Expositus Procuratio

Previous Next
10

What is Open Management Consortium?

 

The about page states the primary objective as "Create awareness of open source management tools in the market", so the focus is open source mangement tools. Fair enough.

 

But open management need not mean open source management. There is a lot more to openness than seeing the source code. In my experience ability to see the code is not even highly sought after by the customers ( I work with). I think the term "open source" has come to embody a lot of things that we've been longing for: interoperability, integration, transparency which are also somewhat mentioned in the objectives. I think the "Open Management" as a term is a better embodiment of these principles.

 

This is not just a play with words. The nuance is important. There are already calls for the large management vendors (loosely referred as Big 4) to open source their products. I don't this approach is neither realistic nor productive. I think we ought to demand them to be more "open", and this does not mean they have to open source their products. There are many other steps that are much less controversial, yet may even be more useful for the industry. IT management vendors (as most software vendors) are typically very "closed" organizations. What do I mean by that?

 

How many of you have signed an NDA with a vendor? It's pretty much demanded by every company I dealt with so far that restricts what I can share in public. NDAs are used routinely in the industry. You want to have access to software, you have to sign an NDA. This may sound trivial but I think it illustrates the attitudes and the problem. Tendency is guard information, not share it.

 

Can you go to the websites of the Big 4 (or to any of the other large management tools vendors) , download the product you're interested and give it a spin to see whether it meets your needs? Overwhelming majority of the vendors do not even have evaluation copies available. Transparency. Do you feel like you can participate in the direction the product? Can you even see where the product is heading? And pricing. Can you tell how much the price of the product is without putting a gun on the account manager's head?

 

I think "open source" products are on the rise, not necessarily because we can see the code (most of us can't care less) or we can contribute to the development (most of us are not devleopers) but if a product is open source, it is assumed to be "open". We can take the open source product,s evaluate/use as long as we want, learn from experiences of the others in the community, and earn our say on where the product is heading, well, not always, but may be most of the time.

 

In short, I believe we should value emphasize the open in open source more.

 

I think one reason we are relying on open source as the litmus test for openness is that the other criteria for open source is easier to establish than criteria for being open. Not having an established way to measure openness, it is easy to descend into subjective "I'm more open" pissing match. So I wonder whether it would be possible to come with the criteria to measure how open a company is. I've already hinted some of my criteria, I'm sure there are other better ones.

 

 

 

1. Access to the software. There is no reason why potential customers and partners should not be able to download and evaluate the software, without being harrassed by sales people first.

 

2. Published APIs and developer programs. Almost all companies claim some sort partner program, but few has active ones, and there are lots of barriers. No reason why the API and documentation should not be available to any interested party, along with the software. The process to become a partner or use the APIs should be simple and transparent. Software vendors should take a page from the book of companies like Google, Yahoo and Amazon in creating APIs and developer ecosystems. The process to use APIs should be straight forward both from technical and commercial perspectives. This is essential for integration and interoperability.

 

3. No NDAs to silence customers and partners. Let people share their opinions and knowledge as they like. In all these years in the industry I've signed many NDAs, I don't think I ever knew anything worth protecting. This approach is simply poisonous to sharing and collaboration.

 

4. Available communication channels for the community to participate. Having couple of product managers talk to couple of important customers simply won't do. To ensure the products stay relevant and useful, the best option is to let the community have a stong voice and provide guidance. This is probably harder to quantify than others.

 

5. Transparent pricing. The game of hiding the prices, having very high list prices and offering big discounts is getting old. Why not publish the prices?

 

 

If the software vendors did all of the above but kept the source closed, I'd be more than happy. I'd wager that most companies would not score all that well using these criteria.

 

 

What do you think? Are these reasonable? Other criteria to quantify openness of a company?

Tags: open_source_community, open_source_systems_management, open_management_consortium, open_source, open_management


Jan 1, 2008 7:05 PM Click to view Greg Wallace's profile Greg Wallace

good stuff - I agree.

