Open source has many allures: no license costs, a wide range of support venues and the ability to work directly with code for customization or quick repairs. But it can create IT headaches, too: The mantra of open source has been \u201crelease early and often,\u201d which means IT managers using a disparate group of open-source apps face frequent updates and patches, and must craft rules about how and when to apply them. Most enterprises soon find that with the do-it-yourself approach, maintenance and integration costs equal\u2014and sometimes exceed\u2014the maintenance cost of commercial software, due to the in-house resources needed to track, test, and apply patches and updates. The other option, using professional services firms to do that work, costs at least as much. But a new, potentially less expensive approach is emerging\u2014a certified, preintegrated suite of open-source components from one vendor, which stays updated and integrated via periodic suite releases.This option could make open-source adoption easier, for example, for smaller enterprises that don\u2019t have the staff or services dollars to support the traditional open-source integration and maintenance approaches but want to use proven open-source technologies like Linux, EnterpriseDB, Postfix, Tomcat and Apache more broadly. \u201cBy creating a standard set of services, providers create cost savings and improved quality,\u201d says Julie Giera, a vice president at Forrester Research.For instance, hardware-and-consulting vendor Unisys recently announced its Open and Secure Integrated Solutions (Oasis) suite\u2014a group of open-source tools optimized for large enterprise customers, with a service-level agreement (SLA) that remains in effect as long as the customer doesn\u2019t modify the software. The established trio of automated open-source support vendors\u2014OpenLogic, SourceLabs and SpikeSource\u2014now offer preintegrated suites, or stacks, of open-source components in addition to their previous offerings (management tools that track and patch open-source software across an enterprise). And Red Hat sells a release of the JBoss application server with other middleware components integrated. However, the preintegrated approach will not suit every IT department. Many CIOs lack enthusiasm for it, due to issues like vendor lock-in and lack of flexibility\u2014and you should weigh these factors as you consider the fit for your organization.Who Wants Preintegrated Suites?Theoretically, the preintegrated approach should appeal to enterprises of all types and sizes. But in reality, preintegrated suites make the most sense if your open-source software is very stable, used in an \u201cinstall and forget\u201d approach, with just occasional upgrades as you refresh your technology platforms. In other words, with preintegration you choose ease over flexibility.Also, the preintegrated approach appeals more to smaller enterprises than large ones, simply because smaller enterprises have fewer IT resources. \u201cWhen it fits their IT needs, the suite approach makes sense for small and medium businesses,\u201d says Terry Retter, a director at the PricewaterhouseCoopers Technology Center, an advisory group. California construction firm Rudolph and Sletten is a case in point. \u201cI\u2019m in a mid-market company, so I don\u2019t have the resources to deal with a do-it-yourself stack,\u201d says CIO Sam Lamonica. That\u2019s why he relies on his operating system and application vendors to provide and maintain integrated suites. For example, Lamonica uses the IT GroundWorks management suite, which includes Nagios, Linux and JBoss. In this case, a commercial vendor includes open-source components as part of its product. That\u2019s fine with Lamonica, since the vendor worries about integration. Plus he suspects it keeps the price down.CIOs like Lamonica at smaller enterprises tend to like the idea of preintegration when it\u2019s applied to specific vertical application areas, such as CRM or Web management, but dislike the idea of preintegrated middleware suites into which they must then integrate other applications.At larger enterprises with more resources, CIOs might be more apt to pick multiple open-source integration and maintenance approaches\u2014balancing the needs for vendor and application flexibility against the costs of maintaining that flexibility. At insurer AIG, for example, \u201call of our decisions are value-driven,\u201d says Jon Stumpf, senior vice president of engineering at the insurer\u2019s IT subsidiary, AIG Technologies. Sometimes, the preintegrated approach will have the best value, but sometimes it will not, he notes.Large companies with heterogeneous platforms prefer the flexibility of a horizontal infrastructure on which they run various applications and data systems, and are willing to pay for the in-house or outside resources needed to integrate and maintain them, says Stumpf. CIOs at such large enterprises may see value in preintegrated horizontal suites, if they provide more value than other options and don\u2019t hinder needed flexibility, he says.The University of Pennsylvania follows a similar \u201cwhat fits best\u201d approach, says Robin Beck, the university\u2019s vice president for information systems and computing. \u201cI\u2019d want a [preintegrated] stack where it makes sense,\u201d she says. Beck is perfectly happy that companies like IBM and Oracle include the open-source Apache Web server in many of their products, taking on the responsibility for ensuring that Apache remains integrated with their software. One other possible appeal of the precertified suite approach: You might want to choose a suite that\u2019s been customized by the vendor when you don\u2019t have the resources or inclination to customize it yourself. That\u2019s why analysts think this concept makes sense for smaller companies. In the future, they envision vendors providing customized suites for a swatch of users\u2014the same customization could work for all independent insurance agencies, for example, or nonchain booksellers. (Right now, such users have to use standard open-source components without specific tweaks for their business processes, pay consultants to do customization work, or buy a commercial product designed for that specific industry.)Lock-In and Support Concerns Despite the promised benefits of preintegrated stacks, some CIOs have strong reservations about adopting them: Besides the lack of application flexibility, fears include vendor-lock-in and inadequate support. After all, one reason people choose open source is to take advantage of a dynamic community that quickly adopts innovation. A preintegrated suite that changes on the vendor\u2019s schedule can eliminate that dynamism.As AIG\u2019s Stumpf notes, \u201cIf the suite is \u2018take it or leave it,\u2019 unless it exactly matches my assessment of what I need, I\u2019ll pass on it. If the stack is rigid, it\u2019s no different than going all-IBM or all-Microsoft,\u201d he says.Plus, many open-source components tend to be run with other components in de facto suites, which the open-source community tests and maintains, Beck says. That lessens the need for vendor-managed suites, at least for common combinations of open-source software, she says.