The Challenges of Open Source in the Enterprise

Enterprise and open source—are they peanut butter and jelly, working well together for a better world, or are they oil and water, meeting but never coming together? In this article, I explore the challenges of adopting open source in the enterprise. I look at the technical issues, the business challenges and the political hurdles.

There is an old Chinese curse, “may you live in interesting times.” Of course, we all want to live in interesting times, but sometimes the interesting part can be a bit much. The enterprise is an interesting place. On the one hand, real enterprises have technology budgets that are quite large, sometimes even running into billions of dollars. Much of that budget is for labour, meaning that a successful enterprise technology person can make very good money, while learning a lot on the way. Although your typical tech shop may have a few servers and program in, say, Ruby, with an HTML front end backed by MySQL, in an enterprise, you are likely to encounter, and learn, every technology out there. If you like Ruby, it is there; Java, most certainly; .NET, that too. If your preferences run to infrastructure, you are likely to find everything from Windows servers to Linux to UNIX variants to mainframes to the unexpected. As recently as 2001, I worked as head of enterprise management at a place that had a massive farm of DOS 3.1 PCs; those were “interesting times”.

On the other hand, enterprises don't start or end with cool technology, and they are there to serve a business purpose. The most famous illustration of this is the Nine-Layer OSI Model by the legendary Evi Nemeth.

Figure 1. The Nine-Layer OSI Model, Courtesy of and Reprinted with Permission of Evi Nemeth

Sure, you may have the best solution to a problem, but in an enterprise, you need to get the budget approved—on a multiyear cycle, of course—and then you likely need to go before some sort of capital expenditure (CapEx) or major expenditure review (MER) committee. Everyone there views your request as competing with their priorities for 1) budget allocation, because even a $1-billion IT budget is still finite, and 2) recognition and promotion, because after all, they want you to succeed, but they want their own projects to succeed even more. Finally, enterprises have legitimate business support needs that may or may not be resolved by your open-source solution.

Start with the Technical

At base, everyone interested in open source is interested in technology, so let's address the technical challenges first. As you may have noticed, enterprises spend a lot of money. Unsurprisingly, to quote Willie Sutton who used to rob banks because “that's where the money is”, many commercial technology businesses build products to focus primarily on the enterprise and solve its unique problems, and they have very large sales and marketing budgets to sell them. On the other hand, open-source products often are built, at least initially, to solve very specific problems.

Thus, before advocating for open source, we need to understand if the open-source solution solves the problem as well as the commercial solution, given the entire requirements set. This includes not just the immediate technical problem, such as “serve up a Web page”, but also the management challenges that can be unique to an enterprise, such as “replicate in real-time across 15 databases in ten countries around the world, while instantly alerting to any degradation and providing service-level agreement (SLA) reporting”. In many cases, open source has indeed developed to the point where it truly can compete on a technical requirements level with commercial products. In other cases, it is not yet sufficiently evolved, but it may be some day. And in some cases, it is literally impossible to solve the problem with open source. Let's examine two extreme examples.

  1. Web servers: the dominant Web server for many years, of course, has been Apache. Although various competitors nip at its feet, such as IIS for Windows or nginx for sheer performance, Apache remains dominant for both intranet and Internet Web serving. In 2010, it is not hard to make the argument to adopt Apache for a Web server solution in the enterprise. It is mature, established, lots of well-known companies bet the business on it, and it has the various controls, hooks, logging and security that an enterprise demands. It is important to remember, however, that only a few years ago, Apache was not sufficient, and other commercial variants arose to fill in the gap, such as Apache Stronghold. The combination of a mature product, a complete enterprise-ready feature set and broad enterprise adoption make open-source Apache a selection as valid as any commercial solution.

  2. Network infrastructure: in the old days, when we had to decide whether to route mail via UUCP or SMTP, we built our own firewalls. Routers simply were dedicated servers with multiple network interface cards (NICs) on which we ran software to route the traffic. Over time, however, the proliferation of networks and the demand for traffic-routing capacity and intelligent control exceeded the capabilities of these homegrown solutions. Special companies were formed to create specialized networking hardware. The most famous, of course, is Cisco. Although a small organization can make do with a simple router, or even a dedicated box with a few NIC cards running m0n0wall, such a solution is highly unlikely to work in a large enterprise. There, the complexity, traffic demands and management requirements, as well as a three-tier architecture (core, distribution and access layers) can be done far more cost effectively, and in some cases, only with a hardware solution. Clearly, open source is not about to run enterprise networks. Having said that, it is not impossible that a split could occur. Currently, enterprise network equipment manufacturers provide both the hardware and software to manage routing, some of which may be based on open source, such as Cisco ASA 8.x. It is possible that in the near future, a pure-hardware networking equipment manufacturer could be formed that would sell the hardware only, while software is provided via an open-source solution, in a manner similar to current servers.

The important takeaway from evaluating any technology is that it has to solve the immediate problem, such as serving Web pages, but also have the features required for an enterprise, such as management, logging and security. Rarely does it matter that the open-source product may be better or that you want to support the community that brought us Linux/Apache/whatever. For adoption in the enterprise, the rule remains, as it should anywhere, first solve the actual problem and everything related it.

______________________

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix