Freeware promises to give CIOs control over their computer systems' destiny.Should you join the revolution? By reading this story, you'll learn When freeware is the right choice for corporate applications How to balance freeware's risks and rewards Why security is less of a concern than you'd think Ways to get the support you need Everybody's heard the buzz on Linux: Open source code makes modification of the "freeware" operating system easy; it runs on an array of platforms, even down to underpowered hardware like leftover 386s; and best of all, it's free.
Or at least extremely cheap. Since "cheap IT" historically has been an oxymoron of colossal proportions, low cost makes Linux - along with Apache Web server software, the Sendmail electronic mail package and a host of other freeware products - an attractive proposition.
That's all well and good for the hobbyist running a bulletin board or the IT worker who does side programming jobs in his off-hours at home. CIOs, however, have a different set of concerns: stability, security and, most notably, service and support. These concerns have thus far slowed widespread corporate acceptance of freeware in general and Linux in particular, since an operating system is such a vital piece of the IT puzzle. But some companies are in front of the pack, already running vital business applications on Linux and other freeware programs. At manufacturing giant Schlumberger Ltd., for example, Linux shows up on the occasional workgroup server. At internetworking company Cisco Systems Inc., the entire corporate print architecture runs on freeware. And Web-based directory provider PlanetAll.com Inc. uses Linux and a freeware e-mail program.
IS personnel who have had firsthand experience with freeware at these and other companies say that while open source software is indeed passing the tests of corporate computing, it requires a change of mind-set and new procedures, particularly in the area of service and support.
Freeware is not just free from a monetary standpoint. Its source code is readily available, meaning the IS group can modify the basic program as needed - hence the more proper designation "open source software." Such programs are typically developed by a loose confederation of developers working in their spare time. (See "Love That Linux," CIO Section 1, Dec. 1, 1998 for more background.) These programs generally can be downloaded free of charge over the Internet. Freeware has existed for years, and any corporation is likely to have miscellaneous open source programs floating around, particularly in conjunction with a Unix environment. Linux, however, represents a significant step forward for corporate use of freeware since it is a variant of the entire Unix operating system. The corporation is not likely to grind to a halt in the event of a flaw in a Unix development tool, but if Linux fails, entire applications stop. Apache is similarly crucial, particularly for Web-based or heavily Web-dependent businesses.
So reliability, stability and performance are watchwords for corporate IT. One factor critical to the fulfilment of these needs is the availability of compatible applications. More and more heavy-duty commercial applications are coming to market for Linux. For example, almost all the major Unix database vendors, from Oracle Corp. to InterBase Software Corp., have announced DBMS versions for Linux. But it will take some time for these products to work their way into the corporate setting, and even Linux enthusiasts are hesitant to move certain core business systems to freeware. Schlumberger, for example, runs Linux for some file, Web and e-mail servers, but the operating system hasn't yet achieved the "mindshare" at Schlumberger that would get it used for larger applications such as enterprise resource planning (ERP), says David Sims, technical director in the company's SugarLand, Texas, office. "It's too early to be thinking that way; you have to crawl before you walk and run." Still, Schlumberger is the type of highly decentralized corporation that freeware is so good at infiltrating. A $US 12 billion diversified manufacturing and services company, Schlumberger operates sites in more than 100 countries, each typically with its own workgroup servers run by local, highly autonomous personnel. How autonomous? "We have operations in both Iran and Iraq, and when Iraq was invaded, the people there didn't even call headquarters, they just dealt with it," says Sims. That independence gives technical people like Sims the opportunity to bring in Linux as they discover it. As Linux proves its mettle for more industrial-strength applications, Schlumberger and other early adopters will have the advantage of having developed in-house expertise.
In regard to reliability, the open nature of the source code may sound a bit frightening to the average CIO. After all, who wants developers writing custom code and recompiling the entire operating system every time performance needs a tweak? However, practitioners say open source is a boon, not a bane, for IS.
