There are now so many options when deploying to the cloud, enterprises are being faced with a Tyranny of Choice.  

They can get an IaaS (Infrastructure-as-a-Service) solution from:

• Amazon
• GoGrid
• Joyent
• Rackspace
• Savvis
• Slicehost
• SoftLayer
• Terremark
• VMware vCloud
• many others

Or they can roll their own IaaS by starting with:

• Cloud.com
• Eucalyptus
• OpenStack
• VMware
• many others

If they require services over and above basic IaaS, they can get a PaaS (Platform-as-a-Service) solution from:

• Amazon
• Azure
• EngineYard
• Google App Engine
• GridGain
• Heroku
• VMware/SalesForce
• many others 

And now Red Hat with their JBoss-based PaaS solution for cloud computing.  Underlying this solution is an Apache-licensed open source package called Deltacloud, which intends to abstract cloud provider API's to increase solution portability.  (The cloud is built on open source, you know.)

But Deltacloud is not the only cross-cloud enabler out there.  Not by a long shot.  There's also:

• fog
• jclouds
• libcloud
• libvirt
• lots more

That's a lot of options to get the basics up and running.  What if I want monitoring, security, disaster recovering, or other sprinkles on top?  Don't worry, there are lots of choices:

• AppDynamics – cloud monitoring console, performance stats
• BitNami – software packages, multi-cloud deployment
• Cloudkick – tagging, monitoring, multiple clouds, web terminal
• Cloudscaling – services around building private clouds
• CloudStatus – tracks Amazon EC2 and Google App Engine for outages, performance
• CloudSwitch – migrating enterprise apps to the cloud, VMware-based
• enStratus – management, governance
• InMage – cloud-based disaster recovery (DR) solutions
• New Relic – cloud monitoring console, performance stats 
• RightScale – auto-scale, management, deployment
• rPath – packaging, deployment, updates
• Scalr – auto-scale Amazon EC2, database backup & replication, monitoring, stats
• Standing Cloud – software packages, multi-cloud deployment
• Ylastic – Amazon and Eucalyptus monitoring

Wow.  With all those implementations, it would be great if there were industry standards to rely on so interoperability and portability were realistic goals.  Or maybe at least some cross-vendor groups focused on working together, even though some people think it's way too early for cloud standards.  No problem:

• Cloud Commons – Trip Advisor for the cloud
• Open Cloud Manifesto – let's all play nice
• Open Cloud Consortium – interoperability, testing
• Open Cloud Initiative – OCP (Open Cloud Principles) – definitions
• Open Cloud Computing Interface Working Group – IaaS interface API's

Ouch.

There are now so many choices in all these areas that paralysis may set in.  Inevitably, consolidation and fall out will take place over the next few years, but anybody who wants to jump in today will need to navigate some fairly murky (cloudy?) waters.

The case for implementing a Service-Oriented Architecture (SOA) with an Enterprise Service Bus (ESB) backbone is clear, and enterprises today have many open source ESB options to choose from. On Wednesday, August 4 we'll compare the leading open source ESB solutions in a free webinar. Open source ESB solutions to be covered in this webinar include JBoss ESB, Mule ESB, Open ESB, Petals, ServiceMix, and Synapse. Attendees will learn which ESB options are best suited to different enterprise SOA needs as well as how to approach migrations from commercial ESB solutions like Oracle ESB.

Other topics to be covered in this webinar include:

If you're interested in evaluating open source ESB solutions for use in your organization, or if you're considering migrating from a proprietary ESB solution, this webinar is one you won't want to miss. Reserve your seat today.

We're conducting a brief survey to learn how companies like yours are using open source software today. Spend a few minutes answering just seven questions, and we'll enter you in a drawing to win your choice of three great prizes:

• Free scanning of your software (up to 15,000 files) to find what open source software is included
• One free technical support incident on any open source project for which OpenLogic offers support
• One free two-hour open source policy web workshop for your company

The drawing wil be held on June 14, 2010, and the winner will be notified by email within 48 hours. So don't wait – take the survey now and be entered to win!

Click here to begin the survey »

Open source license compliance has emerged as a critical issue for businesses seeking to take advantage of the cost and technical benefits of open source software. Non-compliance can result in legal action, monetary damages, negative publicity, and compromised intellectual property.

