Policy Development Framework for Open Source Software ...
Upcoming SlideShare
Loading in...5
×
 

Policy Development Framework for Open Source Software ...

on

  • 1,142 views

 

Statistics

Views

Total Views
1,142
Views on SlideShare
1,142
Embed Views
0

Actions

Likes
1
Downloads
24
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Oregon's Policy Development Framework for OSS Procurement & Use Ben Berry and Bob Devyldere What’s the difference in Oregon? Why are some government IT leaders successful at building strong, thriving Open Source environments while others struggle to establish Community Source Frameworks for informed policy decision-making? This presentation will highlight the open source decision-making model used by the State of Oregon to examine the state's open source inventory results, OS licensing and procurement acquisition, and inclusion of open source in a comprehensive desktop software evaluation process. Open Source CoP – Bob DeVyldere The State of Oregon is dealing with the legal and procurement analysis for Open Source (OS) software. What actions constitute external “distribution” and “placing value” on OS software are two significant outstanding issues. This presentation outlines the different approaches that could be taken to acquire OS software. Such as: Small Procurement Intermediate Procurement Competitive Sealed Bidding Competitive Sealed Proposals Sole Source Procurement Emergency Procurement Special Procurement We are looking to establish a consistent standard and create a guideline for all agencies to use when acquiring OS software. There needs to be a review of existing policies that have an impact and recommendations made to create a policy. The best practice calls for a license management process by category.
  • IT Procurement and Acquisition & Use alignment is elusive. DUE DILIGENCE On the one hand for IT Procurement, you have organizational policies, legalities and high cycle time. ON-DEMAND PROCESSING On the Acquisition & Use side you have the ability to simply download and use (it’s a click away); fast-track acquisition (on-demand when you want it); and dramatically improved cycle time (the time between when you want the software to the time you actually have it to perform your business need).
  • For Service Excellence, our real goal is to unite the two so that through planned use we can drive IT Procurement and Acquisition/Use alignment. Doing so will aid an organization in achieving strategic objectives by using IT Procurement and Acquisition/Use to support both short and long-term business goals.
  • Developing the right perspective is critical. As organizations, we want to meet our business requirements of staying legal, being process oriented and having license compliance. But also as organizations, we want least cost, competitive processes, dependable solutions, improved efficiencies, and the benefits of community sourcing support. Because when we are successful, the promise is a shared interest in ensuring efficiently acquired, supportable solutions that drive Best-in-Class Service Excellence and Competitive Advantage .
  • So how do we build Communities of Practice and a Culture of Collaboration? The people who were born digital look at the world in a different way than some of us. In fact, online communities are so real, that there’s now a map of them not drawn to scale, of course. But this is an example of how Communities of Practice are now collaborating. Across the world, across countries, across States. And of course, across State government.
  • So, what is a Community of Practice? Etienne Wenger said CoPs are… “Groups of people who share a passion for something that they know how to do, and who interact on a regular basis to learn how to do it better” CoPs should include…… Business Problem/ Opportunity to be solved. Team Charge – what are they commissioned to do? Business Objectives Sponsorship and Stakeholder roles Key benefits and how we will know if we are successful with expected outcomes. Process method to use and the results outcomes.
  • Why put so much energy and resources into an OSS Community of Practice? Oregon is a leader in open source innovation and used as economic driver. New innovative development and sharing of OSS applications as a dominant 21 st Century business force. Principle of OSS is that users are provided source code information systems programs, but are they free to use, share, modify and enhance software products? The goal is widespread interoperability, permissive incorporation into new technologies and new systems, and control over the destiny of the systems employed by users and organizations.
  • 3 characteristics define a CoP: Domain of knowledge which defines a common purpose— Open Source Software Community of people who care about this domain— Multiple State Agencies Shared practice that they are developing to be effective in their domain— Effective Consultation and Analysis GENERAL CHARGE: To strategically engage the state (government) with the Open Source community; To recommend standards, policies and methodologies for open source software evaluation, acquisition and use; To consider open source opportunities for accomplishment of the mission of state government; and To achieve the State’s business objectives in compliance with State of Oregon law and regulation.
  • The reason governments and companies are turning to Open Source is because of the promise of cost reduction software. Improved time-to-market because of the promise of elimination of procurement cycles for if you are not buying, you are not procuring which can take in some cases 3 to 6 months or longer due to the need to do RFPs, and long reviews by purchasing/procurement requirements. Finally, if governments can adopt Community of Sourcing, then you have the promise of a one-to-many sharing. One community of sourcing team can create the software and many organizations can use or benefit from by adopting it.
  • 06/16/10 13:37
  • So what is the State’s open source strategic thinking? It entails INTELLECTUAL PROPERTY RIGHTS, INTENT, COMMERCIAL VALUE, REQUIRED POLICY DEVELOPMENT, AND STATE AUTHORITY. For Intellectual Property, State to acquire, maintain SW as valuable “IP”. Critical component of information del. Strategy. Acquired with applicable law, regulation & policy. For Intent, The State intends to acquire and use OSS as appropriate for projects and enterprise business objectives, while in legal compliance. For Commercial Value, OSS has commercial value and is typically available via acquisition in conjunction with a reciprocal SW license. State applies a Total Cost of Ownership to assess price, i.e., full life cycle cost. For Required Policy Development, Currently no formal policy of OSS acquisition, use & distribution. Intent is to modify current policies to create fair competitive arena for Best Value. For State Authority, State has authority to engage Closed & Open SW. State’s 1-7 sourcing procurement methods apply.
