugs are revealed in Linux or Apache, for example, the community begins posting fixes on the Internet within hours. Their work is good, and it’s free.
Free is good. CIOs who don’t come to terms with this revolution in 2003 will be paying too much for IT in 2004.
Software as a Commodity: The Apache Story
The reason they will be paying too much is that in effect they will be buying the vendor’s research and sales and marketing expenses when they don’t have to. They will be paying for support that others will be getting gratis. They will be paying for hardware that’s overpriced because it uses an arcane proprietary operating system. They will be paying for bows and ribbon?for packaging?when what’s inside the competing packages is essentially the same.
Open source is helping turn significant chunks of the IT infrastructure into commodities by offering alternatives to proprietary software. (See "Enterprise Ready," Page 56, for a list of these tested open-source applications.) This is software as corn or wheat. As the products become indistinguishable, buyers will choose the cheapest, most reliable supplier they can find?and it’s hard to beat open source on price.
This commodification is happening fastest at the lowest level of the infrastructure, the level that most businesspeople never see, like server operating systems and application servers (middleware). This is not an accident: Fifty-eight percent of the open-source community is made up of professional IT administrators and programmers (with 11 years of professional experience, on average) who use open source to fix problems they encounter in their jobs, according to a recent survey by the Boston Consulting Group.
Apache, the webpage server that now runs 60 percent of the world’s websites, began this way. In 1994, there were no commercially available software packages for serving up webpages. Randy Terbush was one among many IT people casting about the Internet for solutions. He found seven others willing to work on the problem with him. "We said, Let’s start a mailing list and work together," says Terbush, who is CEO and president of The Tribal Knowledge Group, an Alta, Wyo., infrastructure technology consultancy. He was a founding member of the nonprofit Apache Software Foundation, which develops and distributes the Apache HTTP server.
Apache’s release in 1996 wasn’t accompanied by a million-dollar ad campaign. Analysts and the press didn’t track sales because you didn’t buy Apache, you downloaded it. And you could download it once, tweak it, burn it on a CD, and install your own version on as many servers as you wanted without telling anybody and without spending a dime.
Open Source Goes Big Time
Of course, free doesn’t necessarily mean without costs. Just because you download open-source applications for free doesn’t mean you won’t have a whole host of associated costs such as maintenance, integration and support. Right now, CIOs remain concerned about receiving support for open-source software solely from volunteers?however disciplined and dedicated?over the Internet. They want commercial vendors to sign contracts guaranteeing that the stuff will work. In our November survey of 375 IT executives, 52 percent said a lack of vendor support was open source’s primary weakness.
But in 2001 and 2002, major vendors such as Dell, HP, IBM, Oracle and Sun announced in various ways that they would begin supporting open-source products. IBM is leading the push. "We will guarantee the same [service-level agreements] for Linux that we do for proprietary OSs," says Dan Frye, director of IBM’s Linux Technology Center. "Response times, fix times, uptime?we’ll sign all those same contracts for Linux."
Last summer, Oracle released an open-source version of its database to run on clusters of Linux servers?a popular way for CIOs to transition big, power-hungry applications and databases from expensive hardware like supercomputers and high-end Unix servers to groups of cheap Intel servers running Linux. Even Unix market leader Sun, which has the most to lose from the rise of cheap Intel server replacements for its more expensive Unix machines, now offers a Linux server. The only major vendor that continues to resist the march of open source is Microsoft, though company officials have stopped calling open source "a cancer," as they did a few years ago, and now acknowledge Linux as a viable competitor. (See "Showdown at the 6.0 Corral," Page 62.)
Vendors that have embraced open source haven’t suddenly gone all soft and fuzzy. They see it as an opportunity to sell software that works with open source, as well as consulting, integration and support services. This is a major shift from a few years ago, when most vendors viewed open source as inconsequential. Now they see it as a loss leader for profitable services.
