The issue of using open source software for enterprise applications has been an ongoing and somewhat political discussion over the decades that I’ve covered enterprise computing. Of course, this is a complex topic that touches on almost every aspect of enterprise computing: security, cost, reliability, support, licensing, scalability, warranty, release management, and portability across the board. on-premises, hybrid and public cloud infrastructures. But in reality, open source software (OSS) has played a major role in computing since the rise of the Internet itself, which typically ran on hundreds of thousands of servers running the tried and tested LAMP stack consisting of Linux, Apache Web Server, MySQL, PHP/Perl/Python.
Although there have been a number of variations on the theme over time, open source remains at the heart of the internet. And that’s not taking into account the millions of Linux servers happily working in on-premises and cloud data centers around the world.
So how did open source enter the computing environment? Let’s go back a bit to trace the path of OSS.
All in on Open-Source Software?
In the early days of enterprise computing, the vast majority of software was dictated by the specific capabilities and limitations of the hardware itself. This typically meant that operating systems and enterprise software options were limited to mainframe system vendor products, developer partner proprietary solutions, or customer-created applications. But with the rise of minicomputers in the 1970s and microcomputers in the 1980s, there was an opportunity for massive growth in developing software for these new systems. Commercial operating systems like Unix and DOS and commercial applications like WordPerfect, Lotus 1-2-3 and VisiCalc and WordStar dominated the market; but the announcement in 1983 of the GNU operating system by Richard Stallman followed the creation of the Free Software Foundation in 1985, and the open concept of the GNU General Public License (GPL) opened up new opportunities for cooperative free software development.
Perhaps the first major step towards relevance came in 1991 with the addition of Linus Thorvald’s Linux kernel, a development that would lead to giving GNU/Linux a serious foothold in the business. While early iterations of Linux proved to be a potentially viable operating system for enterprise purposes, it lacked some of the key requirements that were table stakes for the enterprise customer. As an OSS, Linux was inexpensive and powerful, but with a short track record, no warranties, and very little developer support.
This gap was recognized by two vendors, SUSE which first released SUSE Linux Enterprise Server in 1992, and Red Hat which began shipping Red Hat Enterprise Linux in 1993. This Linux release seemed to run counter to the “free” premise of OSS, but the added value by ensuring stable upgrade paths, developer support, as well as a wide range of resources covering security, storage, virtualization, and system management has not been lost on enterprise data centers. As a result, Linux is now estimated to hold over 70% of the market for server installs, and there are over 300 distributions available targeting a wide range of non-enterprise use cases.
Why should DCOs care about the open source software revolution?
Linux is only part of the OSS story, and I mention it first to establish that open source is alive and well in enterprise data centers around the world. In 2018, IBM’s purchase of Red Hat and Microsoft’s purchase of GitHub (a major distribution site for OSS) – as well as the continued OSS contributions of both – were likely a response to the positive view of OSS in the future of enterprise computing. Many leading IT vendors have already embraced the value of community input and realized the value proposition of engaging external developers and users.
Today, hundreds of thousands of OSS projects are available on sites such as SourceForge and GitHub, published by independent developers as well as many of the largest commercial vendors. Applications can range from basic utilities and small IOT projects to heavy enterprise applications such as accounting, content management, customer relationship management, e-commerce, email management, enterprise resource planning (ERP), project management and time tracking.
Interesting, but will they work in your business and IT environment?
The relatively low start-up cost of OSS applications is very appealing to people who have cash, but all that glitters isn’t gold.
There have been many warnings over the years from commercial vendors that open source cannot compete with their products for features such as functionality, security, and long-term cost, but some of these concerns get a bit long in the tooth. Personally, I believe in the “trust but verify” model of technology adoption, and one of the value propositions of many OSS products is the ability to try them out at little or no cost. Listening to vendor pitches is great, but it doesn’t come close to what you gain by spinning something and trying to break it. Even if you go another route, just working in the application environment is still an education in itself.
How to securely deploy OSS in your data center
There’s a lot of information on the internet about the risks of adopting open source, but that doesn’t mean you should completely avoid making all open source a rule. Here are a few things that I think should be key considerations as things stand:
- Is it compatible with your mix of on-premises, hybrid cloud, and public cloud?
- How many modifications will it take to meet your production requirements?
- Will it scale to meet your growth expectations?
- Do you have the staff to support the OSS product now and in the future?
- Is it compatible with your security requirements?
- What is its version history and how hard is it to fix?
- Is it compatible with your existing data protection and BC/DR scheme?
- Does it comply with your company’s legal obligations?
- Is its licensing model acceptable?
The final licensing factor has become a much more complex issue than in the past, where there were a limited number of licensing formats in use.
The final note on the OSS
Today, the Open Source Initiative has identified more than 1,400 license variants currently in use, and in 2008 the US Federal Court of Appeals ruled that these licenses set legally binding terms on the use of copyrighted works that are enforceable under copyright law. And it can also cover commercial software vendors that embed open source code into their products, so it’s beneficial to know if your vendors use open source code and if they indemnify your business from any legal action related to the use of their products.
However, that doesn’t mean you should avoid open source software in the data center out of undue concern. Just use your due diligence process and enjoy the creativity and benefits that OSS technology like Kubernetes can offer.