  • Open Source CoP – Bob DeVyldere The State of Oregon is dealing with the legal and procurement analysis for Open Source (OS) software. What actions constitute external “distribution” and “placing value” on OS software are two significant outstanding issues. This presentation outlines the different approaches that could be taken to acquire OS software. Such as: Small Procurement Intermediate Procurement Competitive Sealed Bidding Competitive Sealed Proposals Sole Source Procurement Emergency Procurement Special Procurement We are looking to establish a consistent standard and create a guideline for all agencies to use when acquiring OS software. There needs to be a review of existing policies that have an impact and recommendations made to create a policy. The best practice calls for a license management process by category.
  • Current Acquisition and Use of OSS The typical OSS Distribution Model involves a simple “no-cost” download of software from the Internet; but growing Business-centric OSS Distribution Models include: OSS and Services , i.e., OSS at no initial cost and related Service and Support at cost; OSS Mixed , i.e., OSS with OS code base and Closed Source or Proprietary add-ons; Proprietary OSS , i.e., applications available with a more traditional proprietary license that authorizes users to modify the application without having to redistribute code changes to the public; Integrated OSS , i.e., diverse OSS already integrated into more consumable units; and Hardware and OSS , i.e., Hardware manufacturers using OSS as a foundational component in system operation.
  • Current Acquisition and Use of OSS State OSS Usage. Despite not having a formal, enterprise-level OSS acquisition and use policy, State Government has acquired and uses OSS. Staff OSS Downloads. Over time, the products have appeared through multiple avenues in diverse agencies. The typical acquisition scenario may be a technician’s perceived “no-dollar” cost download of particular OSS ( or Freeware or other procured software with embedded OSS) for some specific operational need. Vendor Bundling OSS. Vendors have also bundled OSS with their closed source solution sets. This is another way the organizations discover they already are using OSS. OSS Perceived Value. OSS has remained because of perceived business or technical value in its use. State Accountability. The State must account for its existing OSS inventory in order to develop effective policies around current and future OSS acquisition and use.
  • Current Acquisition and Use of OSS State’s Risk Management. In reaping OSS benefits value, the State must remove or minimize its risk attendant to random acquisition and use of the software, e.g.: OSS License compliance issues; Inefficient maintenance and support; Inconsistent “buy” decisions; Maverick products that don’t integrate and interoperate within the established architecture and enterprise; Failure to fully realize cost savings; Incomplete or non-existent technical, business and legal review; and Violation of applicable law, regulation and policy.
  • Procurement OSS as Gift? Most staff have likely perceived the typical OSS transaction of a no-cost download as a “free” gift, which does not implicate formal or even informal procurement considerations. License Acceptance. In particular, where the transaction ends with the staff member’s acceptance of an accompanying Software License, this assessment may not be supported by applicable law. Intellectual Property. The OSS constitutes valuable intellectual property. Acceptance of the accompanying license is valuable consideration in exchange for use of the downloaded software.
  • Procurement Exchange Agreement. The parties have each benefited and sacrificed in their mutual agreement to exchange valuable items – the essence of a “contract.” Gift Concept. Moreover, the State’s current law does not recognize the concept of “gift” separately from the concepts of “purchase” or “procurement.” ORS 71.2010(32), ORS 279A.010(u), and ORS 279B.050. Acceptance of Software License. The simple download of OSS in exchange for acceptance of a Software License implicates procurement issues and considerations for resolution.
  • Oregon’s Findings To Date OSS as Viable Solutions. OSS development and distribution provide viable information systems solutions. OSS Maturity. OSS is maturing in its diversity of offerings and technical functionality, and is having a growing impact and increasingly noticeable effect on the Software industry. OSS as Competitive Alternative. Open-Source solutions will increasingly compete with a broad range of Closed-Source products in all markets. OSS is valuable IP, and is increasingly becoming a critical component of information enterprise strategies and infrastructures in local, state, national and global venues – including the State of Oregon.
  • Oregon’s Findings To Date Procurement Event? The acquisition of OSS should likely be regarded as a procurement event. Legality Process. The inherent value in OSS acquisition and use far outweighs the attendant risks; provided OSS is consistently acquired and used in consonance with applicable law, regulation and established policy. Usage. The State should acquire and use OSS as appropriate for specific project and enterprise business objectives; but should do so only in compliance with applicable law, regulation and established policy.
  • Oregon’s Findings To Date Maximize OSS Utility. Development and implementa-tion of formal acquisition and use policies for OSS will maximize the utility of OSS use in all respects, including without limitation: Functionality; Integration; Interoperability; Management of acquisitions through a common efficient process; Efficient management of acquired assets; Ensuring license compliance; and Ensuring compliance with governmental enterprise business objectives and public procurement law.
  • For the Open Desktop Evaluation Model, we discovered there are four layers of hierarchical impact. Infrastructure layer of databases, networks, servers and mainframes. Next is the Desktop Operating Systems be they Windows XP / Vista, Linux (Suse or Redhat), Macintosh OS, Solaris, others. Applications desktop layer for Microsoft Office, Open Office, terminal server emulators, and finally The End User experience.
  • Ask yourself, do we have a culture of collaboration? For collaboration leads to innovation!
