There’s little doubt. Whether you like it or not, open source software is hot, and getting hotter. It is more than just Linux, although most know the paradigm by that proxy. There are databases, office applications, and other enterprise software to be had.

While open source software is software that can be used free of charge without paying any user licences, it is actually more than that, as users are free to make modifications to the software code to suit specific purposes. In short, it gives users greater control over the software versus proprietary software from vendor companies.

However, the knock is that while Linux is free, there is no such thing as a free lunch. You still have to pay for support, implemented solutions, and these may or may not be cheaper than traditional alternatives.
To talk about the all these issues and more, CIO Asia, in association with Red Hat Asia Pacific Pte Ltd, recently organised a roundtable in Kuala Lumpur, Malaysia, and got together with the nation’s leading CIOs to talk open source.

At the table were: Gerald Wee, Executive Editor, CIO Asia (moderator); Shane Owenby, Regional Manager, Asean, Red Hat Asia Pacific; Mohd Hashimi bin Mohd Nawi, Systems Analyst, Attorney General’s Chambers of Malaysia; Fork Kiang Seong, Assistant Vice President, Application Services—IS, Malayan Banking Bhd; Stan Singh, Senior Vice President and Group CIO, MUI dotCom Sdn Bhd; Suresh M Kumar, Senior Manager, Systems, NorthPort (Malaysia) Bhd; Azbir Abu Bakar, Head, IS Department, Padiberas Nasional Bhd; Zulkepli bin Haji Hamid, Vice President, IT Division, Time dotCom Bhd; and David Asirratham, IT Director, Multimedia University.
Here are the highlights of the event’s proceedings.


Singh: Why are we looking at open source? We find that our business cost is increasing and so is the IT cost. So, we are thinking what we can do to drive the IT cost down. Costs have gone through the roof. We had to pay exorbitant fees just for the operating system. This is the subscription fee, not even maintenance.

But we also know that part of the market has matured. Open source is more than just Linux. There is the database, e-mail, and so on. Management needs to be aware what they are getting into with open source, but nevertheless, we are going open source because we know it will drive IT cost down.

I’m saying that open source is the way forward. I tell people in my company, that you make a business decision. As long as I give you what you need for the business to run, don’t worry about the underlying technology deployed. The cost may be MYR100,000 (US$27,294) today, but there is maintenance, upgrades, support. Vendors sometimes want you to upgrade, but you already have millions invested in modifications that support old code, and must be retrofitted to the new version. This is why we are moving away from certain proprietary systems, simply to drive the cost down. It is not so much the cost (upfront discounts) but the total cost of ownership over three years. Hidden costs pop up everywhere.

Open source will help us.

Kumar: We’ve been using it for quite awhile. We moved towards open source as a strategy to deliver new services and technology without costing an arm and leg. Our early early e-commerce strategies were based completely on open source. From Northport’s perspective, we’ve capped IT costs over the last eight years, primarily because we are aggressive in maintenance given to vendors, and in applications where we have issues with vendor support in terms of reliability, we’ve moved some over to open source where we’ve been able to cut down on licensing, but still get services from the vendor.
For example, Oracle had some rigid licensing agreements, so EnterpriseDB gives an opportunity to move some non-core applications there and see whether performance is an issue, and then start moving. So, it is cost savings plus the ability to manage services. We’ve contained costs so well, that when we tried to outsource, we couldn’t do it very much because our cost alone is lower.

Owenby: Our number one key vertical is telcos. Why are they looking at Linux? They are getting squeezed the most on price, but need to get most out of IT. We are all paying less on our bills, yet they have to provide more services—3G, SMS, etc. They are getting the same stability with Linux. Financials is another. The top 10 banks in Wall Street have been running Linux since 2000. Why? Cost savings and performance.

Asirratham: When it comes to servers, the way forward is Linux, that is very clear. Today, 80 percent of our servers are running on Linux. Cost is the main factor. For example, we had Sun Solaris, and annually, we pay about MYR180,000 (US$49,000) just for the maintenance of the operating system. With that, I could easily purchase a whole suite of servers, and that is what we’ve done. We can buy new servers every year, put it on Linux, and get good performance. So, the server side is very clear.

