Why open source needs SAM

One of the main goals of a Software Asset Management (SAM) team should be to find the right software for their users to fulfill their role and add value to the business – at the best price possible. With tight budget constraints, organizations may increasingly look at seemingly ‘free’ software in order to reduce costs.

One of the main goals of a Software Asset Management (SAM) team should be to find the right software for their users to fulfil their role and add value to the business – at the best price possible. With tight budget constraints, organizations may increasingly look at seemingly ‘free’ software in order to reduce costs.

Open Source software can be a very compelling option: free and updated by thousands of people around the world? Sounds perfect! However, from a licensing point of view, there is a lot more to Open Source software than just downloading and distributing it to as many users as you want.

The Open Source model is far more complex than you may think and is often far from ‘free’ in commercial use. In this blog, I’m going to explore Open Source and why SAM managers still need to be on top of software licensing.

OPEN-SOURCE v FREEWARE

When talking about free software, there is often some confusion between ‘freeware’ and ‘Open Source’. Let’s start by taking a look at the definitions of both:

‘Freeware’ = software that is free of charge. It is important to remember that even Freeware comes with a full library of Terms & Conditions that you must adhere to. It may also be the case that the license is free for non-commercial use only, and that you actually need a license if you want to use the software within your organization.

‘Open Source’ = denoting software for which the original source code is made freely available and may be redistributed and modified.

Open Source rules are as follows:

In summary, Open Source software can be used, modified and shared by absolutely anyone as the software’s design and coding is publically available.

THE OPEN SOURCE MODEL

The Open Source model is so useful and popular that you can be sure that you have some form of Open Source software on the machine that you are using to read this blog. There are two really interesting elements to Open Source: the software and the source code. The source code is what makes up all software, it is the DNA if you will. The software containing Open Source can and is used in commercial software, as well as Freeware. This is where the confusion often arises.

With the Open Source model, programmers are legally allowed to modify the source code to improve to modify the software to fit their individual or organization requirements. They can add features or even fix things that they felt didn’t work previously. This is something you cannot do with proprietary software – such as Microsoft Outlook or Autodesk’s AutoCAD.

 

Image removed.
 

Figure 1: End User License Agreement for Autodesk products specifying that you must not modify any part of Autodesk products

So, that is what the license agreement for a piece of proprietary software looks like. Open Source software also has a license agreement, but it looks a lot different. I’ll use Apache Open Office as our prime example of a successful Open Source application. They have built a successful word processing application based on Open Source coding – with Apache stating that they have over 750 contributors looking at improving and changing their source code. Their Apache License Agreement 2.0 looks a bit different to the Autodesk one;

Image removed.
  Figure 2: License Agreement for Apache Open Office (Apache License Agreement 2.0).

While some Open Source license agreements state that you do not need to share any modifications to the source code with anyone, others state that any changes must be shared with the developers and/or the community. If you are looking to use Open Source software or codes, then you need to be 100% sure that you understand the license agreement and terms set out by the initial vendor or developer to ensure you do not breach any license agreement.

VENDORS SUCCESS WITH OPEN SOURCE

Software vendors use Open Source coding and software to great effect. We’ve already mentioned Apache Open Source which has been downloaded more than 160 million times as of November 2015. Open Office is hugely popular – a fact that has been helped by the promise that the software is and will remain free. Other vendors use Open Source software and coding, and then incorporate that into software that then comes with a monetary cost.

Independent Software Vendors (ISVs) use open source coding in the software that they then go on and sell, and create a different license model. Original Equipment Manufacturer (OEM) software also often contains Open Source frameworks. Remember when I said you can be sure you have Open Source on your machine?

I’m going to use our partner, Red Hat, as a prime example of how a vendor has created a successful software business in the world of Open Source.

Red Hat use Open Source for a number of reasons, with one of them being that they believe it is far more secure than proprietary as there is a large online community that constantly looks at updating the source codes to ensure features are working correctly and the software is as secure as possible. Red Hat offer a number of paid for subscriptions and services – which is where it makes money and has become successful. For example, the Red Had Enterprise Linux (RHEL) agreement is a paid for subscription whereby customers get the latest releases of their software in advance of the general public.

This is an attractive option for organization as it ensures it is using the latest version which has the latest feature patches and security updates. As an end-user, I’d want to be on the latest version – it may just give me a competitive advantage over my competitors!

Red Hat also offer a paid-for support service. Red Hat will support you with old server software (for example) that suddenly has a bug or an issue with one of its features. It will then use their internal experts to fix the bug for you – meaning you are relying less on the Open Source community.

WHEN OPEN SOURCE COSTS MONEY

Using Red Hat as an example again, there are instances when Open Source can cost you money. For example – if you are using a ‘free’ Linux derivate such as CentOS or Oracle Linux and you download a patch or fix created by Red Hat, you may end up being non-compliant and have to pay for certain licenses or agreements. You need to have a support and maintenance agreement with Red Hat in order to use their patches or fixes for open source software like those we have mentioned.

There’s another scenario that you need to be aware of. If you have 100 Linux servers, and you update just one of those with a piece of software created by Red Hat themselves (a paid-for service), then you need to purchase a support and maintenance agreement for all 100 servers. Without understanding Open Source and how it works, you could end creating a compliance risk across your datacenters without ever knowing it.

Personally, as I see it, a key risk for an organization lies in the disconnect between the datacenter administrators for the Linux UNIX platforms and the software sub-management who may deploy Open Source software into the datacenter, unaware this may have licensing implications.

I urge you to open the lines of communication with your datacenter administrators to ensure that you, the SAM team, understand what changes are being made and what impact this may have on licensing. You cannot just ignore Open Source platforms or software because they are ‘free’ – they can quickly become a financial and compliance risk.

YOU NEED CONTROL & VISIBILITY

Fortunately, Snow’s Software Recognition Service does not get distracted by the lure of ‘free’ software. The Software Recognition Service detects whether or not a piece of software requires a license – regardless of whether the product is developed with an open source or a proprietary development model. With Snow License Manager and Software Recognition Service working together, they bring transparency to the Open Source environment, and bring the “unknown unknowns” into the open.

I started this blog by saying how we all love something that is ‘free’, but would we love it as much if it was ‘free with strings attached’? Open Source can be used to your advantage and can be free for the duration of its lifecycle within your organization – you just need to ensure you manage and monitor usage correctly so you are aware of how it is being used to ensure you do not end up spending unnecessarily on licenses.

In order to identify your open source software, you need a reliable source of data. SCCM seems to a popular choice – even if you didn’t chose it yourself! Use SCCM and Snow Software products to paint a complete picture of your software estate. We have a whitepaper entitled Why SCCM and Snow Creates Successful SAM’ which explains the benefits of using both technologies together.

 
Figure 1 Source: http://static-dc.autodesk.net/content/dam/autodesk/www/Company/docs/pdf/legal-notices-&-trademarks/autocad-2011-eula-english-all_other_countries.pdf
Figure 2 Source: http://www.apache.org/licenses/LICENSE-2.0.html