The True Cost of Open Source Software

advertisement
The True Cost of
Open Source Software
Uncovering Hidden Costs and Maximizing ROI
White Paper
February 2010
The True Cost of Open Source Software
Uncovering Hidden Costs and Maximizing ROI
Distilling the Debate: Is Open Source Software for You?
Do you know what open source you’re running? If not, you are not alone. As systems administrators and
If you have researched open source software, even just a little, you’ve likely encountered two distinct
worldviews: believers and skeptics. Believers celebrate open source as free, collaborative code. In this
paradigm, open source software isn’t just a free licensing model; it is a movement for building better,
more flexible software. But, that’s just one side of the story. Open source skeptics raise compelling
counterarguments for why open source software and the enterprise don’t mix.
So, where does this leave you, especially if you are tasked with deciding whether or not to implement open
source software in your organization? In this paper we’ll delve deep into both arguments and provide practical
tools to help you decide whether or not open source software will be a good return on your company’s
investment. We’ll also present solutions for bridging the gap between “believers” and “skeptics” in your
organization, and for reducing risks that go hand-in-hand with running open source software in the enterprise.
The Appeal of Open Source
To determine whether or not open source software is the right choice for your organization, you must weigh
the pros and cons. Let’s begin with pros—the tangible benefits that have significantly increased open source
adoption in the last decade. Analyst firm Gartner predicts that 90% of enterprise software development
businesses will be using open source software by 2012.1 But, it’s not just software development firms
that are warming to open source software. Adoption is on the rise in all business verticals, from financial
institutions to government agencies. In the last two years, for instance, open source has become prevalent in
large, traditional financial institutions like Credit Suisse, Bank of America and Goldman Sachs. Similarly, the
Department of Defense (DoD) and Department of the Navy (DoN) report that a variety of open source software
programs are in operation in both classified and unclassified environments inside their organizations.2
These are some primary reasons why open source software has become so prevalent.
1. Free licenses.
The driver for many organizations is free software licenses. When licenses are free, businesses cut initial hard
costs of product and project development. Businesses are under terrific pressure to cut costs and open source
software offers a concrete way to significantly slash budgets. A 2008 Forrester Research study reported that
CIOs regard lower costs as the main reason for using open source software in their organizations: “It is not
just the cost of the [commercial] license, but also the fact that [you] have to pay between 20 and 25 percent
of the value of the license per year on an annual maintenance agreement with commercial products,” says
senior Forrester analyst, Jeffrey Hammond.3 In today’s tough economic environment, the lure of free software
licenses is hard to resist. Additionally, because open source software is free, it’s very easy to acquire.
Developers simply download the code and can immediately start working. There’s no lengthy procurement
processes to slow down developer productivity.
2. Own the code.
Under the GPL—the General Public License that allows developers to use open source software for free—you
have full access to the open source code you use. That means you can freely change the code and add new
functionality whenever you want. Plus, anyone can make alterations to open source software; you are not
obligated to work with specified third-party vendors who often charge exorbitant prices for custom work.
3. Software quality is continually improving.
Despite skeptics’ fears about the quality of open source code, there is plenty of evidence that the overall
number of defects in open source code drops over time.4 As open source communities collaborate the code
base inevitably improves; bugs are fixed; features are added; it achieves faster performance and integrates
more seamlessly with other systems. When you “buy in” to open source software you don’t just get the code
you implement today. You get what the software will be tomorrow, next year and a decade from now.
The True Cost of Open Source: Software Uncovering Hidden Costs and Maximizing ROI
© ActiveState Software Inc. February 2010
1
4. Code stability.
In the enterprise, dynamic open source languages—like PHP, Perl and Python—are the most popular “flavor” of
open source. According to a 2010 Forrester survey, 57% of developers surveyed have used dynamic languages
in their development work.5 As such, popular programming languages have considerable momentum behind
them with millions of developers working on the code. With so many people dedicated to these open source
projects, their viability is not in question. Unlike commercial software vendors, there’s virtually no chance that
established open source languages will vaporize when economic times are tough.
