Open Source Software (OSS) and Software as a Service (SaaS) can work
together in a variety of ways to help you deliver a successful solution.
Whether you are trying to avoid vendor lock-in, lower your costs, use
higher-quality software or take advantage of the significant innovation
going on in OSS, using it can help. However, given that there are over
600,000 OSS projects, 100+ billion lines of code and over 10 million
person years of developer work on OSS projects, selecting the right
project and using it successfully in your SaaS solution is not
necessarily a simple undertaking. Selecting OSS for a SaaS solution has
some similarities to selecting OSS for inclusion in your licensed
software product, but there are also some significant differences.
The opportunities to use OSS include using it as the primary basis of
your solution, important components of your solution, as tools for
support or as part of the infrastructure. In fact, it is not usual to
use OSS in a combination of these uses. Beyond support and support
subscriptions, SaaS is considered to be one of the more common ways for
OSS vendors to generate revenue.
Several SaaS businesses are based on offering OSS as a service.
Acquia, for example, has based its business on Drupal and providing
Drupal as a service. SugarCRM is another example, providing a SaaS
version of its CRM solution. Amazon provides MapReduce as a service
running on hosted Hadoop as one of its many services. Other
opportunities exist to select OSS projects and use them as the basis for
your service. Ideally, to base your business on an OSS project it is
important to have significant internal knowledge or be part of the
original project since this participation in the community is an
important part of how you will compete and innovate.
Ways to use OSS as part of a solution
There are many ways to use OSS as part of your solution. Databases,
report writers, graphic tools and video tools are all good examples. The
type of OSS software that is appropriate in your solution is very
dependent on the solution itself. In some cases the use may be a
significant part of the solution and in other cases it will just be
ancillary functionality.
OSS tools have long been used for a variety of support tasks
including Nagios for monitoring, Chef for configuration management and
deployment, Subversion for version control and Bugzilla for bug
tracking; these are just a few examples. In fact, there is an OSS
solution for almost any management, technical or administrative function
required to operate a SaaS business with the exception of some
financial functions.
Using OSS as part of the infrastructure has been done from the
beginning of the SaaS business model and is as basic as using Linux for
the operating system, Apache as a web server and JBoss as an application
server. With the increased use of platform as a service as the
development environment for SaaS, OSS projects such as Openshift and
Cloud Foundry will likely become popular especially since they provide
for a lot of flexibility in the deployment environment. Cloud
infrastructure OSS stacks such as OpenStack and CloudStack also likely
will become more popular and can be used by SaaS providers either as
infrastructure as a service or as a private cloud
In all of these cases, the selection of OSS software is the most
important task and has strategic implications for your business.
Selecting the right OSS project can help make your business be more
successful, reduce costs over the long term, and help introduce new
innovative services quickly. The following five requirements are
important to successful OSS selection and, properly selected, can add
substantial value to your business. Given the importance of proper
selection, it is important to have a defined selection process that
provides the right level of formality and rigor for your business.
1. OSS functionality
As a top priority you need to understand the functionality that you
require both now and in the future. In some cases OSS solutions may not
cover future requirements and you’ll need to predict whether they will
in the future. When thinking about functionality, you also need to think
about the contributions to functionality that you plan to contribute to
the project in the future. Assessing the functionality is similar to
any other software selection and a typical requirements assessment is
appropriate.
2. Total cost of ownership
Although OSS software does not have an initial license cost, most of
the items of total cost of software ownership still apply. In some
cases, there are, and you will want to use, external organizations for
support. Understanding the availability of this support and the support
costs is important, especially when using multiple copies of the
software. There are also other internal support and operational costs
that may be different among different OSS solutions such as hardware
costs and availability of knowledgeable support staff.
3. License type
Although most of the difficult software intellectual property issues
do not exist when you deliver the software as a service as opposed to a
license, you still need to understand the license types of the OSS
software you plan to use and the legal implications. There are some
license types that have distribution implications for SaaS businesses.
This is important enough that it makes sense to consult an attorney
familiar with OSS and your business to understand the various license
types and any issues or restrictions for you.
4. Future direction
The biggest question is how popular and successful the OSS project
will be in the future, which can be difficult to judge. This will have a
direct effect on your ability to hire developers and support staff that
understand the project, will affect the availability of new features
and will affect the amount of time you need to contribute to the
project. In the case where you base your business on the OSS project,
this will have a direct effect on the size and viability of your
business. Likewise, your business, depending on the size, may have an
impact on the growth of the project. The smaller your business is and
the less you can contribute to the overall community, the more important
it is to understand the future direction since your ability to
influence the community will be more limited.
To understand the future you need to understand several things about
the current project size and community. Ohloh.net, a free service
provided by Black Duck Software, can provide basic information about
projects in one location including how many people are using the project
(those who have registered their use with Ohloh), the estimated amount
of money spent developing the software, number of people in the
community, number of people contributing to the project, and frequency
of “releases.” Taken altogether, this type of information can give you a
good idea of where the project is now and its current maturity level.
The above information is more factually based. Some of the softer
items that you need to investigate include how the project is governed,
the general enthusiasm and strength of the community, the software
quality, the future market need and the importance of security to the
community. The security assessment should be focused on whether your
security needs match the needs of the community and, if not, the
implications to your own contributions to the project. For example, if
you are in the business of providing a service that requires PCI
compliance, you probably don’t want to use an OSS component that is
typically used in an environment where security is much less important.
In some cases for popular projects, the future is pretty clear; but
for newer or less popular projects, it is important to try to understand
the future. It can clearly affect the viability and cost of delivering
your service.
5. Security
The ongoing management of OSS software used in your SaaS solution is
not a lot different than other software except that you will need to be
more proactive on certain aspects including security. In addition to the
question of the community’s commitment to security, it is important to
monitor the security status of the OSS software you use. Security-based
updates may come out regularly from the community, and you need to have a
process to watch for these updates and make appropriate update
decisions.
Implied in the above is the requirement that you know all the OSS
projects and components you use in delivering your service and where
they exist and how they are used. This will allow you to make timely
security updates. Some method of auditing or verifying that the OSS
projects you think you are using are the only ones in use. Having a
selection and governance process doesn’t mean that somehow a project
can’t get into your code or infrastructure that you aren’t aware of.
There are commercially available scanning solutions to audit and verify
the OSS software in use. Depending on the size of your organization and
the risk you put on using unknown OSS solutions, a regular scanning
program may make sense.
Another example of security requirements include whether you will
need or want to do security scans on all of the software you develop and
use. In the case of OSS software used you’ll need to know whether
others in the community scan the software and whether this is sufficient
for you or whether you want to scan the OSS software yourself. You will
also need to decide if you want to report and wait for fixes to
security problems or whether you want to fix them yourself.
As you can see, the selection of OSS software, especially where it is
a significant part of the service you deliver, is a strategic business
and technical decision. The likelihood of success can be increased
substantially by focusing on these five areas prior to choosing the OSS
projects you use. This will increase your chances of being able to
capitalize on the benefits of OSS software in your SaaS solution.
Comments
Post a Comment