#Opinion: Fight your own roots

Thank you, Red Hat. If I needed one more proof for your state of mind, you have delivered it to me.

The Advantage of Enterprise Linux over Community Projects

I totally get, why Red Hat is sending out such an email: They want to convice their potential customers of buying their Enterprise Linux. I actually second that – they need to pay their bills.

But this tone?

First of all: Linux IS a community effort. Even Red Hat Enterprise Linux (RHEL) is in great parts developed by a community inside and outside Red Hat. Linux on its own is community-driven, has always been and will always be.

Second: They are completely right in regard to TCO. The TCO is not defined by the list price, but by reaction times, quality of reactions, quality of support, etc. Absolutely right. But: That does not imply the usage of an Enterprise Linux. What is this, anyway? A vendor-locked version of Linux?

Third: What do I actually need an Enterprise Linux for, anyway, if I consider a cloud stack? Back in the days, when we were running our workloads directly on Linux, one needed something special, I get that. A linux with the ability to run for years, with awesome patching mechanisms avoiding downtimes.

But those times are gone, specificially for Container Workloads. They are running on top – or, to be more precisly, operated by – Kubernetes. And Kubernetes is not tied to one only machine, it works on a pool of resources. One can easily remove a worker node (or even a master node) from a running cluster, without affecting the workloads too much. This basically eliminates the need for an Enterprise Linux with awesome uptimes, a Linux (without Enterprise) would be good enough. Because Enterprise simply doesn’t matter anymore – your resource pool is breathing anyhow, all the time. Any modern community Linux would work just fine here!

There is no need for an Enterprise Linux anymore!

So, there you have it. This email is an evidence of fear. But is not your fear, although they want to scare you. It is Red Hats fear, it is Microsoft’s fear, it is the fear of those, who understand their Linux or their OS as the basis of everything. Truth is: Linux and any other OS are just commodity. They don’t weight as much anymore as they did back then.

And, if you think further about it, the same message is true for your (Vendor Locked) Kubernetes-stack. And for your (Vendor Locked) Cloud Foundry-stack. And for your (Vendor Locked) OpenStack-stack. What do you need them for? They basically offer the same functionality as the community version (give or take some special features who appear to just a very small minority), but they only run on Red Hats Linux, with Red Hats Storage, etc. – which typically is called Vendor Lock!

Featurewise, in regards to functionality, with respect to patching and fixing, the community versions are on the same level as their Enterprise cousins. But they don’t lock you in, and with the right software stack (read: VanillaStack), they even come with the last things that set those Enterprise Stacks apart from basic community projects: Commercial Support (with up to 24/7 availability) and easy-to-use integration. Which directly impacts the TCO – towards being more reasonable and affordable than compared to those of Red Hat products, for example.

Vendor lock always makes you pay more.

Then again: What exactly do you need your Enterprise Linux for? What would you attend such a webinar for? What exactly is your benefit, besides the nice swag you get?

Think of that.

Open as in Vendor-Lock

If you’re in the market for cloud software, specifically something based on Linux and Kubernetes, you’ll be penetrated by companies who claim their products would be open-source, and therefore would not lock you in.

Well, that’s a lie…

Let me explain that.

If you look at companies who claim to be the “biggest open-source company in the world” or “the biggest independent open-source company in the world“, their products are open-source. This means, one can look into their sources.

For most people, this implies it would impose no vendor lock on them. Because open-source. At least that is, what they interpret, when reading of “true open-source” or “open open-source”. Truth is, that this is a lie.

Obviously, Kubernetes and related technologies are open and actually impose no vendor locking on you. But if you were forced to run a specific Linux (which costs a lot and provides challenging subscription terms), then one would call this: A vendor lock.

Purposefully implemented vendor locks

This kind of vendor locking is considered to be very negative, since it is willingly imposed on a platform (Kubernetes or OpenStack or Cloud Foundry, just to name a few), which is actually open and on its own undemanding in regard of its underlying Linux flavour.

The same is true for something some companies call “Enterprise storage”, which typically is Ceph. Which is only running on these companies Linux distributions, opposite to what Vanilla Ceph is able to do. Or for company-specific versions of OpenStack or Cloud Foundry – all which are limited to the specific platforms.

The point is: These limitations are artifical. There might be reasons for doing that, but for whatever reason it is done – it still remains a vendor lock.

Open-Source != Vendor Agnostic

So, next time, when you look into one of their offerings, you should read what they actually say: “We offer you our heavily customized versions of those awesome vanilla projects, so you have to stick within our ecosystem”.

