 Hello and welcome. My name is Shannon Kemp and I'm the Chief Digital Officer of DataVersity. We would like to thank you for joining the latest installment of the monthly DataVersity webinar series, Advanced Analytics with William McKnight. Today, William will be discussing open source versus commercial vendor software in the enterprise. Just a couple of points to get us started. Due to the large number of people that attend these sessions, you will be muted during the webinar. For questions, we'll be collecting them by the Q&A section. And if you'd like to chat with us and with each other, we certainly encourage you to do so. And just to note, the Zoom chat defaults ascended just the panelists, but you may absolutely change that to network with everyone. To find them open both the Q&A and the chat section so you can find those icons the bottom middle of your screen for those features. And as always, we will send a follow-up email within two business days containing links to the slides, the recording of the session, and any additional information requested throughout the webinar. Now, let me introduce to you our speaker for the series, William McKnight. William has advised many of the world's best known organizations, his strategies form the information management plan for leading companies in numerous industries. He has a prolific author and a popular keynote speaker and trainer. He has performed dozens of benchmarks on leading database, data lake streaming and data integration products. William is a leading global influencer in data warehousing and master data management and he leads McKnight Consulting Group, which has twice placed on the Incorporated 5000 list. And with that, I will give the floor to William to get today's webinar started. Hello, and welcome. Hello, and thank you, Shannon, and welcome everybody. I am excited about the topic today. And I trust that you can see my screen now. It's about open source. And like most of my presentations, it comes from client interaction. It comes from client questions about is open source viable for me for production in the enterprise? Do I need a commercial vendor on top of this if I don't need the functionality that they provide or the managed service or what have you? And so, because I've been getting this question quite a bit, I raised this as a presentation and do know that I'm going to lay out some of my biases to begin with. So when I started in technology, open source wasn't really a thing. And it came along in the first, I don't know, decade, I guess, of my career, it sort of grew to where it became something that we all had to contend with in one way or another. The big umbrella there was Linux. And as that grew as a very popular operating system platform, and it was open source, it made us really think hard about open source, and it's only increased since then, and become what it is today a hugely popular way of developing software and getting software out there into the enterprise. And of course, the vendor community is all over open source as well, really hopping on on on a lot of open source projects, taking them forward for commercial success. And so, however, does that mean that we are necessarily needing to consider open source for our production and doing it without a vendor? Those are some of the questions that I want to lay out all the parameters for so you can make a decision. See, we're not going into every piece of open source software. I do have some examples, but I think the things that I'll share with you can generally apply and really help you out with some of those decisions. And a lot of those questions, frankly, come from executive management because they're there like me was at one point anyway unfamiliar with open source. And so it does, it does make sense. It is something that enterprises have to address. Now you might be interested that the first open source project, at least the first one that got popular and was recognized as such is the free software applications GNU project. And that was in 1983. And this was aimed to develop a free and open source Unix like OS called GNU. And I don't know about GNU anymore, but it did get the ball rolling. So what is open source? And I'm going to start with, I think, what is the standard definition? And it comes from this website called the open source definition. And I've heard this referenced many times in my conversation. So I use it as a premier definition of open source and these are the tenants. It's great to go out to their website. It's a small website, not a lot there, but a little bit more definition on all of these things, but free redistribution, keyword, they're free. I'm not even sure we would have an open source market if there wasn't some free to it. Of course, cost savings is a big attraction to open source. The source code must be made available. Derived works must be made possible. There must be integrity of the author source code, which has led to some organizations popping up that really help out with that aspect of it. I'll get to that. There must be no discrimination against persons or groups against fields of endeavor and the distribution of the license and in particular what that means is that the rights attached to the program must apply to all to whom the program is redistributed without the need for execution of any additional license by those parties. Okay, license must not be specific to a product, must not restrict other software, and must be technology neutral. So that's the premier definition of open source. Most open source or what we refer to as open source or what vendors refer to as open source does meet all of this criteria. That is changing recently, and I think that's a strong trend in open source. So does all this matter anymore? Are things open enough? The underlying license, it turns out it's, I think it's really less important than the ease that we're able to get at the software, such as in GitHub. So GitHub, cloud software, these things are starting to eat into this solid definition here of open source. So there's some cutting back, I guess, of some of these bullets and a lot of what is called open source today. For example, Meta's license for the Llama models, and I'll get to this in a little bit more detail, but their models and