The Challenges of Open Source in the Enterprise
In addition to solving technical problems, some of which are specific to an enterprise, there are unique enterprise business requirements as well. In a small IT environment or Web startup, no one wants a problem or outage any more than in an enterprise. However, the technical tolerance may be greater in a smaller environment, and it often is acceptable that the trade-offs require the lone in-house expert (that would be you) to “take care of the problem” in an emergency; often that is the actual crisis plan. In an enterprise, with postmortems, roles and responsibilities, and sometimes “pin the blame on the donkey”, a support plan of “I will deal with it and work with on-line fora when it breaks” will not go over very well. The cost of error or failure is at least proportional and often even exponential to the size of the IT budget.
These challenges create a minor requirement known as a service-level agreement (SLA). IT promises its customers, whether internal or external, certain service levels. In order to meet those levels, there needs to be a predictable and reliable point of service for every element of technology. For HP servers, there is a service contract and spares; for routers, it is Cisco support or a partner; for open source, it is ... ? In many cases, the product is stable enough or distributed enough not to matter. In other cases, it matters greatly. “If it breaks, who will fix it?” is likely the number one question CIOs will ask. They are not being difficult; they simply are doing their jobs, determining whether they can meet SLAs and what will be the true fully loaded cost of your open-source adventure.
In that respect, one of the more interesting business ideas in the last decade is Red Hat. Its products are almost entirely open-source products that can be downloaded for free from elsewhere. However, it sells versions with full support. Essentially, Red Hat has decoupled product development from product support. There is nothing particularly special about Sun that allows it and only it to support Solaris (at least since Solaris was made open source). Anyone with sufficient expertise can do so. Recognizing that truth is the key to providing support for open-source products, exactly as Red Hat has done for Linux. It sold more than a half-billion dollars in support subscriptions in 2009 for products that it, by and large, did not develop.
Politics is the bane of every technologist's existence. Politics is about the subtle art of power interplays, personalities and compromise. Technology, on the other hand, is about science, the truth and the correct way. For a technologist, proving your point through tests and scientific answers is the right way to go, but this path only antagonizes outsiders. For politics does not care about the right answer, but about the one that meets people's needs, rational and emotional. The solution may very well not be the best one. It may not even really solve the technical problem, but it is the one adopted nonetheless.
Around six years ago, I was exploring solutions to a particular problem at a very large enterprise (around 100,000 employees). There were several solutions, but the one I was advocating was open source. The other leading candidate was proprietary. I had a very good relationship with the firm's attorney, with whom I discussed the issue. “Let's say the product fails spectacularly”, she said, “and we lose $10MM in business because of it, who do we come after? Who do we blame?” From her perspective, an attorney who is focused on the firm's legal needs, this is a perfectly valid reason to go for closed source, backed by a large company. From my perspective, I far preferred to go with the solution that would not only cost far less, but also would provide better performance, thus reducing the probability and expected cost of failure, let alone spectacular failure.
As an aside, it is also important to note that my perspective could be difficult for her politically. If we focus solely on reducing the probability and expected cost of failure, and accept damages due to failure as an unfortunate cost of doing business, then the legal department's value is concomitantly reduced. If she has any influence over the final decision, and she did, these issues, seemingly irrelevant to most technologists, must be taken into account. In this case, I actually did win her over by pointing to the End-User License Agreement (EULA). Like most such EULAs, there was a very strong limitation of liability. For example, if you read the EULA to Microsoft Windows XP Professional Edition, it clearly states that your Exclusive Remedy is limited to either replacement of the defective software or possibly refund of the cost of the software itself. If $10,000 in software causes $10MM in damage, the most you can get back is $10,000 (maybe). I pointed out that the legal department had already been rendered irrelevant for this software, and not by me. Thus, the choice of solution would neither reduce their position, nor strengthen someone (me) who had reduced that positioning already.
Politics is the art of recognizing who wins and who loses with each decision. Understand the relationships, the power plays, who has the backing of the vendor you are explicitly discarding, who controls the budgets, and you will be in a better position to pick your battles and win them.
|Where's That Pesky Hidden Word?||Aug 28, 2015|
|A Project to Guarantee Better Security for Open-Source Projects||Aug 27, 2015|
|Concerning Containers' Connections: on Docker Networking||Aug 26, 2015|
|My Network Go-Bag||Aug 24, 2015|
|Doing Astronomy with Python||Aug 19, 2015|
|Build a “Virtual SuperComputer” with Process Virtualization||Aug 18, 2015|
- Problems with Ubuntu's Software Center and How Canonical Plans to Fix Them
- Concerning Containers' Connections: on Docker Networking
- A Project to Guarantee Better Security for Open-Source Projects
- Where's That Pesky Hidden Word?
- Firefox Security Exploit Targets Linux Users and Web Developers
- My Network Go-Bag
- Doing Astronomy with Python
- Build a “Virtual SuperComputer” with Process Virtualization
- Three More Lessons
- diff -u: What's New in Kernel Development