  • We can all agree that we want Best-in-class Services, Technologies, Processes and People in support of our Customers. But in conclusion, here are the take aways from our presentation today. Communities of Practice are valid and effective ways of Collaboration that leads to innovation. So using this community source method we examined the Open Source Inventory. Here we discovered that most CIOs don’t know what they have in OSS unless they scan their networked PCs and servers for OSS code. Members of the technical staff can download it with administrative rights and the vendors can bundle open source with their closed source solutions. Most CIO’s can discover their OSS install base by scanning network! OSS software arrives via Technical Staff downloads and Vendor product bundling Customer want IT solutions that are least cost and competitive, but dependable Improve efficiency of business operations via fast-track acquisition practices. Open Source Software Use in Oregon State Government State intends to acquire and use OSS as appropriate for projects and enterprise business objectives Intent is to modify current policies to create fair competitive arena for Best Value For risk management, OSS must be acquired with applicable law, regulation & policy Desktop Evaluation Methodology Start with a Software Evaluation Methodology Include an Open Desktop Evaluation Component Encountered Barriers can influence Decision
  • Thank You!

Policy Development Framework for Open Source Software ... Policy Development Framework for Open Source Software ... Presentation Transcript

  • Oregon's Policy Development Framework for OSS Procurement & Use Bob DeVyldere Oregon Water Resources DepartmentOregon Water Resources Department Chair of Open Source Community of PracticeChair of Open Source Community of Practice Ben Berry Oregon Department of TransportationOregon Department of Transportation Chair, Oregon CIO CouncilChair, Oregon CIO Council 15 October 20072007 Government Open Source Conference Third Annual GOSCON, October 15-16, 2007, Portland, Oregon Collaboration
  • Acquisition & Use IT Procurement and Acquisition / Use Alignment is Elusive IT Procurement Due Diligence • Policy • Legality • High Cycle Time On-Demand Processing • Download and Use • Fast-Track Acquisition • Improved Cycle Time
  • Acquisition & Use Service Excellence Goals is the Driver IT Procurement View slide
  • Developing the Right Perspective is Critical! Acquisition & Use IT Procurement Required • Legality • Process • Compliance Goals • Least Cost • Competitive Processes • Dependable Solutions • Improved Efficiencies • Community Sourcing Support A shared interest in ensuring efficiently acquired, supportable solutions that drive Best-in-Class Service Excellence and Competitive Advantage. View slide
  • Open Source Inventory Results Survey Community Source Framework Value Goal: Enable Best-in- Class Service Delivery State of Oregon Open Source Community of Practice Open Source Licensing and Acquisition Desktop Software Evaluation Leverage State Agencies High Performance Offerings  Software Evaluation Methodology  Open Desktop Evaluation Model  Solving Barriers to Entry  Decision Tree  OSS Instances by Agency  OSS Instances by Category Type  OSS Product Distribution Pattern  Recommendation Development  State’s Strategic Thinking  Procurement Policies  Level Playing Field of Sourcing Method  Risk Management / Mitigation
  • So, how do we build Communities of Practice and a Culture of Collaboration? from http://xkcd.com
  • So, what is a Community of Practice? Business Problem/ Oppty Sponsorship/ Stakeholders Process Method/Out comes Team Charge Key Benefits Business Objectives “Groups of people who share a passion for something that they know how to do, and who interact on a regular basis to learn how to do it better” - Etienne Wenger
  • Why put so much energy and resources into an OSS Community of Practice? Oregon is a leader in open source innovation and uses Open Source Software as economic driver. New innovative development and sharing OSS applications is a dominant 21st Century business force. Principle of OSS is that users are provided source code IT programs, but are they really free to use, share, modify and enhance software products? The goal is widespread interoperability, permissive incorporation into new technologies and new systems, and control over the destiny of the systems employed by users and organizations. 1.1. 2.2. 3.3. 4.4.
  • What is a Community of Practice? Domain Community Practice
  • Shared Vision Open SourceOpen Source In OregonIn Oregon GovernmentGovernment The data gleaned from the participating agencies provides a partial view of information that is indicative of “real” usage of open source software products within State of Oregon agencies. Participating Agencies 52% Non- Participating Agencies 48% Oregon Agencies Use of Open Source Products 16 15
  • Open Source Consideration Cost Reductions Customer wants IT solutions that are least cost and competitive, but dependable. Support performance through sharing of key Open Source community resources. Time-to-Market Community Sourcing Improving the efficiency of business operations through fast-track acquisition practices.