The strategy shift by the big vendors has opened the eyes of big company CIOs. "The way [open source] has been accepted and embraced by the IBMs and Suns has put it on our radar screen," says Judith Campbell, senior vice president and CIO of New York Life Insurance. "I like what I’m seeing because however this shakes out, it represents a flight to quality in software."
"My operations group is really very positive about using [open source]," says Sue Unger, senior vice president and CIO of Stuttgart, Germany-based DaimlerChrysler AG. "It requires less time to manage than [proprietary software]. Answers become apparent a lot easier, and they don’t seem to need as many management tools as they’ve needed with other environments."
All the CIOs we spoke to for this story who use open source say they’ve seen savings over proprietary software, even when accounting for the extra integration work required to bring open source into their architectures. CIO’s survey respondents seem convinced too: 59 percent said a lower TCO is open source’s primary strength.
Even if open source seems too risky to become part of your strategic plan, you should be experimenting with it, if for no other reason than to use it as a stick to keep your vendors honest. "Even if you decide you don’t ever want anything to do with open source, go out and get some and show it to your vendors when they come to call," says Jonathan Eunice, principal analyst at Nashua, N.H.-based research company Illuminata.
The question for CIOs now is not whether they should be using open source but where and how they should be using it. Open source will not replace proprietary software in the next few years (there aren’t, for example, enough volunteer developers with a passion for, say, financial derivatives to replace Wall Street applications today, if ever), so CIOs have to make educated decisions about where to apply open source and where to wait.
What’s your plan for 2003?
Start with the Web
The Internet is the wellspring of open source and the focus of many of its applications. So if you’re looking to get your feet wet, it makes sense to start there.
Pete Sattler’s company, SPX, a Charlotte, N.C., valve and motor manufacturer, is highly decentralized, with divisions and plants spread around the country. Its websites grew like weeds during the ’90s?mostly small, low-transaction sites, each with its own Windows server. The servers and websites propagated to the point where the annual maintenance bill started to add up.
"We figured the websites would be a low-risk way to bring Linux and Apache in," says SPX’s chief e-business officer and CIO. "There aren’t a lot of hits or activity on these websites, and it gave us a chance to work with open source and see how it operates in a production mode." Sattler consolidated 75 websites and went from 40 Windows servers down to four Linux servers. He hired a Linux expert to lead the project and develop an enterprise architecture for the Linux system. Sattler’s expert tweaked Linux to fit SPX’s needs, creating a master version of the software that Sattler can install on as many servers as he wants. For free. "I’ll be able to replicate that image onto new servers as I add them," he says.
The image will help as Sattler experiments with open source in the next level of the infrastructure: the network. Open-source tools exist at varying levels of maturity for network-centric functions like management, intrusion detection, middleware and databases. "These are commodity activities," says Sattler. "I want the infrastructure to be cheap, standard, reliable and provide good performance. Linux is helping me swap out more costly components of my infrastructure, drive down my costs and increase my reliability. You want this stuff to be like an electric utility. It just runs and you don’t think about it." That is, Sattler doesn’t want to think about his network in tactical terms (such as bringing crashed servers back up); he wants to focus on infrastructure strategically.
The network is about as high as most CIOs are willing to go with open source right now. Even at the network level, the transition will be gradual as tools continue to mature. But Sattler says that the lowest rung on the ladder, the Web, is a lock to be turned over to open source. "We just had a security and penetration audit last month, and the only systems the auditors weren’t able to penetrate were the Linux systems," he says. (Of course, now that more people are using Linux, hackers are getting better at hacking it. Everyone agrees, however, that good software is safer than bad software.)
Take Back Your Infrastructure
Open source forces you to get reacquainted with your IT infrastructure. It’s the kit car of IT. You buy the frame and customize to your heart’s content, putting, say, a Bentley grill on your VW Bug.
"Acceptance of open source depends on the CIO’s personal style as much as anything," says Bob Wolf, operational director of the Strategy Practice Initiative for The Boston Consulting Group. If you don’t like your people fiddling with stuff, he says, you will probably wait on open source until it’s plug-and-play.