Trusting Open Source for Production...

DustinB3403

So I just had a thought, which is simply when do you trust open source (freeware, community "edition") anything with any portion of your disaster recovery plan in IT(or business in general). For example, I am currently running several VM's at work on a solution that is 100% built on "community edition" software.

Now yes, the base software (Xen Server) is built* and backed Citrix and Community, which is fully open source now. As well is NAUBackup (the current solution I use to create full VM exports weekly). I'm comfortable with this, but when did I (you) become comfortable with it, and why?

When did it become acceptable to trust software that I (you) can't sue someone over if it fails?

Why must we purchase software (or more specifically support for a software solution) when the very same solution is offered for free, as any rational being, I would have to say that giving up something for something offered completely free of charge seems...... insane. I'd take my chances with the free, unsupported option.

I can carry my grocery bags to the car just fine, but if an employee offered to carry them for me at no charge, I'm almost certain I'd take that offer.

If you wanted to give me $100 for the holidays, why would I refuse? Much like the same, why would any business refuse the benefits of free software. Free to develop.Free to F*** ones company over with software. (for less of a better expression). Or specifically choose to pay someone else to manage it / configure it and what have you.

Why must a business or person pay money for support, if support is offered willingly by wonderful communities of people free of charge, when software is developed and improved free of charge, when issues can be troubleshot free of charge? Albeit potentially with a delay.

But on the other hand, there is a very small promise of support in a timely manner. The norm 24x7x4 as warranty terms go, but still, is 4 hours reasonable compared to free (live with it attitude). A 4 hour delay might very well cripple a small company in the worst cases and at the bear minimum inconvenience a large one.

Even with "promises of a timely response" a business might get a response of "Assigned to support engineer 5" and still not hear back from SE5.

Since open source solutions are as capable as they are, why does any business pay for software, when the open source and free to use solutions are often as capable if not as good the paid versions. (lets exclude ESXi because, well come on...)

Sure the entire part of having someone to yell at when things go belly up might be comforting, but the "support team" is no more at fault for the issue(s) you're experiencing as the dog who took a dump in your yard is for having to take a dump. They are simply there at the time.

Does having someone to scream at or make the case seem that much more critical really improve your odds of recovering any more quickly? I'd have to say no, sure it entitles you to an expert for a set amount of time, or number of issues, but that expert likely will think you / your company are a bunch of ____________ (put something in). Now this expert would very unlikely lead you into more trouble unless they really wanted to cause harm, but that aside of community support I've asked for, I've never once been purposefully misguided. Or lead to cause more damage to a system.

Which brings me back to my original question if you effectually could speak to the same experts in an open forum versus a phone call (or even in put) in either case you'd try to be kind, to the point, and express the issue as quickly as possible to find the issue. So why pay for closed source software (or software with support attached, which often is what you're actually paying for). I'd have to correlate it to Insurance, you want it in case something happens, but seldom use it, or seldom get it's value.

Yes the whole "You can't possibly know everything, or every possible configuration, or this will likely suit your needs the best". But again, if you can get the same things for free why pay for it? Strictly speaking in legal terms (US legal for simplicity, I'm not condoning theft etc.)

I'm looking forward to seeing your responses.

PS maybe it's just the wine talking...

scottalanmiller

@DustinB3403 said:

When did it become acceptable to trust software that I (you) can't sue someone over if it fails?

When profits were valued over internal politics and finger pointing. Being "able" to sue someone is one of those business illusions. Either you actually can't do it because most commercial software has legal indemnification leaving you out on your own if things fail or you pay such a high premium that you've lost the suit before you even start using the software.

The idea that commercial software or having someone to blame is more important than actually having results and having your business protected is really only something that the SMB worries about. In the enterprise space yes, support is a big deal, but the idea that you are going to go around suing and/or blaming vendors for things not working doesn't fly because at the end of the day, you have to answer to the shareholders about profits and just "having someone to blame for data loss" doesn't cut it.

scottalanmiller

@DustinB3403 said:

Since open source solutions are as capable as they are, why does any business pay for software, when the open source and free to use solutions are often as capable if not as good the paid versions. (lets exclude ESXi because, well come on...)

Enterprises often pay for that free software because they want the support team that goes with it. For example, while CentOS is super popular in the SMB space in the enterprise companies really do opt for the RHEL version. Why? Because they get a level of support that you get nowhere else. Not support like the SMB means, though.