their code does not meet the standards. Specifically, it puts restrictions on commercial use for some users, that's source code restrictions, and also restricts the use of the model and software for certain purposes, which I believe you cannot use it for commercial purposes, which, wow, that's heavy, that's a lie. So that, but they call themselves open source. So I guess buyer beware, but let's drill in a little bit on this open source definition. Open source software is software that is distributed with its source code, giving anyone the right to use, study, change and distribute. It's also often developed and maintained by community of volunteers, such as what I show you here in the, in a couple of graphics, the Apache Software Foundation. We're probably all familiar with Apache. A lot of the stuff I use comes from Apache, and then cloud native a lot of the Kubernetes related software comes from cloud native. Now I went to KubeCon, which is a great conference, and that's their conference, the CMCF conference, I highly recommend it if you get a chance to go. So I'm a little bit more familiar with CMCF, but I think they're both kind of relatively the same. Open source software is often more reliable and secure, not always. And I do believe that there that you need to scrutinize open source software more for these things. It's often more affordable than proprietary software. Yeah, but it's not free. It's free to use and distribute. Yeah, the software is free, but you will pay more. Generally speaking, you will pay more in labor costs for open source software than you will for commercial software. Now, does it balance out? I will show you some examples from my practice a little bit later to see where that falls. Open source software is often more customizable than proprietary software. Yeah, absolutely. You can roll up the sleeves, fork the software, put in what you want. Maybe it gets pulled back into the core, maybe not, but you can do with it what you want. And that is really a big part of the idea. So again, I'll come back to when I started working with databases 30 years ago. The operating systems were all commercial units. I was working on OS 390 at the time at IBM. It's still around, still viable, of course, but a lot of these have gone by the wayside. There was IBM, AIX, APUX, Sun Solaris, SCO, UNIX. Okay, these are all ancient for a lot of you, right? But today it's all Linux. But we had those commercial operating systems back in the day. Open source software has won the day for enterprise operating systems. So the question becomes, what else is it going to win the day for? Databases? I don't know. It's really up in the air about databases. Probably not, I would say. And then so much more. I'm going to use some database examples as we go along here because that's what I'm most familiar with. And I think a lot of people on this call would be interested in that. So let's just drill in a little bit more. Open source software is often more innovative than proprietary software because the developers are not bound really by very much. They can do what they want. Open source software is often more transparent. Okay, because you got the source code available. A lot of people will say, well, I'm afraid of doing business with you, Mr. Vendor X, because you might go out of business. So will you give us all the source code just in case? And I often roll my eyes at stuff like that because I'm not sure what an enterprise would do with all that source code. Open source software is often more ethical, more supportive. It generally does have a community feel to it. And you will have to rely on the community. And I suggest, and I think everyone would suggest in the open source world that you be a part of that community and you give intake to the community. That's what makes it work really well. Open source software is often more sustainable than proprietary software because it's not controlled by a single company that may go out of business. Yep. That is the theory behind it all. So developers that I speak to really like open source. And part of the reason why is because their applications will be portable. And like let's take MySQL, for example, if you develop something in MySQL, it's going to be transferable between clouds with hardly any work required. And that is great. And that opens up the possibilities. It makes a developer skills more valuable because if you're deploying your skills on open source software that's so leverageable across different clouds, different platforms and so on, you're going to be more applicable in many more ways. So developers like open source doesn't mean we should definitely use it based on that, but they will advocate for it. The stages of open source and I'm going to use again CNCF because I'm most familiar with that software goes through stages in open source. The sandbox stage is for early stage projects that have the potential to become projects so CNCF is not going to let something in the quote unquote sandbox stage that doesn't have the potential. So they have to be they have to be open source or called open source right and license under CNCF approved license. They have to have a community of developers and users who are actively contributing to the project. So you don't bring your idea to CNCF you bring your project that's in development and has at least a small community must have a roadmap as well. And that roadmap must look like at least to the volunteers of CNCF, like it's going places, like it has the potential to really find its way into a lot of enterprises. And yeah, I did say volunteers there are volunteers behind these committees like CNCF. Now the incubation stage, that's really where the software takes off, at least a bit. And you develop your community even more at this stage. You've demonstrated that you can meet performance and reliability requirements of the CNCF team and its users. And finally you graduate to the so called graduation phase and I know a lot of enterprises that they don't even want an enterprise supported or yeah an enterprise supported open source project unless it's met the graduation phase. So they've met all the criteria for everything else. They've been in the incubation stage for six months, roughly speaking, six months, six