School of Information Science
                                   Claremont Graduate University

                          ...
School of Information Science
                                                                                    Inland E...
School of Information Science
                                                                                   Inland Em...
School of Information Science
                                                                                   Inland Em...
School of Information Science
                                                                                  Inland Emp...
School of Information Science
                                                                                  Inland Emp...
School of Information Science
                                                                                  Inland Emp...
Upcoming SlideShare
Loading in...5
×

Inland Empire CIO Roundtable

464

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
464
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Inland Empire CIO Roundtable

  1. 1. School of Information Science Claremont Graduate University Inland Empire CIO Roundtable “Security Update” February 8, 2005 Harper Hall Board of Trustees Room In attendance: Jeff Birch, Brenda Breen, Samir Chatterjee, Don Davis, Frank Decuire, Kweku Ewusi- Mensah, Darren Flynt, Taimur Hassan, Brian Hilton, Gary Jimenez, Gondy Leroy, Dennis Miller, Thomas Mueller, Subbu Murthy, Lorne Olfman, Gregg Parker, John Pringle, Richard Rosenbluth, Jon Saltzman, Wayne Smith, Jesse Stayton, Mike Sylvester, Paul Witman, Go Yoshida. SUMMARY OF DISCUSSION: At the opening of the meeting, Mr. John Pringle welcomed everyone to the Inland Empire CIO Roundtable and asked for self-introductions. The presenter of this session’s Open Source Software is Jerry Thode, President and Founder of the J. Paul Group, LLC. He is also West Sector President of InSORS Integrated Communications, an emerging technology video conferencing and collaboration company. Prior to this, Mr. Thode was the Ernst & Young Area Managing Consulting Partner and Pacific Southwest Area Vice President for Cap Gemini Ernst & Young consulting. He has over 25 years of consulting experience in a variety of information systems areas including information systems strategic planning, large scale custom systems design, development and integration, package selection and implementation, knowledge management, and other emerging technologies. He has performed consulting projects for a variety of clients including Fluor Corporation, Jacobs Engineering Group, Sempre Energy, Capital Group, J.D. Power and Associates, GM Hughes Electronics, Rockwell International, Nissan Motor Corporation, ARCO Division of British Petroleum, AT&T Wireless, Walt Disney Company, Paramount Pictures, AmerisourceBergen Corporation, and Port of Los Angeles. Prior to his consulting experience, he was employed by Motorola Inc. (7 years), FMC Corp (2 Years), and Morton International (3 Years) and held various technical, project management and managerial positions at those companies. He has been a guest lecturer at the UCLA Anderson Graduate School of Management, University of Southern California, Loyola Marymount Graduate Management School and the Claremont Graduate School of Management. He also is a member of the Board of Visitors Claremont Graduate University School of Information Science. He holds a B.S. in Mathematics and an M.S. in Computer Science from the Illinois Institute of Technology, and a Masters degree in Business Administration Management from the J.L. Kellogg Graduate School of Management at Northwestern University. Mr. Thode’s full PowerPoint presentation is attached. ROUNDTABLE DISCUSSION: John Pringle: Why would an organization like Red Hat provide their product for free? Do you have any idea from a marketing/organizational standpoint why any one of those companies would do that?