In the SMB space, support generally means "I don't know what I'm doing and I want the vendor to do the IT work for me." It's a weird "passing the buck" kind of support that most of the time just means paying for someone else to do our jobs. It's just another way of hiring an MSP or whatever.

But in the enterprise space the things that are being paid for, generally, are pretty hard core support. Not "I don't know how to configure this" but "we need the kernel to be modified to handle this specific feature. When I worked at the one bank, they paid (an arm and a leg, let me tell you) to be on the veto board for Java. Yeah, they could use Java for free. But they wanted to have the right to veto any Java release before it went public to make sure that versions that didn't meet their needs didn't make it into the wild.

Enterprise support includes access to the developers in additional the immediate response support teams. And those support agreements, with companies like Red Hat, Canonical, Suse, Oracle, etc. generally means responses measured in minutes or real time, not things you wait for someone to get back on.

Long term support response issues are typically associated with the "bundled" support that SMBs try to get. SMBs don't like to pay for support, they like to buy software and feel like support is free. Enterprises typically get their software for free and pay for the support. When you pay for support you get a completely different experience because the vendor has to provide good support or you don't pay. But in the SMB the goal is to convince you to stop calling support because every call costs them money. They want you to stop calling and stop depending on them. The way that different organizations buy support changes how the interaction between them and the vendor works.

scottalanmiller

You know, having been the guy on the other end of the support line for some huge vendors, one of the things that I think customers rarely understand is that the commercial support person that they are calling is very often just a random IT pro who happens to know something about that product. Many times they have no special training. I've worked for some of the biggest vendors and literally had less access to resources than the customers I was supporting did. Customers often feel like the person from the vendor must have been born and raised with the vendor, have unfettered access to the deep corridors and lunch with the CEO every day. But the reality is is that those support people are underpaid, IT pros who got brought in three months ago because they were understaffed and have no more expertise specific to the product than the people in the forums.

This changes when you get to talk to developers rather than support people. When you are interfacing with the people who actually make the products. In that regards, open source projects like Xen Orchestra, HA-Lizard, NodeBB, Snipe-IT, ownCloud, etc. actually blow most commercial products totally out of the water as far as support. You want to know how to fix something? The people who actually make the product come into the forum (this forum, in fact) and help out. Literally no one knows the product better than they do. Go to Microsoft for Windows support and you can't get anything like that. You get someone who can't speak English who doesn't know Windows at all that can't even get you access to people who know how to support it. Even if you have insider connections you often struggle to get basic support.

There is really no comparison on support. And that's before you consider things like "you can fix it yourself." Can't really do that with closed source software. But open source, if you need to you are free to start fixing or modifying things. People act like that is a ridiculous thing to say but companies really do this, all the time. And it provides a level of value that closed source simply can't touch.

Jason

99.5% of our Vertical applications are internally developed.. while not opensource the support is no different. We can't go to anyone else for it. We can't blame anyone else. We actually have less the open source, we can't google solutions and we can't search/ask on forums.

scottalanmiller

@Jason said:

99.5% of our Vertical applications are internally developed.. while not opensource the support is no different. We can't go to anyone else for it. We can't blame anyone else. We actually have less the open source, we can't google solutions and we can't search/ask on forums.

Excellent point. In the enterprise space the idea of working with the source for things and maintaining repositories is second nature. Pretty much every large organization is doing that stuff already.

BRRABill

@scottalanmiller and I were having a similar conversation the other day.

I feel like you are more protected by using a product like Windows, and he is trying to convince me (and mostly doing so) that my thinking is backward on this.

So I will be following this thread with interest.

Jason

You are generally less protected by windows.. Heck if windows has an issue it's closed source so even if you knew how to fix it you couldn't in many cases.

Dashrender

@DustinB3403 said:

I can carry my grocery bags to the car just fine, but if an employee offered to carry them for me at no charge, I'm almost certain I'd take that offer.

But it's not free - the store is paying that employee, and that cost is made up in higher cost of goods to you.

BRRABill

@Jason said:

You are generally less protected by windows.. Heck if windows has an issue it's closed source so even if you knew how to fix it you couldn't in many cases.

I guess my "argument" is that I trust MS more than a community to fix issues.

The whole community thing is what I need to come to grips with, I think.

Jason

@Dashrender said:

@DustinB3403 said:

I can carry my grocery bags to the car just fine, but if an employee offered to carry them for me at no charge, I'm almost certain I'd take that offer.