  • Capture & Correlate Event/Exception Integrated Services Composite Events Virtualization Application Services Communication & Collaboration Content Management Process Management Development Environments Enterprise Applications Oregon’s Open Source Software Inventory Project Inventory
  • Start ODOT Open Source Solutions Differentiator Products Maturity Application Servers 3 1763 176 3 13 1 •• PerlPerl •• Jboss Java Server for Adobe and FileNetJboss Java Server for Adobe and FileNet Collaboration •• OpenOfficeOpenOffice •• JavaMailJavaMail API Version 1.2API Version 1.2 DBMS •• MySQLMySQL •• jTDSjTDS JDBC Driver version 1.2JDBC Driver version 1.2 Development Tools •• Apache Axis Web Services Version 1.1 1021Apache Axis Web Services Version 1.1 1021 •• Apache Tomcat Version 4.1Apache Tomcat Version 4.1 •• Apache XML Security Version 1.0.5D2Apache XML Security Version 1.0.5D2 •• BlueJBlueJ •• Castor XML Data binding LibraryCastor XML Data binding Library VerVer 9.5.2/9.5.49.5.2/9.5.4 •• Jakarta Tomcat Connector 1.2.15Jakarta Tomcat Connector 1.2.15 •• Java API forJava API for ServletsServlets Version 2.3.1Version 2.3.1 •• Java Run Time Environment (JRE) 1.4Java Run Time Environment (JRE) 1.4 •• XML Parser required by AxisXML Parser required by Axis VerVer 2.5.0 (2.5.0 (XercesXerces)) •• Eclipse IDE (Java development)Eclipse IDE (Java development) •• GnomeGnome •• Java Development Kit (JDK 1.4.2_07)Java Development Kit (JDK 1.4.2_07) •• jEditjEdit •• PHPPHP •• PythonPython Integration Service •• OpenSTAOpenSTA •• JMagickJMagick Version 5.5.7 Q8 JNI APIVersion 5.5.7 Q8 JNI API Presentation •• FireFox BrowserFireFox Browser •• Paint .NET & GIMP:Paint .NET & GIMP: Image editingImage editing •• ThunderbirdThunderbird Instances 2 22 2 2 12 1 2 72 7 2 12 1 5 15 1 5 795 79 4 14 1 4 24 2 1 341 34 5 15 1 5 15 1 5 4,500+5 4,500+ 5 15 1 5 165 16 4 14 1 5 1815 181 4 34 3 3 63 6 4 4324 432 1 11 1 1 11 1 Operating System •• LinuxLinux 1 681 68 1 971 97 2 22 2 2 12 1 1=Low; 5=High Plus Mainframe Linux PartitionPlus Mainframe Linux Partition ODOT Open Source Solutions Differentiator Products Maturity Application Servers 3 1763 176 3 13 1 •• PerlPerl •• Jboss Java Server for Adobe and FileNetJboss Java Server for Adobe and FileNet Collaboration •• OpenOfficeOpenOffice •• JavaMailJavaMail API Version 1.2API Version 1.2 DBMS •• MySQLMySQL •• jTDSjTDS JDBC Driver version 1.2JDBC Driver version 1.2 Development Tools •• Apache Axis Web Services Version 1.1 1021Apache Axis Web Services Version 1.1 1021 •• Apache Tomcat Version 4.1Apache Tomcat Version 4.1 •• Apache XML Security Version 1.0.5D2Apache XML Security Version 1.0.5D2 •• BlueJBlueJ •• Castor XML Data binding LibraryCastor XML Data binding Library VerVer 9.5.2/9.5.49.5.2/9.5.4 •• Jakarta Tomcat Connector 1.2.15Jakarta Tomcat Connector 1.2.15 •• Java API forJava API for ServletsServlets Version 2.3.1Version 2.3.1 •• Java Run Time Environment (JRE) 1.4Java Run Time Environment (JRE) 1.4 •• XML Parser required by AxisXML Parser required by Axis VerVer 2.5.0 (2.5.0 (XercesXerces)) •• Eclipse IDE (Java development)Eclipse IDE (Java development) •• GnomeGnome •• Java Development Kit (JDK 1.4.2_07)Java Development Kit (JDK 1.4.2_07) •• jEditjEdit •• PHPPHP •• PythonPython Integration Service •• OpenSTAOpenSTA •• JMagickJMagick Version 5.5.7 Q8 JNI APIVersion 5.5.7 Q8 JNI API Presentation •• FireFox BrowserFireFox Browser •• Paint .NET & GIMP:Paint .NET & GIMP: Image editingImage editing •• ThunderbirdThunderbird Instances 2 22 2 2 12 1 2 72 7 2 12 1 5 15 1 5 795 79 4 14 1 4 24 2 1 341 34 5 15 1 5 15 1 5 4,500+5 4,500+ 5 15 1 5 165 16 4 14 1 5 1815 181 4 34 3 3 63 6 4 4324 432 1 11 1 1 11 1 Operating System •• LinuxLinux 1 681 68 1 971 97 2 22 2 2 12 1 1=Low; 5=High Plus Mainframe Linux PartitionPlus Mainframe Linux Partition ODOT Open Source Solutions Differentiator Products Maturity Application Servers 3 1763 176 3 13 1 •• PerlPerl •• Jboss Java Server for Adobe and FileNetJboss Java Server for Adobe and FileNet Collaboration •• OpenOfficeOpenOffice •• JavaMailJavaMail API Version 1.2API Version 1.2 DBMS •• MySQLMySQL •• jTDSjTDS JDBC Driver version 1.2JDBC Driver version 1.2 Development Tools •• Apache Axis Web Services Version 1.1 1021Apache Axis Web Services Version 1.1 1021 •• Apache Tomcat Version 4.1Apache Tomcat Version 4.1 •• Apache XML Security Version 1.0.5D2Apache XML Security Version 1.0.5D2 •• BlueJBlueJ •• Castor XML Data binding