This past week has been pretty exciting for cloud computing.  Citrix moved CloudStack to the Apache Software Foundation to deliver what we heard our partners and customers demanding – a production-ready, open source cloud computing platform that embraced the most permissive of licenses and the most established, proven community in the world of open source. By responding to this market need, we believe we have positioned CloudStack to become the leader in cloud computing platforms.  While open source software generally represents a disruptive technology with designs to commoditize a mature,  proprietary or legacy system, this is one of the first times that I can remember where we are watching a technology disruption that is being led with the adoption of open source and its community development model. It’s increasingly clear that open source systems will be among the biggest winners in the Cloud Era.

To capitalize on this opportunity, vendors are falling all over themselves to claim they are open source.  For as much cloud washing that has gone on the past few years, we are entering a stage where “open washing” has become the norm.  It’s a bit like calling a food product “natural” (sorry to disappoint you, but just because Captain Crunch has fiber in it does not make it good for you). Without some clear guidelines, all the vendor claims and counterclaims make it difficult for companies to understand how truly “open” the technology is that they are being pitched.

To help sort out some of the confusion, I have laid out “Three Key Questions to Ask Your ‘Open’ Software Vendor” to get a better idea of what they mean when they say their product is open source. We’re not implying that there’s only one right way to do open source.  After all, there are many successful models for delivering technology under the open source umbrella. It is important, however, that you understand what each vendor means, and the implications their choices might have on you as someone buying or building on their product.

1. Under which open source license is the product licensed?

There are a number of open source licenses that have emerged over the past twenty years. The open source industry is littered with acronyms like GPL, ASL, CDDL, BSD, etc.  The most important thing for any customer or user to understand is how these licenses impact the various freedoms associated with open source communities. Traditional copyleft licenses like GPLv2 and v3 have thrived under the explosion of Linux over the past decade, becoming the standard license of the various distributions in the market. While GPL has been great for  packaged software programs like Linux, its rules around IP protection and reciprocity have made it a less than desirable license for many enterprises. In fact, many organizations have strict rules in place for where GPL can be deployed and managed in an enterprise data center, specifically to protect internal innovation and IP development. As a result, more permissive licenses, like the Apache Software License, have taken center stage as the license of choice for the build out of cloud services. These licenses have minimal limitations on how the software can be redistributed or used. While the Apache Software License offers the same freedoms in terms of how the software can be used, its permissive structure allows for broad innovation, deployment and distribution without any of the restrictions that come with copyleft licenses. In short, this means that customers are free to consume, distribute and innovate on the code without any risks of losing any corporate IP. This elimination of risk has also become very attractive to ecosystem partners and developers who view this model as a preferable way to engage in community development.

2. How is the project governed?

Governance is one of the most important attributes of an open source project as it defines a lot of the behavior in the project and in the community. There are two models emerging for open source projects: 1) Corporate-led governance and 2) Foundation-led governance.

I’m reminded of an article I read a number of years back when I was working for Sun, around the time of OpenSolaris. Sun was criticized heavily by Michael Dolan of IBM in an article that blasted us for open sourcing a technology, but maintaining complete ownership of the project direction and copyrights.  In his post back in 2007:

“It’s not my place to determine whether any of the current buzz words today that mingle corporate led open code projects under various licensing and governance constructs are “right” or “wrong,” but I do have a strong opinion that the independent open source projects often have a leg up in building communities, participation, and multi-vendor investment (and often that’s their goal). I also think it’s foolish to expect any single company, commercially led project should behave in any manner other than a commercial business driven by stockholders would.”

As I look back on this today, I’m reminded of how correct Michael was in his statement.  A commercially driven open source project that has direct ties back to a single corporate entity is governed by a structure that is designed to benefit one person/organization – the corporation. Customers seeking the freedoms of choice, lack of vendor lock-in and true community engagement and innovation will want to align themselves with a project that is aligned to share success, influence and directions of all the members within the group – not a single entity.

3. Can you access, study and deploy 100% of the commercial code without any obligation to purchase?

“Open Core vs Open Source” is a very heated debate in the development community; with opinions so strong and polarized you find similar passions in this debate as you would around religion or politics. Many would argue that companies that follow the open core model aren’t open source companies at all, as all of the “good stuff” that brings value to the product are held back under proprietary licenses and only available under a paid model. This is an important distinction as the benefits of open that most companies seek are still unattainable in an open core model. Even in projects where the core might be completely open and delivered under a permissive license, if the packaging and delivery of value-add in the solution is not made available under the general “freedoms” of open source, users are getting no more benefit of using these technologies as they would with proprietary solutions.

The bottom line is that there are many models of open source in the market and it is important for users to fully understand what freedoms they are benefitting from when engaging with specific projects. Our move with CloudStack this week demonstrates how open we believe these projects need to be – permissive licenses, contributor-led foundations and governance with complete transparency of code.