Recently I've stumbled upon a piece of FUD by SolarWinds that specifically mentions VyOS.
VyOS, it says, "mimics well-known vendors and can be deployed in a lab environment [...] if you’re trying to get a feel for a vendor before making a substantial financial commitment". Which vendors VyOS mimics and why companies like Shopify, or RedHat can't tell the difference is a curious question, but we'll focus on the other part. The implication is that you should go for the unmentioned well-known, presumably proprietary vendors.
That article is nothing new or unusual—it reiterates what proprietary vendors have been saying since the 90's. One noticeable feature is a distinctive manipulative language.
Take "occasionally you’ll see an enterprise using open-source or something designed for a small to medium-sized business" for example. This sentence tries to present open source as something by definition unsuitable for a large company, in the category of things "designed for a small to medium-sized business".
Or look at "Few open-source or freeware solutions offer a support package beyond perhaps a help forum." Everyone even distantly familiar with open source software ecosystems knows that support and consulting is one of the most popular business models there.
Let's see why you may want to consider an open source solution vendor, and why it's fine if the vendor is small.
You can use the same product in the lab, staging, and production
Even the SolarWinds article admits that big vendors can be slow to ship their products to you. Big or small, slow or fast, if you go for a proprietary product that uses and enforces per-unit or even per-feature licensing, it means you'll have a trouble replicating your production setup in the lab and staging environments.
If there's proprietary hardware, it usually means your lab will likely use outdated units decommissioned from a production environment, unless you have a huge budget. With software products, you'll have to buy more licenses or keep installing and resetting trial versions—if there are trial versions.
If you use an open source product, there are no limits. You can setup a lab or staging environment of any size without additional costs and delays. That's why VMware has been using VyOS in their NSX labs and a number of colleges used it in their networking courses, and our community leveraging this too
Open source vendors have an incentive to provide great support
The main business of proprietary solution vendors is usually selling software licenses or hardware boxes. Basic support included with the license is nothing but a liability.
The hard truth is that support doesn't scale well, and support with quick response time doesn't scale at all. Thus, you may get great support from a proprietary vendor—if you pay them enough. If you don't, good luck with that.
For open source vendors, support is usually a core part of their business. Even "pay for binaries" or open core projects usually use it as a competitive advantage.
And with small vendors specifically, you may be able to get support from developers themselves with no intermediate layers. A small vendor may not be able to provide you with round the clock support, but it can provide service levels that big vendors cannot do (for affordable price).
Then again, round the clock support can mean many things. There are many ways to nominally meet an SLA without actually being helpful.
Any qualified programmer can fix a bug in an open source program
You can hear the rhetorical "If it's broke, who's gonna fix it?" question a lot. I'd like people to think about a different question: who can fix it?
With proprietary software, no one but the vendor can do anything. Thus, if you or your problem isn't important enough for them, and they choose to ignore it, there's nothing you or anyone else can do about it.
When the source code is available, the number of people who can make a fix is much larger. Whether they are actually going to do it is another question, but the more people there are, the better your chance to find someone who will. You also can pay someone to do it for you.
Software can can live forever even withouts original authors
Another scare tactic of proprietary software vendors it to say that open source software can become unmaintained or make incompatible changes at any time.
Of course it can—just like proprietary software. Proprietary solution vendors discontinue their products and remove features all the time. Worst of all, you can't do anything about it. No one can.
Free and open source software, however, isn't tied to a vendor. There are many projects that were forked and the fork replaced the original—whether because the original project was no longer maintained or because enough people disagreed with its direction.
Open source software has an incentive to remain standards-compliant
The SolarWinds article says that "your network monitoring software might not understand those tiny unknown vendors because they often do their own thing without following protocols."
We all know why proprietary software vendors invent non-standard protocols and extensions—to lock their customers in and prevent them from switching vendors.
Open source vendors have no such incentive because if they try, people leaving en masse and creating a fork becomes a very likely prospect. Small vendors have an incentive to play nice with other implementations so that they can be added to an existing network and ecosystems. If a vendor happens to have both small and open source, the incentive to stay standards-compliant and compatible is twice as strong.
There is, of course, a problem with third-party tools taking a proprietary implementation as a de facto standard. But, if your monitoring or management tools ignore real standards, whose problem is it?
In VyOS, we have a wide selection of VPN protocols for example. That's not just because we believe choice is a good thing—that's also because we and our users need to connect to a variety of networks and provide road warrior VPN to people on different platforms.
Conclusion
Whenever you see a proprietary vendor's FUD tale, think about economic incentives. Does it make economic or social sense to do for those they accuse? Most of the time it doesn't.
Comments