LibraryCastor XML Data binding Library VerVer 9.5.2/9.5.49.5.2/9.5.4 •• Jakarta Tomcat Connector 1.2.15Jakarta Tomcat Connector 1.2.15 •• Java API forJava API for ServletsServlets Version 2.3.1Version 2.3.1 •• Java Run Time Environment (JRE) 1.4Java Run Time Environment (JRE) 1.4 •• XML Parser required by AxisXML Parser required by Axis VerVer 2.5.0 (2.5.0 (XercesXerces)) •• Eclipse IDE (Java development)Eclipse IDE (Java development) •• GnomeGnome •• Java Development Kit (JDK 1.4.2_07)Java Development Kit (JDK 1.4.2_07) •• jEditjEdit •• PHPPHP •• PythonPython Integration Service •• OpenSTAOpenSTA •• JMagickJMagick Version 5.5.7 Q8 JNI APIVersion 5.5.7 Q8 JNI API Presentation •• FireFox BrowserFireFox Browser •• Paint .NET & GIMP:Paint .NET & GIMP: Image editingImage editing •• ThunderbirdThunderbird Instances 2 22 2 2 12 1 2 72 7 2 12 1 5 15 1 5 795 79 4 14 1 4 24 2 1 341 34 5 15 1 5 15 1 5 4,500+5 4,500+ 5 15 1 5 165 16 4 14 1 5 1815 181 4 34 3 3 63 6 4 4324 432 1 11 1 1 11 1 Operating System •• LinuxLinux 1 681 68 1 971 97 2 22 2 2 12 1 1=Low; 5=High Plus Mainframe Linux PartitionPlus Mainframe Linux Partition Oregon State Government Open Source Inventory Process Map End Acquire tool or formulate other way of doing inventory Determine list of products for search Search for Open Source inventory Produce report;, send to Project Team for collection Project to report to CIO Council Yes CIO Council Approves Project inventory tool ? Agency has No
  • The Open-Source Stacks: Growing Up SugarCRM, Compiere, OhioedgeEnterprise Applications Zope, phpBB, Nukes, PostNukeCollaboration Linux, FreeBSDOperating System Security Snort, Nessus Virtualization Xen OpenLDAPDirectory Services MySQL, PostgreSQL, Firebird, IngresRDBMS JBoss, JonAS,Application Servers Enterprise Service Bus Celtix, ServiceMix OpenadaptorIntegration Services Eclipse, NetBeans, PHP, Perl, Struts, Hibernate, Spring Development Tools OpenflowProcess Management Lucene, ht://DigSearch Jetspeed, Gluecode, Zope, uPortal, LiferayPresentation Midgard, OpenCMS, Lenya, Typo3, Red HatContent Management Products Maturity
  • Open-Source SW Instances by Oregon Reporting Agency Gartner Open Source Categories AGENCY ApplicationServers CollaborationContentManagement DevelopmentTools DirectoryServices EnterpriseApplications IntegrationServices OperatingSystemPresentation ProcessManagement RDBMS Search Security Virtualization GrandTotal Admin Services 2 6 10 1 3 7 2 4 35 Consumer & Bus. Serv. 7 2 1122 2 21 10 2 1166 Corrections 15 18 2 154 9 2 2 202 Education 1 10 11 Employment 10 400 3 1728 54 5 1 2201 Environmental Quality 1 1 12 1 15 Human Resources 34 30 48 15247 9 2984 3 101 340 221 7 19024 Lottery 22 14 1 19 6 77 1 49 29 1 5 53 277 PERS 4 6 2 1 1 1 15 Public Safety 113 113 Revenue 11 1 1 157 61 3 21 31 11 1200 1497 State Data Center 8 8 2 25 2 15 18 7 5 52 142 State Police 28 6 2016 14 42 27 50 4 1 55 20 2263 Transportation 82 2 5355 1 68 101 8 5617 Water Resources 1 4 3 3 8 19 Grand Total 221 483 67 25853 34 3181 14 370 710 10 246 3 185 1220 32597
  • Open-Source SW Instances by Agency OPEN SOURCE SOFTWARE INSTANCES BY AGENCY 1 10 100 1000 10000 100000 Application ServersCollaboration ContentM anagem ent Developm entTools Directory Services Enterprise Applications Integration Services O perating SystemPresentation Process M anagem ent RD BM S Search SecurityVirtualization Admin Services Consumer & Bus. Serv. Corrections Education Employment Environmental Quality Human Resources Lottery PERS Public Safety Revenue State Data Center State Police Transportation Water Resources
  • Open-Source SW Instances by Category Type Oregon Reporting Agencies SOFTWARE CATEGORY AdminServicesConsumer&Bus.Serv. Corrections Education Employment EnvironmentalQuality HumanResources Lottery PERS PublicSafety Revenue StateDataCenter StatePolice TransportationWaterResourcesGrandTotal Application Servers 2 7 15 10 1 34 22 11 8 28 82 1 221 Collaboration 2 18 1 400 1 30 14 1 8 6 2 483 Content Management 6 2 3 48 1 4 1 2 67 Development Tools 10 1122 154 10 1728 15247 19 6 157 25 2016 5355 4 25853 Directory Services 9 6 2 14 3 34 Enterprise Applications 2 2984 77 61 15 42 3181 Integration Services 1 3 1 2 3 1 3 14 Operating System 3 21 54 101 49 21 18 27 68 8 370 Presentation 7 10 9 12 340 29 1 113 31 7 50 101 710 Process Management 1 5 4 10 RDBMS 2 2 2 5 221 5 1 8 246 Search 2 1 3 Security 4 1 1 7 53 1 11 52 55 185 Virtualization 1200 20 1220 Grand Total 35 1166 202 11 2201 15 19024 277 15 113 1497 142 2263 5617 19 32597