 

one additional aspect to being open is embracing open standards, or said differently, being standards-based. Usually open source enbraces standards more so than proprietary alternatives, but in systems management, it's hit or miss, and my project NetDirector misses on this mark. The lack of adherence to standards by many open source systems management projects was raised by some of the folks on the Ubuntu Server team at UDS Boston 2007.
Jan 2, 2008 2:17 PM Click to view Berkay's profile Berkay in response to: Greg Wallace

agreed. Standards can be a good driver for openness. Though it's not always clear what standard to follow. I remember talking about the rising web services standards and its impact on IT management about 7 years ago. I had predicted that with standard web services APIs, we were going to see less and less bespoke integrations. Needless to say, I was proven wrong (at least so far). We're still spending majority of our time in implementations, integrating this product with the other etc. Standards support is scarce.
Jan 3, 2008 6:39 PM Click to view alex Honor's profile alex Honor

I agree with your five criteria but I want to comment on #2, especially.

 

One of the most frustrating outcomes of the IT management world are the multitude of stove piped tools. There is a tool for every specialist activity. At a small organizational scale this means each IT discipline has to jump from tool to tool to drive their own life cycle. At a large organizational scale, there is little capability to drive change across specialist tools.

In both cases, support for simple integration of management tools is almost non-existent or inaccessible to a typical user.

 

Moreover, how an IT infrastructure is managed depends on the business. SaaS and e-commerce companies ultimately end up writing their own management frameworks. Because third party vendors don't design their tools to be opened up and used as building blocks, customers end up cobbling solutions together. These home-grown solutions range anywhere from sketchy shell scripts and documentation to more sophisticated elaborate frameworks. In both cases, there is a bunch of "reinventing of the wheel" just to meet the needed operational requirements.

 

I think the Unix toolbox philosophy should be followed when it comes to IT management software.
Jan 4, 2008 12:23 AM Click to view Damon Edwards's profile Damon Edwards

This post really provokes several thoughts that fire me up:

 

1. Standards-based interoperability (in the vein of classic unix tool chains) is desperately needed, but standards processes aren't going to magically lead to the "openness" that mberkay is outlining. In reality the two have very little to do with each other! What is one of the most standards filled industries with which we interact with every day but is also one of the most closed and predatory? Why the phone companies, of course. Only the threat of a superior business model (i.e. google and skype invading their turf) or the threat of legal/regulatory action has EVER moved them to open things up.

 

Since it is hard to imagine regulatory agencies turning an eye towards management software, the only hope there is to "open up" our industry is to threaten its business model... which is exactly what the Open Source movement has done (we should really use "Free Software" to be precise... "Open Source" is an awfully overloaded and loose term). This development has made a tremendous impact on legacy vendors by directly threatening to steal its customers.

 

2. What mberkay is describing in his post is a social contract between software vendors and their users. As veterans of this industry, we are all far too familiar with the unfortunate fact that a contract is worth less than a roll of toilet paper without a legal mechanism to back it up. How solid is a privacy policy or a EULA from you favorite web service? How much do you believe your vendor's mission statement or pledge of "openness"?

 

The real power of free software has little to do with the source code being visible or the price tag of the license being zero. It has everything to do with the fact that the social contract is basically guaranteed to be fulfilled. A big part of that is the legal threat (i.e. the license) that backs it up. Don't listen to your users? They'll fork your project. Adopt predatory pricing? They'll just use the software for free and work around you with a lower cost services and support provider. Don't provide open interfaces or an API that plays well with others? The community will code around you and cut you out of the ecosystem.

 

If you are selling a highly specific tool or solution that requires little or no configuration and integration, users won't care so much about that social contract (as opposed to cost and features). If you sell a platform or framework (which is what almost all system management tools end up looking like in the end), the social contract is very important to your users (although I doubt they'll ask for it directly by that name).

 

So if you want the ultimate judge of a company's "openness" look no further than the terms of their license. That is putting their money where their mouth is. If those rights mberkay described aren't ensured by some clear legal mechanism they are pretty much hot air... no matter what the marketing and sales departments tells you.
Jan 4, 2008 9:34 AM Click to view Berkay's profile Berkay in response to: Damon Edwards

@Alex, all I can say is I feel your pain <img class="jive-emoticon" border="0" src="http://beta.openmanagement.org/images/emoticons/happy.gif" alt=":)" /> This is something that almost all shared infrastructure providers (internal or external) that I work with suffer from. Point to point integrations (typically provided by vendors) are typically weak and APIs are either not available or easily accessible making life difficult for 3rd party solutions.<br />

<br />

I'd like to hear more about what you mean by "unix toolbox philosophy" at some point!
Jan 4, 2008 10:43 AM Click to view Gerry Brown's profile Gerry Brown in response to: Berkay

I too feel the pain of so many vendors and very little true integration.

 

One of the greatest collaborative open source tools I have seen is the Untangle gateway. These guys have tied a number of open source security applications into a single easy to use package.

 

It would be great to see a framework like this built for other areas of the system management.
Jan 4, 2008 12:00 PM Click to view Berkay's profile Berkay in response to: Damon Edwards

Allright, we have the discussion going now. I'll start with my background to give some context to my comments, because I often feel the blind elephant http://www.wordinfo.info/words/index/info/view_unit/1/?letter=B&spage=3 syndrome in discussions.

My experience has been mostly in the monitoring and event management (or in ITIL terms config mgmt,change mgmt,incident mgmt,problem mgmt and service desk) in the larger organizations, service providers, large financial corporations etc. I believe the requirements and dynamics in very large organizations is very different than the SMBs so it's important to note where one is coming from.

 

@Damon, first, I share your concerns about the standards. Especially if you mean standards that are established by regulatory agencies, but it does not have to be that way. "Standards" also can be driven by companies open source or otherwise organically. In the web environment SOAP vs REST discussions can be an example. Many people did not like the SOAP standard and REST like web services "emerged". It is not a written standard but yet is established. REST like web interfaces, RSS, ATOM can be used for integration on the web easily. This has not happened in IT management field and we're paying a steep price for it. Sending an SNMP trap is still the only established (commonly used) method to send information from one application to the other, and that just does not do folks. There is no standard/accepted method for the applications to exchange data and integrate with one another, open source or otherwise (in the IT management field). I'd love to give credit to open source project for doing this better, but that is just not the case. In fact, I believe OMC was originally founded to address this very problem. AFAIK, there has not been much progress. So I don't see open source offering a solution to this problem, at least not so far.

 

I like the "social contract" description. Not sure I agree that the social contract is worthless if not backed up by legal mechanism though. Community perception and brainshare can also be quite powerful motivators, if the community was to demand and value such a contract.

 

I do disagree however that having an open source license alone makes a company "open". I do agree that this is the current perception; one that I believe to be false. Availability of the source code, and the fact that I can fork it if I wanted to is not much of a comfort. Most of us are not developers, a script here and there is fine but we can't fork a project and make it open nor do we want to. We just want to use them. This may be the fundamental difference between open source projects that target developers and open source IT management tools. From what I see, open source works much better when the target audience of the product is developers. The relationship is problematic for open source IT management projects. This is perhaps why most open source IT management tools projects are driven by commercial companies rather than the community. Most users of IT management tools are not developers. We can contribute in some ways but we can develop the product itself. People who have both IT management and software development skills are a rare breed. Precious people

 

I also don't think that there are open source solutions for the problems we face in large organizations. I am most familiar with the network monitoring field, which happen to have a lot of open source tools, yet they are nowhere near meeting the requirements of large environments. SNMP polling a device and reporting it down just does not cut it. There are very hard problems to solve; problems proprietary vendors are also struggling to solve, nonetheless they are ahead. I know I'll get grief for this paragraph but this is what I see based on my limited view of the world (refer to the first paragraph on where my experience lies).

 

In short, I feel we must promote and demand "open management" from all vendors proprietary or open source, and try to define what we mean by open as best we can. I believe this is a more realistic approach then demanding/hoping that large IT management vendor to open source all their products. That's just very unlikely to happen. We can get much better traction if we as the community demand more "openness" with concrete criteria. I think whurley's progress in BMC http://talk.bmc.com/blogs/blog-whurley/whurley/yes-were-open is indicative of this.

Boy, why do I feel like I'm going to regret pushing the Add button

Jan 5, 2008 3:55 AM Click to view Damon Edwards's profile Damon Edwards in response to: Berkay

I didn't mean to imply that the only way for a company to be "open" is to specifically make their source code available under an open source license. What I was saying is that the only way come close to guaranteeing protection for that openness (from a user's point of view) is to put some kind of enforceable mechanism behind it.

 

I'd never advocate that all companies should adopt an open source licensing policy. They have to do what makes sense for their business and their shareholders. But at the same time, user communities need protection from empty or misleading promises. How many times have vendors changed their mind about an initiative or dropped/changed a product line right out from under users? When a vendor asks a user to invest their time and money into a product on the grounds that they will provide them with "openness", why should they believe it THIS time?

 

Open source licenses give the community leverage over vendors who break that social contract (you are right that a single user can't do much with source code or rights of free re-distribution and use... but an active community or competing vendors can). It's the only popular mechanism that I've seen that can provide that guarantee (and it doesn't have to be an all or nothing choice per vendor). Maybe some other mechanism is possible, but I think you are going to have a hard time selling users on a vendor's "do no evil" pledge alone.
Jan 5, 2008 4:39 AM Click to view Berkay's profile Berkay in response to: Damon Edwards

Agreed! Well said. Many promises and initiatives have long been forgotten, so much that no one believes the vendors anymore, no? We've all turned into skeptics and rightly so.

To add to this, I also don't think the community/customers do not demand this strongly enough from the vendors. While working for a vendor I was surprised how shallow the inquiries related to integration were. Most often we just got asked "do you have an integration (adapter) with X?" or "do you have an API?" not much more went to it, so it is easy enough for the vendors to say they are "open".

This may be due to the fact that customers don't have the established criteria, vocabulary to ask the right questions. I may be wrong. "Open source" is one such criterion that is easy to ask so it has at least that advantage, but I think we need more granular definitions. As I work on integrations a lot, I had attempted to identify some seed questions to evaluate integrations in a blog post (http://www.ifountain.com/blog/Top8questionstoaskwhenevaluatingintegrationsolutions) I'm sure we can do much better than that collectively.

We should be able to more questions that will allow us to gauge the openness of the products, and better yet, should do this out in the public (domain rather than sales meetings) so that everyone can see the answers and scrutinize them. We need this conversation of openness to happen in the public domain (hence the need to do away with NDAs) to create awareness. If there is sufficient demand from potential customers, vendors would respond, otherwise it will not go anywhere (even if some people in the vendor organizations also push it, they also need backup.)
Mar 25, 2008 10:46 PM Click to view Louis DiMeglio's profile Louis DiMeglio

I know I'm a little late to the commenting game, but I wanted to say that I think that you make some great points. The network and systems management appliance company (that shall remain nameless) that I work for embraces much of what you're talking about by not creating our own agents and instead supporting everyone elses, supporting as many standards as we can for data exchange (XML/SOAP, SNMP, ODBC, sqlnet, etc) and sharing just about everything with our customers (including in some cases the source code). I will say though, that in a for profit company, when you are sharing something as sensitive as source code, you better protect it with an NDA. I never understood companies that required NDAs for public interface information (eg Canon wanting an NDA to release their MIBs), but in some cases you DO have to protect what you've got!
Click to view Berkay's profile

Berkay

 Member since: Dec 31, 2007

Thoughts on IT management

View Berkay's profile