Migrating to open source? Here are some practical ways to navigate through building your application stack

Designing a reliable environment for new applications is an interesting exercise. Enterprise applications are no longer monolithic and one can find plenty of open source components to choose from, some well-established others mostly hype. Statistics work against us as most software projects fail or fall short of meeting expectations. Identifying a solid programming language gets you started. Redmonk’s programming languages ranking chart, highlights the more popular choices by assessing GitHub and Stack Overflow developer’s activity. Anything in the top right corner is well established and would usually be a safe choice though some suit much better certain application types. Next you need to pick a framework and combine the layers of app servers, databases, middleware, services and other commerce around the application. Rogue Wave OSS composition analysis of primarily enterprise applications finds OSS components in 98% of applications scanned and on average each application used over 60 different OSS components. Choice is not always a blessing; the abundance of OSS packages and no vendor lock limitations allows architects to choose from almost endless combinations. This information overload, practically too much data and options, complicate the decision-making process. A solid consistent environment must adhere to several key principles across all elements of the stack. 

1.      Quality - The business relies on highly available and stable applications. IDC estimated the average cost of downtime for Fortune 1000 apps at up to $1.0 million per hour.

2.      Performance - Poor performance drives users away and lowers productivity. One second delay in web page response time can result in a 7% reduction in transaction conversion.

3.      Adaptability - Applications must be flexible to support fast innovation."Disrupt, or be disrupted" stated a Fortune magazine headline.

4.      Consistency - An application must deliver on its commitments in a highly consistent and expectable manner.

5.      Security - Compromising enterprise and customer data is costly in reputation and in real money. The average cost of a data breach according a Ponemon Institute report is $3.79 million. 

6.      Scalability - Lack of scalability sets the barrier to the expansion of the business.

And this is where things get tricky. Enterprise readiness must be reached with reasonable cost and time to market. Most stacks can support enterprise grade applications with enough investment and resources. But in our business reality, budgets are tight and when companies are not fast enough to keep up with the market, they will find themselves irrelevant. If you, your team or trusted advisors already have successful experiences with proven stacks of OSS packages for a similar type application, then these would obviously be top contenders. But if you are new to this game or need new components and technologies, consider the following more practical maturity indicators for ranking your options.

1.      Maintenance & support - Maintenance accountability and ongoing support by a vibrant OSS community, commercial entity or both is essential. Consistent commits, release frequency and number of contributors are good indicators to extract from the source repository.

2.      Vulnerability disclosures and response – Widely used components will encounter common vulnerability disclosures (cve.mitre.org). This is true for commercial and OSS components and is not a negative indication. CVE’s actually show that a component is being tested for vulnerabilities. The duration between critical CVE publication and corresponding fix release attests to its maintenance level and mission critical application use.  

3.      Framework support - Enterprise applications are complex. Application "plumbing” functionality is better served by tested reusable code libraries, open source or commercial. Modern applications rely on frameworks, developers focus on building business logic.  An InfoWorld article even claimed that frameworks are the new programming languages.

4.      Developer tooling - Enterprise platforms attract the attention of tool vendors and OSS tools communities. Lack of support in IDE's, testing tools, debuggers, APM, and primarily DevOps automation solutions is a warning signal that adoption in the enterprise space is still scarce.

5.      User Community - Engagement and collaboration evolve into regional user groups, dedicated conferences, social media outlets and other forms of communication. Activity level on sites such as Stack overflow is a good indication of a component’s popularity. Absence of such collaboration and education channels often reflect poor, too early or niche adoption. 

6.      Job postings - Sufficient talent with relevant expertise is a good indication of actual technology adoption. Job postings also provide industry specific insights.

7.      Technologies survey – usage statistics from tech survey’s such as w3techs.com and similar provide high level adoption indication however data sources are often limited to accessible apps.

8.      Ecosystem - Adaptability translates to wide ecosystem support across operating systems, databases, clouds, web servers and other components. Enterprise ready platforms are usually compatible with leading closed and open source operating systems, cloud platforms, middleware and databases.

9.      Used by other OSS projects - critical mass adoption across diverse projects ensures the long-term viability of a platform. Dependency in other popular OSS applications is a good validation of component’s maturity and industry backing.