  2. 2. School of Information Science Inland Empire CIO Roundtable Summary of Discussion February 8, 2005 Page 2 of 7 Jerry Thode: There are free versions of software that become part of the community. There are a couple of buzz-words relating to the open source world. Anything that relates to an activity surrounding “project”. The other one is kinds of community. Communities are formed around things like Lenox and Apache. Red Hat is promoting the concept of the open source community but it does have a commercial, potentially stabile and supportable element, so if you are comfortable with the capabilities of the software, you may want to think about using the supportable version of Red Hat. You can go to the store and purchase it and they actually get money for that, so there is a commercial version of it. John Pringle: From a corporate perspective, how does that play in for a Fortune 500 or Fortune 1000-sized company? Would you bet the bank on an open source software? Do you see a proof of concept in terms of moving from operating system? Jerry Thode: For some functions even to very large companies, you might evaluate a product that is actually developed in open source. Your first exposure in a company would probably be a commercial product that has been developed using open source technology either as a underpinning operating system or using an apache server or some element of it. The question that you would have to ask yourself is if you are willing to include that product in your portfolio of things…if I have a cheaper, more functional product in open source versus a product that may be in a dot net environment, how would I make that decision and would I weigh this to a dot net environment because it’s dot net versus open source. That’s how you find your first decision point. A couple companies I’ve been involved with actually made a decision to go with the open source version because it is a richer version and in the application area that they’re using it, they don’t find a lot of risk in terms of use. If it is a core essential component of your business you may want to go to a more supportable component. The second part is from a infrastructure perspective. The web services side actually seems to be an area that produces a lot of ability to quickly develop things and people are changing things quite rapidly and it might not be a high risk area The guys like Schwab are really bold. Not sure of the process or how they actually got to that point. I’m sure they have a pretty large research group with them, maybe a consultant that was able to indemnify or provide support. Don Davis: Are you working with companies that are developing actual applications using open source or are they developing open source applications or taking applications from the community and bringing them into the company? Jerry Thode: There are commercial open source products that companies are buying to support certain functions within their organization. An example is a statistically oriented company that does a lot of statistics and studies, and there are products out there that will provide the ability of customers to get reports and focus studies online. So the whole business of delivering the end report is an extremely important element to their delivery business. They had a couple of options, one was an open source delivery system, one that was able to use a browser and able to do some analysis. But for them, because of the process that they went through to do the simple day to day, they bought the open source version of the product because it was very specific to what they needed to do and the industries only had about 50 companies. Jeff Birch: Are there any studies out there that compare open source infrastructure and commercially based infrastructure in terms of cost, security, supportability and sustainability?
  3. 3. School of Information Science Inland Empire CIO Roundtable Summary of Discussion February 8, 2005 Page 3 of 7 Jerry Thode: One of my frustrations in terms of trying to do this presentation was that one element where you had the table with lenox and apache, the problem is a lot of those need to be put together to make the whole environment work. There’s no holistic strategic overview kind of organization that I could find. Couldn’t find anyone to talk about open source in a coherent strategic view. There was one article that I saved in anticipation of having to do this presentation from info world. Maybe other people would have other examples of where they would find it. I had a very difficult time finding a strategy for open source as a whole unit. It was very specific to project and community or community and the projects within communities. Jon Saltzman: From my experience, the costs and the strategy are delicately intertwined. From practical experience, if you take an open source product you are still going to have to pay someone within your company to put the parts together, make the software work together and build your application on it. But in effect, depending on your strategy you could say that the tools don’t cost anything. You pay for the time to put them together. But at the same time, if you take a strategy of I’m going to build a product that I’m going to try to sale, then you get stuck in the kind of situation like Red Hat is in. Red Hat takes an open source product and re-packages it. They have to release it for free because of these licenses which force them to but they can also sell a version of it. But if you are building an application which is an infrastructure application for your own company, that’s a different scenario. Where you don’t have to release necessarily what you build with the open source components because you’re not selling it. You’re selling the service that you provide with the open source tools. It really depends on the strategy you take. One of the neat things about going open source. The company I work for is heavily considering going completely open source. If you build a product that is open source, you are forced to release some of what you use to the open public unless you go the service route. That can be a very powerful thing because if you have a competitor come in who has a commercial product and you make the same product they do but yours is open source, there is more excitement around your product because it is open source and it is interesting. That can be a strategy all its own. If you have a commercial competitor coming through releasing a commercial application you can take your application and release it completely open source and you might command more of the market. Jerry Thode: There was a speaker series here and a very senior CIO had the responsibility for zillions of desktops. A student asked him if he would go open source and he said that he would do it in a minute but because of his company’s connection to Microsoft, he politically couldn’t do open source because it would undermine Microsoft. But if given the personal option, he would move the entire organization to open source. Taimur Hassan: As far as developing a platform there is very good software. You should be interested to look at it for small projects. Brenda Breen: I have experience with Apache for small projects and I’ve found that it’s somewhat limited. Samir Chatterjee: In my lab at the network convergence lab we use lenox, MySQL, apache, etc. – the biggest problem is maintaining ability and support. There’s a group that gets excited and starts the work and a year down the road they stop doing what they were doing. Now that you’ve adopted it, you don’t see the latest functionality that is happening. Open source is two years behind what it should be in a standards level.
