Broaden Options, With Caution

 
 
By eWeek Editors  |  Posted 2002-07-08
 
 
 

Broaden Options, With Caution


We at eWeek Labs believe that the exploration of open source should be broadened but with caution. For example, while open-source options in the Web server and server operating system space are pretty safe bets, emerging ERP and CRM options should be approached warily, if at all, right now. Following, eWeek Labs analysts weigh the cost, functionality and comfort level of traditional applications against open-source options. A chart puts it all in perspective.

Development Tools


Development Tools

There are three overlapping definitions of "open-source tool." The simplest refers to tools that are themselves open source, whether targeted at open or proprietary platforms. Waba (at www.superwaba.com), for example, is an open-source tool with a Java-like language that targets Palm OS and Windows CE devices (see www-106.ibm.com/developerworks/wireless/library/wi-tip13.html).

The Tigris project (www.tigris.org) seeks to harness the collaborative spirit of open-source efforts to create improved software engineering tools, in the hope of elevating the overall state of the art, irrespective of the eventual target platform.

Other open-source tools are those that are offered, whether freely or as commercial products, for use in building open-source projects—with libraries and other resources that can be freely disclosed along with developer- written code. Borland Software Corp.s Kylix, for example, comes in a freely distributed Open Edition, which is a fully open-source tool with GNU GPL (General Public License)-distributable libraries (see www.borland.com/kylix).

"Any source code that goes into an application, we believe, must have at least the option of going open source," said Michael Swindell, Borlands rapid application development tool director, in a recent conversation with eWeek Labs. "Thats why all the Kylix libraries are built for a dual path."

Kylix uses only Borlands object-Pascal Delphi language but will add C++ later this summer with the release of Kylix 3. It will have to compete with KDevelop (www.kdevelop.org), a GNU GPL C/C++ environment already running on Linux under K Desktop Environment and also on Windows and Mac OS X.

Finally, a commercial tool set may be offered in a version that builds proprietary applications for an open-source platform, combining the low deployment cost of open-source nodes (such as point-of-sale or customer kiosk terminals) with high-end database access and other enterprise-oriented facilities. Kylix, in its Professional and Enterprise editions, enjoys high popularity in this category as well.

"The troubles of [Microsoft Corp.s Internet Information Services] have been a major boon" for enterprise development on open-source platforms, said Swindell—not gleefully but without apology for taking advantage of the resulting opportunities. Borlands Web services development aids in Kylix, for services hosted on Apache, have been well-received.

The company has also benefited from upfront design for portability from Windows-hosted Delphi development. In one case, said Simon Thornhill, vice president of Borland, based in Scotts Valley, Calif., a consultant estimated a one-week effort to port a Delphi project from Windows to Linux, but the actual time was 2 hours.

Many use "open source" as the generic term for "Linux," but the open-source Darwin (at developer.apple.com/darwin) operating system is the core of Apple Computer Inc.s Mac OS X; a streaming media server is another major open-source project using Apples Mach-based technology. Apples licensing terms have been controversial (see www.opensource.apple.com/apsl), and development teams should fully understand the interactions between the tools they adopt and the licensing options they want to retain. —Peter Coffee

Databases


Databases

The two main open-source database choices, MySQL and PostgreSQL, have large user communities, rich online resources, commercial support options, proven track records and established development teams.

MySQL is the less sophisticated of the two, since it still lacks several important SQL features: subselects, views, referential integrity (foreign keys), stored procedures and triggers.

However, MySQL is very fast, as benchmark results published in eWeek Labs server database special report showed (see www.eweek.com/links), and fully supports transactions and SQL isolation levels. Its speed means that it excels as a database cache or as a database for interactive jobs such as Web page generation. MySQL also runs well on Windows and Unix systems.

MySQL ABs upcoming MySQL Control Center administration tool (see screen) provides stronger database management features.

PostgreSQL has nearly complete SQL-92 language support, including all the major SQL features MySQL lacks.

It also has stored procedure support (including triggers) in a number of languages, as well as advanced design features such as inheritance in database designs, indexes on function results, and geometric functions and indexes that are useful with geospatial data.

