Myths And Realities of Open Source

But is open source ready for such a transition? Understandably cautious organizations are raising questions regarding open source support, security and compatibility with existing systems and infrastructure.

As with all new technologies, it is important with open source to separate the myths from the realities. At BearingPoint we have identified several of the common issues raised regarding open source. Here we offer insight into these concerns and the accompanying realities, which suggest that this promising new approach to enterprise computing is, in fact, ready for deployment in a growing array of situations. In addition, we outline several strategies that firms can pursue to begin tapping the potential of open source.

NEXT: Dispelled -- five open-source myths. MYTH #1: Open source is hype and buzz.
Reality: Open source is here to stay. While not that long ago people scoffed at open source, today large companies are betting millions on it. Microsoft, BEA Systems and IBM are contributing to development of the business process execution language (BPEL), a key open source component. Such participation was previously unheard of from companies that develop and manufacture their own products.

In addition, large-scale application development and deployment using open source products and frameworks, such as JBoss, Struts and log4j has become common in the IT industry. While open source adoption is limited today, we see vendor consolidation and more adoption in the next four to five years.

MYTH #2: Support for open source is not as good as that provided with commercial products.
Reality: Support is available for open source, but in a different paradigm. True, there is no help desk you can call and tell to "get me a patch." At the same time, open source developers and users have access to the sizable universe of open source tools, fixes and add-ons. As a result, firms can be more flexible and quicker to make desired changes in applications, rather than waiting on a vendor that may not have the same priorities regarding the product.

MYTH #3: You have to go open source all the way.
Reality: No. There are multiple levels of open source deployment. A firm can choose to use only certain components of the open source framework -- for example, an application server, a content management system or framework components within the architecture. Initially, as an alternative, you can just migrate to Linux initially. Then, if things work out, you can develop a road map for further open source adoption.

However, companies, irrespective of their size, will not totally survive on open source. The use of packaged products will likely continue, but open source will play an increasing role in their deployment.

MYTH #4: Security is an issue with open source.
Reality: The implementation of enterprisewide security depends on a number of factors. These include network layout, firewalls, security policies, application software, operating system, Web servers, encryption, and authentication and authorization mechanisms.

Open source applications that offer alternatives to commercial software primarily implement the same functionality as packaged products. Also, unlike commercial products, open source products are constantly scrutinized by a team of developers, which makes building malicious back doors into the software difficult.

Open source is increasingly being used in areas that are normally most vulnerable to security hack-ins, notably Web servers and operating systems. Apache, an open source implementation, is a widely used Web server. In the operating system space, Linux has established itself as a significant player and a practical alternative for some deployments.

In summary, protecting your technology assets when using open source is no different from what is required with commercial packaged software. You need to perform the necessary due diligence to ensure that the product you select is robust and has a good track record. Today a number of companies run firewalls and Web servers on Linux.

MYTH #5: Large-scale open source implementations are limited to Linux.
Reality: This is not true. The IT industry widely views Linux as the shining beacon of open source because it is the best known and most commonly adopted product. But the open source landscape has widened considerably in the last few years with a series of products that span a broad technology spectrum. These include operating systems (Linux), Web servers (Apache), application servers (JBoss), databases (MySQL), scripting languages (PHP: Hypertext Preprocessor), application frameworks (Struts), and many more.

It's important to view open source not as a product to be implemented, but as a dynamic resource pool that addresses a wide variety of enterprise technology needs. Open source is supported in large part by a set of dedicated technologists who have invested considerable time in building these resources, taking great pride in their creations. This provides the additional advantage of much faster turnaround times for bug fixes and product enhancements.

NEXT: Strategies for leveraging open source.

Several approaches are available to financial organizations wanting to test the viability of open source for their organizations:

• Replatforming Legacy Applications: In some cases, companies want to move from mainframe-based technologies to more modern platforms such as the Java 2 Platform, Enterprise Edition (J2EE) and the Microsoft .NET Framework. To do this, they are considering application servers such as BEA WebLogic Server, IBM WebSphere, Oracle Application Server or the .NET platform. However, licensing fees for these products multiply quickly as servers or CPUs are added to support applications built on them. As an alternative, an application server solution such as JBoss offers a robust, scalable open source option for small- and middle-market companies.
• In pursuing open source opportunities, it is important first to analyze existing legacy applications and determine which ones should be migrated to a framework based on open source and which should not. Then, decide which open source components to leverage for application migration and where in the architecture stack they would fit. Several large financial institutions are moving existing mainframe and other legacy applications to contemporary platforms such as J2EE.
• Customizing Open Source Applications: Some fairly mature, out-of-the-box open source applications like SugarCRM, openCRX and Compiere are now available and ready for implementation. These packages implement a fairly robust customer relationship management (CRM) functionality that can meet the needs of small- and middle-market companies. Because these applications are open source and fall under the GNU General Public License, which applies to the Free Software Foundation's software and to any other program whose authors commit to using it, developers must provide access to the entire source code. This enables considerably more application customization compared with proprietary packaged products, which are limited based on the package implementation. This constraint has frequently required organizations to change their business process to fall in line with the application proprietary implementation.
• Further, proprietary CRM and enterprise resource planning (ERP) applications can be expensive and complex to implement. In contrast, open source packaged products exist that implement CRM and ERP functionality using industry-standard development tools like J2EE. The source code for these is well written and constantly upgraded, and a large cadre of developers understand the architecture and the underlying technology used to implement these products. These developers can provide firms, particularly middle-market and smaller organizations, with support in customizing open source packages such as Compiere or openCRX to meet their specific needs.
• Leveraging the Open Source Framework: Numerous open source packages and component frameworks can be plugged into various parts of an architecture. Struts is a Model View, Controller-based front-end presentation layer framework. Associated frameworks such as Tiles and Validator allow effective management of the user interface. Back-end frameworks such as Apache Axis provide a framework based on Web services, eliminating the need to use a commercial application server like WebLogic or WebSphere as a Web services platform.
• The Spring Framework is another example of a robust open source application framework that offers an alternative to the heavyweight application servers. In addition, a number of open source utility frameworks, which provide a wide variety of features such as database connection pooling, standard tag libraries and application logging, are widely used for implementing applications.
• An important first step in leveraging the open source framework is identifying open source components that can be used at various layers of the application architecture. Open source frameworks are being used in financial institutions for deployments such as mortgage-servicing applications and credit risk management solutions.
• Migrating to Linux: Clearly, among the strategies for open source deployment, Linux migration has gained the greatest industry traction to date. Linux developers have created a robust, low-cost, extremely stable alternative.
• Firms considering Linux deployment can benefit from an independent assessment of which applications should be ported to the platform. Obtaining an agnostic view of which Linux version to use, as well as whether to deploy blade servers, mainframes or PCs, can help organizations avoid pitfalls and make the most effective, economical choices.
• Conclusion: Open Source Has Arrived
  With increasing speed, open source is evolving from a toy for techies into an industrial-strength, cost-effective foundation for enterprise-critical operations. Ongoing technology development and expanding adoption among organizations of various sizes and types portend continued growth in the viability and popularity of open source as a vital enterprise tool.
• Sajay Sethunath is chief architect for BearingPoint's Financial Services business unit. He is responsible for architecting a broad range of consulting assignments, with a primary focus on systems integration projects that address a number of financial services-related verticals, such as Lending and Leasing, Retail Banking, Credit Risk Management and Capital Markets. Sajay leads the architecture team for BearingPoint's Financial Services Systems Integration practice.
• Punit Kaishap is a senior consultant with BearingPoint. Punit has played an active role in defining software architecture, implementing software development methodologies and using open source technologies in financial services organizations.