Azbir: Before we went from Microsoft Access to open source, we fought within the department in terms of what benefits are available. Should we do all open source or do Microsoft SQL and .Net? I had to convince a few of the developers to use other open source languages to develop the system. We had consensus. We tried to do something, and then reduce the cost—first time cost as well as maintenance costs over the years. Then, from there, we had a proposal to present to the management.
The bottom line is cost savings. We saved a lot of money, especially in maintenance since new hardware has a three year warranty, and we maintain the software ourselves. We saved around 60 – 70 percent of our IT costs this way.

Singh: Business critical applications cannot afford downtime. I will pay for maintenance because if something happens, I can pick up the phone and call the company, but who do I call with open source? For instance, we were talking about a project, and MySQL came on the table. The question was: “Where is MySQL office in Malaysia?” People had to scramble to find the closest office, so there was a degree of concern. These are some challenges from a commercial perspective that brings about concerns.

Kumar: One of our issues is Microsoft .Net. It seems to be very powerful from our perspective, how to integrate with clients, and our open source Web services is constrained in terms of service provisioning. We are doing some internal review as to whether some current e-services should be moved to a .Net system because it can offer something better to clients. Clients decide, and it is always a business decision.

Owenby: Most people look at RedHat as a Linux company. That is a distorted view. We look to bring open source solutions to the enterprise. Linux is clearly the most successful. We just acquired a company called JBoss for US$350 million. We are trying to solve all enterprise problems with open source software… supported. What we bring to the table is support, addressing issues like where is the local office for so and so? We are bringing that level of reach. JBoss did not have a presence in Asia-Pacific. We have that reach globally, and you will have a supported application server.

Asirratham: In terms of support, it used to be a problem a couple of years back, but today, every hardware vendor says that it is no problem to support Linux.

Kumar: One of things we do is come up with a lot of value added services. If you buy commercial off-the-shelf, one of the things you can’t do easily is customise things specifically for unique customer requirements. Open source gives you the flexibility, and we’ve been leveraging on it as well. When a big shipper wants something specifically for their ERP, we can specifically tune it for it. That gives us a competitive edge over our competitors.

Owenby: Suresh feels that the ability to customise open source is a positive. I’ve gone into organisations where they absolutely do not want their technical people touching the source code. It’s about perspective. If you have a solution on open source, you can fix that yourself. That’s an option. You may not find the qualified people to do it, but at least you have that flexibility. Not proprietary solutions.
Open source is about choice. People want choice. They see that the ability to run on HP, Dell, etc. is better than only on Sparc-Solaris. One of our key verticals, Government, don’t want to be locked into anything. They want choice. Security is also a huge area for governments. So, with open source, you can look at the code, no back doors, and do the assessment.

There is an Open Document Format happening around the world. People got sick of Microsoft owning the document format. You got locked into that for Web services, Exchange requires Active Directory, and all that. You are making decisions now that may limit choice in the future. You don’t have choice if you go down these vendor paths.

When I go to sell, I tell them that if Red Hat is not doing a good job, there is nothing that locks you into us. You can easily move to another distribution. Our job is to provide good support, innovation, to keep giving you value from us. Microsoft, Oracle, old hardware vendors, simply limit your choice.

Owenby: Oracle Database 10g was first released on Enterprise Linux 30 to 90 days before any other platform. Why? Two reasons. If you can decrease the hardware cost, put a supported operating system on top of that, it leaves more money for Oracle. That’s one angle.

Number two angle is that if Oracle needs a feature in an operating system, how can they get that done with Solaris? Larry writes a big cheque to Sun. With Enterprise Linux, he pays his smart engineers to get together with our smart engineers, and get the feature implemented. So, guys running Oracle under Enterprise Linux, will see performance gains because Oracle can work with the operating system without any issues.

This is an example of how open source benefits the world, and how we make our money by providing support on top of that.

In my past couple of years in Asia-Pacific, I’ve had customers say they want to run their Oracle infrastructure on Enterprise Linux. Why? They feel they get better support from Oracle because they are running on the platform Oracle develops on.

