The Challenges of Open Source in the Enterprise
In addition to solving technical problems, some of which are specific to an enterprise, there are unique enterprise business requirements as well. In a small IT environment or Web startup, no one wants a problem or outage any more than in an enterprise. However, the technical tolerance may be greater in a smaller environment, and it often is acceptable that the trade-offs require the lone in-house expert (that would be you) to “take care of the problem” in an emergency; often that is the actual crisis plan. In an enterprise, with postmortems, roles and responsibilities, and sometimes “pin the blame on the donkey”, a support plan of “I will deal with it and work with on-line fora when it breaks” will not go over very well. The cost of error or failure is at least proportional and often even exponential to the size of the IT budget.
These challenges create a minor requirement known as a service-level agreement (SLA). IT promises its customers, whether internal or external, certain service levels. In order to meet those levels, there needs to be a predictable and reliable point of service for every element of technology. For HP servers, there is a service contract and spares; for routers, it is Cisco support or a partner; for open source, it is ... ? In many cases, the product is stable enough or distributed enough not to matter. In other cases, it matters greatly. “If it breaks, who will fix it?” is likely the number one question CIOs will ask. They are not being difficult; they simply are doing their jobs, determining whether they can meet SLAs and what will be the true fully loaded cost of your open-source adventure.
In that respect, one of the more interesting business ideas in the last decade is Red Hat. Its products are almost entirely open-source products that can be downloaded for free from elsewhere. However, it sells versions with full support. Essentially, Red Hat has decoupled product development from product support. There is nothing particularly special about Sun that allows it and only it to support Solaris (at least since Solaris was made open source). Anyone with sufficient expertise can do so. Recognizing that truth is the key to providing support for open-source products, exactly as Red Hat has done for Linux. It sold more than a half-billion dollars in support subscriptions in 2009 for products that it, by and large, did not develop.
Politics is the bane of every technologist's existence. Politics is about the subtle art of power interplays, personalities and compromise. Technology, on the other hand, is about science, the truth and the correct way. For a technologist, proving your point through tests and scientific answers is the right way to go, but this path only antagonizes outsiders. For politics does not care about the right answer, but about the one that meets people's needs, rational and emotional. The solution may very well not be the best one. It may not even really solve the technical problem, but it is the one adopted nonetheless.
Around six years ago, I was exploring solutions to a particular problem at a very large enterprise (around 100,000 employees). There were several solutions, but the one I was advocating was open source. The other leading candidate was proprietary. I had a very good relationship with the firm's attorney, with whom I discussed the issue. “Let's say the product fails spectacularly”, she said, “and we lose $10MM in business because of it, who do we come after? Who do we blame?” From her perspective, an attorney who is focused on the firm's legal needs, this is a perfectly valid reason to go for closed source, backed by a large company. From my perspective, I far preferred to go with the solution that would not only cost far less, but also would provide better performance, thus reducing the probability and expected cost of failure, let alone spectacular failure.
As an aside, it is also important to note that my perspective could be difficult for her politically. If we focus solely on reducing the probability and expected cost of failure, and accept damages due to failure as an unfortunate cost of doing business, then the legal department's value is concomitantly reduced. If she has any influence over the final decision, and she did, these issues, seemingly irrelevant to most technologists, must be taken into account. In this case, I actually did win her over by pointing to the End-User License Agreement (EULA). Like most such EULAs, there was a very strong limitation of liability. For example, if you read the EULA to Microsoft Windows XP Professional Edition, it clearly states that your Exclusive Remedy is limited to either replacement of the defective software or possibly refund of the cost of the software itself. If $10,000 in software causes $10MM in damage, the most you can get back is $10,000 (maybe). I pointed out that the legal department had already been rendered irrelevant for this software, and not by me. Thus, the choice of solution would neither reduce their position, nor strengthen someone (me) who had reduced that positioning already.
Politics is the art of recognizing who wins and who loses with each decision. Understand the relationships, the power plays, who has the backing of the vendor you are explicitly discarding, who controls the budgets, and you will be in a better position to pick your battles and win them.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Ubuntu Online Summit
- Devuan Beta Release
- The Qt Company's Qt Start-Up
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- May 2016 Issue of Linux Journal
- The US Government and Open-Source Software
- Open-Source Project Secretly Funded by CIA
- The Death of RoboVM
- New Container Image Standard Promises More Portable Apps
- BitTorrent Inc.'s Sync
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide