O'Reilly Network    

 Published on The O'Reilly Network (http://www.oreillynet.com/)

The Missing Open Source Projects, from an Enterprise POV

by Tim O'Reilly
Jul. 11, 2003

Finally this morning, I had a chance to sit and enjoy some of the talks. And as I settled in to the last session but one, I thought I would do my bit to contribute to the conference blogosphere by taking notes on Robert Lefkowitz (r0ml)'s talk on "The Missing Open Source Projects". Robert works on Wall Street (though he's not speaking for his employers). R0ml gave us some real insight into why proprietary software companies aren't going to go away for a long time, and just how much investment goes into software in the enterprise space. What's more, he emphasized just how many of the dollars go into operations, not software per se, and how the opportunity is for software to help manage some of those operations costs, and other business needs.

For each of seven application areas, r0ml tried to characterize the problem and make it vivid for open source developers. He started, though, with a big picture view. (Much of what follows is a transcription of his comments or slides, but some of it is my summary, and I don't have clear differentiation between the two. Please excuse any errors. And as r0ml accelerated the pace, the notes get sketchier. Hopefully, we'll eventually get the slides themselves up online.)

Enterprise Applications are characterized by many people, many computers, and many years (more than 10,000 people/machines, and more than 10 years). What's more, all the people and the computers need to be interchangeable.

He then talked about the top ten software vendors, and showed the kinds of business areas.

Then he went on to what he believes are the top six projects that are missing from an enterprise point of view. He actually listed seven, saying that two of them were only half-value (but he didn't say which ones.) He's not going to talk about things like an Exchange replacement, since he just recently saw Opengroupware.org

1. Distributed cron

What if I had 80,000 jobs running on 10,000 computers? Cross platform, with dependencies, and it's was somebody's job to contact someone else if something went wrong. In financial services, if jobs don't run, or run twice, money gets lost, and occasionally, people go to jail.

What people use now: Computer Associates Autosys. But google and you'll find others.

Here's what you have to be able to do: Keep a database of job state and run information in a single database. Commit to manageing all the batch jobs for a dozen open source porjects, schools and non-profits, and any conference attendees who agree. Including any non-Linux machines. If people object because of security, you have to fix that too.

Grid is starting to look at problems in this space. But they haven't started to look at the problem of who gets sued if you get it wrong.

This isn't just about writing code, it's about managing the process.

2. Asset Management

What if I had 3000 different software products running on 50,000 computers, with hundreds of paid data sources used by thousands of people? And support models based on number of users/number of installations/number of uses? And there are financial penalties for getting it wrong.

Audit requirements give financial and legal exposure. Inability to track right now drives companies to sign "enterprise deals, which create long-term lock in.

An effective open source asset management tool would help highlight how much money could be saved by using open source software. Software is currently about 15% of the corporate IT budget.

What goes into asset management: tracking (agents running everywhere); authorization workflow, including auto-authorization; asset redistribution. "Knowing what yu use and how is always a better idea than ignorance."

Google "asset tracking" to see who does this now. Tivoli, Asset Insight, others.

At this point, r0ml told a long story about the first time someone threatened to sue him and his company for many millions of dollars for automating a formerly manual process, thereby allowing users to switch what licensed data screens they were looking at. Automation can cut costs significantly, but vendors are often opposed to it. Open source could potentially help.

3. Single Sign-on

The average person needs many passwords to get their job doen. And many are required to change every 30-90 days. And they all have different policies around allowed values. This is so bad in a corporate setting that he never even tries to remember passwords, but starts right in with the "I forgot my password link" and just types in something random for the new password.

More than 50% of the calls to help desks are for password resets.

Merrill Lynch now spends 2 billion a year on IT. 20% of that is user support, and if half of that is password resets, are they really spending $200 million a year?

The missing project is to modify every database, browswer , email client, so that it uses LDAP and other open standards... (I lost the end of the thread here as r0ml accelerated the pace.)

4. Messaging

Why isn't email the answer for reliable messaging? In the interests of time, r0ml skipped over this one...

5. Change Management

Deciding what to change. Tracking who changed what. Making the change. Backing out the change. Keeping track of current state.

There are between 200 and 300 tracked changes a day. There is one change-related outage every day, with a 99.5% success rate for changes. And change-related outages are a large expense.

This can be as small as puliing out a cable at the wrong time to move a piece of equipment. In a financial services context, this can cost a lot of money.

Tokyo sys admins have it worst, since they are the start of the world trading day. It's like facing the tsunami every Monday morning, as they deal with the problems caused by changes in New York on the preceding Friday.

Some vendor products: Rational Merant, visible Razor. Change management is not just a software package, though, but a methodology and a process. Microsofts MSF/MOF, SEI's CMM.

He described a book on software change management process that starts with buying a spiral bound notebook, how to label it, what to put in it. A whole process around operating a spiral bound notebook in order to build software!

In the open source world, there's a lot of folklore, but there's no how-to on process.

To make this concrete in an OSS context: What would it take to rev Debian stable on a weekly basis? How can I tie a CVS check-in to a bug report. Both ways. If I undo an upgrade, I need to automatically notify the maintainer responsible. I have to undo across multiple hosts.

6. Relationship Management

Keep track of your customers. This generates increased satisfaction and lowers sales costs.

What percentage of bug ruports to open source projects are submitted by employees of financial services firms? Which industries have the highest patch submission to running copies ratio. How are you going to write software that is useful for people if you don't know if or how they're using your features? Like BitKeeper, should your software automatically collect data about how people are using it?

Ideas from Doc Searls: Markets are not just about money (free as in ride), or about ideas (visible or transparent source helps), but about relationships.

Don't throw the software over the (fire)wall -- demand a relationship.

Companies spend more on marketing than on development because the relationships are more important than the code.

7. Source Terminator

It's easier to combine proprietary software than open source software. "In the proprietary world, we're always mushing stuff together because the big fish eat the little fish."

In open source, we should aspire to create definitive literature for particular problem domains.

There is some movement in this direction: parrot, oscom, mysql and SAPdb are all doing some combining of ideas and code from other projects.

In conclusion, if they want to get into the enterprise, open source developers need to think about operations, the financial business case, help desk automation, methodology, customer focus, and marketing. All the things that businesses think about. There's a lot of opportunity here, and a lot of money.

Tim O'Reilly is the founder and CEO of O'Reilly Media, Inc., thought by many to be the best computer book publisher in the world. In addition to Foo Camps ("Friends of O'Reilly" Camps, which gave rise to the "un-conference" movement), O'Reilly Media also hosts conferences on technology topics, including the Web 2.0 Summit, the Web 2.0 Expo, the O'Reilly Open Source Convention, the Gov 2.0 Summit, and the Gov 2.0 Expo. Tim's blog, the O'Reilly Radar, "watches the alpha geeks" to determine emerging technology trends, and serves as a platform for advocacy about issues of importance to the technical community. Tim's long-term vision for his company is to change the world by spreading the knowledge of innovators. In addition to O'Reilly Media, Tim is a founder of Safari Books Online, a pioneering subscription service for accessing books online, and O'Reilly AlphaTech Ventures, an early-stage venture firm.

oreillynet.com Copyright © 2006 O'Reilly Media, Inc.