months plus. And they have demonstrated that they can be used in production environments so you got production accounts going before you graduate so it's a pretty rigorous process and thank you to all the volunteers at these organizations that do this great work. There's also some different licensing models that you have to be familiar with an open source and the big ones are there's a permissive license. So this is like Apache license 2.0 the MIT license or BSD 3 clause license. So you have users to do almost anything with the software, including use it in commercial products. And then there's copy left licenses that require that any derivative works of the software also be released under the same license. So it's more work. It's still open source. This is like GNU, GPL, Mozilla, what else? Eclipse. So if you want to encourage people to use your code in their own projects, including commercial products, then a permissive license is a good choice. If you want to ensure that your code remains free and open source, a copy left license works for that. So a couple of different licensing models for software. Now, popular open source tools in our field of analytics. And I think most of these would be familiar, at least to some degree, not that you're using all of them by any stretch. MySQL, PostgreSQL, all the ones you see there and way more and way more. But I put up, I think the most popular ones just to show you the impact that it has because some of you might be using these and not knowing that they were incubated through open source. In order to enable cross functional collaboration and provide a more robust and up to date IT infrastructure and manage new risks that can jeopardize the trust in the software. This is why the software goes through the process at CNCF and comes to a graduation phase. Now, let me give you some more recent examples because these are boring. They've been in open source. They've done the open source thing. We're all familiar with them. I think they all have commercial providers on top of them. Should you want that. And interestingly, I have this conversation with vendors that are doing this. Frequently. And I'd say they're saying that probably it's probably around 60% of enterprises that I've gone with the commercial license above and beyond just the open source project. That seems to be kind of a running okay figure that I can share. And of course, they of course, most start with open source. And that means that you have a lot of projects out there in enterprises that are just starting out. And they're an open source so the number probably would be higher. If you consider that they will move on to graduate to a commercial license so commercial licenses of open source products still rule. Now, let me give you some more modern examples that maybe aren't as quite boring as those. Some with a little bit of maybe spice to them. So Lama. Lama is a large language model, a set of large language models, developed by Metta. Right. So this was released into open source in February of 2023, but it was released accidentally so it's quite an interesting story. Yes, a researcher at Metta was granted access to the model for research purposes and they shared the model with the third party who I don't know may have shared it down the line but eventually did leak online and Metta initially resisted not wanting to go not wanting to you know put this in open source at least not yet but they eventually said okay it's there we're going to go with it so Lama is going to be very impactful in large language models. Already we're using it and a couple of client situations. It's really great trained on a massive data set of texting code and can be used for a variety of tasks. Now Metta was initially critical of the leak as I mentioned saying it could lead to misuse of the model, but they have softened their stance. Now, in the past Metta had restricted use of its LLM to research purposes but with Lama to Metta opened it up but there is still a restriction and I pointed it out earlier. It bears repeating that you can't use it for commercial purposes and what is commercial. I guess the course may fight that one out eventually I don't know but if you're making a product that would clearly be commercial and do enterprises make product with Lama. I don't know that they do they do internal functions. But maybe it could be construed as commercial I don't know if Metta cares, but there's some greatness out there. This doesn't meet the nice definition of open source that I put out there at the outset. Now GRPC, Google Remote Procedure Call, nothing special here really except that it's made just a tremendous impact. It's had a nice smooth journey to open source and the open source community has played a great role in this is worked out the way that open source is supposed to work out. And it's made GRPC, one of the most popular RPCs in the world. Apache Iceberg indexes. Yes, it's interesting how things shake out in open source Apache iceberg of course it's Apache so it's open source. This is the data model that seems like every database is clamoring to support, because it's good for analytics, and we can, we could break that down, maybe another day, but it, the indexes that go on Apache iceberg. They are largely coming from open source like secondary indexes like bloom filter indexes, which are probabilistic data structures that can quickly test whether whether an element is a member of a set or not. And then zone indexes also that's dividing a document for purpose of dividing in concrete so that you can say I just want to look at for example maybe the titles of my documents for the body of my documents or the footers of my documents or something like that so it's a way of dividing that up. Pretty cool stuff. And it's interesting to me anyway that Apache iceberg indexes are coming from open source. What else, Jupiter kernel extensions are coming from open source and Jupiter kernel I think is a good example of bug fixing. Their community does a great job with bug fixing when they when the bugs pop up in Jupiter and Jupiter of course very popular these days. Duck DB is a more recent interesting journey to open source they are focused on the managed service aspect of Duck DB, not so much on the enhancements and