  • Open-Source SW Instances by Type OPEN SOURCE SOTFWARE INSTANCES BY TYPE 1 10 100 1000 10000 100000 A dm in S ervices C onsum er & B us.S erv. C orrectionsE ducation E m ploym ent E nvironm entalQ uality H um an R esources Lottery P E R S P ublic S afetyR evenue S tate D ata C enter S tate P olice T ransportation W aterR esources Application Servers Collaboration Content Management Development Tools Directory Services Enterprise Applications Integration Services Operating System Presentation Process Management RDBMS Search Security Virtualization
  • State of Oregon Open-Source SW Products Top 20 Open Source Products Other 6.6% Red Hat Linux 0.2% TortoiseCVN/SVN 0.2% OpenSSH 0.1% Apache Tomcat 0.4% PuTTY 0.6% Perl 0.7% FileZilla 0.7% MySQL 0.8% Java Development Kit 1% Mozilla Firefox 1.9% Python 2.0% 7-ZIP 2.6% Sun Java 3.1% Open Office 1.4% UltraVNC 3.8% PDFCreator 6.3% VNC 8.4% Java Runtime Environment 63.9% Appache HTTP Server 0% Misc 1.5% Linux 0.2%
  • State of Oregon Open-Source SW Products 1 Product Total % Product Total % Product Total % Product Total % 2 Java Runtime Environment 20515 63.8% 45 Ad Aware 13 0.0% 89 VIM 4 0.0% 133 DHCP 1 0.0% 3 VNC 2709 8.4% 46 Subversion 13 0.0% 90 WinSCP 4 0.0% 134 Dia 1 0.0% 4 PDFCreator 2014 6.3% 47 Wireshark 12 0.0% 91 CD Burner XP Pro 3 0.0% 135 Diki Wiki 1 0.0% 5 UltraVNC 1214 3.8% 48 Cygwin 11 0.0% 92 CVS 3 0.0% 136 Drupal 1 0.0% 6 Sun Java 1000 3.1% 49 NetBeans IDE 11 0.0% 93 Fedora Core 3 0.0% 137 FireWall Builder 1 0.0% 7 7-ZIP 834 2.6% 50 GAIM 10 0.0% 94 GNU Grep 3 0.0% 138 Gnome 1 0.0% 8 Python 636 2.0% 51 Mozilla Thunderbird 10 0.0% 95 ImageMagick 3 0.0% 139 GNU Aspell 1 0.0% 9 Mozilla Firefox 604 1.9% 52 Open SSH 10 0.0% 96 kde 3 0.0% 140 Gnu Make 1 0.0% 10 Open Office 463 1.4% 53 Password Safe 10 0.0% 97 Nagios 3 0.0% 141 GnuWin32: Bison 1 0.0% 11 Java Development Kit 319 1.0% 54 StarUML 10 0.0% 98 PostGreSQL 3 0.0% 142 Helix 1 0.0% 12 MySQL 244 0.8% 55 Struts 10 0.0% 99 RSSOWL 3 0.0% 143 IRM Inventory 1 0.0% 13 FileZilla 230 0.7% 56 True Crypt 10 0.0% 100 WINMERGE 3 0.0% 144 Jabber 1 0.0% 14 Perl 222 0.7% 57 Apache Ant 9 0.0% 101 BIND 2 0.0% 145 Jakarta Tomcat Connector 1 0.0% 15 PuTTY 178 0.6% 58 Exadel 9 0.0% 102 CopSSH 2 0.0% 146 JBoss Portal 1 0.0% 16 Apache Tomcat 141 0.4% 59 R for Windows 9 0.0% 103 Crimson Editor 2 0.0% 147 Jmagick 1 0.0% 17 Linux 76 0.2% 60 Selenium 9 0.0% 104 CruiseControl 2 0.0% 148 jTDS JDBC Driver 1 0.0% 18 Appache HTTP Server 67 0.2% 61 TestNG 9 0.0% 105 FWTK 2 0.0% 149 Nedi 1 0.0% 19 Red Hat Linux 65 0.2% 62 The Grinder 9 0.0% 106 GNU Privacy Guard 2 0.0% 150 Net Disco 1 0.0% 20 TortoiseCVN/SVN 56 0.2% 63 GIMP 8 0.0% 107 GNUCC 2 0.0% 151 NetDisco 1 0.0% 21 OpenSSH 45 0.1% 64 nmap 8 0.0% 108 GnuWin32: GSAR 2 0.0% 152 Netscape 1 0.0% 22 MRTG 41 0.1% 65 SendMail 8 0.0% 109 GnuWin32: GZIP 2 0.0% 153 NTOP 1 0.0% 23 AppExceptionHandler 40 0.1% 66 Snort 8 0.0% 110 ICSharpCode 2 0.0% 154 Open NMS 1 0.0% 24 Eclipse 38 0.1% 67 SSH 8 0.0% 111 IPTables 2 0.0% 155 OpenSUSE 10.2 1 0.0% 25 Castor XML 34 0.1% 68 tcpdump 8 0.0% 112 JBoss Application Server 2 0.0% 156 Opera 1 0.0% 26 Exodus 30 0.1% 69 gzip 6 0.0% 113 Junit 2 0.0% 157 Ophcrack 1 0.0% 27 PHP 28 0.1% 70 Nessus 6 0.0% 114 krdc 2 0.0% 158 Postfix 1 0.0% 28 SUSE Linux 27 0.1% 71 OpenLDAP 6 0.0% 115 Lucene 2 0.0% 159 Process Explorer 1 0.0% 29 EtherReal 23 0.1% 72 OpenSSL 6 0.0% 116 MediaWiki 2 0.0% 160 RUBY 1 0.0% 30 GTK+ 21 0.1% 73 RedMon 6 0.0% 117 NOTEPAD++ 2 0.0% 161 Scrutinizer 1 0.0% 31 ORMAP Toolbar 20 0.1% 74 Spark Instant Messenger 6 0.0% 118 OpenNMS 2 0.0% 162 sed 1 0.0% 32 WinPCap 20 0.1% 75 VMS Server 6 0.0% 119 Asset Navigator 1 0.0% 163 SISSy 1 0.0% 33 PrimoPDF 19 0.1% 76 Audactiy 5 0.0% 120 Atutor 1 0.0% 164 Stunnel 1 0.0% 34 Hibernate 15 0.0% 77 Fedora Linux 5 0.0% 121 Awk 1 0.0% 165 SysInternal 1 0.0% 35 Jasper Reports 15 0.0% 78 GCC 5 0.0% 122 Base 1 0.0% 166 TCL/TK 1 0.0% 36 JSF 15 0.0% 79 KDIFF3 5 0.0% 123 Big Brother 1 0.0% 167 WeatherMapRRD 1 0.0% 37 Log4J 15 0.0% 80 OpenSTA 5 0.0% 124 Blat 1 0.0% 168 Web Services - Axis 1 0.0% 38 Spring 15 0.0% 81 Samba 5 0.0% 125 Bugzilla 1 0.0% 169 Webalizer 1 0.0% 39 WinCVS 15 0.0% 82 SugarCRM 5 0.0% 126 Bview 1 0.0% 170 WeebleFM 1 0.0% 40 ActivePerl 14 0.0% 83 BlueJ 4 0.0% 127 Cake 1 0.0% 171 Wildfire 1 0.0% 41 AFPL GHOSTSCRIPT 14 0.0% 84 GNU Ghostscript 4 0.0% 128 CheckStyle 1 0.0% 172 WS FTP 1 0.0% 42 LDAP 14 0.0% 85 jEdit 4 0.0% 129 Core FTP Lite 1 0.0% 173 Xerces 1 0.0% 43 Rsync 14 0.0% 86 Joomla 4 0.0% 130 CUPS 1 0.0% 174 Xming Server 1 0.0% 44 Spybot 14 0.0% 87 Open VPN 4 0.0% 131 CVSNT 1 0.0% 175 Zend 1 0.0% 88 Request Tracker 4 0.0% 132 DB Visualizer 1 0.0% 176 Grand Total 32133 100.0%