And you should remember, that “open-source” does not mean “vendor neutral” or “vendor agnostic”. These terms have nothing to do with each other – proprietary solutions can be vendor-agnostic and open-source software can be vendor-locking.

And you should consider deciding for a true open-source and vendor-agnostic solution. Which would be VanillaStack.

#OpenSource: Trust vs. Usage

When I published my article about open-source and the way I see it as an ecosystem, I received some – very welcome and critical – feedback from a very valued Microsoft employee and architect, who rightfully pointed out, that Microsoft is among the biggest contributors to open-source frameworks and -foundations – and still I don’t trusted them.

He is absolutely right in his analysis: I don’t trust the company and most of its products.

Let me explain that.

First, I have some history with Microsoft. I have been Microsoft Most Valuable Professional for ASP and ASP.NET for several years in a row a decade ago. And I am very, very thankful for this – I got to know many very talented and experienced people, great products, loved the atmosphere and the cultural diversity at Microsoft. I still do, at least in regard to most of the aspects I just pointed out (subtract the products, which is what I am going to explain here). Later, I was working with a small group of awesome, smart and talented people in regard to Windows Phone and Windows Mobile – I was teaching on behalf of Microsoft, wrote several very successful applications for the platform and truly loved all of this. And I still do. I even considered several times joining them as Evangelist and Architect.

I lay that out to make clear that I am by no means a hater or a disappointed fan boy or something similar. I truly love many aspects of Microsoft, I have the fullest and most honest respect for many of its employees and from a technical perspective I can understand a lot of excellence within their products (and some of the excellence is way beyond my level, to be honest).

But: I don’t trust Microsoft.

And the reason for this is: They are not an open-source company. Their products are mostly closed source. Their platforms are closed source. Azure is closed source. And their business practices are embracing closed- and proprietary source ecosystems over open-source ecosystems.

It is absolutely true and needs to be acknowledged that Microsoft is amongst the biggest contributors to open-source ecosystems. And they even open-sourced many of their own products. Thank your for this, Microsoft!

But: I don’t trust Microsoft.

My point is this: Regardless of how much valuable and excellent work you put into open-source technologies – it does not increase the trustworthiness of a proprietary environment or a proprietary ecosystem. Because it is not completely transparent. It is not completely open. There are substantial blind spots in the software and the ecosystem.

Take a picture: If you add layers of glass (open-source glass for the matter :-)) to each other, it stays transparent. But just one layer of – say – concrete or wood in between makes the whole transparent stack in-transparent. You won’t be able to see through all the layers. And that is enough, because you don’t see what is going on with that stack of glass.

Transfer this picture onto a cloud-environment, and it immediately becomes apparent: How are you supposed to trust this environment, if it is not transparently laid out? What do you trust more: The words of the people who built it, revisors and auditors? Or a community of experts, who constantly review and audit?

To me, the answer would be obvious: I would trust the community of experts (plus additional auditors and reviewers). And that is regardless of the awesome quality, the overwhelming quantity and the sum of funding that is put into open-source projects, because – again – it is a matter of trust.

What does that imply for Cloudical’s offerings?

Good question! Thanks for asking!

The same measurements need to be applied here! If we ever create a software stack (and you could bet it would be a Vanilla software stack), we would need to open-source it. Without discussion and dispute. It would be a matter of trust!

Actually, the foundation behind our Managed PaaS– and Managed SaaS-service-offerings is an open-source software-stack. It consists of SUSE-products, such as CaaSP (Kubernetes) and CAP (Cloud Foundry), plus additional scripts and tools required to roll it out and to operate it.

Although we are speaking of a service on a platform stack everyone can easily roll out on its own (well, actually, no, there is a LOT of effort and a TON of knowledge in it), we will open-source it, within the next two to three months. Because we are committed to this kind of thinking, to transparency, trustworthiness and open-source.

Thanks again for asking. And thanks for commenting – and being critical on this and with me.

And yes, I still love Microsoft. 😉

#OpenSource is the way to go!

There are several reasons for this, but seeing my LinkedIn-timeline flowing over with proprietary software- and infrastructure-stack-related news, I feel I should point out some crucial points for open-source:

Open. Source.

The source is open – you can actually see, what is happening! This gives you something which you won’t get with proprietary software and ecosystems: Trust!

Trust

Trust is not only what you need in times where more and more workloads are sourced out into public cloud- and hyperscaler-environments, it is a strategic asset! Trust needs to be at the center of your actions, but there is another aspect being strongly related to that: Security!