so on, and making a business out of that. And that that company of course is mother duck that's doing that to Duck DB, and then LLMs other than llama, there are a number of open source LLMs that are available and open source. LLMs will evolve faster in open source, and that has been proven out so we're talking about GPT neo X 20 be GPTJ llama of course Falcon 180 be and blue. So different LLMs out there that are being developed in open source so hopefully those stories put a little, I don't know flesh on the bones of open source for you here. So why do people go for open source well number one is cost savings. Some developers may argue it's just, you know, just better stuff but I would say, at the end of the day and enterprises committing based upon the cost savings, really based upon thinking that it's free. Most right, but like I said before, there's some labor costs involved here and I'm going to show you an example from from our practice and a bit here that may open your eyes a little bit to this idea of the cost of open source. That's your community support. Some view it as a benefit versus an enterprise. Okay. Transparency all the things I think I've already mentioned about the characteristics of open source. A lot of people out there see them as benefits of open source now possibly also security and scalability and this could be argued. The other my argument about it is, yes, I do believe that the security scalability portability, etc. These are all, they seem to be generally better in open source but you got that those outliers that you really need to scrutinize, especially about security. And I have to bring up is an enterprise really able to do that work to do that work that is required to make it viable in the enterprise if you're not able to do it, and you're not able to do some other things I mentioned, you should stay away from open source. Now, me saying that now probably say this a few times, I will I do not have any reservation at all about going with a open source product with a commercial vendor anywhere in the enterprise to me. That's just that just we're dealing with the the enterprise vendor here. And their product just happens to come from open source. And but I don't have any reservations about that. The only reservations I will have. And when I share one, it has to do with open source directly into your specifically production environment. Testing QA have added but production that we have to be a little bit more careful with right. Okay. What else is a benefit. They protect you from high prices, runaway pricing. And, and it allows many companies to offer support hosting or manage services. It's interesting though, a lot of these open source projects. They do have multiple vendors companies that are offering support and so forth but there's one, one 800 pound gorilla per product and some of them there's two or three. But really there's largely one and that company tends to do most of the updates to the product so it's becoming a little less open at that point but again, it's if there's an enterprise in place. That's just how they're doing it. Now, there are some downsides. An example I can think of is when Oracle implemented the optimizer transformation and open source community would have probably refused the change due to complexity, because the problem can be solved in other simpler ways like by rewriting the queries but because it's Oracle and they're not open source right. They were able to implement that so you get some, you get some features and functions in your code that you would not get an open source because they would, they would gate it out. Now for vendors. Vanges are kind of clear. You get a starting point for a real enterprise company. The vendor has to create the market for the product though and in many areas this will add the burden of competing against an open source alternative. With an open source standard vendors can tap into a growing population of engineers qualified to help them build their products while also having a much larger total addressable market as enterprises buy into that standard. Now the downside of open source. Yeah, there. It's kind of the flip side of everything I've mentioned and sometimes you'll see the same bullets here as you did on the advantages it's all in your perception. Document but this is true documentation quality is going to be poor or more poor. Okay. There will be integration challenges security concerns. I didn't say necessarily that security is lacking but there are the concerns about it. The learning curve can be steeper without the great documentation without the great training and support and so on limited features like I just mentioned ongoing maintenance always happening seems like it anyway. Dependence on a community. Yeah, wow dependence on a community. It's a bit different for some organizations now some organizations, some clients of mine. I mean they swear by open source they're going to, they're all in on open source, but they created a culture to support open source. When you get into the more traditional organizations, that culture is not found. And that certainly should impact whether you go open source in your production or not. Dependence on the open source community for support and updates can be a risk. If a project loses community support or becomes inactive, it can leave you with unsupported software. Now, all these downsides that you see here they're not inherent to all open source projects organizations considering the use of open source should carefully evaluate their specific needs right. So, here I am and I want to contribute to open source. I'm listening to all this going yeah that's that's for me. I want to contribute well there's different ways to contribute we all know about writing code. Yeah, you can take a fork at the code, make your updates. And then the world will be using it maybe if it gets pulled, and you can feel good about yourself I suppose, but there's also opportunity to test right documentation report bugs that that is if you're a user, help with support, or donate money. Money is always good right at the end of the day so you can donate to CNCF many organizations do, especially if they're heavy users of projects that come out of these organizations so that's all