by Malcolm Wheatley

Open Source: The Myths of Open Source

Mar 01, 200413 mins
Open Source

At first glance, the company Employease seems unremarkable. But look a little closer. Employease, which provides employee benefits administration services to more than 1,000 organizations across America, has an IT architecture chiefly built around open-source software, which makes it a rare bird?not that it was planned that way when the company was founded in 1996.

“It’s been quite a surprise to me. The open-source model just seems intuitively wrong,” says John Alberg, the company’s cofounder, CIO, CTO and vice president of engineering. But the facts speak for themselves.

The company’s 25 production application servers run on Red Hat Linux, having been switched from Windows NT in July 2000. Webpages once delivered by Netscape are now served by Apache, supplemented by Tomcat, an open-source Java servlet engine. Send an e-mail to Employease and it’s processed by Sendmail, an open-source mail server, while the company’s software developers use XEmacs, an open-source development tool.

But that’s not all. Although the company’s main applications use Informix for database management, Alberg happily confesses that he can see a time when the proprietary software will be displaced by MySQL, an open-source relational database system already used by the company for less critical applications. Snort, an open-source intrusion detection tool, is also under active consideration, says Alberg.

Companies such as Employease herald a sea change in corporate attitudes toward open-source software. Once seen as flaky, cheap and the work of amateur

developers, open source has emerged blinking into the daylight. With unrestricted access to the source code to run or modify at will, and support coming from an ad hoc collection of software developers and fellow users, the open-source model is very different from proprietary software. But it is nevertheless proving attractive enough for a host of CIOs to make the switch. So who’s using open source? Why are they using it? And are the benefits worth the risks? The answers are surprising?and dispel some of the myths surrounding open source.

The attraction is the price tag

One of open source’s most touted benefits is its price. Download the software, install it?and don’t pay a penny. That’s the theory. But to a surprising number of open-source user companies, the price tag?or lack of one?is irrelevant. “It’s not about being cheap,” insists Employease’s Alberg. “It’s about doing our jobs effectively?and we’re willing to pay quite a bit for that. We want stable software that does what it says it will do.”

What Alberg finds fascinating about moving to open source is the performance improvement that resulted. The move to Linux, for example, dramatically cut the rate of server failure experienced by the company. Typically, under NT, one of the company’s servers would fail each working day. Now, he says, “we get at most two failures a month?and often don’t get any in a month.”

Linux also runs Alberg’s applications faster than NT, a fact that has meant that despite more than doubling its business since 2000, the company hasn’t needed to buy more servers. “Linux increased our capacity by between 50 percent and 75 percent,” says Alberg.

Even so, Alberg is careful to make clear that his commitment to open source isn’t the blind buying behavior of a zealot. He wouldn’t, for example, go open source if it were more expensive than proprietary code. “Solaris is a strong commercial operating system. We’d choose it over open source if we found it to be less expensive,” he says. “[While] cost is a huge driver for our decision-making process, we cannot risk choosing an inferior solution to save money. We couldn’t even consider open source if it weren’t at par with?or in some cases better than?commercial alternatives.”

Ask many users of open source and a similar story emerges. “Cost savings weren’t really a factor in our decision to go open source,” says John Novak, CIO of 330-plus hotel chain La Quinta, which is moving its online booking system?previously on BEA’s WebLogic?to a combination of Apache, JBoss and Tomcat. “What got us into it was that it was simply the best technology open to us.”

The savings aren’t real

Open-source software has been described as “free, as in a free puppy.” And yes, the absence of software licensing fees needs to be offset along with the costs of training, support and maintenance. On the other hand, proponents of open source also cite reduced costs of “vendor churn,” where vendors require users to migrate to a new version or pay for extra support. Most users we spoke to for this story reported a net savings with open source?often a substantial one.

At Sabre Holdings?the company behind Travelocity, the Sabre Travel Network and the Sabre travel reservation system?a major migration to open source is under way, prompted by Sabre’s prediction that the move will yield savings of tens of millions of dollars during the next five years.

