The following is adapted from The Linux Foundation’s e-book, Open Source Compliance in the Enterprise, by Ibrahim Haddad, PhD.
Education and communication are two essential building blocks in any open source software compliance program. Both help ensure that employees, as well as others outside the organization, possess a good understanding of the organization’s policies governing the use of open source software.
Employee training serves as a venue to publicize and promote the compliance policy and processes within the organization and to foster a culture of compliance.
While clear and consistent messaging — whether it is internally to your employees or externally toward the developer communities of the open source projects you use in your product/software stack — help explain the company’s goals and concerns around open source.
The goal of providing open source and compliance training — formally or informally — is to raise awareness of open source policies and strategies and to build a common understanding around the issues and facts of open source licensing. It also addresses the business and legal risks of incorporating open source software in products and/or software portfolios.
Such training can follow a formal or informal format, depending on the organization’s needs.
Depending on the size of the company and the extent to which open source is included in its commercial offerings, the company can mandate that employees working with open source take formal instructor-led courses, possibly culminating in actual exams.
Informal training channels may include any or all of the following:
• Brown bag seminars: Brown bag seminars are usually presentations made during lunchtime by a company employee or an invited speaker. The goal of these seminars is to present and evoke discussions of the various aspects of incorporating open source in a commercial product or an enterprise software portfolio. These sessions can also include discussions of the company’s compliance program, policies, and processes.
• New employee orientation: In some instances, the Compliance Officer presents on the company’s compliance efforts, rules, policies, and processes to new employees as part of employee orientation, supplying new employees with necessary open source management information: who to talk to, what internal website to visit, how to sign-up for open source and compliance training, etc.
A website or online portal focused on a company’s open source management program helps tie together employee training with internal and external messaging and make it easily accessible.
Companies use portals in two directions: inwards, inside the company; and outwards, as a window to the world and the open source community. The internal portal hosts the compliance policies, guidelines, documents, training, announcements, and access to mailing lists. The external portal offers a public platform for the world and the open source community, as well as a venue to post source code of open source packages, acknowledgements, and other disclosures, in fulfillment of license obligations.
We’ve now covered all seven essential elements of an open source management program, from strategy and process, to staffing and tools, and more. In the next few posts we’ll discuss some common challenges to establishing an open source management program and provide some recommendations on how to overcome these challenges.
Get the open source compliance training you need. Take the free “Compliance Basics for Developers” course from The Linux Foundation. Sign up now!
Read the previous articles in this series:
The 7 Elements of an Open Source Management Program: Strategy and Process
The 7 Elements of an Open Source Management Program: Teams and Tools
Basic Rules to Streamline Open Source Compliance For Software Development
What is Open Source Software? Most of us think we already know, but in fact, there are a number of interpretations and nuances to defining Open Source.
This is the first article in a new series that will explain the basics of open source for business advantage and how to achieve it through the discipline of professional open source management. (These materials are excerpted from The Linux Foundation Training course on professional open source management. Download the full sample chapter now.)
Defining “Open Source” in common terms is the first step for any organization that wants to realize, and optimize, the advantages of using open source software (OSS) in their products or services. So let’s start by defining what we mean when we talk about open source.
When people talk about Open Source, they often use the term in a number of different ways. Open Source can be a piece of software that you download for free from the Internet, a type of software license, a community of developers, or even an ideology of access and participation.
Although these are all aspects of the Open Source phenomenon, there is actually a more precise definition:
Open Source Software (OSS) is software distributed under a license that meets certain criteria:
1. It is available in source code form (without charge or at cost)
2. Open Source may be modified and redistributed without additional permission
3. Finally, other criteria may apply to its use and redistribution.
The most widely accepted definition for Open Source Software comes from the Open Source Initiative (OSI). The OSI website also lists a number of licenses that have been reviewed and found compliant with the definition, but there are additionally many licenses currently in
circulation that meet these criteria.
The Free Software Foundation, for its part, prefers the term “Free Software” and a much simpler definition, but “Open Source” is compatible with and includes “Free Software.” Sometimes, these terms are combined as “FOSS” – Free and Open Source Software.
Now, there are also other kinds of downloadable software that are not Open Source, and they must be accounted for. These other types of software include:
● Shareware or Free Trialware, which is downloadable software with commercial terms that actually can involve payments under various circumstances
● There is also any other software that does not allow free re-distribution as part of another program, like, perhaps, one of your organization’s products.
Now that we’ve established what open source software is in common terms, we can move on to the business case for using open source software. Next week, we’ll discuss how and why OSS can be used for business advantage. And in the following articles, we’ll cover more open source basics including the operational challenges and risks for companies using OSS, common open source management techniques, open source licensing, and more.
Read more:
Using Open Source Software to Speed Development and Gain Business Advantage
With new devices and applications creating interesting use cases for IoT, smart cities, vehicle networks, mobile broadband and more, we are creating new ways to use networked technologies, and we need to be able to test these in realistic settings across locations. In his LinuxCon Europe talk, Thomas Dreibholz, Senior Research Engineer at Simula Research Laboratory talked about how they are building NorNet using open source software as an inter-continental Internet testbed for a variety of networked applications.
Dreibholz talked about two concepts underlying the NorNet project, multi-homing and multi-path transport. Multi-homing is designed to make the network more robust by connecting to multiple ISPs at the same time to provide multiple interfaces (addresses) and redundancy for continuous communication, even when some paths fail. Multi-path can make more efficient use of multi-home to utilize paths simultaneously for better throughput using Multi-Path TCP (MPTCP) or Concurrent Multi-Path Transfer for SCTP (CMT-SCTP).
