Reality IT: Quelling The Boss' Open-Source Fears

The ACME VP of operations, Huge Bange, returned from a conference where one of the sessions was on the dangers of open-source software. Huge asked our CIO, Steve Fox, if we use open source in our network. Steve assured Huge that we use very little or none (translation: he didn't know).

It's not uncommon for a company exec to get spooked by a particular technology and then run to ask Steve about it. It's also not uncommon for Steve to not know what to say. His next step, typically, is to ask me. We've got open-source software all over the place, and Steve had approved each instance of it, but I didn't want to remind him of that fact without some backup. I told him we would meet later with Dirk Packett, our network manager, and Bucky Rogers, our IT security manager, to discuss it.

Hidden Open Source

Open-source software has crept into our network over time at ACME. I expect it has in your network, too. We usually turn to open source for special situations. For instance, Bucky's crew runs Snort, an open-source IDS. Dirk uses open-source software for redundant SMTP, DHCP, DNS and FTP servers; an antispam application; a time server; and a list server. Dirk and Bucky use several open-source network monitoring and analysis tools. We also have myriad network appliances, all running some form of an open-source OS. Each implementation has been coordinated and approved by Bucky and Dirk through our IT processes for new system approvals.

Our use of open source started from the bottom up, rather than top down, when a network engineer wanted to bring it into the network. We first deployed it on older, unused PCs. As time passed, we realized we needed more reliable hardware, so we moved to small but robust rackmounted servers, mostly single-CPU.We had settled on FreeBSD as our open-source OS, but a few months ago we started investigating Sun's Solaris x86 as an alternative to conventional hardcore versions. We had explored this and other commercial options, such Red Hat Linux and Novell Linux, because you can get support and solid builds. We've also found more staff on hand who are experienced with these products.

Open-Source Openings

When Dirk, Bucky and I met with Steve, we explained exactly where we were using open-source software in our network and why. Executives tend to be particularly apprehensive about open-source software. One is a perceived lack of accountability with open source--that is, there's no one to call when a problem arises. With commercial software, execs assume you call the vendor right away. In my experience, though, IT wonks try to solve the problem themselves, regardless of whether the problem is with open-source or commercial software. If they can't do it alone, they turn to their compatriots on tech forums, e-mail lists and on the Web before they admit defeat and call the vendor.

Executives also worry about the security of open source. The fact that anyone can examine source code to find flaws makes some people feel naked. But open-source advocates rightly point to the alarming number of flaws and holes that have been identified in commercial OSs.

We addressed Steve's concerns by emphasizing that open-source software provides inexpensive redundancy for critical services such as SMTP, DNS and DHCP (as well as other purposes where practical). Bucky explained that many open-source applications match or exceed the capabilities of commercial security, network-monitoring and analysis systems. He also noted that many commercial systems are based on open-source applications. Dirk added that we were investigating open-source OSs backed by a support structure we could turn to as needed.I won't go so far as to say CIO Steve was converted into an open-source advocate, but at least he's been reassured that we're already "soaking in it." And the next time a VP quizzes Steve about the use of open source at ACME, Steve will have a few good answers at his fingertips.

Hunter Metatek is an enterprise IT director with 15 years' experience in network engineering and management. The events chronicled in this column are based in fact--only the names are fiction. Write to the author at [email protected].