\u201cIt will be hard for an integrator to provide a value above and beyond what the open-source community will do,\u201d says David Rasch, CTO of IntelliContact, which provides e-mail marketing, RSS feed and blog management software to small businesses.Even where de facto suites don\u2019t exist, Rasch doubts that third parties can put together a broad enough range of preintegrated suites to meet different customers\u2019 needs. \u201cThe amount of what people want integrated varies widely,\u201d he says.But concerns run deeper than application choices. \u201cFor me, an offering like Unisys\u2019s Oasis is backsliding,\u201d says Rasch, because customers aren\u2019t supposed to update or modify it, in order to retain their service-level agreement. (Customers who do such modifications would likely need additional Unisys professional services, says Ali Shadman, Unisys vice president and general manager for open-source solutions, systems and technology unit.)To address the need for flexibility, a CIO could treat the suite as a starting point, an initially integrated collection of applications that you may choose to maintain internally or hire external resources to maintain. But this approach does have some level of vendor dependence, says Raven Zachary, senior analyst and head of the open-source practice at research firm The 451 Group. The likely need for services spending is not lost on Hewlett-Packard, OpenLogic, SourceLabs, SpikeSource and Unisys, as well as others, Zachary says. \u201cThey see that the stack is not the business, but IT consulting is,\u201d he says.This slippery slope into dependence on consulting services particularly scares smaller firms with limited IT budgets.\u201cWe hear horror stories about being locked into a vendor and having their technologies forced on you,\u201d says Jason Miller, bioinformatics department software manager at the Institute for Genomic Research. \u201cA 300-person company can manage its IT itself,\u201d he says, noting that he brings in consultants only when he has a time crunch.But these fears of vendor lock-in and consulting run amok are not limited to small companies: \u201cI don\u2019t want the open-source environment to become a mirror image of the proprietary environment,\u201d says the University of Pennsylvania\u2019s Beck.A final worry: Will having a single support entity actually simplify IT efforts? IntelliContact\u2019s Rasch understands the one vendor support argument but doubts most providers\u2019 ability to live up to the accountability he needs.And Rudolph and Sletten\u2019s Lamonica is skeptical that enough providers would support companies of his size in the first place. \u201cThere aren\u2019t many third-party providers who are willing to or capable of providing open-source solutions to us,\u201d he says, noting most services firms aimed at the mid-market are certified by Microsoft or Cisco Systems \u201cand don\u2019t want to rock that boat.\u201dBetter Options Coming Soon?CIOs considering precertified suites right now face a big contradiction: Although preintegrated suites make the most sense for smaller enterprises willing to trade off flexibility for lower maintenance costs, vendors so far have aimed the offerings at the big guys. That mismatch could keep these suites off the table for many CIOs, for now.For example, Unisys targets its Oasis offerings to large enterprise customers such as Fortune 500 financial services companies. One reason: It costs too much to sell to smaller companies given what they\u2019re likely to spend, says Unisys\u2019s Shadman.And although OpenLogic offers several preconfigured stacks, it concentrates on large companies, notes Kim Wein, vice president of marketing.After surveying customers, Hewlett-Packard says it found little customer demand for preintegrated suites, so it offers \u201cblueprints,\u201d standardized do-it-yourself guides for integrating the open-source components it provides, as well as full-blown custom integration services. HP makes its consulting services available to smaller companies through resellers. But the cost of the software support is the same as for a large company, notes Jeffrey Wade, worldwide marketing manager for HP\u2019s open-source and Linux organization.Looking ahead, analysts expect additional open-source suites aimed at the mid-market to emerge, bringing in more appropriate choices for CIOs.Application and operating system vendors will ultimately drive open-source suites, rather than consulting firms or middleware-oriented vendors like SpikeSource and OpenLogic, the 451 Group\u2019s Zachary predicts. Companies like Red Hat and MySQL have years of experience supporting their open-source offerings, which interact with many other tools, so they\u2019d be natural suite providers, says Judith Hurwitz, president of the Hurwitz & Associates consultancy.It makes sense for application vendors\u2014such as database, CRM and accounting app makers\u2014to incorporate open source into their wares, delivering preintegrated suites on CD or even preinstalled on a server, Zachary says. After all, he says, long before open source, vendors have done that in the mid-market with proprietary software for everything from managing dentists\u2019 offices to handling auto parts retailers\u2019 accounting.Meanwhile, CIOs should define their needs before evaluating today\u2019s suites. Large enterprises can ask if the new open-source suites fill key application needs at less cost than the do-it-yourself or externally customized approaches. Encourage vendors to meet those key needs: By shaping the demand, CIOs have a better shot at getting truly useful integrated suites, AIG\u2019s Stumpf says. Freelance writer Galen Gruman can be reached at email@example.com. Send your comments to Technology Editor Laurianne McLaughlin at firstname.lastname@example.org.