great. Now, quick time for a joke. If I may, how many open source developers does it take to change a light bulb. They just submit a pull request and hope someone else will do it. All right, there you go. I'll be here all week. Now you want to contribute code open source right okay be sure you test that software. You don't want to try to sneak something in. You may or may not be able to do so if you do. There's a work code that has not been regression test, etc. That may be the last time would ever contribute to CNCF or Apache, or maybe both. Who knows. But how do you do it. Choose a project. That should be pretty evident, set up a development environment for the repository clone the fork greater branch so called branch. Edit your code. You're a developer right edit the code. Make it do what you want or make it do what you think other people want. Commit the changes to the fork and create a pull request now the pull request is going to get it into the main line of the code for everybody. The maintainers and community members will review your pull requests. Be prepared to address feedback and make changes. If your pull request is accepted, a maintainer will merge your changes into the main product project branch. Congratulations, you're now a software developer for the enterprise right. They look at things like does the addition benefit the whole community, or just you. They're not interested in it if it's just going to benefit you, or if they can't see their way to how it would benefit others. That's what they're about. So, keep in mind that these organizations, CNCF and Apache and there are others I just am using them as examples. They are nonprofits. There's the host open source projects. There's also eclipse. Mozilla OSI Foundation, and there's others as well but I just think I spoke of the top five and 90% of what you'd ever come across starting a company to close source and existing open source software project is a way to start a software project. Congratulations. However, it's a complex and ethically challenging endeavor with some gotchas that you would not have if you started your software from scratch. Open source projects are typically built on principles of transparency and collaboration. So before proceeding is crucial to consider the ethical legal and community implications of such a decision. And if you're going to receive blowback from the community and what that might look like. So you have to take care of that community. If you step into that endeavor. So you have all the same steps as creating a software company, but you also have some legality. You also have to engage with the community. You brand refactor offer licenses support services, and all the other things you have to do in terms of running your company so it's not a fast track to success necessarily, but if you're good at it, it does help you along. So that's all great. These are some features that are typically closed sourced. So you got your open source. And these companies that are maintainers on top of the open source are typically doing things of this nature and charging you for that. Okay. So this is where they make some of their money. Enterprise grade support. Advanced security vendor integration and the ecosystem proprietary algorithms or models customization without development resources, certifications and compliance, etc. The things you see there warranty and liability and all the things that we've come to to feel good about when we're dealing with our IBMs and oracles and and so on and so forth. Also, I would add, sometimes it's user friendly interfaces, because open source interfaces are not always the greatest so sometimes that gets enhanced. There may also be some industry specific features that get closed source so the open source project might be geared towards an industry selling support though. It's really not good enough. I don't think for a business model for these vendors. So the real meaning of commercial software the decisions are taken from a commercial point of view. And this example and the example I gave. Well, let me give you a new example, let me think about Oracle. Okay, so they sell Golden Gate we know about that right that's that's for replication, really great tool. No reservations about using it or anything like that. And quite likely they removed the change cat change data capture features from the database to get their customer to buy another product. Because it is closed sourced, you can't do anything about it. That's just an example that this plays out every day all day long, right in the commercial enterprise vendor marketplace, but you can't add a feature yourself, like you can with open source so Moving on. Yeah, databases, databases, open source databases, where are they going? Are they more popular, less popular, they're becoming more popular. Oracle SQL Server and DB two will stay for the legacy applications and open source is considered for new applications or modernization. That's the stands that many companies are taking today. They can migrate into PostgreSQL or MySQL, which are both. Well, I'd say they're probably the top two open source databases now there's this website. I'm sure you're all familiar with it DB engines. Okay, so this comes straight from DB engines. Thank you DB engines. And you can see that in, in terms of the number of systems, commercial licenses are trailing open source licenses. And in terms of popularity, same thing. But there is something in all this that I found even more interesting and that is that it depends on the database model. It depends on the database model. Quite a bit. Now, DB engines doesn't give you any kind of explanation for this, but it appears that, for example, spatial databases in their calculations, 100% open source. And all the way to the other end of the spectrum where you have these multi value databases now. I'll get into this but they are 88.1% commercial. So it depends on the model we can't just say databases across the board quite a few different profiles here. So I stared at this for a while to try and thought about it to try to figure out why that is so multi value database. Let's start with the one at that end. That's like inner systems cache. They're often using applications that require high performance and scalability