open source: what is the total cost of ownership?

Open Source: What is the Total Costof Ownership?

White PaperMarch 2008

2Open Source: What is the Total Cost of Ownership?

Is Open Source For the Dogs?In 2005, Scott McNeely of Sun Microsystems quipped that open source software was “free like a puppy is free”. Just as you can pick out a puppy from the pound without paying expensive breeder fees, you can download and use open source software without buying a single license. But puppies become dogs, and dogs need food, toys, training and lots and lots of love. Even with all this attention, there’s no guarantee your cuddly puppy won’t develop a vicious streak. Will you need endless obedience classes and a chain and muzzle to control it? The same goes for open source software. As soon as you introduce open source into your organization, the real costs, commitments and risks become clear.

Of course, there are lots of good reasons to use open source in enterprise development projects: overall efficiency of IT, quality of products and processes, reduced time to market, improved innovation and increased competition among service offerings. That’s why, according to one recent survey, the average enterprise reported using 94 different open source packages, up 26% from 2006.

There’s even a trend towards implementing open source solutions in “differentiating technologies”. Differentiating technologies are the features that make your product more desirable than your competitor’s. Open source may provide a cheaper and faster way to build these special features, but it can introduce sub-par code, lax tech support and license infringement into business-critical functionality, so it must be executed with care.

If open source adoption is so high, it must be less expensive than the cost of commercial software licenses, right? Not necessarily. That debate continues to rage in the technology industry. There are plenty of studies that claim to indisputably prove both sides of the argument. This paper doesn’t seek to prove or disprove either position; instead, it outlines the hidden costs and hazards involved in open source development and discusses how savvy project managers can curtail them.

The Hidden Costs of Open SourceFounding editor of Wired, Kevin Kelly, was recently discussing the economics of free software, and remarked:

As the old joke goes: software, free. The manual: $10,000. But it’s no joke...the copy of code, being mere bits, is free—and becomes valuable to you only through the support and guidance.

As soon as you introduce open source into your organization, the real

costs, commitments and risks become clear.


Who Do You Call When Things Go Wrong?

When you purchase enterprise software licenses, you’re also buying favor and attention from the software vendor. Your licenses are usually accompanied by a comprehensive and reassuring support agreement and a 1-800 number. You’re buying confidence that, when issues arise, the vendor will be able to resolve them quickly and cost-effectively. The quality of vendor technical support varies, but at least you know who to turn to when things go awry.

When it comes to technical support, open source is a more complex matter. There are no service level agreements for support or issue resolution. There’s not a group of IT professionals awaiting your call. Instead, there are communities who may or may not answer your questions on web forums, mailing lists and ad hoc support databases. Even worse, you may end up with a half-dozen conflicting responses when they do. There’s no business model, and no financial incentive for the open source community to help you. That can be a serious concern for software development companies trying to meet release dates, produce quality products and get their software to market.

Just as you can’t assume that open source developers will rapidly respond to your support requests, you have no control over an open source project’s development schedule. If your next major release depends on new caching functionality in an open source web server, then you’re beholden to two schedules: your own and the open source project’s. It’s enough work to keep an eye on one Gantt chart when you can control it; open source projects are subject to more schedule creep, more often. If the lead developer on an open source project takes sick leave, goes traveling or starts a demanding new job, there are not necessarily resources to replace him. Are you willing to put your in-house development schedule in the hands of the open source community?

Another common concern in open source revolves around security. Will open source communities respond rapidly enough when a security hole is discovered? Patches and upgrades may be slow in coming if at all. Until it’s fixed, how many more malevolent users have access to information about your security breach? Additionally, complex integration common in open source solutions—code cobbled together and tweaked from many sources—can expose systems more dangerously than commercial software.

That said, experiences vary. There are times when the open source community is faster with security patches, simply because they don’t have the PR and project scheduling considerations of their commercial counterparts. A software vendor might decide that “we can’t afford to reveal this breach” or “it can wait until next quarter because we’re behind schedule already.”

When it comes to technical support, open source is a more complex matter.

