PPT - OSS Watch

advertisement
Creating a 'level playing field' for
open source software options in
IT selection and procurement
http://oss-watch.ac.uk
@osswatch
1. Strategy
What Are We Talking About?
Free Software
"Free as In Freedom"
1) The freedom to run the program, for any
purpose
2) The freedom to study how the program works,
and adapt it to your needs
3) The freedom to redistribute copies so you can
help your neighbour
4) The freedom to improve the program, and
release your improvements to the public, so
that the whole community benefits
Open Source
•
•
•
•
Freely Redistributable
Source Code Included
Derived Works Permitted
Integrity of Author Source
Code
• No Discrimination Against
Persons or Groups
• No Discrimination Against
Fields of Endeavor
• Distribution of License
• License Must Not Be
Specific to a Product (or
distribution)
• License Must Not Restrict
Other Software
• License Must Be
Technology-Neutral (no
'click wrap')
Open Development
●
●
●
Free/Open Source Software (FOSS) just refers
to the licence
Open Development refers to projects which are
developed with engagement and contribution
from communities, which promotes
sustainability.
Not all FOSS software is produced by Open
Development, e.g. Android, MySQL
Why does this matter?
Sustained Value
●
Total Cost of Ownership (TCO) is often
(although not necessarily) lower for FOSS
solutions
●
●
●
No license fees to pay when
purchasing/upgrading
Open market for service providers
Option to provision some or all of the solution
yourself
Sustained Value
●
Sustainability
●
●
●
●
●
Risk Management
What if the company disappears?
What if the software is bought and killed off?
What is the exit strategy?
Transparency of open development makes
judging "health" of a project easier
Meeting User Needs
●
●
●
●
●
No restrictions on your use of the software
Design your own trials and pilots
Make changes (or have them made)
Share the costs of niche requirements with
others in the community
Access to the "best of breed" solutions
Case Studies
Department for Culture, Media and Sport
●
Replaced proprietary intranet platform with
open source Wordpress
●
Procured development services from and SME
through G-Cloud
●
Developed the new system through an iterative
process
●
Solution realised for £15k, with ongoing
monthly costs in the hundreds, a 90% saving
Case Studies
NHS
●
Developing Spine2 communications
infrastructure using Riak database in place of
current Oracle solution
●
Riak chosen "to deliver a more flexible and
resilient solution"
●
No major proprietary solutions in Riak's field
●
Riak developed by Basho, Spine2 being
developed by BJSS, engaged through G-Cloud
Case Studies
City of Munich
●
Migrated all municipal systems from Microsoft
software to FOSS
●
Switch instigated by end-of-life of existing products,
and the prospect of further lock-in in the future
●
Migrating office documents and apps costs €200k
more than if they'd upgraded to newer MS Windows
●
However, €6.8m saved on licensing costs
●
Total savings exceeded €10m, although "Our main
goal was to become independent"
Case Studies
French Profile
●
Gendarmerie Nationale switched 37,000
Windows Desktops to Ubuntu Linux, with double
that due to by migrated by summer 2014.
●
Lowered TCO by 40%, 2m per year
●
"Using Ubuntu Linux massively reduces the
number of local technical interventions" –
ongoing savings made on support costs
2. Policy
Agnostic
●
●
●
●
Don't mention "open source"
Has its merits, avoids creating "Fear,
Uncertainty and Doubt"
"Open source software, while it can be useful in many
instances and appear to be cost effective, may present a
security risk because open source developers don’t
typically follow security best practices when developing
their software." - IRS Memorandum on use of FOSS
Relies on already-instilled culture to be effective
Agnostic
●
●
●
●
Don't mention "open source"
Has its merits, avoids creating "Fear,
Uncertainty and Doubt"
"Open source Software, while it can be useful in many
instances and appear to be cost effective, may present a
security risk because open source developers don’t
typically follow security best practices when developing
their software."