While PostgreSQL has Windows client software available, the server is difficult to set up on Windows because it requires Red Hat Inc.s Cygwin Unix emulation libraries for Windows. Therefore, most PostgreSQL installations run on Unix operating systems. Red Hats Red Hat Database is the main commercial version of PostgreSQL.

Firebird (based on Borlands InterBase 6.0) and SAP AGs SAP are both new entrants in the open-source world, although both have established commercial histories.

These are sophisticated products offering complete SQL support, transactions, stored procedures and triggers. However, they havent established open-source developer or user communities, and online support resources are limited.

After releasing InterBase 6.0 code, Borland backed away from its open-source plans. The current InterBase, Version 6.5, is not an open-source product, so Firebird and InterBase are now diverging products.

All these products are primarily focused on delivering core SQL database features and are not competitive with the big commercial players in several important areas: online analytical processing, data warehousing, data mining, clustering for performance, XML storage and query, Enterprise JavaBean support, plug-ins for a wide variety of specialty data types, distributed transactions, and external data gateways.

Graphical administration tools are available but simple in scope and not competitive with the comprehensive configuration, control, monitoring and tuning features found in the large commercial offerings. Management costs are higher among these database products as a result. —Timothy Dyck

Enterprise Software


Enterprise Software

In the ERP (enterprise resource planning) and CRM (customer relationship management) space, options are few and far between. One option that stands out is ComPiere Inc.s Compiere, a combined ERP and CRM package aimed at small and midsize organizations.

Compiere has multilanguage and multicurrency features; supports different styles of accounting, taxation and costing; has both Windows and HTML clients (see screen); and provides integrated data analysis capabilities. The company offers a variety of fee-based support options.

Emryn International and Aastha Inc.s Value is another ERP effort (see sourceforge.net/projects/value). The software hasnt shipped yet, but beta releases are available.

Two shipping open-source accounting packages for businesses are Nola (which started shipping in October 2001) and SQL-Ledger Accounting (which is 2 years old this month).

Aware of the general lack of open-source enterprise software, the Free Software Foundation is developing its own GNU Enterprise suite. The projects goal is to provide open-source, multilingual and multicurrency financials, budget management, e-commerce, human resources, project management, research and development, supply chain, manufacturing, sales, and business intelligence software. Its nothing if not ambitious!

The project is in its early stages. On June 3, the GNU Enterprise team released updated versions of its forms builder and forms run-time. (Unix and Windows applications can be generated by the forms package.) The first 0.0.1 releases of the report generator and application server were included in that release.

All existing components are in alpha (or earlier) development states; the packaged applications dont have implementations.

GNU Enterprise includes a shipping project management, time tracking and call tracking application called Double Choco Latte (see screen) that isnt integrated into the overall application framework; it is a separate effort that merged with GNU Enterprise in March. —Timothy Dyck

Enterprise Directory


Enterprise Directory

Open-source packages have gained significant critical mass and influence in the enterprise directory and DNS space.

As LDAPs star has risen (particularly when Novell Inc. and Microsoft dropped their original directories in favor of LDAP-based approaches), so has the usefulness of OpenLDAP. The package is an open-source LDAP server based on original University of Michigan LDAP server code. (LDAP was invented there.)

OpenLDAP supports LDAP Version 3 (the current version), has strong security and access control features, and offers master/slave replication for fault-tolerant deployment. (Multimaster replication is working, but the feature is still described as experimental; commercial LDAP servers such as Sun Microsystems Inc.s Sun Open Net Environment Directory Server are ahead of OpenLDAP in this respect.)

OpenLDAP also doesnt include graphical administration tools, although many third-party options have been developed.

For example, Manuel Amadors Directory Administrator (see screen) hides LDAP internals to present a user administration interface similar to Windows 2000 or Novell directory management tools. Its included with a number of Linux distributions.

Also popular is a lower-level tool, GQ (see screen), which includes schema editing features in addition to the normal directory content editing capabilities.

In a similar trend, virtually all organizations now rely on DNS (Domain Name System) servers for host address resolution, and the open-source BIND (Berkeley Internet Name Domain) is the authoritative DNS server implementation. The full-featured BIND 9.2 is eminently qualified to be deployed as an organizations primary DNS server. —Timothy Dyck

Web Development


Web Development

For companies wondering whether open source is a good fit in their Web infrastructure, there is no doubt. Open-source applications are the core of many companies Web applications. Chances are, if your company isnt already using a good deal of open source in its Web architecture, a good many of your competitors and business partners are.