such as OLTP and data warehouse. They're also using applications that require complex data modeling, such as ERP systems and CRM. The market chooses commercial licenses for multi value DBMS way more than they do for, let's say, time series databases, because I think multi value databases are more mature. They offer a wider range of features and have better support. And in addition, some of them are designed specifically for certain industries and you got to have an enterprise vendor for that. And so they offer feature and functionality that are essential for businesses in those industries. So that's why I think the ones that are on the right side of the chart here are more commercial than the left side. So find your way in here in terms of what you're looking at. So make sure you're considering the possibilities. And by the way, universities, they like open source. They have a great set of developers there right the students. And so they're perfectly comfortable with open source. And this definitely is a factor of, you know, bleeding into the enterprise. Because those developers in university are going to be the ones choosing their favorite data mix in a few years when they're in the enterprises and in software companies, right? So they're going to choose like we choose what we're comfortable with. So now there are many enterprises using both. I won't labor these case studies, but not hard to find not hard to think about if you're in the mix out here Kaiser Permanente Mayo Clinic JP Morgan, etc. Everybody really are using both and these are some of the, to me anyway, these are some of the headlines in terms of how these companies have strictly divided, not strictly what divided the workload inside their organizations. For example, Kaiser uses a mix in its integrated healthcare system, including Cerner first EHR system, Red Hat Enterprise Linux first operating system and open VISTA first ambulatory care EHR system. So it all depends. These are, I think it's a great, it's great when I see a flexible organization. It's great to me when I see an organization that's open to open source and yet still sees the value in enterprise software and the cloud by the way is going to cloud of course becoming very popular and comprising a lot of the software that we use now it's sort of compromising some of the, some of the value prop I'd say of open source because that data is available that not that data that software is going to be available on marketplaces and as I said before I think that's the real key thing that organizations are looking for the availability of software. It's surprising today to find a company with only commercial databases or only commercial software. Now, let me address the whole open source is free. So, yeah, open source is free software but I've said it a few times that your labor costs will go up for example, when you encounter an issue or when a security leak has exposed that's labor is generally unacceptable to run your company's core software in which you can't fix bugs are applying new security patches. And if you can't do that, then you're going to have to hire it very expensively and urgently, and that's going to cost you if you don't accept all responsibilities, you probably need commercial support at the enterprise level. And I'm going to get into this a little bit more. The savings on a commercial license can be invested in support training, and the team, you'll get more freedom trust and control the software that processes your data. So open source is not always free. And commercial is not always expensive. By the way, the other side of that coin. This is why most enterprises do not choose open source for mission critical apps. It's this, it's this variability in the labor potential. A database vendor stopping its product is an extreme situation and should not happen anytime soon. But there are real cases where people suffered from vendor locking. Remember when Oracle 12 point was at 1.02. It was out and we had no clue if standard edition was going to be discontinued no news for a long time. Finally, we got standard edition to with more limitations than the one that you bought the license for. Okay. Of course, people could upgrade to enterprise edition but the cost is a lot more. There's a lot of other examples out there. There's one from Cisco. And I'm not going to, I'm not going to get into it here running a little bit long time but Cisco reported a critical security vulnerability in 2021. In their Java logging library called log for J and the vulnerability was dubbed log for shell. I encourage you to look up that story. If you want a nice Halloween story here for open source. Now move on. Security. Okay, let's drill in on a on an item here security of open source versus commercial vendor software. Open source is transparent. Yeah, you can find, you know, theoretically anyway, I always say theoretically because I don't know that that your company has the skills required to do this work. But if you do, you can do you can look at the code you can you the code is transparent only if you know what you're looking at right. The community and vendor support or lack thereof complexity. Commercial vendor software you got your vendor support you got rigorous security testing. They're not necessarily transparent about what exactly it is they do. You get the pudding when it comes out of the oven. But you will pay for that. Both open self open source software and commercial vendor software has security advantages and disadvantages. I'm not giving the, I'm not giving the lean here one way or the other, because again it depends on quite a few things. But if you're looking for software that has vendor support and is subject to rigorous security testing than commercial vendor software may be the only choice for you. However, it's important to be aware that commercial vendor software is not typically transparent, and it can be more expensive than open source software. So consider your risk tolerance. Consider the criticality of the application. Consider your budget, of course, budget and risk, they go hand in hand and consider your technical expertise, which is something I've been trying to stress. So while many of these open source software projects are well maintained and secure, some