5. Draw on the open source community for help.
When you implement, alter and add to open source software, you become part of a thriving community of
passionate software developers. This philosophical take on open source may seem banal from a business
perspective, but it offers some real technical advantages. As part of a community, you can solicit help in
discovering and building new and useful functionality. You’re not at the mercy of commercial vendors who may
never make improvements or upgrade their software to integrate more smoothly with other systems, achieve
faster performance, or combat new security threats.
Open source is synonymous with freedom. Not just free licenses, but freedom to alter and improve the code
base and to benefit from others who do the same. “Believers” view open source software as self-sufficient
technology that removes development barriers and improves the overall quality of software projects.
Obstacles and Risks
Yes, open source licenses are free and anyone can alter and improve the code to fit their needs. But, there
can be risks and unpredictable outcomes when open source software is not factored into the overall business
strategy. For open source to work for an organization, developers and managers must be on board to ensure
that both the technical and business demands of open source software are properly managed. So, to balance
the debate, here are the cons—the problems that frequently result in cost overruns, technical roadblocks and
business interruptions. If you’re considering implementing open source software as part of your IT strategy,
don’t overlook these potentially troublesome issues.
1. Open, Not Free.
“Just because something is free does not mean that it has no cost,” says Laurie Wurster, a Gartner analyst.6
Many companies are blinded by free licenses and ignore the true cost of open source software. Licenses
are free, but the software doesn’t run itself. To get an implementation up and running smoothly you’ll need
experts— in-house or consultants—to complete the installation and complex integrations. Like any software
implementation, open source projects, if not managed properly, can stretch development budgets.
2. Code maintenance.
When you use open source software, there’s no proprietary software vendor maintaining the code for you. It’s
up to your team to install updates, make security fixes, implement new modules, and more. But, when your
IT team is already stretched with core development projects and under tight delivery deadlines, open source
software maintenance can go by the wayside. This quickly becomes problematic. If you don’t make open
source code maintenance a priority, the quality of your software project can deteriorate: security patches aren’t
installed and bugs don’t get fixed. With the continual uptake of open source software in the enterprise, companies
are offering commercial or “hybrid” versions of open source that include technical support and maintenance
services, so the burden of maintenance doesn’t need to fall entirely to in-house development teams.
3. No support contracts.
Open source software doesn’t come with support. When you’re on a tight development schedule, a lack of
formal support can put your project at risk. The open source community is typically helpful and will likely
respond to your questions and queries. But, these developers are under no obligation to do so in a timely
manner. This is especially problematic if your company uses open source software in mission-critical
applications, or if you use open source software in commercial products. Without 24/7 technical support in
place, your own product’s time to market may lag. Even worse, uptime can suffer and your customers will
feel the negative effects. Alex Wied, head of Accenture’s Innovation Centre for Open Source, says investing in
professional software support--even for open source software--is critical: “It is essential that there’s a trusted
vendor, behind each software, that secures technical support regardless if proprietary or open source.”7
The True Cost of Open Source: Software Uncovering Hidden Costs and Maximizing ROI
© ActiveState Software Inc. February 2010
2
Similarly, the DoD and DoN have initiated a policy that strongly encourages all open source software to be
professionally supported, either by someone inside those organizations or by a third party. To mitigate the risk
of open source software going bad, you must invest in support services, an oft forgotten line item in open
source implementation budgets.
4. Legal liability.
You don’t have to pay for open source licenses, but you must license the open source software you use
in enterprise products. Although open source licensing terms have nothing to do with money, they can put
restrictions on how you distribute your product. With dozens of open source licenses to choose from (GPL,
Artistic, LPGL, Creative Commons, BSD, to name a few), managing licensing is notoriously confusing. It
can be an administrative headache and opens your business up to legal liability. If you misinterpret licensing
requirements, you could unwittingly wind up in an embarrassing and potentially costly legal battle like Cisco
did in 2008 when the Software Freedom Law Center filed a copyright infringement lawsuit against Cisco
Systems for violating open source software license agreements. Under the terms of the General Public License
(GPL), distributors of enterprise software that use open source code must make the open source code
available with their software distribution. Cisco failed to do so. The company ultimately settled the lawsuit
by making a monetary donation to the Free Software Foundation and by appointing a Free Software Director
to conduct continuous reviews of the company’s license compliance practices.8 Even if a licensing debacle
doesn’t lead to litigation, your company could be fined, or worse, your organization’s reputation could be
damaged resulting in negative PR, even a drop in share prices.