"For us, it's an advantage," says Brian Robertson, chief technical officer for PlanetAll in Cambridge, Mass. PlanetAll, purchased last year by Amazon.com Inc., provides online contact management and scheduling. For example, a university alumni foundation or other organisation can use PlanetAll's Web site to track members for fund-raising purposes and to apprise them of upcoming activities. PlanetAll produces several hundred thousand customised electronic mail messages per day for its registered users, and it selected a freeware program called Qmail running on Linux as its e-mail platform because of the software's efficient handling of high message volumes. The company is also evaluating a switch to Apache for its Web servers. Having the source code means that when PlanetAll wants to add new features to its site, the development team can compile them directly into the Web server instead of writing separate applications - a major performance boost, according to Robertson.
Whatever other attractions freeware may hold, free is still the operative part of the word for many IS organisations. Dan Davidson, a senior information systems engineer for San Diego-based high-tech research and engineering company Science Applications International Corp. (SAIC), provides information management support through a contract with the U.S. Army at Fort Huachuca in southern Arizona. Linux first found its way onto the base as the server for a data collection application that had been running on a $US 93,000 AIX system from IBM Corp. Looking for a cost-effective alternative to an expensive upgrade, Davidson's group replaced the entire server with a dual Intel Corp. processor system running Linux for just over $US 10,000. Impressed, another development group on the base built a 100-processor test bed using Linux on cheap PC clones instead of the originally planned Microsoft NT or commercial Unix systems, with an estimated savings of over $US 3 million. They say money can't buy happiness, but the Linux users at Fort Huachuca seem pretty darn chipper about their decision. "The government folks like the Linux box better because the tools are friendlier than what they had been using, and it's been easier to maintain than the IBM machine," says Davidson.
Similarly, fiscal considerations helped inspire San Diego-based Cisco's creation of a companywide, Linux-based print system. Cisco Senior Vice President of IS and CIO Pete Solvik's goal was to create a system with no directly attached printers anywhere in the company. Instead, all printers would be attached to the networks and shared by almost all users, with a Web-based front end for easy control so that, for example, a user can direct output from any computer or server to any Cisco printer in the world. Solvik's crew first looked at commercially available print architectures but didn't find one with the necessary flexibility. Building their own solution became appealing when they looked at the potential savings from using inexpensive Intel-based servers running Linux. The stability of the custom solution has proven acceptable, Solvik says. "Like the early implementation of any IT project, it went through growing pains," but the application has been working solidly for about two years now, he says. He also notes that problems have been fixed with alterations to Cisco's custom coding, not to the operating system itself.
Another potential downside to the free nature of open source code lies in the area of security. Source code that is widely available on the Internet can presumably be poked and probed for weaknesses by hackers of malicious intent.
In fact, some express concern that the collaborative development process could allow said hacker types to program back doors and access methods into the code.
However, users say Linux and Apache are bulletproof. "Everyone was concerned about just downloading software off the Net; the Army engineers were a little leery of what we had done, so they assigned a team of security analysts to test it," says SAIC's Davidson. After his group set up proper security controls on Linux, it not only passed the test, he says, it outrated all the commercial operating systems for security.
External security is one issue, but CIOs might think twice about the old "disgruntled employee" scenario if the operating system itself can be tampered with, recompiled or otherwise butchered. However, Cisco's Solvik says that's a misunderstanding of the whole issue of internal security. According to him, security is better handled by policies and procedures than by hoping to make hackerproof code. "There are going to be ample opportunities [for insiders to wreak havoc] if you don't have the proper process to implement changes. You manage that through appropriate supervision and processes and being able to respond quickly in the event something happens," he says. In that respect, open source software provides no more significant risk than commercial software or home-grown applications. "It's maybe 5 per cent different but not significantly different," Solvik says.
So the word is that in terms of reliability and security, freeware is at least as viable as the shrink-wrapped stuff. Life with freeware differs most significantly from commercial software, users say, in the area of service and support.