of them have security vulnerabilities. It's important to keep your open source software up to date and to use security best practices when using open source software. What about that support. How is it. It's a get back to my joke about well submit a request and hope for the best some cases yeah. If you can't do it yourself. The quality and quantity of community support for open source can vary depending on the project. Of course, commercial vendor software often comes with an SLA, which is great. You can count on it or you can count on getting some money back from the vendor. Consider if your team has that expertise. As an example for progress, you have the mailing list slack channel telegram and of course stack overflow itself so there's different ways to get in touch with that community of course that's a thriving community very robust and mature. I think you should assess the community before you take on an open source project. Now, let me share with you from my practice again. Open source and close source cost. Okay, we did a project we've actually done a few projects like this where you get a commercial we get a commercial vendor that says we want to show the world that it's going to cost more to stay with the open source versus adding us on top of it. We went about it open minded skeptical, of course. And this was astro streaming from data stacks. Okay. So, that's a mouthful but we're talking about a commercial streaming product versus a self managed open source project. Now, with astro streaming the arcade now I'm netting it all out right I could give a whole presentation on just this but I'm going to net it all out for you. Architecture was consolidated and simplified along with many of the management administration and disaster recovery functions inherent in a self managed platform. The performance and resiliency of the fully managed astro streaming can keep up with active mq the open source without the burden of scaling out infrastructure or scaling down scaling was simply better and you pay for what you use and therein is some of the cost differentiated differentiators. We found that in situations where messages per second throughput rapidly and frequently spikes and various that's called bursting astro streaming was two times cheaper in infrastructure costs and up to four times cheaper in total cost of ownership which is the bottom line. And utilizing a streaming jms data environment to fully managed astro streaming would have many benefits and capability enhancements, including real time data integration analytics and AI ML application so it sets you up for the future better to be in the enterprise version of this particular piece of software. And we use the OMB on this and these are some of the artifacts hopefully you can see this and you can see that the milliseconds for the astro streaming was a lot better than for the open source. And the cost of maintaining active mq was a lot more than streaming that's in the middle. And the performance was a lot better for astro streaming now this may be you may look at this and say wow that's an extreme example, usually not that divergent. And I would agree with you, but frequently they are, and there's one way to know, and that is to do the testing so if you care about this stuff. You need to do your own testing before you take on an open source tool know what you're getting know what you're missing. Bottom line here are TCO and this was an eye opener for me to frankly because I didn't think it would be this dramatic. What is it about nine eight nine times higher bottom line TCO on a three year basis. And another thing that we see we've done this again I'll say we've done this a few times. Another thing that we see is the more we scale it, the more the TCO leans in the favor of the commercial version so if you're going to high scale all the more recent to stick with a commercial version. So what are the decision making factors cost of course always right features customization the open source tools are typically more customizable support we've talked about that security we talked a little bit about that. They both can be secure, but get into the tool that has the track record that you can work with community. It's a community robust. Do they really jump in and help. Are you going to be a part of it. And I think I have a if I don't have a bullet in here. I should that if if you're not really ready to contribute back to the community if you just want to take. I think that you probably should stick to a commercial software. Be a part of the community. And that's that's another way that you get back and that also costs you in labor costs right. So, there you go another thing inching up your labor costs on the open source site. Long term support. Yeah, your team's expertise. And if you're into, if you're into open source to a great degree, you're comfortable with it. All these things don't bother you that I'm talking about great. I would walk into that shop and say yes stick with it. But if you're not that and I would say probably a good 80% of companies are not that then you need to be building that if you really want to go into open source in a, in a big way. Consider your budget. Consider your compliance requirements as well. Some industries have strict compliance requirements that may require you to use those source tools. So consider those as well. So where's it all going. Here's what I think. And I've hopefully I've given you a fairly balanced approach, at least until now on this equation. Enterprise level features like security partitioning and parallelism better instrumentation troubleshooting tools blah blah blah. I don't think they're going back to open source. If you want these in a robust way, nobody seems willing to develop that. Excuse me in open source seems to be more of a commercial function. I see more on balance situations happening. What's an on balance situation or kind of alluded to it on the prior slide. For example, AWS, they have taken many open source databases from the community. So Aurora reuses my sequel and PostgreSQL Redshift reuses PostgreSQL Dynamo DB storage is based on my sequels in ODB. Yeah, they take it at interesting features, but don't give it back to the community. And the cloud provider notoriously is