In theory, it should be easy to document open source usage in an organization and license it correctly. In
practice though, most organizations fall short. A 2008 Gartner survey reports that the majority of businesses
using open source software have no formal policies in place for cataloguing open source software usage in
their businesses. That’s because open source software doesn’t go through the same procurement process as
proprietary software. Developers can download it from the Web and use it without managers even knowing
it’s there. Of course, if you don’t know what open source software you’re running, you can’t be licensing it
correctly. Gartner analyst, Laurie Wurster says to avoid liabilities, “companies must have a policy for procuring
OSS, deciding which applications will be supported by OSS, and identifying the intellectual property risk or
supportability risk associated with using OSS.9 Especially if you have a commercial product out in the world,
the chance of users discovering open source embedded in your software is high, which makes using open
source software in enterprise products a risky proposition without proper licensing. To mitigate this kind of
legal risk, software development companies are beginning to enlist the help of third-party licensing experts
who make sure open source software licensing is in place and accurate.
Free software licenses and flexible, extensible code is hard to pass up. But, when you factor in the time and
financial costs of implementation and maintenance, plus the lack of formal support and potential license
infringement, it’s clear that unless managed properly open source software may have a higher price than
developers and managers expect.
The True Cost of Open Source
Both arguments have valid claims. So, where to start in making your realworld evaluation? Too many
companies jump on the bandwagon without fully understanding the true cost of an open source
implementation. Or, conversely, they avoid open source altogether thinking that the risks are too high.
In a 2008 Computer Weekly article about open source liability, Gartner shares survey results from 274
companies around the world. Gartner measured high open source software usage, but found that most
(69 percent) of companies were not measuring the cost of their open source usage.
So, let’s look at some hard costs of open source software. We’ll also look a hybrid approach—enterprisegrade open source software delivered by a third party, like ActiveState, which offers technical support,
indemnification and redistribution rights along with best practices development expertise for dynamic
languages including Perl, Python and Tcl.
The True Cost of Open Source: Software Uncovering Hidden Costs and Maximizing ROI
© ActiveState Software Inc. February 2010
3
Total Cost of Ownership
A key component of project success is being able to estimate total cost of ownership (TCO). TCO includes
much more than license acquisition costs; there are significant, ongoing costs associated with implementation,
training, maintenance, support and legal licensing. If you don’t take all these costs into consideration, you will
come up against surprise cost overruns that can threaten project success. In the tables below we compare
two ways to implement open source and the costs associated with them: pure open source and ActiveState’s
managed open source solutions.
With numbers from the chart and formulas below, we can use this formula to calculate TCO:
A = Acquisition costs
I = Implementation costs
M = Maintenance/support costs
L = Legal costs
A + I + M + L = TCO
Costs
Open Source Dynamic Language
Enterprise Dynamic Language Solutions
by ActiveState
Acquisition Cost
(Software Licenses)
None
None
Training
Developer salary * days training
Developer salary * days of training
Development
Developer salary * development
months + fixed costs of in-house
open source expert
Developer salary * development months+
fixed costs of in-house open source expert
Maintenance and Support
Full-time salary + fixed costs of
in-house open source expert or
consultant fee
Annual ActiveState Enterprise solution fee
Legal (Distribution Rights and
Indemnification)
Time for license audit/building
governance process + potential
license infringement risk costs
Annual ActiveState OEM License solution fee
+ Indemnification coverage fee
The True Cost of Open Source: Software Uncovering Hidden Costs and Maximizing ROI
© ActiveState Software Inc. February 2010
4
The sample calculations in the following chart are ballpark figures and may not accurately represent your
project, including how much training and development hours are required. However, they provide a basic
cost comparison between two open source deployment methods. In this case we compare the cost of using
pure open source Perl and ActiveState’s Perl Enterprise distribution. The following table shows typical costs
for a small development project.