Fork: For Maybank, we have a team looking at bank architecture needs in the next three to five years. We have very stringent IT baseline. We are moving out of .Net strategy and focus on Unix. Our business is very sensitive, being in banking. Downtime cost is high if a system is not proven, and gets hacked. Goodwill, image of bank is impacted.

We have worked with a lot of off-the-shelve solutions cannot fulfill our stringent security standards. I am not sure how open source fits in.

Owenby: DES is an open encryption standard. The algorithm is very secure. That is an example of open standards, but has not affected the security, because the algorithm is secure. Another example is the Apache Web server. It runs 60 to 70 percent of Web servers. Just because it is popular and open source doesn’t mean it is insecure… or secure. Same with proprietary. It is how it is actually written. But since it is open source, all of us can do the analysis to see if it is secure or not. With proprietary, none of us can do any analysis until after something has been exploited. The fact that we can see it, we can proactively make it secure.

Kumar: The reason open source works is because of peer review. That also means the peers have to be technically strong to appreciate the code. Many are in the vendor managed environments, not development. These don’t know anything besides performance, and that SLAs (service level agreements) are met.

Zulkepli: I also have the impression that the moment you are in open source, you can do your own modifications. How do you do change management, version control, and updates, when all those are being done by the vendor today. Must you have a very good change management system within the organisation?

Kumar: In any organisation doing software development, you must have policies in place for change and configuration management. If you don’t have that, managing proprietary or open source is the same. The same issues apply with source code. That is something that must be in place to manage versioning. That goes back to IS governance.

Shane: One of my customers has got 5,000 servers. What they do is bring down the updates from Red Hat, automatically, and put in the development group which certifies it with their application, then they move it to the QA group, which certifies the whole solution, and deploy it. Along the way, they may make some changes, they may not. Certain components like the kernel, they take from us. They don’t have kernel programmers, so they pay us to give them the updates. They take the updates, certify the complete stack, and roll it out. If you don’t want to change your source code, we have tools that help you do that. It is very cut-and-dried. We’ve taken the geek out of Linux.
We have a lot of organisations that don’t want to get to that level.

David: There are two issues. One is modifying the source code, the other is using it. There is a community that is involved in modification of code. But most of us want to use the system, so we can lock the source code. Red Hat has a support service which will automatically update your patches. You don’t need to change code unless it is very specialised.

Asirratham: The other issue is migration, especially if you have Oracle database. Oracle Applications is tied very close to the database. So, there is a need to migrate these applications to open source. So, that is a concern as it takes quite awhile to port those applications which are tied to the database.

Azbir: The challenge is to move programmers from the Microsoft environment to the new thing. Doing things in Php and Java will cost us in terms of time. We needed to get ready by a certain time and had to ensure that we could get training and development done.
We started within the data centre, with old machines (Pentium III, and older Pentium 4). After we proved the concept, management gave us budget to buy newer hardware.
We used the maintenance budget to do development. It was a huge budget converted to do development, so we saved in terms of development cost. We utilised whatever we had in the organisation. More money was focused on the hardware, so that we got the performance we wanted. We went from Intel to AMD Opteron 64 processors, and we used Suse Linux since it was supported by our hardware vendor.
We developed a system for purchasing, so we are looking at the padi processing environment. This is quite tough for a small team, so we tried to search around for an open source ERP system, so we embarked on that. We developed a few modules, and we are testing it, and plan to launch it this year.

Owenby: Open source is a journey, not a trip. If you don’t educate your people, they are not going to be competent. The open source projects I know that have failed is because they did not adequately prepare. They didn’t know it, and didn’t get a vendor involved, didn’t train their staff, they were destined for failure. When I sell into an organisation, I target Unix to Linux conversion, because they already have some skill, and understand what security means. The path is much shorter than Windows to Linux.
So, I go in and say they have to invest in people now for deployments they have to do in the coming months. If they are not willing to do that, then I try to find another account, because I don’t want their impression of us to be negative due to their lack of preparation. We have certified training centres in Malaysia, and have staff here. We’ve invested in Malaysia more than we’ve invested in Russia.

Zulkepli: We currently have two groups of people in IT. The application people and the systems people. If you embark on open source, will there be a change in the organisation, so that everybody will have total skill set compared to traditional compartmentalization.