There are no service level agreements for support or

issue resolution.

Will open source communities respond rapidly enough when

a security hole is discovered?


In short, open source technical support and issue resolution can be unreliable. Project managers with tight timelines should consider the “unpredictability factor” before jumping headlong into open source development.

Labor versus Licenses

Don’t let unpredictable tech support turn you off open source. Its flexibility and agility can be a real benefit for enterprise software development projects. For instance, if you can’t wait for the open source community to patch a security hole, you can always do it yourself. But this has drawbacks too.

You probably didn’t hire your developers based on their knowledge of a specific open source platform. Most companies don’t have in-house engineers who understand open source code and can change it. So, instead of honing their core skill set, your developers need to get up-to-speed on an open source application or platform and inevitably take time away from product development to fix open source problems. These kinds of opportunity costs won’t help deliver your software projects on time.

Similarly, your IT staff will need to document all the open source products you are using and do regular manual searches for updates and patches. This onerous process redirects time and resources away from product development. If, over time, your IT department doesn’t stay on top performance and security updates, your software project will suffer.

Even if your engineers become open source experts, you’ve still got to keep them around. Staff turnover rates of 20% are common in the IT sector. Those are unpleasant odds. Sooner or later you’re going to lose a key staff resource. If your chief open source troubleshooter takes a job across town, a lot of intellectual capital walks out the door. Good knowledge management practices can mitigate this threat; however, industry veterans know that when delays are threatening and the bugs are thick on the ground, knowledge transfer is ignored in order to “go gold” on time.

Another alternative is to contract open source experts to consult on projects. These gurus can be difficult to find, and are in high demand for popular open source implementations. Plus, with consulting rates often exceeding $200 an hour, these hired guns can get very expensive, very fast. And when they leave at the end of their contract, all of their intellectual capital leaves with them.

Staying Above the Law

In a recent InfoWorld survey, respondents said one of the major challenges of using open source languages in enterprise software development is understanding and enforcing open source licensing.

Staff turnover rates of 20% are common in

the IT sector. Those are unpleasant odds. Sooner

or later you’re going to lose a key staff resource.


Open source licensing can be a daunting problem. The terminology and licensing requirements are often confusing to the neophyte project manager. And that’s before you even consider which license to use—GPL, Artistic, LPGL, Creative Commons, BSD... the list goes on.

There’s no single tool or strategy for making sure you choose the right open source license for your project. To ensure that you’re indemnified against legal action, you’ve got to be patient, diligent, detail oriented and ultimately right. You need to conduct regular open source audits to find out what code you’re using, what license it’s under and whether you’re abiding by the terms of each license.

You don’t want to get it wrong. The legal risk of working with open source languages is being hit with a breach of contract lawsuit or a patent infringement lawsuit. Last year, the Software Freedom Law Center charged Monsoon Multimedia Inc. with using an open source set of Unix utilities called BusyBox, but failing to publish the source code as required under the GPL license. The lawsuit was settled out of court, but it signaled a new assertiveness on the part of open source programmers to protect their code. If they hadn’t settled and the Software Freedom Law Center had won the case, BusyBox would have been entitled to damages, an injunction prohibiting continued infringement and court costs. As you can see, a copyright lawsuit could cost your company financial harm far beyond the price of a purchased software solution.

The Good, the Bad and the Ugly

As demonstrated in this paper thus far, open source software comes with both advantages and hazards. So, is it worth it? We use the tried-and-tested SWOT analysis tool here to provide a snapshot of the benefits and disadvantages (see page 6) that go along with integrating open source into enterprise software projects.

If you can mitigate the weaknesses and risks, then there are clear advantages to using open source in commercial software development. Many businesses are reaching the same conclusion. According to Forrester Research, 75% of enterprises are already using or will be using open source soon for in-house development. Open source provides the opportunity for less expensive, faster, more efficient development if you can reduce the risks.

How do you control these threats? Start by choosing a quality, stable platform with a large, responsive community base. Do your homework to ensure you’re not committing copyright fraud. Protect your organization against spiraling costs by choosing a supported open source solution that will keep costs and technical meltdowns in check.

