Open source in the enterprise presents a two-edged sword

The price is right for pure upstream open source IT management software, which also offers IT pros control over their own destiny. But some enterprises aren't prepared for the long-term costs.

Open source in the enterprise offers IT pros control over their own destiny. But it's control that comes with a price.

During the last 15 years, mainstream enterprises have made the shift from commercial and, thus, proprietary software from enterprise IT vendors to free and open source software developed by the community.

Open source is here to stay. Enterprises are loath to hand the reins back to proprietary software vendors that lock them into platforms, and some experts argue that only community-developed code -- particularly in infrastructure management software -- achieves acceptable transparency and development speed in a cloud-native world.

But while some very large enterprises have found it worthwhile to develop internal open source expertise and cobble together their own bespoke IT architectures, many mainstream companies lack an army of highly qualified open source developers. They can be overmatched by the complexity of open source platforms, such as Kubernetes, and the time required for IT staff to become proficient in their management.

Mark Thiele, edge computing engineer at EricssonMark Thiele

It's a misconception that every enterprise IT shop can become proficient in IT platform development, said Mark Thiele, edge computing engineer at Ericsson, a multinational telecommunication equipment manufacturer headquartered in Stockholm. He said he thinks a reckoning is at hand over internal cloud based on complex architectures, such as upstream Kubernetes and OpenStack.

"Over the next 18 months, you will see a tidal wave of major names, giants, saying '[Expletive] this, we're not going to do this anymore,'" Thiele said.

Advantages and disadvantages of open source in the enterprise

Community-supported open source software has one major selling point: There's no license to buy upfront. It also offers transparency for its source code, which means it can be customized. Also, users can potentially control and influence code development more effectively than they could with commercial software.

"We have a long history of in-house expertise. We're used to developing things, and it feels natural," said Kevin Burnett, DevOps lead at Rosetta Stone, a global education software company in Arlington, Va., which runs upstream Kubernetes in its own data centers, among other upstream open source code. "The on-premises part could change, and we might look at a cloud-provider's managed Kubernetes service. But, otherwise, we're more inclined to own it ourselves."

Tidelift seeks to polish community support for enterprises

Not every company has the clout to consult with community big shots on demand. This is where a startup called Tidelift, which raised a $25 million Series B funding round this month, hopes to offer mainstream enterprises a clearinghouse for such interactions.

Tidelift will focus on open source projects that lack critical mass in the market to form a commercial company, but which still maintain utilities and libraries that are critical to broader open source platforms. The idea is that Tidelift's contracts with enterprise subscribers will assure those subscribers that a commercial entity will back those open source utilities, and the subscription fees passed on to community maintainers will incentivize them to keep the open source code up to date.

"It's unfeasible for most companies to establish a relationship with thousands of individual community maintainers," said Donald Fischer, Tidelift's CEO. "We want to create a consumer-managed marketplace that connects buyers to maintainers, similar to Uber or Airbnb."

But some industry watchers have seen this movie before.

"It seems built around an old-fashioned model of how one monetizes open source," said Tom Petrocelli, analyst at Amalgam Insights. "If your library is popular, you're going to build a company around it. If not, what are you going to get out of it, $1.98?"

In a previous job, Petrocelli worked on a similar clearinghouse spun out from SoftBank in the late 1990s called The Rights Exchange, which focused on digital rights management (DRM) microtransactions for content creators.

"This pipeline model didn't work," Petrocelli said. "If I want to publish [content], I'm either going to charge for advertising or a subscription fee. It's too hard to do micropayments with a DRM wrapper people didn't trust."

Bloomberg, a global finance, media and tech company based in New York, is the poster child for upstream open source in the enterprise. The company is accustomed to writing its own code and has no plans to leave its self-managed data centers for cloud services. Moreover, the company's strict regulatory and security requirements for the financial data it distributes, along with demanding service-level agreements from its customers, mean it is paramount to have control over platform code such as Kubernetes.

Kevin Fleming, director of R&D in Bloomberg's office of the CTOKevin Fleming

"Sometimes, our tech people sit in on presentations by vendors with packaged Kubernetes distributions," said Kevin Fleming, who oversees research and development teams in Bloomberg's office of the CTO. "But we already know how to do the things they say they can do. And those companies have many other clients, so who's the priority? We have one client: us."

Fleming estimated Bloomberg has between 5,000 and 6,000 engineers, a full 25% of the company's employee base. At that scale, there are enough engineering resources to dedicate teams of four or five people to experiment with the latest open source utilities and customize them for production use.

We already know how to do the things [packaged Kubernetes vendors] say they can do. And those companies have many other clients, so who's the priority? We have one client: us.
Kevin Flemingmember of the CTO office, Bloomberg

But not every company can be Bloomberg or its peers, such as Verizon and Google. There are only so many expert developers to go around.

"Being a relatively big company doesn't mean you've necessarily thought through the implications of open source labor," Ericsson's Thiele said. "These companies can and do get hundreds of millions of dollars into projects without asking themselves serious questions and get nowhere."

Even Bloomberg sometimes looks to commercial open source vendors for a leg up on open source tools, depending on how new they are, and their long-term importance to the company, Fleming said. In the early days of Hadoop, for example, Bloomberg worked with vendors such as Hortonworks and Cloudera to stabilize its infrastructure for the big data processing platform.

It will lean on other vendors like Percona for help with utilities such as Metrictank that it doesn't plan to modify or enhance internally, and when in doubt, it will seek consultations with open source community developers who work for commercial vendors, he said.

Most mainstream companies, meanwhile, seek a middle ground between pure upstream open source software and completely proprietary products that is serviced by vendors that use a business model called open core.

Find out the pros and cons of the open core approach in part two of this story.

Dig Deeper on Systems automation and orchestration