In many ways, Apache is a poster child for open source. Apache is the most-used Web server on the Internet and is well-respected for its flexibility, scalability and (despite the recent discovery of a security hole) excellent security record. Apache is also the default Web server in most Linux and Unix systems, including Mac OS X.

While Apache gets the lions share of the attention, there are many other open-source Web servers. These include Roxen Internet Softwares Roxen, Red Hat Inc.s Red Hat Content Accelerator, Itamax Corp.s Xitami and the World Wide Web Consortiums Jigsaw.

On the Web development side, there is a similar amount of options and a similar success story, in this case Larry Walls Perl. Perl actually predates the Web and was built to be a highly portable language ideal for many simple tasks. Developers found it handy for scripting pages and handling tasks such as database access. Despite many challengers, Perl is still heavily used on the Web today.

The list of other open-source development languages and scripting languages for building Web applications is too long to list in entirety. Among the many options in this area are PHP, Python, Tcl and Pike.

Web application development doesnt stop on the language side. Some of the most popular application servers are also open source. These include Tomcat and Jboss on the Java server side and the Python-based Zope application server. —Jim Rapoza

Security Tools


Security Tools

In many ways, security tools can be considered open sources greatest stealth operative. Companies that dont think they use any open source at all are often surprised to find how much of their security infrastructure is based on open-source technology. In fact, there is a good chance that the commercial security applications and services they are using make very heavy use of open-source security tools.

Open-source security tools span a wide area, from traditional network management tools such as the Nmap port scanner, to vulnerability scanners that were originally treated as hacker tools by many, such as the original SATAN (Security Administrators Tool for Analyzing Networks) scanner, now called SARA (Security Auditors Research Assistant).

Simply listing all the open-source security tools out there would probably take up twice as much space as this article allows. Thats because most security researchers and companies often release tools such as scanners and auditors as open source. However, a quick glance through most of the categories shows that when it comes to security and open source, there is no choice—companies will have to base some of their security infrastructure on open source.

When it comes to finding out whats happening on your network, traditional Unix tools such as Tcpdump have been basics for administrators for a long time. Since these tools dont tend to look specifically for hostile traffic, there is also a whole set of open-source tools that look for intruders on a network. Probably the best known and most widely used of these is the Snort intrusion detection system.

For businesses looking for potential problems in their own systems, there are many audit and scanning tools available in the open-source community. Tools such as Nmap let administrators know which ports are running on their systems. More advanced tools such as SARA and Nessus will scan for known vulnerabilities and security holes.

Advanced security administrators can take advantage of a potentially dangerous set of open-source tools that can give them many of the same capabilities of a hacker, making advanced testing of security infrastructures possible. Tools such as Nemesis make it possible to simulate many forms of attacks through packet injection and creation.

When it comes to protection, there are a wide number of applications that let users encrypt and secure systems, from secure session tools such as OpenSSH to firewall management tools such as Firewalk. Our favorite tool in this area is the anti-worm application LaBrea. —Jim Rapoza

Network and Systems Management


Network and Systems Management

Network and systems management mind share is dominated by proprietary systems including Computer Associates International Inc.s Unicenter, Hewlett-Packard Co.s OpenView and IBMs Tivoli.

However, these behemoths all but send written invitations to network managers to investigate open-source alternatives because of their high initial price, their recurring consultant and maintenance costs, and the frequent finding that parts of the proprietary systems end up as "shelfware."

Enter the open-source contenders—products such as OpenNMS, from a group of the same name at opennms.org; Nagios (previously called NetSaint), from Ethan Galstad at nagios.org; and Jim Trockis Mon service monitoring daemon.

eWeek Labs used NetSaint to monitor the eWeek eXcellence Awards systems and network. We also have used OpenNMS in our lab. Weve found that both products provide the alerts, performance information and simple diagnostics that weve seen in the proprietary network management tools and that they have more than enough horsepower to get the job done.