Singh: When you change your house, the structure of the house is different, the lights and switches are different. The biggest problem is discipline. You go and take some of the old furniture with you. Which disciplines need to be taken forward. We are doing it right now. We need to make certain changes to the policy because the implications are different. Changes are both business and IT.

Owenby: There has to be some transition. Humans don’t like massive change. Developers don’t like to come in one day and find they have a Linux development environment. So, you are going to have to put them through some training and a transition period. So, a lot of our revenue comes form the server side. We’ve had success on desktop Linux in very special circumstances. Where two things are controlled: the software stack, and peripherals. We control those two things, and we can provide a fantastic, secure, manageable, cost effective desktop. Normal traditional desktops have random peripherals plugged in, software stack of things. That is not a market we can win in.
It depends on the needs.

Asirratham: We already done with the servers, and now we are looking at cost savings on the client side. We have 20,000 students. Each student costs MYR140 (US$38) in Microsoft licence plus Office which is another MYR200 to MYR300 (US$54 – US$81). Just imagine the amount of savings. We have 6,000 machines on the campus.

Owenby: OpenOffice 2 is now out and has a lot of the work from the community done to make it more acceptable to Excel macros and the things people are used to.

Asirratham: If you know how to use Microsoft Word, you know how to use OpenOffice.

Kumar: If you are only looking at Microsoft Office, then OpenOffice is a good replacement. If you also have a lot of other applications, then it doesn’t work. We also tried VMware, but it became too unwieldy. It is good for the developers, but not end users, so we stopped that approach.

Zulkeplie: So, you can’t migrate everything at one shot. There has to be coexistence. It is process.

Owenby: We are part of a consortium that is about the interoperability between Windows and Linux. Samba does print sharing. Microsoft keeps changing code so it is interoperable. We are chipping away. Going with .Net may limit choice; it may be the business decision to make, but make sure you know going down the road the implications. Open source is not the magic dust, but gives an alternative. I am looking forward to OpenOffice version 3. It will have the features that the community wants.

Azbir: How do you get people to move?

Asirratham: You could reward them with money savings from the licences. The ease of use is a problem. If I’m used to my kitchen to cook, I know where everything is. If you come to my kitchen, you don’t know where everything is, but you will say that my kitchen is unfriendly. The only way is to get them to use it.

Owenby: Make Firefox the default browser, step one. Later on, introduce OpenOffice… Let them see what they are going to be using before you send them for training. Then they will say it is not that different. Then migrate them out of Microsoft Office entirely, then you migrate them to Linux. That last step has the peripheral issues, but it depends on what you are trying to do.

Singh: We use cost to drive change. We say if you want to use something, it will be charged to your department. It works very well.

Singh: Then you come to licence issues, there is some degree of fear. The vendors who are trying to bid for that project will confuse people in the decision making area. For instance, they will tell you it is not really free… if it is free, there are issues. The company may not be around. How will they survive? So, that is a concern to directors of the company, so sustainability in the market is a concern.

Also, most of us are used to the traditional licence approach where you pay for maintenance, you get upgrades, you get this and that. Then the question arises with open source, do you get upgrades to these applications? Because it is free, the source code is given to you, you do what you want. This, to the traditional user is a stumbling block, because they will not appreciate what it really means. So, these are some issues.

Owenby: It is amazing what everyone else accepts as licensing. You pay for product, then you pay for support, then you pay for concurrent access licenses. How do you budget for that? With RedHat, it is an amount of money for a period of time—one year, three years. You know exactly how much it is going to cost. I can’t believe how much time is wasted on tracking down licences and things like that.

Singh: I don’t have to worry about BSA coming down and checking on my licenses.

Owenby: So, when you look at open source, you have to do your own evaluation on what’s important to your organisation. Your applications must be supported, that is critical. There are company’s that support 24 x 7. We have partners who will do level 1 and 2 support, and we do level 3.

So, the ideas and misconceptions of open source may no longer be valid. They may have been valid in 2000 or 2002, but make sure you are evaluating open source on the merits that exist today, not what you’ve understood it to be.