Database vendor Sybase Inc. uses Sendmail to pass messages from its internal Lotus Notes e-mail system to the Internet. Sendmail is very efficient, according to Jim Lin, postmaster for Sybase in Emeryville, Calif., but "our VP has stated we don't want to use unsupported software." The company has been using Sendmail for a long time, but as Sybase has grown, its receptiveness to freeware has decreased. William Peterson, a research manager at Framingham, Mass.-based market researcher International Data Corp. (a CIO Communications Inc. sister company), calls this "the throttle factor." That is, if something breaks, CIOs want someone they can call to fix it - or to strangle if whatever's wrong can't be fixed in an acceptable time frame.
This is where vendors such as Red Hat Software Inc., Caldera Systems Inc. and SuSE Inc. come in.These and other companies offer their own versions of Linux with the option of service and support packages customarily associated with commercial software. As corporate demand for Linux grows, these small companies are hastily ramping up their technical resources. "We recognise as a company that we have to develop a whole set of skills to enable the corporate world to rely on Linux," says Bob Young, chairman and CEO of Red Hat in Research Triangle Park, N.C. Red Hat recently increased its facility space by 500 per cent in order to expand its 24/7 enterprise support department. Red Hat and companies like it depend on third-party contractors to provide onsite service if necessary. Support options range from $US 1,000 per server per year up to $US 60,000 per year for enterprise support packages. "The corporate attitude is that they don't want to track newsgroups [to solve technical problems]; the bulk of the industry simply wants to buy solutions, and so we're scaling up," Young says. Caldera and SuSE are other Linux vendors with similar support initiatives.
The year-old company Sendmail Inc., based in Emeryville, Calif., and founded by the original author of the freeware product, recently began offering the same types of service for Sendmail users, although the pricing for its Sendmail Pro product (roughly $US 1,300 for a single processor, unlimited user license) is out of whack with the freeware model - Red Hat's shrink-wrapped version of Linux, in contrast, costs about $US 50. Nevertheless, the emergence of a commercial vendor has made it possible for Sybase's Lin to continue to use Sendmail and enjoy the benefits of its collective development community even though his CIO has officially discouraged the use of freeware.
While the open source vendors get their support departments up to snuff, it is possible to do without. For all the talk that CIOs do not want to troll through Internet newsgroups to solve technical problems, the companies that do so say it's faster and more effective than most commercial technical support. "Linux doesn't break that often, but when it does and the problem isn't solved by a reboot, our developers can either go into the source code and fix it themselves or go out and interact with other Linux developers through various [Web] sites," says PlanetAll's Robertson. "In 100 per cent of cases where we have asked for developer help, somebody has run into the problem before." SAIC's Davidson and his group were sceptical of the effectiveness of using newsgroups for technical support, so before implementing Linux they posted test questions in various places to check the depth of technical expertise available online and the speed with which they could find answers. "You can get virtually any question answered within four hours," Davidson reports.
To make the community support model work in big-company IS, though, CIOs should plan on funding, encouraging or even creating the local open source support group. "You need to be prepared to become the kingpin of a group of other major users of the software," says Stanley Klein, a consultant based in Rockville, Md. "[The organisation is] going to have to become more knowledgeable in order to use that kind of support." That is exactly the route that both Schlumberger and Cisco have taken.
Schlumberger's Sims says a company bulletin board for Linux support connects about 100 people from 62 different company sites to share tips and insights.
Cisco, meanwhile, hosts meetings of the Silicon Valley Linux Users Group at its corporate digs. Solvik also notes the need to ensure that cross-training happens within his organisation so that it is not overly dependent on a limited number of technical gurus who know how to interact with the open source community. Cisco runs Red Hat's version of Linux but does not rely on Red Hat for support. "I think when you're going to implement open source software for a mission-critical application in a big company, you have to go through a process of determining that you have the resources to support it yourself," says Solvik.
Indeed, Solvik has gone a step further than simply using freeware: In the spirit of open source he has made the code for the company's print architecture publicly available, effectively giving something back to the community that develops Linux. After all, he says, that's the whole idea behind freeware.
Senior Writer Derek Slater can be reached at firstname.lastname@example.org.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.