  • Hype Cycle for Open Source Software 2007
  • Shared Vision Open SourceOpen Source Software & UseSoftware & Use in Oregon Statein Oregon State GovernmentGovernment “A Formal Enterprise Policy for Acquisition and Use of Open-Source Software in Oregon State Government May Be Essential to Effectively Satisfy Enterprise and Agency Business Objectives and Applicable Legal and Procurement Requirements.”
  • COMMERCIAL VALUE REQUIRED POLICY DEVELOPMENT STATE AUTHORITY INTELLECTUAL PROPERTY INTENT • State to acquire, maintain SW as valuable “IP”. • Critical component of information del. strategy. • Acquired with applicable law, regulation & policy. • State intends to acquire and use OSS as appropriate for projects and enterprise business objectives, while in legal compliance. • Currently there is no formal policy of OSS acquisition, use & distribution. • Intent is to modify current policies to create fair competitive arena for Best Value. • OSS has commercial value and is typically available via acquisition in conjunction with a reciprocal SW license. • State applies a Total Cost of Ownership to assess price, i.e., full life cycle cost. • State has authority to engage Closed & Open Source software providers. • State’s 1-7 sourcing procurement methods apply. Oregon’s Open Source Strategic Thinking
  • Small Procurement Intermediate Procurement Competitive Sealed Bidding Competitive Sealed Proposals (RFP) Sole Source Procurement Emergency Procurement Special Procurement Acquisitions $5K or less, or Gift $150K or less Open Open Open Open Open Financial Authority Non Competitive, Direct purchase, Single supplier Informal Competition Low Cost Selection Perceived Value Selection Single Source, Product or both Normal competition requirements Relaxed or Suspended Special process when other sourcing will not work effectively Sourcing Methods Seven (7) Types of Sourcing Methods
  • Current Acquisition and Use of OSS The typical OSS Distribution Model involves a simple “no-cost” download of software from the Internet; but growing Business-centric OSS Distribution Models include:  OSS and Services, i.e., OSS at no initial cost and related Service and Support at cost;  OSS Mixed, i.e., OSS with OS code base and Closed Source or Proprietary add-ons;  Proprietary OSS, i.e., applications available with a more traditional proprietary license that authorizes users to modify the application without having to redistribute code changes to the public;  Integrated OSS, i.e., diverse OSS already integrated into more consumable units; and  Hardware and OSS, i.e., Hardware manufacturers using OSS as a foundational component in system operation.
  • Current Acquisition and Use of OSS  State OSS Usage. Despite not having a formal, enterprise- level OSS acquisition and use policy, State Government has acquired and uses OSS.  Staff OSS Downloads. Over time, the products have appeared through multiple avenues in diverse agencies. The typical acquisition scenario may be a technician’s perceived “no-dollar” cost download of particular OSS ( or Freeware or other procured software with embedded OSS) for some specific operational need.  Vendor Bundling OSS. Vendors have also bundled OSS with their closed source solution sets. This is another way the organizations discover they already are using OSS.  OSS Perceived Value. OSS has remained because of perceived business or technical value in its use.  State Accountability. The State must account for its existing OSS inventory in order to develop effective policies around current and future OSS acquisition and use.
  • Current Acquisition and Use of OSS State’s Risk Management. In reaping OSS benefits value, the State must remove or minimize its risk attendant to random acquisition and use of the software, e.g.:  OSS License compliance issues;  Inefficient maintenance and support;  Inconsistent “buy” decisions;  Maverick products that don’t integrate and interoperate within the established architecture and enterprise;  Failure to fully realize cost savings;  Incomplete or non-existent technical, business and legal review; and  Violation of applicable law, regulation and policy.