The company runs two distinct groups of computers, explains CTO Craig Murphy. Where reliability is paramount, Sabre Holdings uses pricing?or “data of record”?applications, which run on high-spec, fault-tolerant Hewlett-Packard NonStop systems. But shopping applications?where customers and travel agents hunt for the best deals?run on a server farm of lower-cost machines. Each shopping computer has its own open-source MySQL database, explains Murphy, synchronized by an application from GoldenGate with the rules, fares and availability information held on the fault-tolerant “data of record” system. The shopping systems were on HP-UX, but by the beginning of this month, all of those servers will have switched over to an open-source operating system?Red Hat Enterprise Linux AS.

The big attraction of open source is that there’s a zero marginal cost of scale because open source doesn’t require additional licenses as an installation grows, he says. As a result, the cost per transaction plummets as you add more systems. Exact comparisons are tricky, says Murphy, “but where we can make like-for-like comparisons, we’re expecting at least an 80 percent reduction in running cost.”

There’s no support

According to Gary Hein, an analyst with technology consultancy Burton Group, technical support is a potential open-source user’s primary concern. “Who do you call when things go wrong? You can’t wring a vendor’s neck when there’s no vendor,” he says.

In practice, the situation is complex. As Hein points out, most open-source projects have a large corps of developers, Internet mailing lists, archives and support databases?all available at no cost. That’s the good news. The not-so-good news is that there’s no single source of information. “A simple question may result in multiple, conflicting answers with no authoritative source,” he says.

Even so, says Klaus Weidner, a senior consultant with technology consultancy Atsec, multiple sources of support can be better than being tied to one vendor?especially when that vendor provides bad support or refuses to continue supporting software of a certain vintage.

In practice, existing users of open-source software appear perfectly happy with open-source support arrangements. “The breadth of resources available for open-source applications is so great worldwide that we can get support, communicate with a developer or download a patch no matter the time of day,” says Thomas Jinneman, IT director of RightNow Technologies, an ASP that hosts customer service products for more than 1,000 companies worldwide, including British Airways, Cisco Systems and Nikon.

The company’s hosting environment runs on Linux, Apache and Tomcat, and 97 percent of its customers use MySQL, says Jinneman. Indeed, he adds, “we’ve had more trouble getting support for some of our purchased commercial applications than we’ve had with open-source applications.”

Some open-source applications also have support offered by the original developers. JBoss, for example, is backed by JBoss Group, which includes the 10 core developers who wrote the application. Depending on the contract, explains JBoss Group President Marc Fleury, users can obtain 24/7 professional support with as little as a two-hour response time. The group also offers training.

A similar model also underpins Sourcefire, whose founders created Snort, the popular open-source intrusion detection tool. Downloaded off the Internet, Snort is command-line-driven, explains Sourcefire CTO Martin Roesch. Enterprise users can set it up themselves?but more and more are contracting Sourcefire to do it instead so that the company can handle security management details.

“What I like is that you get all the advantages of open source in terms of people working on it, as well as the advantages of a commercial enterprise behind it in terms of longevity and liability,” says Kirk Drake, vice president of technology for the National Institutes of Health Federal Credit Union.

A variety of open-source licenses exist, and helping CIOs understand their implications is good business for lawyers?very good business. “[CIOs’] concerns chiefly revolve around the implications of using code to which they can’t verify their right to use,” says Jeff Norman, a partner in the intellectual property practice of law firm Kirkland & Ellis. “Just because you’ve got a piece of paper saying that you own the Brooklyn Bridge, it doesn’t mean that you actually own it.”

For some users, third-party indemnification is an option. On Nov. 17, 2003, for example, JBoss Group announced it will indemnify and defend JBoss customers from legal action alleging JBoss copyright or patent infringement. Other vendors of open-source software?including HP, Red Hat and Novell?also offer indemnifications of varying types.

And while conceding that the situation isn’t perfect, Sabre’s Murphy says that he’s heard all the legal arguments he needs. “It’s a concern, sure, but we’ve basically got to do this. There may be friction and challenges?but I don’t see any showstoppers.” (See “Open Source Under Attack,” this page.)