  4. 4. School of Information Science Inland Empire CIO Roundtable Summary of Discussion February 8, 2005 Page 4 of 7 Thomas Mueller: It is a huge advantage that it is released for free but sometimes you have to pay for the set-up and integration. There is no all-encompassing product out there so you have to piece it together from many sources. Some projects are not well documented and are sometimes released too soon. They branch out in too many directions. They may have a little bit of everything but nothing works 100% or is documented very well. Commercial products usually focus on main problems first, make them work and add on features later. In open source someone has an idea and implements it without making sure the core is working properly first. We are trying to go entirely open source but that is hindering our efforts right now. Sometimes we try to use open source but it doesn’t go the way we want it to so we have to go back to commercial software to keep the business up and running. We are trying to use open source for back and front office. We are using some open source tools like PHP to do a big portion of our programming and we are trying to go away from Microsoft and other lenders and use more open source like Apache and MySQL, etc. But some Open Source projects don’t have all the features or aren’t working the way we expect them to or aren’t documented very well. It’s much more difficult to do it in an open source project than in a commercial application because you have the opportunity to call the vendor for additional support that may be included in the purchase price or at least available for an additional fee. With open source you could have it today but you could lose it tomorrow. John Saltzman: The buzzword Risk Management is perfect – open source deserves equal consideration when you’re trying to decide what to develop your application or infrastructure in. Not without risks because being locked into a specific vendor is costly. You could be using open source without even knowing it. Java is really pushing this open development. If you had to throw your money behind a company that is moving in the direction of open source but still has commercial aspects, that is the only company I can really push behind. There is also MySQL. It all depends on the strategy you are using. About security in open source, there are certain export laws on what security can and can not go from the U.S. to other countries. Open SSL encryption is only technically allowed in this country. It can’t be exported depending on the grade of the encryption that is used. A lot of open source products are severely lacking true security capabilities. It’s not impossible to develop a secure application Gregg Parker: Open Source is cheap to get into. People go after it because they think it’s going to be less expensive. The supportability, the ability to sustain itself is a significant issue. Smaller companies with less money will take greater risks. Larger companies are more likely to pay for the commercialized product. If the systems go down that are critical to your business, if you picked something that’s not mainstream and things blow up, you’re gone. Small companies have a small IT department, outsourced everything they’re doing including operations systems and will ask for anything that’s free, lightweight, that doesn’t require licensing and can be distributed simply. They take more risks. They don’t have time and lack the core competency to fix it. Jeff Birch: Last year half of the data center was Linux based. We used Linux, Apache, Tom Cat, etc. We are using an open source portal solution. From the customer service perspective, we are not getting full satisfaction with all the applications. Strategically, we have to evaluate - open source applications have a tremendous amount of configurability, which is a strength but it’s also a weakness. It also lends to the question of how do you scale it properly between volumes and lows? That’s one of our biggest problems. It works great in the lab or in production time when there’s no one there, like in the summer, but when the students come back, there’s no support. You can’t find any support or scalability. You can’t find experts to come in and help you. With commercial products you have a chirp point, it’s either VP or higher. We are a