To ensure that you’re indemnified against

legal action, you’ve got to be patient, diligent,

detail oriented and ultimately right.

If you can mitigate the weaknesses and risks,

then there are clear advantages to using open

source in commercial software development.


Helpful Harmful

StrengthsFree source code; no seat license fees•

Flexible, adaptable, extensible code•

Agility gives open source deployments a •competitive advantage in the marketplace

Active, global open source community•

Rapid release rate distributes fixes and patches •quickly

Potential for code reuse reduces inefficiencies•

Open source typically achieves a high degree •of interoperability

WeaknessesNo control over an open source project’s •development schedule

Dependency on in-house expertise or •overpriced open source consultants

New versions must be integrated and •compatible; rapid release rates make this an ongoing challenge

In-house staff must stay up to date with open •source platform issues, fixes and bugs

Open source quality can vary dramatically•

OpportunitiesPotentially reduce project costs by building •commercial software on top of open source platforms

Using open source can make it easier to take •advantage of external expertise, applications and code components

Open source schedules can be faster than •commercial ones, providing a competitive advantage for enterprise development

Potential economic slowdown in 2008 won’t •affect open source project development

ThreatsSpiraling costs often associated with open •source maintenance

Non-supported open source development •projects are prone to increased schedule overruns, both in frequency and magnitude

No 24/7 technical support•

In-house experts may leave your •organization, along with their intellectual capital

Ensuring open source distributions are •legally licensed


Control the Total Cost of Ownership with ActiveState Enterprise Language DistributionsToo many companies embrace and implement open source technologies without fully understanding the costs that go along with deploying and maintaining open source. Additionally, businesses that distribute commercial implementations of open source often take big risks when it comes to code stability, unreliable technical support and potential license infringement.

That’s why ActiveState developed enterprise-level language distributions for Perl, Python and Tcl that have become renowned for quality and are now the defacto standards for millions of developers around the world. Like all open source code, ActiveState language distributions are provided free to the community, but can be enhanced with a comprehensive software, support and maintenance package.

Investing in enterprise-class supported open source language distributions ensures that your open source costs won’t spiral out of control.

Too many companies embrace and implement

open source technologies without fully understanding

the costs that go along with deploying and

maintaining open source.

Cause and Effect Diagram for Hidden Open Source Costs

Brain DrainSpiraling

DevelopmentCosts

Open SourceLicensing Issues

Unreliable Technical Support Schedule Creep

Mismanaged open source

licenses result in a lawsuit.

Can the open sourcecommunity rapidly respond to urgent security breaches?

Open source projects operate on their own schedules, putting your development

project way behind.

Open sourceconsultants

blow the project budget.

Your in-house opensource expert leavesfor a rival company,

taking vital knowledge with him. Over-Budget,

Late-to-Market Enterprise Software Development

Projects


Make Sure Open Source Pays Off for You

As discussed, there are plenty of good reasons to use open source including agility, flexibility and competitive differentiation. Saving $5 today isn’t one of them. If you’ve already got open source deployed in-house, you know there are lots of hidden costs: maintenance, updates, security fixes, major bugs, keeping up-to-date with important issues. Running open source in-house can be a strain because, frankly, a lot can go wrong.

Make sure open source pays off for you. ActiveState Enterprise Distributions of Perl, Python and Tcl eliminate concerns about maintenance and labor spiraling out of control; all the tedious, unpredictable work is already complete, tried and tested. Additionally, a fixed support price puts an end to hidden and soaring costs.

Reduce Complexity

Complex integration issues are commonplace in open source and can lead your engineers down an unfamiliar and potentially risky path. Even if they become familiar with the language cores, they’ll soon discover that working with all the modules involved demands a much higher level of expertise. Don’t let your engineers waste development time keeping your open source platform up and running.

Using quality pre-configured, pre-tested Perl, Python and Tcl builds can save months of developer time. Enterprise distributions also aid faster software development by eliminating the time it takes to build, test and maintain your own distributions.