Unfortunately, CMT-SCTP is not available for Linux, so if you want to use CMT-SCTP Dreibholz recommends using FreeBSD; however, MPTCP is available for Linux. While it isn’t yet in the mainline kernel, it has an active community and can be downloaded from the Université catholique de Louvain. The downside is that you need to compile it yourself, and you’ll need to spend a bit of time thinking about how the routing should be configured to take advantage of MPTCP.
The wired part of NorNet Core has 21 sites. Although 11 of the sites are in Norway, the other 10 are geographically distributed, with four in Germany, two in China, and others distributed all over the world. Sites span from Longyearbyen — about 1,200 kilometers away from the North Pole — to a southern site in Sydney, Australia.
Things can go wrong with experimental software and as a result of Murphy’s Law, things will go wrong, Dreibholz says. With sites in hard to reach locations, they are using KVM-based virtual machines running on a very lightweight installation of Ubuntu Server Linux that allow them to replace or reinstall VMs with misbehaving software without needing someone physically present at the site.
For more details about all of the many technologies used in the NorCore testbed or to learn more about getting access to use the testbed for your experiments, watch the entire talk below!
Interested in speaking at Open Source Summit North America on September 11 – 13? Submit your proposal by May 6, 2017. Submit now>>
Not interested in speaking but want to attend? Linux.com readers can register now with the discount code, LINUXRD5, for 5% off the all-access attendee registration price. Register now to save over $300!
Throughout 2016, the SDS (Software-Defined Storage) category achieved many new milestones and became increasingly tied to successful cloud deployments. With SDS, organizations can manage policy-based provisioning and management of data storage independent of the underlying hardware. They can also deploy free and open source SDS solutions. Many people are familiar with Ceph and are leveraging it within their OpenStack deployments, but Ceph is far from the only relevant open source SDS project.
A market research report from Gartner predicted that by 2019, 70 percent of existing storage array solutions will be available as a “software only” version. The research firm also predicted that by 2020, 70 percent to 80 percent of unstructured data will be stored in less expensive storage hardware managed by SDS systems.
Just recently, Dell EMC joined the OpenSDS Project, of which The Linux Foundation is the steward. The OpenSDS community seeks to address software-defined storage integration challenges with the goal of driving enterprise adoption of open standards. It comprises storage users and vendors, including Fujitsu, Hitachi Data Systems, Huawei, Oregon State University and Vodafone. The project also seeks to collaborate with other upstream open source communities such as the Cloud Native Computing Foundation, Docker, OpenStack and Open Container Initiative.
According to the Open SDS project’s home, 2017 will be a milestone year for SDS: “The community hopes to have an initial prototype available in Q2 2017 with a beta release by Q3 2017. The initial participants expect OpenSDS will leverage open source technologies, such as Cinder and Manila from the OpenStack community, to best enable support across a wide range of cloud storage solutions.”
Meanwhile, the number of projects in the SDS category is ballooning. They range from Apache Cassandra to Ceph. The Linux Foundation recently released its 2016 report “Guide to the Open Cloud: Current Trends and Open Source Projects,” which provides a comprehensive look at the state of open cloud computing, and includes a section on SDS. You can download the report now, and one of the first things to notice is that it aggregates and analyzes research, illustrating how trends in containers, SDS, and more are reshaping cloud computing. The report provides descriptions and links to categorized projects central to today’s open cloud environment.
In this series of articles, we are calling out many of these projects from the guide, providing extra insights on how the categories are evolving. Below, you’ll find a collection of several important SDS projects and the impact that they are having, along with links to their GitHub repositories, all gathered from the Guide to the Open Cloud:
Apache Cassandra is a scalable, high-availability database for mission-critical applications. It runs on commodity hardware or cloud infrastructure and replicates across multiple data centers for lower latency and fault tolerance. Cassandra on GitHub
Ceph is Red Hat’s distributed, highly scalable block, object, and file storage platform for enterprises deploying public or private clouds. It’s commonly used with OpenStack. Ceph on GitHub
CouchDB, an Apache Software Foundation project, is a single-node or clustered database management system. It provides a RESTful HTTP API for reading and updating database documents. CouchDB on GitHub
Docker Engine volume plugins enable Engine deployments to be integrated with external storage systems and enable data volumes to persist beyond the lifetime of a single Engine host. Volume plugins exist for multiple external storage systems including Azure File Storage, NetApp, VMware vSphere, and more. You can find individual plugins on GitHub.
Gluster is Red Hat’s scalable network filesystem and data management platform. It can deploy on-premise, in private, public, or hybrid clouds, and in Linux containers for media streaming, data analysis, and other data- and bandwidth-intensive tasks. GlusterFS on GitHub
MongoDB is a high performance document database designed for ease of development and scaling. MongoDB on GitHub
NexentaStor is a scalable, unified software-defined file and block storage service that includes data management functionality. It integrates with VMware and supports Docker and OpenStack. Nexenta on GitHub
Redis is an in-memory data structure store, used as database, cache and message broker. It supports multiple data structures and has built-in replication, Lua scripting, LRU eviction, transactions and different levels of on-disk persistence. Redis on GitHub
Riak CS (Cloud Storage) is object storage software built on top of Riak KV, Basho’s distributed database. It provides distributed cloud storage at any scale, and can be used to build public or private cloud architectures or as storage infrastructure for heavy-duty applications and services. Its API is Amazon S3 compatible and supports per-tenant reporting for use cases involving billing and metering. Riak CS on GitHub
Swift is OpenStack’s object storage system designed to store and retrieve unstructured data with a simple API. It’s built for scale and optimized for durability, availability, and concurrency across the entire data set. Swift on GitHub
Learn more about trends in open source cloud computing and see the full list of the top open source cloud computing projects. Download The Linux Foundation’s Guide to the Open Cloud report today!