On June 23 OpenLogic and Greenberg Traurig are hosting a free webinar about creating an enterprise open source license compliance program that will help you guard against potential risks. Attorney Heather Meeker will discuss best practices for complying with different types of open source licenses – including GPL, permissive, and Affero-type licenses – as well as how to maintain ongoing license compliance. Other topics to be covered in this webinar include:

• The license compliance enforcement landscape
• Infringement vs. compliance risks
• GPL v2 vs. GPL v3 compliance concerns
• Developing a livable open source policy
• Case studies: how to fix license compliance problems

Whether you're new to open source license compliance or already have a compliance program in place, you won't want to miss this informative session. Reserve your seat today.

How SaaS and Cloud Technologies like Hadoop Make Big Data, Big Processing Applications Faster and Easier

OpenLogic offers several solutions to help companies scan their software and systems to find any open source software that is being used.  At OpenLogic, we’ve proven that a (software-as-a-service) SaaS solution coupled with cloud technologies creates a faster and easier solution for our customers.

When scanning for open source software, there are two critical factors: lots of data and lots of processing requirements. The “lots of data” requirement comes from large volumes of source code, indexes and fingerprints for hundreds of thousands of open source projects. The “lots of processing” requirements comes from the need to quickly find all the potential matches where your source code includes open source code, and more importantly to narrow down those potential matches to the RIGHT match using sophisticated noise reduction techniques. 

Just to give you an idea of the technologies involved, we are using Hadoop, HBase and Solr to manage and search the big data. The analysis and processing is done in a Ruby on Rails SaaS application that is distributed with dozens and dozens of workers across an array of servers. There is also a small client-side Ruby application that does fingerprinting of local code so that your code never leaves your firewall.

We’ve seen three key benefits for customers in using these SaaS & cloud technologies:

1. Instant on, zero hardware requirements

Customers don’t require any special hardware or any special data storage. They get an “instant on” and can be scanning within seconds. This is a well-known benefit of a SaaS solution, but it is even more critical when you are dealing with applications that rely on big data.

2. Better results, better performance

There are always new and better techniques to find and pinpoint matches between your code and open source code. Because the heavy-lifting of processing those matches is done in OpenLogic’s data center, we can add new and better algorithms without slowing down customer scanning or requiring them to add new hardware.

3. Latest and greatest data, no maintenance required

When we add new fingerprints to expand our database of packages or add new ways to fingerprint code, the customer instantly gets access to this new data. They aren’t forced to update a local fingerprint repository or add hardware to accommodate the expansion.

We’ve seen how big data, big processing public search sites from Yahoo and Google can benefit from SaaS and cloud approaches. Our application, which scans for open source code, is a real-life proof point of how more specialized applications can benefit as well and deliver significant benefits to customers.

Open source software is so widespread that it has made its way into a wide variety of products – from cars to DVRs to security systems. In addition, companies often provide free software to customers or partners that includes open source. Even the latest mobile apps often contain open source components.

Distributing products containing open source software creates a set of important legal obligations, yet many enterprises aren't even aware of the issue.

On May 19 we're hosting a free webinar in which we'll discuss how scanning for open source software and licenses is critical in order to understand your open source usage and the corresponding license obligations, and how this information can help you avoid legal action and protect intellectual property. We'll also demonstrate how our OSS Deep Discovery source code scanning tool identifies open source software, licenses, and obligations, enabling you to accurately audit open source usage and quickly reconcile scan results. You'll also learn about:

• Binary vs. source code scanning
• Identifying and minimizing false positives
• Aggregating and analyzing scan results
• Creating a bill of materials and bill of licenses
• Understanding open source license obligations and conflicts
• Ensuring ongoing license compliance

If you're interested in learning more about scanning and open source license compliance, be sure to join us on Wednesday, May 19 at 11:00 Pacific / 2:00 Eastern / 7:00 GMT. Reserve your spot today!

Did you know OpenLogic now offers web-based open enrollment training on open source software? These instructor-led courses are ideal for folks who want to learn about popular open source technologies but don't have a large enough group for an on-site training seminar. Each online training course includes a free e-book of the training materials.

Intro and advanced courses on JBoss and Tomcat are currently scheduled for June. Please visit the OpenLogic website for detailed course descriptions, pricing, and registration. Courses on additional topics will be scheduled soon, so be sure to check the training schedule frequently.