  5. 5. School of Information Science Inland Empire CIO Roundtable Summary of Discussion February 8, 2005 Page 5 of 7 faith-based organization so we have luck. But that doesn’t help our customer satisfaction ratings which are slipping and falling with those applications. On the networks side, we utilize the open source vehicle. They are secure and stabile. As the applications and the services start to migrate towards the customer side of things, that’s where I tend not to want to go with open source. If it’s in the back end, we’re stabile, we’re going to have limited change and diversity. Linux, Apache, and Tom Cat have taken almost a decade to mature. So the time to market it is very slow. When I evaluated Linux, I had a global organization. We had much better stability over in Europe. We didn’t have the same stability over here in the U.S. with that product. It’s maturity cycle is much longer. On the other side, to make it mature within an organization requires internal resources, so strategically you want to invest in having those resources internal versus purchasing them from the outside, and as the industry standards are moving, our IT staff are mobile so as you invest in that knowledge of configuring and customizing those open source applications, you have a risk of those resources leaving you and along with that goes a lot of your business knowledge. Darren Flynt: From the trenches, we’ve been using a lot of these open source products for a long time. Linux is a big one. There is a core set of Open Source products with a lot of commercial backing like Apache, Find and Sendmail that are extremely stabile, and have varied mature feature sets, but as you branch out to newer open source products, all of a sudden there’s no support any more. When we get to the point where we have 20,000 users everyone just throws up their hands. I think we’ve had a big open source push for a while, and it saves a lot of money to start with open source cheaply. But in order to keep it going we’ve had to develop people in-house and we risk them being taken away. Losing in-house experts is a scary thing. It would be really hard to find replacements for them. Don Davis: From an infrastructure point we’ve been very successful. From an application point of view, especially for our core applications, with critical applications being our core for the University, we have not been successful going the open source route. One thing that scared me was the dependence upon open source upon open source upon open source. Like the email calendaring system not using standards that are already proven in the industry. They are continuing to rely on other open source projects to help them get their open source project done. There doesn’t seem to be a proven methodology in the open source community with facing problems. It’s very much a shotgun approach. There are listserves that are great and you can send your problem out but no one presents a proven solution. There are a hundred things to try for one problem. There are lists of solutions. But there is no methodology or systematic way of going through the process. That is why a vendor is so important. There are hundreds of other companies having the same problem that I’m having. Where are the 5 or ten that look very similar to us running the same versions? We can’t even write down another school that has the same version of the open source software we are using and Linux, Apache and Tom Cat are very standard, more mature parts of open source. All four combined together are a risk. What strategic decisions do you make in an organization to make this work or do you start over from scratch? We’re at the point where we are re-booting once a day. From an infrastructure point of view, we’ve had good success, but not from a application point of view - core applications. Kweku Ewusi-Mensah: I don’t have personal experience with open source. Maybe our company can save money if we go with open source. What are the pitfalls and advantages? It is a lab. If something breaks down, no one is going to get fired.