Costs
Open Source
Dynamic Language
Enterprise Dynamic
Language Solutions
Savings with
ActiveState
Acquisition Cost
(Software Licenses)
None
None
None
Training
10 days of training based on
an annual salary of $100,000
= $3,790
5 days of training based on
an annual salary of $100,000
= $1,895
Development
1 full time engineer for one
year = $100,000 annual
salary + $20,000 annual
fixed costs for inhouse open
source expert = $120,000
One full time engineer for
nine months = $75,000 +
$15,000 annual fixed costs
= $90,000
50%
25%
Maintenance and Support
.5 full time engineer @
$100,000 annual developer
salary + $20,000 annual
fixed costs for in-house open
source expert = $60,000
Annual ActiveState Enterprise
solution fee, approximately
$25,000
59%
Legal (Distribution Rights
and Indemnification)
3 days of engineer’s time for
consulting with legal team
+ 40 hours for legal team
to draw up legal documents
= $17,000 Plus, the cost of
potential legal fees should
you be hit with an IP
infringement lawsuit.
Annual ActiveState OEM
License and Indemnification
coverage fee, approximately
$14,000
18%
$234,900
$147,950
Total
(development accelerated by
ActiveState support)
PLUS
If you become
involved
in a lawsuit, licensing
costs could explode
by
200 or 300 %.
$86,950
in savings
ActiveState pricing in the table above has been averaged and is for example purposes. Please consult with ActiveState to
determine exact pricing for your project.
The True Cost of Open Source: Software Uncovering Hidden Costs and Maximizing ROI
© ActiveState Software Inc. February 2010
5
Obviously, the cost savings in reduced development time will scale as a project grows. Using the charts
above as a reference, you can calculate real costs for your project using commercial software with this
formula:
Acquisition Costs = (Project Duration * Developer Seats) * Annual Cost
per Developer Seat
Implementation Costs = Training + Development
Training = Number of Developers * Salary per Month*
Number of Days
Development = Number of Developers * Salary per Month*
Number of Months
Maintenance and Support = Annual Fee for Support Contract
Legal Costs = None
Calculate costs for a project using open source software:
Acquisition Costs = None
Implementation Costs = Training + Development
Training = Number of Developers * Salary per Month *
Number of Days
Development = Number of Developers * Salary per Month *
Number of Months
Maintenance and Support = Salary of in-house or consulting open-source
expert
Legal costs = Implementing license audit/building governance processes
Calculate costs for a project using commercial open source solutions. Contact ActiveState for a quote to
complete an accurate calculation:
Acquisition Costs = None
Implementation Costs = Training + Development
Training = Number of Developers * Salary per Month *
Number of Days
Development = Number of Developers * Salary per Month *
Number of Months
Maintenance and Support = Annual ActiveState Enterprise Solution Fee
Legal Costs (Distribution Rights +Indemnification) = Annual ActiveState
OEM LicenseFee+Indemnification Coverage
The True Cost of Open Source: Software Uncovering Hidden Costs and Maximizing ROI
© ActiveState Software Inc. February 2010
6
Five Principles for Maximizing Open Source ROI
If, after considering TCO, open source software is an attractive alternative for your organization, then
following these five best practice principles will put you on the road to successful, cost-effective open
source software implementations.
Use Good Quality Software
Open source software is continually improving, but that doesn’t mean it’s perfect today. If the software you
choose is not top quality, it can cause a ripple effect that can ultimately downgrade your product or project.
Open source is simply a licensing model; it does not mean best practices, like incorporating open standards,
are in place. If quality code is important to you—and it should be—do your homework and choose a tried
and tested application or language distribution with a stellar reputation like ActiveState’s ActivePerl, a quality
assured version of Perl that improves on pure open source Perl.