Security

With open-source software, literally everyone can check the source code and find security issues. Yes, it might be painful and it feels better with proprietary software, since their security issues are handled way more silent – but this is security-by-obscurity! Just because security issues are not that well-known, it does not mean they don’t exist. Instead, there is a higher chance for them to be exploited, since there is no sense of danger. Open-source-projects fix their security issues regularly and often – proprietary software vendors might not do this. This leads to another important aspect of open-source: Support.

Support

With open-source projects and solutions, you get an awesome level of support if you dare to ask. Yes, the tone might be sometimes a bit … nerdy, and yes, there are no SLAs, but this then again is where you can rely on professional vendors such as Cloudical, providing you with SLAs, professional support and managed services. The advantage of those vendors give you over proprietary software vendors is quite important: They are independent of a specific (proprietary) software stack! So they give you support and consultancy, but in an unbiased and open way.

If you compare this to vendors of proprietary software, they usually want to sell you their products – which might not be what you want. The open-source ecosystem provides you with many vendor-neutral frameworks and solutions – and you find a lot of skilled experts for your operational needs. And even if not (or if it would not be enough to hire those experts) – there are several very affordable and well-executed managed service offerings in place!

Managed Services

Since experts, specifically cloud infrastructure- and software-experts, are a rare things nowadays, there is a huge struggle for finding and hiring the brightest minds. Nonetheless, you need the know-how and knowledge to run your infrastructures and workloads – regardless of the cloud environment and regardless of the workloads you are throwing at them. Managed Services for open-source ecosystems are platform- and vendor-agnostic, so they can work on every cloud and on every platform.

Since the required knowledge is reusable and (mostly) independent of the platform, it will give you peace of mind and sustainability in regard to operations. This would be more complicated with vendor-specific software and infrastructure-stacks, since they are way more limited in regard to their usage and usability scenarios. Another aspect of open-source projects is that they are usually widely adopted and utilized – in their original, vanilla form.

Vanilla

The foundation of products such as Red Hat OpenShift, SUSE CaaSP or Rancher K3S is Vanilla Kubernetes. The foundation of Red Hat Open Stack or Mirantis Open Stack is Vanilla Open Stack. The foundation of Pivotal Cloud Foundry or SUSE Cloud Application Platform is Vanilla Cloud Foundry.

And the good thing is: All the things you or your partners know from vanilla projects apply to the commercial distributions. With open-source projects, knowledge is transferrable between distributions, knowledge is shareable – and knowledge can be achieved without expensive certification trails (although some very useful certificate trails exist). And: Knowledge is shared within a community. It is understood as an asset, not something someone owns (because it was so expensive to gain). Community stands at the center of open-source.

Community

With community, open-source starts and with it, the circle closes: Without a community of enthusiasts, interested industry partners and supporting foundations, open-source would be not even half as appealing, as it is. Open-source is for a very long time matured, processes and governance exist for dozens of years, and even companies such as Microsoft, Oracle, SAP or Amazon contribute to open-source. They form a community, big foundations support and steer the process and create the sustainability in the projects they chose to sponsor.

Open-source is all about openness, trust, security, support, managed services, vanilla and community. And this combination of factors make open-source a strategic aspect and a strategic factor in organization’s sustainability. With open-source, you decide against vendor-locks and golden cages, surpressed issues and horrendous prices. Open-source is trustworthy, cost-effective and driven by intelligence, not by greed.

What does this imply for Cloudical?

Well, with Cloudical we already decided to set more on open-source toolstacks. We decided to move away from Microsoft 365 and Google-GSuite-based approaches. We decided for an open-source CRM-system. We integrate them, we operate them, we trust them.

We are currently setting up, integrating, automating and starting to operate our own open-source ecosystem – and we will make this stack (i.e. Rocket Chat, Keycloak, Harbour, etc.) available to our customers as managed solution and service.

We already offer awesome consultancy and managed services, and we will step up the game later this year. There will be way more offerings from Cloudical, and we will broaden our support for the open-source ecosystem – so stay tuned on that!

What does this imply for me?

For me, personally, this implies way more usage of these technologies. I need to learn and adjust, even if it implies leaving well-known and comfortable ecosystems. But I feel it is worth it, because to me, trustworthiness, privacy and security are more worth than “just” comfort.

To me, it is worth every effort. I personally don’t trust Microsoft, Google or Amazon. I don’t want to be spied upon, don’t want to be bombarded with advertising and don’t want my profile to be sold to some random company. I don’t want my data and my workloads to run within environments we don’t trust (and we can not trust them, because it is their proprietary ecosystem!). I want to support alternatives, I don’t want this world to end with some dominating companies – I want freedom of choice, trust and security.

So to me personally, there is no alternative to this positioning and to this approach.