One of the biggest hurdles for these open-source options is scalability, but both OpenNMS and Nagios are working to address it.

For example, Nagios has support for redundant and distributed monitoring servers, allowing enterprise users to get information from remote offices that have less-than-reliable connections. OpenNMS has an active developers forum that recently debated techniques for monitoring 10,000 devices. Although this number may represent only a fraction of the total number of devices in a large enterprise, it is a step in the right direction.

With the obviously favorable acquisition costs and increasing availability of open-source consultants, open-source management tools are worth consideration by large IT shops. —Cameron Sturdevant

Collaboration


Collaboration

Collaboration and messaging is a very volatile field, producing new technology that is being adopted at furious rates.

One of the hottest messaging areas is instant messaging, and open source is very important here. IT managers should definitely be following the Jabber project, a set of XML-based protocols for real-time messaging and presence notification. Another interesting open-source IM system is Gale (www.gale.org), which is looking to add security to IM using OpenSSL.

Using gateways, Jabber users can communicate with IM users on AOL Instant Messenger, ICQ, The Microsoft Network Instant Messenger and Yahoo Messenger networks.

Unfortunately, because vendors such as America Online Inc. are protective of their IM networks, interoperability will always be a concern (at least until an IM standard is published and all parties adhere to it).

In future releases, we expect that advance collaboration features such as whiteboarding will be added to these open-source systems, making them more competitive with collaboration tools such as IBMs Lotus Software divisions Sametime Real-Time collaboration software.

Another open-source collaboration project that IT managers should keep an eye on is the Sun Microsystems Inc.-backed Project Jxta, which defines a protocol set that will allow the creation of advanced peer-to-peer applications.

Jxtas protocols cover important procedures such as peer discovery, memberships and end point routing. Using Jxta, users will be able to collaborate, find resources and communicate securely over public networks using a wide variety of hardware, from cell phones to servers. —Henry Baltazar

Storage


Storage

The last thing a company wants to do after spending years developing a killer storage box is to tell their competitors how they did it. Open source is a software-only phenomenon, while good hardware gets patented when possible to preserve value.

Beyond the proprietary hardware level, however, open-source technologies are being used to provide added functionality and manageability to appliance solutions.

During the last few years, open-source software has opened the storage appliance world to non-Windows-based alternatives, and eWeek Labs expects this to continue.

The biggest benefit of open source in the storage arena is that the availability of source code gives hardware vendors the flexibility to take unnecessary elements out of the operating system and build key market differentiating capabilities on top of it.

A second major benefit is the lack of license fees associated with open-source components such as the Samba file sharing suite, which provides capabilities comparable to the Windows Appliance Kit without forcing server and client licenses on customers.

Network-attached storage systems based on Linux and BSD operating systems, as well as the Samba file sharing suite, are obvious examples of open source used by storage vendors, but they do not represent the absolute potential of open source in the storage market.

Storage vendors such as FalconStor Inc. and Dot Hill Systems Corp., for example, have built advanced storage virtualization features on top of the Linux kernel to create storage appliances that carve up storage area network resources.

We expect to see more storage management appliances flooding the market, and we will be very surprised if many of them didnt rely on open-source software. —Henry Baltazar

Operating Systems


Operating Systems

When open source is mentioned, the first thing that typically comes to mind is Linux and other open-source operating systems that have spread like wildfire throughout many organizations.

With the backing of industry powerhouses such as IBM and Oracle Corp., Linux has become a legitimate operating system choice for many enterprises.

While not entirely open source, Apples OS X operating system is built off of a FreeBSD kernel and relies on open-source components such as Samba. OS X has raised the bar on ease of use for the rest of the open-source operating system group. For Linux and BSD to spread to the user class, desktop environments such as K Desktop Environment and GNU Network Object Model Environment will have to continue to improve their ease of use and feature breadth.

But the biggest obstacle facing open-source operating systems is the relative dearth of application support. Windows is still the dominant desktop operating system, and ISVs will have to be encouraged to port their Windows-based software to open-source operating systems.

