The Challenges of Open Source in the Enterprise

Enterprise and open source—are they peanut butter and jelly, working well together for a better world, or are they oil and water, meeting but never coming together? In this article, I explore the challenges of adopting open source in the enterprise. I look at the technical issues, the business challenges and the political hurdles.
Move to the Business

In addition to solving technical problems, some of which are specific to an enterprise, there are unique enterprise business requirements as well. In a small IT environment or Web startup, no one wants a problem or outage any more than in an enterprise. However, the technical tolerance may be greater in a smaller environment, and it often is acceptable that the trade-offs require the lone in-house expert (that would be you) to “take care of the problem” in an emergency; often that is the actual crisis plan. In an enterprise, with postmortems, roles and responsibilities, and sometimes “pin the blame on the donkey”, a support plan of “I will deal with it and work with on-line fora when it breaks” will not go over very well. The cost of error or failure is at least proportional and often even exponential to the size of the IT budget.

These challenges create a minor requirement known as a service-level agreement (SLA). IT promises its customers, whether internal or external, certain service levels. In order to meet those levels, there needs to be a predictable and reliable point of service for every element of technology. For HP servers, there is a service contract and spares; for routers, it is Cisco support or a partner; for open source, it is ... ? In many cases, the product is stable enough or distributed enough not to matter. In other cases, it matters greatly. “If it breaks, who will fix it?” is likely the number one question CIOs will ask. They are not being difficult; they simply are doing their jobs, determining whether they can meet SLAs and what will be the true fully loaded cost of your open-source adventure.

In that respect, one of the more interesting business ideas in the last decade is Red Hat. Its products are almost entirely open-source products that can be downloaded for free from elsewhere. However, it sells versions with full support. Essentially, Red Hat has decoupled product development from product support. There is nothing particularly special about Sun that allows it and only it to support Solaris (at least since Solaris was made open source). Anyone with sufficient expertise can do so. Recognizing that truth is the key to providing support for open-source products, exactly as Red Hat has done for Linux. It sold more than a half-billion dollars in support subscriptions in 2009 for products that it, by and large, did not develop.

Don't Discount Politics

Politics is the bane of every technologist's existence. Politics is about the subtle art of power interplays, personalities and compromise. Technology, on the other hand, is about science, the truth and the correct way. For a technologist, proving your point through tests and scientific answers is the right way to go, but this path only antagonizes outsiders. For politics does not care about the right answer, but about the one that meets people's needs, rational and emotional. The solution may very well not be the best one. It may not even really solve the technical problem, but it is the one adopted nonetheless.

Around six years ago, I was exploring solutions to a particular problem at a very large enterprise (around 100,000 employees). There were several solutions, but the one I was advocating was open source. The other leading candidate was proprietary. I had a very good relationship with the firm's attorney, with whom I discussed the issue. “Let's say the product fails spectacularly”, she said, “and we lose $10MM in business because of it, who do we come after? Who do we blame?” From her perspective, an attorney who is focused on the firm's legal needs, this is a perfectly valid reason to go for closed source, backed by a large company. From my perspective, I far preferred to go with the solution that would not only cost far less, but also would provide better performance, thus reducing the probability and expected cost of failure, let alone spectacular failure.

As an aside, it is also important to note that my perspective could be difficult for her politically. If we focus solely on reducing the probability and expected cost of failure, and accept damages due to failure as an unfortunate cost of doing business, then the legal department's value is concomitantly reduced. If she has any influence over the final decision, and she did, these issues, seemingly irrelevant to most technologists, must be taken into account. In this case, I actually did win her over by pointing to the End-User License Agreement (EULA). Like most such EULAs, there was a very strong limitation of liability. For example, if you read the EULA to Microsoft Windows XP Professional Edition, it clearly states that your Exclusive Remedy is limited to either replacement of the defective software or possibly refund of the cost of the software itself. If $10,000 in software causes $10MM in damage, the most you can get back is $10,000 (maybe). I pointed out that the legal department had already been rendered irrelevant for this software, and not by me. Thus, the choice of solution would neither reduce their position, nor strengthen someone (me) who had reduced that positioning already.

Politics is the art of recognizing who wins and who loses with each decision. Understand the relationships, the power plays, who has the backing of the vendor you are explicitly discarding, who controls the budgets, and you will be in a better position to pick your battles and win them.

______________________

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix