Open Source Infrastructure

Open source is a game-changer. But there are fields where open source performs better than it does elsewhere. Infrastructure software is one of the fields that is almost ideal for open source. We have observed this for years. Linux and GNU undoubtedly changed the world. As did Apache. And we are seeing more and more infrastructure components created in open source fashion. This somehow looks like a trend is emerging.

This all makes perfect sense to me. Infrastructure is a low-level architectural layer. High-level components naturally depend on the infrastructure (even though almost all UML diagrams very politely hide this obvious fact). The change in the infrastructure usually means a very expensive changes in high-level components. We have seen too many proprietary infrastructure components ruined by acquisitions or mismanagement which triggered an expensive application changes. Open source approach provides much more options in such a case. Good open source products survive mergers, acquisitions and even very bad mistakes of the individuals that run the project. The reason is that real open source project are never really owned by any particular company or individual. Fork is always possible. Therefore they survive where commercial software dies. Commercial software vendors will surely use the “open standard” argument here. But any engineer that ever migrated one “standard” implementation to another will know better. No standard is ever perfect, infrastructure migrations are never easy and they are always costly. And this is extremely unlikely to change in any foreseeable future.

Identity management is without any question part of the infrastructure. No solution can be really complete without an identity management part. Some identity management components were available as open source products for years. There was several good alternatives for directory services. Also the SSO, access management and federation was quite feasible. But there was one big missing piece: provisioning.

Identity provisioning is an essential piece of almost any deployment. It is an essential piece of enterprise identity management solutions. But also federation and cloud solutions cannot be really complete without it. It is also rather underrated technology. The engineers do not realize that they need it until it is too late. But even the few engineers that knew that it is needed somehow avoided it. The cost of commercial provisioning solutions is very prohibitive. It is usually not feasible to incorporate provisioning part in federation or cloud deployment because the licensing would cost fortune. But all of that has changed a great deal in last couple of years.

Today there are three good open source provisioning solutions. Commercial support is available for all of them. Also the price for at least two of them is very reasonable. It looks like the open source application infrastructure is finally possible.

Leave a Reply

Your email address will not be published.