We expect Linux to continue to expand its boundaries all the way from personal digital assistants and cell phones to legacy mainframes and high-performance computing clusters. —Henry Baltazar

Client


-Side Software">

Client-Side Software

Client-side open-source applications offer many benefits to enterprises countenancing their adoption. Its certainly possible to outfit a mainstream corporate desktop with a complete set of open-source productivity, messaging, Internet and multimedia applications—all at a cost significantly smaller than with closed-source software equivalents.

However, software licenses arent the only cost associated with running client applications in an enterprise, and depending on the open-source application under investigation, various hassles and limitations can render "free" software as dear to deploy as the closed-source competition.

In addition to software licensing savings, open-source client applications often enjoy a wider range of platform and internationalization support than do their closed-source counterparts. The open-source productivity suite OpenOffice.org ships with support for Windows, Linux, Mac OS and Solaris, and the open-source Mozilla Web browser supports these and quite a few other platforms. Whats more, both Mozilla and OpenOffice.org present users with a common interface across these platforms.

Source code for open-source applications is freely available, enabling companies to customize applications for their needs and to take advantage of the customizations and extensions that others have developed. Also, open file formats (such as OpenOffice.orgs XML-based format) can insulate companies from technology lock-in—a definite plus for sites that standardize on either of these products.

Of course, this brings up one of these products major liabilities: More than 90 percent of businesses have already standardized on Microsofts Office and Internet Explorer. In eWeek Labs tests, OpenOffice.org mostly met the challenge of interoperating with Office files, but its up to enterprise management to mandate the use of common-subset file formats—eschewing the use of esoteric Office features—or tolerate a continued Microsoft advantage.

The same goes for Mozilla, which boasts excellent standards support but faces daily compatibility hurdles in a Web increasingly optimized for Internet Explorer and ActiveX.

Likewise, when it comes to messaging, open-source e-mail applications such as Evolution and Slypheed deliver a solid user experience but lack native support for Microsoft Exchange and Lotus Domino mail protocols which power most corporate messaging solutions.

CodeWeavers Inc.s Crossover Office and Crossover Plugin products (both of which are based on the open-source Windows compatibility software called Wine) offer work-arounds for running Microsoft Outlook, Lotus Notes and a variety of Windows-only Internet plug-ins on Unix-based systems, but these products behave unpredictably at times and lack the reliability of a native solution.

Beyond compatibility limitations, open-source applications typically offer only a subset of the functionality of rival closed-source products. Mozilla is probably the only client-side, open-source application weve tested that meets and, at times, exceeds the polish and functionality of its closed-source counterpart.

For example, GIMP, the GNU Image Manipulation Program, is a very good image manipulation application, but it does not match the feature set of Adobe Systems Inc.s Photoshop. However, more is not always better—or at least enough better—to justify cost differences on the order of hundreds of dollars per seat. —Jason Brooks

Handheld Solutions


Handheld Solutions

Due to its advantages in multiple- architecture support, development flexibility and free software licensing, open source should have a bright future in enterprise handheld computing. However, itll be tough for open source to take off in this area until more handheld device vendors embrace it.

Although open-source operating systems such as Linux and NetBSD can run on a wider range of architectures and devices than anything from market leaders PalmSource Inc. or Microsoft, the open-source handheld is still primarily the province of hobbyists and researchers.

Right now, the only major exception to this rule—beyond a crop of rumored or prototype-only devices—is the Zaurus SL-5500 handheld from Sharp Electronics Corp. Our tests of the Zaurus confirmed that Linux has what it takes to power a handheld device as well as any proprietary operating system can, but open source faces other significant hurdles on its path to enterprise acceptance.

After all, the operating system a computer runs matters much less to users than the applications they can use with these systems—be they mobile devices or mainstream desktops. Developers of handheld software in general—and of enterprise handheld software in particular—chase the biggest installed bases first. This means that when it comes time to build a new handheld complement to a CRM or enterprise messaging product, Palm OS, Pocket PC and Research In Motion Ltd. devices all stand in line for scarce development resources before anything running Linux is considered for support.

However, RIMs move to J2ME (Java 2 Micro Edition) as the platform for its BlackBerry 5810, coupled with the recent boost in J2ME-enabled mobile phones, could go a long way toward helping open-source-based handheld devices ride the promise of write once, run everywhere to a respectable position in the enterprise market. —Jason Brooks

Rocket Fuel