Intro to Tomcat Administration – June 8-9 – 10:00-1:00 MDT (noon-3:00 EDT) both days
Advanced Tomcat Administration – June 10-11 – 10:00-1:00 MDT (noon-3:00 EDT) both days
Intro to JBoss Administration – June 15-16 – 10:00-1:00 MDT (noon-3:00 EDT) both days
Advanced JBoss Administration – June 17-18 – 10:00-1:00 MDT (noon-3:00 EDT) both days

Interested in open enrollment training on a particular open source package or topic? Send us an email with your suggestions, and we'll let you know as soon as we schedule a course that matches your requirements!

At this year's OSBC conference, Michael Skok of North Bridge Venture Partners will present the results of the annual Future of Open Source Survey. OpenLogic is proud to be a survey Collaborator, which basically means that we're helping get the word out and encourage participation. This survey offers a great opportunity for you to share your thoughts on the state of open source software and open source business models, the factors driving adoption of open source, and how the market will evolve over the coming years. So if you haven't already done so, take a few minutes to participate in the survey and share your perspective. And if you'd like to check out the results from last year's survey, go here.

Community Linux has become increasingly popular within the enterprise as companies strive to cut costs without compromising on functionality and reliability. Our next webinar, Choosing the Right Community Linux for Your Enterprise, will compare of the leading community Linux distributions, including CentOS, Ubuntu, Fedora, and openSUSE. Brad Reeves, Senior Content Engineer at OpenLogic, will discuss which distributions are best suited to different uses within the enterprise as well as how to approach migrations from commercial Linux distributions like Red Hat Enterprise Linux.

Other topics to be covered include:

• Community Linux in your datacenter – top server distributions
• Community Linux in your enterprise – top desktop distributions
• Best practices for enterprise involvement in Linux communities
• Options for community Linux support and maintenance help

If you're interested in evaluating community Linux distributions for use in your organization, or if you want to know which options are best suited to particular types of enterprise deployment, be sure to join us on Thursday, January 28 at 11:00 Pacific / 2:00 Eastern / 7:00 GMT. Reserve your spot today!

Earlier this week, the latest round of BusyBox GPL lawsuits were announced by the SFLC. The current offenders are Best Buy, JVC, Samsung, Westinghouse and 10 others. It seems that every few months, there are a new round of violations or lawsuits announced, so it behooves every company that distributes software or products containing software to ensure they aren't ever on the list. We announced our Open Source Fulfillment Center service earlier this week that helps companies ensure they comply with the GPL.

Jason Perlow of ZDnet gave a pretty good explanation of the challenges in complying with the GPL. Dana Blankenhorn, his colleague, talks about why those explanations are not an excuse. I want to focus on some concrete steps companies can take to avoid being the next defendants.

Assume that you may be using GPL code.

Realize that if you have software in your product, there is a high probability that you have open source software in it. There is also a HIGH probability you have GPL or LGPL code in your software, even if you think you don't.

At OpenLogic, we offer an Application Audit service for customers where our experts scan your source code to identify any open source and help you comply with the licenses. When we do an Application Auidt, we always find open source, we always find more open source than the company thinks they have, and we almost always find GPL code that the company is unaware of.

Scan all of your code – including code from outsourcers.

Even when companies have good source code control practices, it's almost impossible to get a 100% accurate list of the open source and licenses used. The main challenge is that open source often has other open source components that are bundled inside it, and that use different licenses than the primary license specified by the project. The only way to find a complete list of open source and the relevant licenses is to scan your code.

It's also critical to scan all code from outsourcers. At OpenLogic, we find that many cases of "hidden GPL" come from this source.

OpenLogic provides both services and products for scanning code to identify open source.

Understand how to fulfill the source code requirements of the GPL/LGPL.

Once you determine that you have GPL or LGPL code in your software, make sure you understand and follow all of the appropriate requirements. Some of those requirements may not be readily apparent, but they can include:

• Including source code with your product OR including an offer to get source code with your product
• Providing the exact "corresponding source" that goes with the binaries for each product and model
• Providing instructions on how to create binaries from the source – including scripts, information on the tools needed, and details on how to replace the standard code in your product with the modified code
• Providing the source code in electronic AND physical media
• Maintaining the source code for a period of time after the latest distribution of your product

OpenLogic provides an Open Source Fulfillment Center service that helps you comply with the GPL.

I also recommend A Practical Guide to GPL Compliance from the SFLC as a great primer for do-it-yourselfers.