Relies on already-instilled culture to be effective
Equal consideration
●
●
●
●
●
Require that both open source and proprietary
solutions are considered on a level playing field
"The Government will actively and fairly consider open
source solutions alongside proprietary ones in making
procurement decisions" - UK Cabinet Office Open
Source Policy
Encourages an awareness of open source options
Need to put in place a process for ensuring that
solutions can be considered equally
Need to monitor the procurement process to ensure
that such a policy is followed
Preferential
●
●
●
●
Explicitly prefer open source solutions
"Where there is no significant overall cost
difference between open and non-open source
products that fulfil minimum and essential
capabilities, open source will be selected on the
basis of its inherent flexibility." - UK Government
Digital By Default Service Manual
Maximises the advantage taken of the inherent
benefits of open source
Particularly relevant when selecting
technologies for development of new software
and services
3. Process
Levels of Engagement
Deep
Engagement
Shallow
Engagement
Pure
Procurement
Customisation
Contribution
Leadership
Selection and Procurement
• Does the traditional IT procurement process
work against open source?
– RFQ/RFPs require investment from the seller,
recouped from subsequent licensing and mandatory
support fees.
– Companies offering support for OSS typically lack a
sales team working overtime to understand, master,
and win procurement competitions.
– Pre-sales trials and installations are also at cost to
the vendor. For closed source, this can be recouped
in later fees. For open source, its not clear how this
would happen
Active Pre-Procurement
• How do we ensure a good range of solutions are
considered if we don’t get responses to RFPs for some
of the best options?
• One answer is to spend more effort identifying and
analysing potential solutions available before issuing
RFPs/RFQs.
– An open relatively free-form open RFI could be followed by a
closed RFP.
– SSMM is a methodology developed by OSS Watch involving
iterative evaluation and selection phases
– Open Source Options (CO) and Open Source Options for
Education (OSSWatch) are resources to help identify
candidate solutions
Paid Discovery Stage
• Include a budget for a paid discovery stage for
OSS candidates
• In other words, engage potential OSS vendors
commercially - or fund an in-house team - to
help answer all of the same questions you may
be expecting from closed-source vendors as
part of their pre-sales activity
• Example: Moodle vs. Blackboard competition,
University of Bolton
Unbundling Pre-RFP
• The pre-procurement analysis process can be
used to identify ways to unbundle solutions
• For example, pre-procurement may identify an
OSS product such as Drupal as the best-fit, and
then go to RFP for customisation and support
services.
Unbundling Post-RFP
• In some cases there are options to unbundle
parts of a proposal (services, applications,
middleware, database, infrastructure) and to ask
the supplier to consider open source
alternatives
• If open alternatives are not considered possible
(e.g. “it only works on SQL Server”) this needs
to be considered as a lock-in risk
Parallel Purchasing
• It may be worth considering parallel processes and parallel RFPs - for closed-source and opensource procurement and then comparing the
outcome of each in a runoff
• An example of parallel procurement is the
Swedish public sector framework, Öppna
programvaror
• However, the argument can be made that better
value can be realised by a combined process
where considerations are balanced
– e.g. looking at how areas such as lock-in and exit
strategy are considered versus sustainability
Evaluating Sustainability
• Sustainability involves asking questions like:
–
–
-
Is anyone else using it?
Is anyone around to fix issues/apply patches?
Can I buy services and support for it?
Will it be around in 5 years time
• All software solutions should be evaluated for
sustainability. However, for open source the process is
different from closed source
– For OSS much more of the data needed is publicly available,
and tools exist to help analyze it, from informal guidancedriven models to complex frameworks such as QSoS and
BRR
– For closed source we’re more reliant on company-provided
evidence
Deep Engagement
“request for partnership”
• If there are no clear existing solutions, can we
procure a partnership to collaborate on a
solution?
• For example, an existing project may be the
best fit, but still requires additional investment in
software development to support the user
requirements.
• Often in the past this has been externally funded
as projects e.g. Jisc, EC, and in some cases
subcontracted to development partners e.g.
Cottage Labs
Evaluating openness
• Where a solution requires development
(partnership or internal) another key factor to
evaluate is openness
• The OSS Watch Openness Rating is a simple
tool for measuring how open an open source
project is to engagement and collaboration
Business Case
• Making the procurement process a level playing field
doesn’t need to create bureaucracy
• The process can scale relative to that of the potential
procurement.
– For example, using informal sustainability evaluation for small
procurements, adopting formal measures such as QSoS at
large scale
• An effective process can help deliver sustained value
and meet user needs
4. Practice
How does procurement practice fit
into this picture?
Awareness of policies, processes and tools
Understanding of how open source works and
the issues involved
Capacity to effectively evaluate open source as
well as closed source solutions using standard
tools
Cultural alignment with the strategy and its aims
Questions and Discussion
Download