Creating a 'level playing field' for open source software options in IT selection and procurement http://oss-watch.ac.uk @osswatch 1. Strategy What Are We Talking About? Free Software "Free as In Freedom" 1) The freedom to run the program, for any purpose 2) The freedom to study how the program works, and adapt it to your needs 3) The freedom to redistribute copies so you can help your neighbour 4) The freedom to improve the program, and release your improvements to the public, so that the whole community benefits Open Source • • • • Freely Redistributable Source Code Included Derived Works Permitted Integrity of Author Source Code • No Discrimination Against Persons or Groups • No Discrimination Against Fields of Endeavor • Distribution of License • License Must Not Be Specific to a Product (or distribution) • License Must Not Restrict Other Software • License Must Be Technology-Neutral (no 'click wrap') Open Development ● ● ● Free/Open Source Software (FOSS) just refers to the licence Open Development refers to projects which are developed with engagement and contribution from communities, which promotes sustainability. Not all FOSS software is produced by Open Development, e.g. Android, MySQL Why does this matter? Sustained Value ● Total Cost of Ownership (TCO) is often (although not necessarily) lower for FOSS solutions ● ● ● No license fees to pay when purchasing/upgrading Open market for service providers Option to provision some or all of the solution yourself Sustained Value ● Sustainability ● ● ● ● ● Risk Management What if the company disappears? What if the software is bought and killed off? What is the exit strategy? Transparency of open development makes judging "health" of a project easier Meeting User Needs ● ● ● ● ● No restrictions on your use of the software Design your own trials and pilots Make changes (or have them made) Share the costs of niche requirements with others in the community Access to the "best of breed" solutions Case Studies Department for Culture, Media and Sport ● Replaced proprietary intranet platform with open source Wordpress ● Procured development services from and SME through G-Cloud ● Developed the new system through an iterative process ● Solution realised for £15k, with ongoing monthly costs in the hundreds, a 90% saving Case Studies NHS ● Developing Spine2 communications infrastructure using Riak database in place of current Oracle solution ● Riak chosen "to deliver a more flexible and resilient solution" ● No major proprietary solutions in Riak's field ● Riak developed by Basho, Spine2 being developed by BJSS, engaged through G-Cloud Case Studies City of Munich ● Migrated all municipal systems from Microsoft software to FOSS ● Switch instigated by end-of-life of existing products, and the prospect of further lock-in in the future ● Migrating office documents and apps costs €200k more than if they'd upgraded to newer MS Windows ● However, €6.8m saved on licensing costs ● Total savings exceeded €10m, although "Our main goal was to become independent" Case Studies French Profile ● Gendarmerie Nationale switched 37,000 Windows Desktops to Ubuntu Linux, with double that due to by migrated by summer 2014. ● Lowered TCO by 40%, 2m per year ● "Using Ubuntu Linux massively reduces the number of local technical interventions" – ongoing savings made on support costs 2. Policy Agnostic ● ● ● ● Don't mention "open source" Has its merits, avoids creating "Fear, Uncertainty and Doubt" "Open source software, while it can be useful in many instances and appear to be cost effective, may present a security risk because open source developers don’t typically follow security best practices when developing their software." - IRS Memorandum on use of FOSS Relies on already-instilled culture to be effective Agnostic ● ● ● ● Don't mention "open source" Has its merits, avoids creating "Fear, Uncertainty and Doubt" "Open source Software, while it can be useful in many instances and appear to be cost effective, may present a security risk because open source developers don’t typically follow security best practices when developing their software." Relies on already-instilled culture to be effective Equal consideration ● ● ● ● ● Require that both open source and proprietary solutions are considered on a level playing field "The Government will actively and fairly consider open source solutions alongside proprietary ones in making procurement decisions" - UK Cabinet Office Open Source Policy Encourages an awareness of open source options Need to put in place a process for ensuring that solutions can be considered equally Need to monitor the procurement process to ensure that such a policy is followed Preferential ● ● ● ● Explicitly prefer open source solutions "Where there is no significant overall cost difference between open and non-open source products that fulfil minimum and essential capabilities, open source will be selected on the basis of its inherent