Best Practices For Deploying Open Source Software In The Enterprise
If you, as a company, have explored your different options for tools and are ready to start embracing the open-source journey, then it's time to start working on a plan as to how you can begin deploying that software into your organization.
Open-source software can be a great money saver and can often provide the company with many great features that provide solutions that they would otherwise have to develop themselves from scratch. But making that change and implementing open-source software into a big company can be quite complicated and so hopefully the below tips will help to make this easier for you and your teams.
Understand the licensing models available
It’s important to start off by making sure you understand the legal requirements of your chosen open-source software. While open-source software may be freely available, there are often requirements listed in the terms and conditions that may no longer make it free for your organization or provide you with some challenges that you need to work around.
These requirements can come in the form of the size and profit of the company where companies that exceed certain rules may be subject to a portion of revenue or an upfront fee based on the licensing model. There may also be intellectual property rules that need to be clearly understood eth a go-ahead by legal before moving ahead.
Ensure all these matters are clearly understood before moving ahead with your deployment plans.
Operate the software in a trial environment
No software implementation operates as smoothly as promised and even more so in a big enterprise that has multitudes of other applications and tools that need to be integrated with. So, it's important that during the analysis phase of choosing the software, the architecture team gets the software running on a trial project where they can try and integrate it into that team's process and software tools. While it might not be a full-scale implementation, it should help the team to document certain procedures and work on an installation and deployment plan for the software and better assess the feasibility of the tool for the company.
Make provision for Implementation costs
Open source software may often be free to use, but any software change requires not only time to install and configure, but also time to integrate into existing processes, and tools and train the team on how the software works. The latter in particular is one of the most overlooked aspects of software change as even if the software can be quickly configured, having teams adapt to a new tool not only takes time but may hit productivity for a short period of time as they come to grips with the new software. This time needs to be provisioned for and documented so that the company and teams are aware of it.
Create governance structures around your open-source code
We’ve already spoken about the legalities of working with open-source code and this requires companies to have governance structures around what code is proprietary and what belongs to the open-source licensing agreement. Another aspect of this to consider though is any changes made to the open-source code to make it integrate better with the existing company tools and servers.
These software changes may be necessary, but won’t be supported during any further updates of the open-source software and so when you want to consider upgrading as a result of any new features, performance enhancements, or bug fixes, there is a further risk that the upgrade might break any custom code and require additional maintenance time to fix and restore. How these scenarios are handled should be clear when rolling out the software to the company and its engineers who may be eager to modify the code to suit their needs.
Implement security scanning
One of the biggest risks when it comes to using open-source software is security. With many different people contributing to an open-source project, its possible for security standards to slip and so as an organization, you need to ensure that you have the right security scans in place to ensure that all code, both open-source, and proprietary, meet the required security standards and are passed by these security scanning tools, to ensure that the basic security measures are all in place. Note though that this doesn't remove the need for proper security and penetration testing done by specialists, but does allow you to pick up immediate flaws in the open-source software and save the development teams a lot of time in closing these issues out early in implementation.
Load and performance
Along with security, having a wider code base beyond your control can also affect aspects of the load and security of your overall application solution. With open-source solutions designed for a wide variety of different use cases and integrations to support, it may often not be optimized for your exact use case and require some work to drive this.
So, it's important that you include regular load and performance checks into your development cycle every time a change is made to the open-source code, to ensure there is no impact in these areas on our solution.
Automate testing pipelines
While companies may be able to get by with certain manual testing cycles or pipeline processes when developing their own code, this is not recommended when working with open-source tooling. With open-source tooling generally getting updated more regularly and at different times for each tool, you want to ensure that you can still have software running at the most optimal versions without affecting the quality of your final product.
This means that there is little time to repeat manual efforts with the increased update cycles and so it's critical to ensure that your testing and pipelines are automated to provide you with the right quality assurance throughout your software solution.
As mentioned above, open-source software follows somewhat different development cycles and can see regular release cycles. And while it's true that you don't need to jump at every new version as you want to be wary of the quality and allow for time for bug fixes, there are often security or compatibility updates included in recent versions which you wouldn’t want to miss out on, so you will want to try and keep your versions as current as possible.
Additionally, if you wait too long between software upgrades, they tend to be more problematic as more functionality is changing and so it is recommended to do the smaller updates more regularly. Build this into your regular development cycles and allow for a time at least once or month (outside of urgent security updates) when all open source tools can be updated to their latest versions and the development teams can invest time in fixing or updating any issues that may occur from these updates.
As a company, it is also important to understand how involved in the open source community of your chosen open source projects you want to be. While community involvement is not a requirement or expectation for the usage of tools, getting involved in some capacity does allow you to ensure updates, new features and quality meet the needs of your organization. Even if not exclusively as the projects will need to cater to many different players and companies, getting involved still provides a level of influence in this department. It can also be good advertising for a company as they can advertise their support and contribution to these projects should they provide a big enough influence on the direction of the code base.
However, understandably not all companies have the time or expertise to get involved in projects and so if there is a preference in wanting to get involved in open source community projects, companies may need to be selective on which ones they get involved in.
Have clear processes for deployment
Working with open-source code introduces an element of risk in terms of quality and deployment and so it's important that companies prepare for this by having clear deployment guidelines for their code. What you want to avoid is deploying open-source project updates at the same time as other project-specific code, as when failures occur it may be more difficult to assess where the problem lies. Instead, you want to have your monitoring checks in place so that if anything fails in deployment, updates can be conveniently rolled back.
Working with open-source solutions is an exciting journey that opens up companies to a wider range of tools and functionality at a fraction of the cost if they can get it right. However, making the transition is not a simple one and companies need to put in the work to ensure they are ready to add open-source solutions into their deployment.