  • Procurement  OSS as Gift? Most staff have likely perceived the typical OSS transaction of a no-cost download as a “free” gift, which does not implicate formal or even informal procurement considerations.  License Acceptance. In particular, where the transaction ends with the staff member’s acceptance of an accompanying Software License, this assessment may not be supported by applicable law.  Intellectual Property. The OSS constitutes valuable intellectual property. Acceptance of the accompanying license is valuable consideration in exchange for use of the downloaded software.
  • Procurement  Exchange Agreement. The parties have each benefited and sacrificed in their mutual agreement to exchange valuable items – the essence of a “contract.”  Recognition of Gifts. Moreover, the State’s current law does not recognize the concept of “gift” separately from the concepts of “purchase” or “procurement.” ORS 71.2010(32), ORS 279A.010(u), and ORS 279B.050.  Acceptance of Software License. The simple download of OSS in exchange for acceptance of a Software License implicates procurement issues and considerations for resolution.
  • Oregon’s Findings To Date  OSS as Viable Solutions. OSS development and distribution provide viable information systems solutions.  OSS Maturity. OSS is maturing in its diversity of offerings and technical functionality, and is having a growing impact and increasingly noticeable effect on the Software industry.  OSS as Competitive Alternative. Open-Source solutions will increasingly compete with a broad range of Closed-Source products in all markets.  OSS is valuable IP, and is increasingly becoming a critical component of information enterprise strategies and infrastructures in local, state, national and global venues – including the State of Oregon.
  • Oregon’s Findings To Date  Procurement Event? The acquisition of OSS should likely be regarded as a procurement event.  Legality Process. The inherent value in OSS acquisition and use far outweighs the attendant risks; provided OSS is consistently acquired and used in consonance with applicable law, regulation and established policy.  Usage. The State should acquire and use OSS as appropriate for specific project and enterprise business objectives; but should do so only in compliance with applicable law, regulation and established policy.
  • Oregon’s Findings To Date Maximize OSS Utility. Development and implementa- tion of formal acquisition and use policies for OSS will maximize the utility of OSS use in all respects, including without limitation:  Functionality;  Integration;  Interoperability;  Management of acquisitions through a common efficient process;  Efficient management of acquired assets;  Ensuring license compliance; and  Ensuring compliance with governmental enterprise business objectives and public procurement law.
  • Shared Vision DesktopDesktop SoftwareSoftware EvaluationEvaluation 1 Software Evaluation Methodology 2 Open Desktop Evaluation Model 3 Solving Barriers to Entry 4 Decision Tree Desktop Software Evaluation
  • Open Desktop Evaluation Model Four Layers of Hierarchical Impact Others Solaris WindowsXP orVista Linux (Suse/Redhat) MAC OS Infrastructure Layer Databases – Network – Servers - Mainframes. Applications Layer MS Office – Open Office – Terminal Emulators and Others! EndEnd UserUser ExperienceExperience Desktop Operating Sys.Desktop Operating Sys.
  • The Open Source Desktop initiative highlights the need for an unbiased approach to evaluating software for the desktop. The methodology used needs to encompass all of the normal business criteria, the work flow a user would follow to perform their job and the platform best suited for this type of work. Our work focuses on  In-Scope: The technical feasibility of instituting an open source desktop.  Out of Scope: Total cost of ownership, administrative desire, political will, and procurement and other legal issues will be addressed as follow on or parallel studies. Conceptual Framework Holistic Approach to Desktop PC Product Evaluation
  • Software Evaluation Methodology. While considering Open Source Software for the Desktop, one should separate the reviewing and testing portion of the open source software (OSS) applications from the reviewing and testing of the operating system.  By doing so, allows a two prong approach to evaluating the feasibility of incorporating the OSS application independent of the operating system.  The advantage of this approach is in helping agencies determine the viability of OSS applications in their current IT environment, while avoiding the possibility that an open source operating system may have compatibility issues with a well establish IT infrastructure Conceptual Framework Holistic Approach to Desktop PC Product Evaluation
  • Solution Selection Criteria Evaluates total cost of ownership elements to reveal ongoing savings.
  • Solving Barriers to Entry • Switching costs - End user training - Support staff training - Do apps work with new OS? • If you have to buy closed source SW to enable open source SW, this changes the value proposition. • Smooth integration to heterogeneous environment • Need to remove dependency of additional back office solutions to make things work! (Suse /Zenworks) • End user experience can be fragmented if more than one OS is needed.
  • Decision Tree • Switching Costs • Functionality • Usability • Reliability • Productivity • Supportability • End User Experience
  • Open Source Community of Practice Ask yourself, do we have a Culture of Collaboration?
  • Conclusions Desktop Evaluation Methodology Open Source Software Use in Oregon State Government Start with a Software Evaluation Methodology Include an Open Desktop Evaluation Component Encountered Barriers can influence Decision Open Source Inventory Improved efficiency of business operations via fast-track acquisition practices OSS software arrives via Technical Staff downloads and Vendor product bundling Customers want IT solutions that are least cost and competitive, but dependable Most CIO’s can discover their OSS install base by network PC and server scanning! The Goals: Best-in-class Services, Technologies, Processes and People in support of our Customers State intends to acquire and use OSS as appropriate for projects and enterprise business objectives For risk management, OSS must be acquired with applicable law, regulation & policy Intent is to modify current policies to create fair competitive arena for Best Value
  • Thank You! Third Annual GOSCON, October 15-16, 2007, Portland, Oregon Bob DeVyldere Oregon Water Resources DepartmentOregon Water Resources Department Chair of Open Source Community of PracticeChair of Open Source Community of Practice Ben Berry Oregon Department of TransportationOregon Department of Transportation Chair, Oregon CIO CouncilChair, Oregon CIO Council Collaboration