Open source isn’t for mission-critical applications

Mission-critical apps don’t come any more crucial than those in banking, where transaction systems simply have to work, period. Experimenting with open source, with its attendant risks in terms of potential infringement, security and maintenance, might be regarded as anathema. “Banks tend to be conservative institutions?first followers, if you like, rather than leaders,” says Clive Whincup, CIO of Italian bank Banca Popolare di Milano, who freely admits that the bank’s venture into open source was the result of “some fairly lateral thinking.”

But walk into Banca Popolare’s smart new branch on the Via Savona in Milan’s Zona Solari district, and the service these days is much faster than customers have previously experienced. The reason? Unwilling to throw out the bank’s legacy banking applications, totaling some 90 million lines of Cobol, but unable to keep them running under IBM’s vintage OS/2 Presentation Manager operating system, Whincup has used a proprietary legacy integration tool from Jacada to connect the Cobol to IBM’s WebSphere?running in a Linux partition on the bank’s mainframe.

The result: Formerly disjointed applications now run slickly in a Web browser, yielding faster transaction times, less time spent training tellers?and many more opportunities for cross-selling the bank’s services.

Billed by insiders as one of Europe’s largest Linux projects, the Zona Solari branch is piloting the new system, says Whincup. Once testing is complete, full rollout will begin in May. One decision to be made before then: whether to leave the branch desktops running Windows XP, as in the Zona Solari pilot, or move them to Linux as well. “Both of the next two branches to pilot the system will be using Linux [on the desktop],” Whincup says.

Open source isn’t ready for the desktop

At Baylis Distribution, a transport and distribution company, IT Director Chris Helps came across the MySQL database four years ago when the company was looking to create a data warehouse. Around the same time, the company began experimenting with Linux, he says, for small-scale, noncritical applications. The move to mission criticality came last year after the vendor of the company’s propriety logistics management system, Chess Logistics, brought out a new version that ran on Linux?a version that promised to improve performance by a factor of between 10 and 15 times. Helps happily signed up, and he hasn’t regretted the decision.

But his experience of running Red Hat Linux in a true production environment, with users logging on to the main Linux server from what he describes as “thin clients with a cut down Linux operating system,” prompted him to reevaluate the company’s desktop policy. In the end, the company opted to replace Microsoft on desktops with Linux and open-source personal productivity tools for activities such as word-processing and spreadsheets.

“We’ve not done a formal evaluation of the savings, but a broad-brush calculation is that it costs $1,820 per seat to install a PC with all the Microsoft tools a user needs. With Linux, and open-source tools, it’s only around half that,” Helps says. What’s more, usability improved. “People can log in from any PC in the group and have all the same services and facilities available to them as if they were sitting at their own desks.” Better still, IT support is simplified. “We haven’t got the complications of users establishing a unique personalized environment on their desktops: We’ve got better control, better upgradability and better traceability.”

Nor is Helps alone. Other IT shops?as big and diverse as Siemens Business Services and the Chinese government?are also convinced that Linux is ready for the desktop. Siemens, for example, says it has performed extensive testing with “real-world, nontechnical workers,” finally declaring that Linux has now matured as a desktop system. The tests confounded the company’s expectations. “We [at first] didn’t see Linux on the desktop as a major market, but we were wrong,” says a spokesman for the 35,000- employee organization that serves more than 40 countries.

The Bottom Line

Is open source right for every organization? In the end, argues Andy Mulholland, chief technology officer for Cap Gemini Ernst & Young, it’s a question of attitude. “The arguments for and against open-source software often get very trivialized,” he says. “It’s not a technology issue; it’s a business issue to do with externalization.”

Companies with an external focus, he says, which are used to working collaboratively with other organizations, and perhaps are already using collaborative technologies, stand to gain much more from open source than companies with an internal focus, which see the technology in terms of cost savings.

“The lesson of the Web is that standardization is better than differentiation,” Mulholland claims. “Is there a virtue in doing things differently? Is there a virtue in doing things the same way as everybody else?” As the past decade has shown, standardization with a proprietary flavor?think Microsoft?has its drawbacks: bloatware, security loopholes, eye-popping license fees and an unsettling reliance upon a single vendor. In offices around the globe, an era of open-source standardization, determined to condemn such drawbacks to history, may be dawning.