Get Expert Advice

Turning in-house staff into open source experts can be time consuming and costly, often at the expense of your own software project. Even if your

developers become open source experts, you’ll need to keep them and their intellectual capital in your office in order to protect your investment. Will you have to pay them more to stick around? If they leave, will you be forced to hire expensive open source consultants?

With ActiveState Enterprise Distributions you get access to some of the industry’s foremost experts. ActiveState developers are supporters and contributors to open source languages and maintain

active relationships with the open source community. Your developers can focus on their core competencies and lean on dedicated language experts for design and development advice for all your Perl, Python and Tcl requirements. You don’t have to become an open source expert; ActiveState has you covered.

If you’ve already got open source deployed

in-house, you know there are lots of hidden costs: maintenance, updates,

security fixes, major bugs, keeping up-to-date with

important issues.

Close to 100% of ActiveState Enterprise customers renew their subscriptions year after year because it saves them time, money and the worries of unsup-ported open source.


Have Someone to Turn To

Supported open source language distributions combine the flexibility of open source with dependable support agreements. If your customers count on you to deliver problem-free software, waiting to get answers from an open source community with no financial incentive to help you becomes a serious liability.

ActiveState support subscriptions are priced considerably lower than the cost of hiring one qualified engineer, and much lower than the cost of a core expert. As part of ActiveState’s Enterprise language distributions, customers receive unlimited support incidents each year. Find out more about ActiveState support packages at www.activestate.com/support_resources/.

Deploy with Confidence

ActiveState’s premium open source language builds are created, quality assured and maintained with exceptional expertise that can’t be replicated in-house. Pre-configured, pre-tested Perl, Python and Tcl builds are renowned for quality and are now the defacto standards for millions of developers around the world.

Enterprise distributions help you build software faster by eliminating the time it takes to build, test and maintain your own distributions. In addition to getting to market faster, ActiveState’s quality guarantee boosts confidence in your commercial software project.

Mitigate Risk and Prevent Legal Exposure

When you use ActiveState enterprise distributions—ActivePerl, ActivePython or ActiveTcl—you can obtain out-of-the-box OEM licensing packages that will protect your company from legal exposure. ActiveState enterprise distributions are guaranteed to comply with all licensing requirements, so you can deploy your software worry-free.

What Are the Next Steps?There are lots of great reasons to use open source. But, don’t get won over by the cuddly, not-so-free puppy. It will inevitably become a full-grown hound that needs and costs more than you might be able to afford. It’s only after you download open source software and start using it that the real costs become clear. As open source guru Jamie Zawinski said about Linux:

Linux is only free if your time has no value, and I find my time is better spent doing things other than the endless moving-target-upgrade dance.

ActiveState’s premium open source language

builds are created, quality assured and maintained

with exceptional expertise that can’t be replicated

in-house.


Before open source becomes your new “pet” project, talk to ActiveState open source experts to get a full understanding of the true cost of open source ownership. ActiveState will walk you through the technical cost-benefit analysis and can make recommendations tailored specifically for your business. Don’t get sucked in by the cuddly open source puppy unless can guarantee it won’t become a rabid dog.

Register today for a complimentary consultation with an ActiveState open source language specialist. Email [email protected] or call 778-786-1134.

Who is ActiveState?

ActiveState has been a player in enterprise-level open source distributions since 1997. The company’s developers are supporters and contributors to open source languages including Perl, Python and Tcl, and maintain active relationships with the open source community.

ActiveState creates professional software development tools, programming language distributions and business solutions for dynamic languages, and practical tools and applications for social networking platforms.

It is owned by its employees and Pender Financial Group, a private merchant bank focused on technology in British Columbia. For more information, visit www.activestate.com.

ActiveState Software Inc.

1700–409 Granville Street Vancouver, BC V6C 1T2

Phone: +1.778.786.1100 Fax: +1.778.786.1133

Sales

[email protected] Phone: +1.778.786.1101

Toll-free in North America 1.866.510.2914

open source: what is the total cost of ownership?

Technology