Get Experts on Your Side
As open source components become ubiquitous, developers are under pressure to learn a variety of
dynamic languages. They become generalists. A broad understanding of dynamic languages may be
enough to keep them running day-to-day, but when it comes to complex development, working with open
source component experts, will save you time and money in the long run and steer your project in the right
direction. Some organizations hire third-party open source experts as project partners while others bring
expertise in-house. But, a full-time salary and fixed employee costs can be cost prohibitive. Plus, you may
have a hard time keeping a full time open source component guru busy. Experts are most effective at key
moments in development and implementation. For instance, you may need an expert when upgrading your
software or launching on a new platform, but that expert’s time is wasted on day-to-day duties. Either way,
a legitimate expert is worth the price. He or she will shorten development time and will limit costly snafus.
Maintain Your Open Source Software
Open source software must be nurtured. You have full access to the code, so it is your responsibility to
undertake routine maintenance: make version updates, install security patches, add new modules, etc.
Open source software development keeps moving and improving, so you must keep up with the latest
versions. In the worst case scenario, developer attention starts to shift toward newer versions and features
and organizations using older releases end up relying on code that is getting less and less attention, few
bug fixes and less security attention. Staying on top of code maintenance will ensure that code quality
does not deteriorate.
Avoid Licensing Debacles
At first glance, managing open-source licensing on your own seems straightforward, but it is complex and
time consuming. First, you must determine top-level licensing. Then it’s on to deciphering module-level
dependencies. Open source languages are made of up thousands of libraries, modules, packages and
frameworks that are all licensed separately. You’ll need to develop processes for cataloguing open source
software including version and release numbers, whether it’s used internally or will be distributed, whether
it’s been modified, etc. There is the significant cost of developing this process in-house, or getting legal
advice to ensure open source software licensing doesn’t become your downfall. It’s easy to ignore licensing,
but the consequences are intellectual property infringement and unexpected costs.
Don’t Rely Entirely on the Open Source Software Community for Support
If you don’t have an expert on your team in the specific open source application or language you’re using,
then solving technical problems can be difficult. Documentation is not always available, or helpful. Plus,
you may need to wait days or weeks for the open source community to answer your queries. Research also
indicates that up to 39% of information seekers never receive public replies to their queries.10 This principle
requires that you either hire in-house expertise, or that you work with a third-party, enterprise-level support
team that won’t leave you high-and-dry when issues threaten project success.
The True Cost of Open Source: Software Uncovering Hidden Costs and Maximizing ROI
© ActiveState Software Inc. February 2010
7
The ActiveState Answer
Following these five principles is difficult. Especially when the particular open source component isn’t your
core area of expertise and your team has other important tasks to focus on—like getting your product to
market or implementing an internal system or solution. According to IDC analysts, an increasing number
of organizations are subscribing to third parties to support open source software in their businesses. At
ActiveState, we provide a safety net, by offering enterprise-grade language distributions for Perl, Python
and Tcl along with commercial support, indemnification and distribution rights packages. Our open source
language distributions are renowned for quality and are now the de-facto standards for millions of developers
around the world.
Like all open source code, ActiveState language distributions are provided free to the community.
ActiveState’s enterprise-level dynamic language expertise and reliable support for Perl, Python and
Tcl are designed to help organizations meet development deadlines and keep overall costs down by
allowing developers to focus on their core competencies. ActiveState also provides Intellectual Property
indemnification packages, which help organizations building business-critical and mission-critical systems,
minimize legal risks, ensure compliance, and accelerate productivity. Enterprise-grade support and licensing
solutions minimize the hardships associated with code instability, unreliable technical support and potential
license infringement. From development troubleshooting to emergency in-production coverage, ActiveState
support ensures priority access to open source language experts and includes unlimited incidents,
guaranteed response times, and fixes delivered to you quickly.
Don’t reinvent the wheel in-house; avoid budget overruns and blown deadlines. Instead, rely on our experts
and commercial support and enjoy one more thing you don’t have to worry about.