  6. 6. School of Information Science Inland Empire CIO Roundtable Summary of Discussion February 8, 2005 Page 6 of 7 Subbu Murthy: We need strategists who can direct operations to come back from open source. Open Source has some small companies like QVC. Unlike larger companies, small companies can not afford to make a mistake. They have to do it right the first time. We are in a free market economy amongst people who are republicans and democrats discussing the use of free software. The velocity of technology is always more stabile as it goes toward hardware. The more it moves towards the customer it gets more unstable. So to make the comment that open source software doesn’t work on application media, can you look at the applications that run on commercial systems. You’re being harsh in judging open source by looking at the customer side when that’s the most difficult to make it work, whereas the infrastructure side is working. Imagine the auto industry without the Japanese Lexus - products wouldn’t be the same without the competition. Microsoft is spending billions coming back from this. Technology manufacturers are alerted to not produce crap. Whether it is successful or not this has given a jolt to an industry that never anticipated free software to come back. Richard Rosenbluth: My company is a vendor of hardware and software in this area. Mainly IBM vendor. IBM has been pushing Linux in particular to do infrastructure projects on their hardware rather than on the others. Linux gives you a wide range of hardware choices to run on and a lot of the issues you’re having in stability on Linux are solved if you’re running it on enterprise level hardware. Open Source isn’t something that may or may not succeed, it’s already succeeded, it’s already out there. Most of you, unless you are running the highest level of firewalls, are running Linux because almost every firewall client that isn’t from Sisco is running Linux. IT has been like that for several years. So you’re running open source – it isn’t just something that you may do some day. Desktop v. server. No one wants to re- train their desktop users – it’s impossibly expensive. We do recommend people look at open office.org if they are having problems with those Microsoft components. You’re getting problems because of office licenses, we suggest smaller companies look at http://www.openoffice.org/. If they are having trouble using Excel, they will have trouble with the Excel knockoff. Can you afford to use your organization over?. On the development side you should look at using ____, which is a full open ID development which most tool methods that aren’t dot net. IBM supported originally. The Windows 2003 server is an immature product. You don’t get your support from Microsoft, you get your support from a vendor. The question of open source OR commercial misses the fact that it isn’t an either/or. You’re going to be using commercial products and some open source. Paul Witman: I have had good experiences with some open source software. Look at things in supportability and scalability before you make a decision. Mike Sylvester: I don’t particularly see it as a commercial vs. open source kind of an argument - As a person who works for the government. It is a paradox. Businesses are in business for a profit. People are not going to do things for free for very long. There has to be some sort of incentive in it for them. A lot of people participating in open source were in it for profits. Most of the corporate benefits work around an open source standard. Commercial version vs. true free open source versions. Companies have to differentiate themselves. It’s wonderful for start-ups. Is open source the new R&D? Is it becoming the new core for application integration? Maybe this will break that mold and allow programming at the core level outside of the commercial product. Lorne Olfman: For educational situations, all of the student versions I’ve dealt with are bad and need so much support. May as well go with open source – it can’t be in any worse condition. The students get experience with
  7. 7. School of Information Science Inland Empire CIO Roundtable Summary of Discussion February 8, 2005 Page 7 of 7 getting products off the ground. We had a good experience with Tiki Wiki. The wikis document every change for whatever pages are being changed. It would be valuable to have a code change version so that it could identify that there are certain code versions that cause problems and you could roll back to see whatever changes were made and if the community doesn’t like what has been done, they can roll back to an earlier version. Wayne Smith: I’ve been using both open source and proprietary software for a couple of decades. I would recommend “The Success of Open Source” by Steven Weber, a professor at USC – It has a lot of topics on the econometrics side - The econometrics are hard to do because the measures that we use on the return of capital are different than the measure that we do for the return on labor. Open Source has radically altered learning methodologies for students and everyone else who is motivated. The students that are motivated can go a long way because they’ve removed that procurement layer from the value chain - procurement goes all the way across the chain, so they’ve removed that part of it. It does address a lot of the strategic issues that people have been talking about. One area on the commercial side that I will talk about a little bit - There is some kind of relationship between open source and transparency. It is somewhat similar to the way gap is to accounting or earned value analysis is to project management. Open source is to transparency (which is becoming a large issue in a Sarbanes Oxley world) and I haven’t exactly figured out what that relationship is but there may be something there over time in terms of transparency. Brian Hilton: I do research as well as some systems development. I couldn’t do what I do without open source. Recently I worked on a project that had to do with geographic information systems. For me to go out and pick out the free software and download it is easy and can be done in a few hours. It only costs me my time. In my experience in that realm it is quite an interesting phenomenon. Adjournment: The Roundtable discussion concluded at 9:20 a.m. Respectfully submitted by Sheshe Todd Advancement Office Assistant

×