flexibility." - UK Government Digital By Default Service Manual Maximises the advantage taken of the inherent benefits of open source Particularly relevant when selecting technologies for development of new software and services 3. Process Levels of Engagement Deep Engagement Shallow Engagement Pure Procurement Customisation Contribution Leadership Selection and Procurement • Does the traditional IT procurement process work against open source? – RFQ/RFPs require investment from the seller, recouped from subsequent licensing and mandatory support fees. – Companies offering support for OSS typically lack a sales team working overtime to understand, master, and win procurement competitions. – Pre-sales trials and installations are also at cost to the vendor. For closed source, this can be recouped in later fees. For open source, its not clear how this would happen Active Pre-Procurement • How do we ensure a good range of solutions are considered if we don’t get responses to RFPs for some of the best options? • One answer is to spend more effort identifying and analysing potential solutions available before issuing RFPs/RFQs. – An open relatively free-form open RFI could be followed by a closed RFP. – SSMM is a methodology developed by OSS Watch involving iterative evaluation and selection phases – Open Source Options (CO) and Open Source Options for Education (OSSWatch) are resources to help identify candidate solutions Paid Discovery Stage • Include a budget for a paid discovery stage for OSS candidates • In other words, engage potential OSS vendors commercially - or fund an in-house team - to help answer all of the same questions you may be expecting from closed-source vendors as part of their pre-sales activity • Example: Moodle vs. Blackboard competition, University of Bolton Unbundling Pre-RFP • The pre-procurement analysis process can be used to identify ways to unbundle solutions • For example, pre-procurement may identify an OSS product such as Drupal as the best-fit, and then go to RFP for customisation and support services. Unbundling Post-RFP • In some cases there are options to unbundle parts of a proposal (services, applications, middleware, database, infrastructure) and to ask the supplier to consider open source alternatives • If open alternatives are not considered possible (e.g. “it only works on SQL Server”) this needs to be considered as a lock-in risk Parallel Purchasing • It may be worth considering parallel processes and parallel RFPs - for closed-source and opensource procurement and then comparing the outcome of each in a runoff • An example of parallel procurement is the Swedish public sector framework, Öppna programvaror • However, the argument can be made that better value can be realised by a combined process where considerations are balanced – e.g. looking at how areas such as lock-in and exit strategy are considered versus sustainability Evaluating Sustainability • Sustainability involves asking questions like: – – - Is anyone else using it? Is anyone around to fix issues/apply patches? Can I buy services and support for it? Will it be around in 5 years time • All software solutions should be evaluated for sustainability. However, for open source the process is different from closed source – For OSS much more of the data needed is publicly available, and tools exist to help analyze it, from informal guidancedriven models to complex frameworks such as QSoS and BRR – For closed source we’re more reliant on company-provided evidence Deep Engagement “request for partnership” • If there are no clear existing solutions, can we procure a partnership to collaborate on a solution? • For example, an existing project may be the best fit, but still requires additional investment in software development to support the user requirements. • Often in the past this has been externally funded as projects e.g. Jisc, EC, and in some cases subcontracted to development partners e.g. Cottage Labs Evaluating openness • Where a solution requires development (partnership or internal) another key factor to evaluate is openness • The OSS Watch Openness Rating is a simple tool for measuring how open an open source project is to engagement and collaboration Business Case • Making the procurement process a level playing field doesn’t need to create bureaucracy • The process can scale relative to that of the potential procurement. – For example, using informal sustainability evaluation for small procurements, adopting formal measures such as QSoS at large scale • An effective process can help deliver sustained value and meet user needs 4. Practice How does procurement practice fit into this picture? Awareness of policies, processes and tools Understanding of how open source works and the issues involved Capacity to effectively evaluate open source as well as closed source solutions using standard tools Cultural alignment with the strategy and its aims Questions and Discussion