But it's not free - the store is paying that employee, and that cost is made up in higher cost of goods to you.

Also do you trust the employee to Safely put them in the car like you would too prevent damage? They don't care. and if it's a truly "free" service you have no recourse if something gets damaged.

Jason

@scottalanmiller said:

Enterprise support includes access to the developers in additional the immediate response support teams. And those support agreements, with companies like Red Hat, Canonical, Suse, Oracle, etc. generally means responses measured in minutes or real time, not things you wait for someone to get back on.

Usually they can get to you in 2 min or less if you open a ticket, or near immediate if you call. It isn't cheap though.

Dashrender

@scottalanmiller said:

Long term support response issues are typically associated with the "bundled" support that SMBs try to get. SMBs don't like to pay for support, they like to buy software and feel like support is free. Enterprises typically get their software for free and pay for the support. When you pay for support you get a completely different experience because the vendor has to provide good support or you don't pay. But in the SMB the goal is to convince you to stop calling support because every call costs them money. They want you to stop calling and stop depending on them. The way that different organizations buy support changes how the interaction between them and the vendor works.

Interesting.

Would support be more expensive for SMB if the vendors gave the product away and only charged for support? Of course SMBs probably would rarely be calling upon the vendor to make kernel fixes, etc, they would be asking for break fix support.

But perhaps that's just not really possible, because as you said, SMBs are using this support more for augmented IT because the SMB doesn't know the product and are simply relying on the vendor to support the product (I'll admit I've done that with Cisco before - have them write the config for me when I needed a change).

Dashrender

@Jason said:

@Dashrender said:

@DustinB3403 said:

I can carry my grocery bags to the car just fine, but if an employee offered to carry them for me at no charge, I'm almost certain I'd take that offer.

But it's not free - the store is paying that employee, and that cost is made up in higher cost of goods to you.

Also do you trust the employee to Safely put them in the car like you would too prevent damage? They don't care. and if it's a truly "free" service you have no recourse if something gets damaged.

If that person is a store employee, then I'm sure they would be covered by the store for any damage they cause, though if they put a gallon of milk on top of your bread in your trunk... yeah you'll get nothing for that.

Jason

@Dashrender said:

though if they put a gallon of milk on top of your bread in your trunk... yeah you'll get nothing for that.

That's what I was referring to.

DustinB3403

Thank you for the responses, but still no one besides maybe @scottalanmiller has posted why / when businesses choose Open Source over closed source.

Lets take for example Xen Orchestra, I just yesterday compiled the system in my home lab (running on my Xen Server Hypervisor as a VM)

Now I doubt many people would be willing to implement and use Xen Orchestra in a business environment because well, there is no paid support. It's the community edition.

But why not, the software is simply configured by you, supported by you, and at a substantial saving to you. Why is a solution as heavily adored by many professionals looked down upon because it's the "community edition"?

Jason

@DustinB3403 said:

has posted why / when businesses choose Open Source over closed source.

Closed/Open source is never the determining factor when choosing a solution. You have a business need and you fill that with the best solution that makes business sense. Opensource or closed source doesn't really play into it unless the goal is for customization..

Of course I won't go into that, because it's often better to make your own solution than highly customize a pre-made one.

Dashrender

I think Jason is right.
That's probably the long and the short of it.

Finding a solution that provides what you need. For the SMB, that generally means a complete full product - rare is the situation when and SMB is going to code anything themselves - or outsource to have it done.

Dustin, you also mentioned that SMBs can probably suffer a 4 hour outage but a large company can't? Maybe that's true, maybe it's not. Again depends on the situation.

Jason

@Dashrender said:

Dustin, you also mentioned that SMBs can probably suffer a 4 hour outage but a large company can't? Maybe that's true, maybe it's not. Again depends on the situation.

We had a four hour outage from the DC to All South Carolina and Indiana Locations last week. It was because of a backbone failure. Four hours is a pretty quick repair.. Yes it costs us hundreds of thousands of dollars in lost revenue. But to have the infrastructure to prevent that kind of very rare outage all the time would cost us far more. It's a solely a business decision, not an IT one.

Jason

@Dashrender said:

Finding a solution that provides what you need. For the SMB, that generally means a complete full product - rare is the situation when and SMB is going to code anything themselves - or outsource to have it done.

Outsourcing Application development is probably one of the worse decisions you can make. You get locked into something that will never be updated and no one can really support. If you don't have a in house development team custom applications are not the way to go.