In addition, if you are distributing, selling or bundling software, hardware or devices that contain open source
components, your organization may be exposed to serious legal risk. Through OEM licensing, ActiveState
offers turn-key redistribution rights, indemnification, and commercial support to guarantee assurance
to software and hardware vendors and their customers removing any risks associated with copyright
infringement lawsuits.
Contact ActiveState at 778.786.1101, or business-solutions@activestate.com for a complimentary
consultation with ActiveState’s language experts.
1. Peter Judge, “Gartner: Open source will quietly take over”, ZDNet UK, April 4, 2008,
http://news.zdnet. co.uk/software/0,1000000121,39379900,00.htm
2. DON CIO memo, “Department of the Navy Open Source Software Guidance, of 05 June 07” and DOD CIO memo, “Clarifying
Guidance Regarding Open Source Software (OSS)”, October 16 2009.
3. Cliff Saran, “Tough times boost open source sales pitch,” Computer Weekly, December 9, 2008.
4. Chris Kanaracus, “Study Shows Open-source Code Quality Improving,” PC World Business Center, September 23, 2009.
http://www.pcworld.com/businesscenter/article/172469/study_shows_opensource_ code_quality_improving.html
5. Jeffrey Hammond, “What Developers Think,” Dr. Dobb’s, January 16, 2010, http://www.drdobbs.com/ architect/222301141.
6. Antony Savvas, “Firms open to huge open source liabilities”, Computer Weekly, November 18, 2008.
http://www.computerweekly.com/Articles/2008/11/24/233445/Firms-open-to-huge-open-source-liabilities. htm
7. Alex Wied, “Commercial open source is essential to enterprise IT”, ComputerworldUK, August 13, 2009.
http://www.computerworlduk.com/community/blogs/index.cfm?entryid=2443
8. Ryan Paul, “Cisco settles FSF GPL lawsuit, appoints compliance officer”, ars technical, May 21, 2009,
http://arstechnica.com/open-source/news/2009/05/cisco-settles-fsf-gpl-lawsuit-appoints-complianceofficer.ars
9. Antony Savvas, “Firms open to huge open source liabilities”. Computer Weekly, November 18, 2008. http://www.computerweekly.
com/Articles/2008/11/24/233445/Firms-open-to-huge-open-source-liabilities. htm.
10. Karim R. Lakhani and Eric von Hippel, “How open source software works: “free” user-to-user assistance”, MIT Sloan School of
Management, July 12, 2002.
11. Anuradha Shukla, “IDC: Organisations adopt open source to reduce expenses”, Computerworld, September 29, 2009.
http://news.idg.no/cw/art.cfm?id=073779BA-1A64-6A71-CE90B369D13FD0C2.
The True Cost of Open Source: Software Uncovering Hidden Costs and Maximizing ROI
© ActiveState Software Inc. February 2010
8
About ActiveState
ActiveState empowers innovation from code to cloud smarter, safer, and faster. ActiveState’s cutting-edge
solutions give developers and enterprises the power and flexibility to develop in Java, Ruby, Python, Perl,
Node.js, PHP, Tcl, and more. Stackato is ActiveState’s groundbreaking cloud platform for creating a private
platform as a service (PaaS), and is the cost-effective, secure, and portable way to develop and deploy
apps to the cloud. ActiveState is proven for the enterprise: More than two million developers and 97% of
Fortune-1000 companies use ActiveState’s end-to-end solutions to develop, distribute, and manage their
software applications. Global customers like Cisco, CA, HP, Bank of America, Siemens, and Lockheed Martin
look to ActiveState to save time, save money, minimize risk, ensure compliance, and reduce time to market.
ActiveState Software Inc.
1700-409 Granville Street
Vancouver, BC V6C 1T2
Phone: +1.778.786.1100
Fax: +1.778.786.1133
business-solutions@activestate.com
phone: +1.778.786.1101
Toll-free in North America
1.866.631.4581
www.activestate.com
Download