reusing open source in their commercial services. So, yeah, that's what I mean by on balance situation. I see more of that. Vendors will provide a smaller subject subset of their features for free and enterprise features like backup stability scalability and encryption come with a commercial license. And I threw a news item in there from this year. What is Google doing with its open source teams? Well, it's letting them go to some degree. So I think that's an indicator there. There's a lot of other examples like I can think about MongoDB, they re-license their open source core to the copy left SSPL. So that's impossible to use their code for a managed service. So, yeah, all sorts of things going on elastic and confluent. They did some similar things cockroach DB also re-licensed to the GPR license. And they have some restrictions now when it comes to embedding it with proprietary software like for a managed service. So you've got to be on your toes. I think we're in the midst of post open source in which software matters more than ever, but it's licensing is going to matter less. Everything is trended towards permissive as open as possible access to software to the point that the underlying license is a lot less important than the ease with which you're going to be able to access and use the software. So my recommendations bottom line here from me to you. Evaluate your needs carefully before choosing an open source solution. Don't make it the default. Beware of the risks. Make sure you have the resource to support it. Open source software is free to use, but it's important to have the resources to support it. Be prepared to keep your open source software up to date. And tribute to the open source community. Now, there are a few things and I list them here that they've been in the open source community for so long. They're very rugged eyes in that, in that, in that way. And so I wouldn't hesitate around any of these. So don't get me wrong. I'm not saying watch out for these. There are studies, Docker, Prometheus, Grafana, Spark, Elasticsearch, Kibana, and Genix, HA proxy, and there are probably a few others that I wasn't thinking of that would fall into this category as well. So, and they're going to be there for quite a while. What else do I want to say? Personally, I'm, you know, I'm a database person, right? I don't recommend PostgreSQL and MySQL because I know the market really well. You can use a low cost database or a database that will be low cost to you in any situation and help you keep it efficient, but not everybody is so inclined. So I understand why you might end up in PostgreSQL or MySQL, but if you're concerned at all, if you're not this type A organization when it comes to open source, there are alternatives. You just have to seek them out. Many organizations are just bottom line, not ready for this, maybe in test. And I'm definitely, again, I'm going to say I'm okay with enterprise supported open source projects. So hopefully I netted it out here for you. This last slide was totally my opinion, my consulting. And that's what that is. And I hopefully have built up to this throughout the course of this presentation, which has been open source versus commercial vendor software in the enterprise. Back to you, Shannon, to see if we have any questions. William, thank you so much for another great presentation. I don't see any questions currently, but if you have questions for William, feel free to submit them in the Q&A portion of the screen. And just to answer the most commonly asked questions, just a reminder, I will send a follow up email for this webinar by end of day Monday with links to the slides and links to the recording. It's quiet, William. Well, I guess I answered all the questions. You're very good at that. You're very detailed, which I really appreciate my love. What are the most common questions you get from your customers? Well, they get comfortable sometimes with open source software in in testing development because so many projects today, they're on tight deadline from day one. And so it's up to the developers to choose their own database because there's just no time to involve anybody else. You got to develop this next week, right? So they reach for an open source database. They get real comfortable with it. It works in tests, it works in QA, and then the question becomes, well, can we just take it on to production the way it is? When you cross that bridge to production, then a lot of questions come up rightfully so about it being in production. If it's going to work, if it's going to scale, if it's going to be secure, and if it's going to have the support we need now once we make this mission critical. And so I hate to be the bearer of bad news at that point, but some of those questions must be raised. And sometimes, again, you're a type A organization, you got the skills, go for it, take the risk. Maybe it's not mission critical. You know, it's all big judgment calls. And in order to make these great judgments that, frankly, leaders in this space have to make every day. They need to be supported with good knowledge. And so hopefully I've put some points out there that people can kind of launch into their own research on. Maybe for their specific situation or maybe just in general as they go forward and make their decisions about open versus commercial. So I think that's a big question I get is, well, it's working this far in our testing QA. Why can't we just move it to production? Well, there are some bigger issues there. It's the human condition, right? We get comfortable with what we know. Yep. Right. And need some help sometimes to be uncomfortable and push the boundaries and explore new things. Yeah, absolutely. I want you to be open to open source and find some pockets for it, but just be careful. And there was some comments here that, you know, you did answer all the questions and some they didn't know they had, which is amazing, which is great. Well, William, thank you so much for another great presentation, really informative. And again, just a reminder to everybody, I will send a follow up email by any day Monday with links to slides and links to the recording. Thanks everyone. Hope you all have a great day. Thanks, William. Thank you. See you next month.