Who What Where and Why of Commercial Open Source [Session Recap]
Why do companies use commercial OSS instead of hosting it themselves? Lætitia Avrot, Field CTO at EDB and David Tuite Founder of Roadie talk about SLAs, security, maintenance, proprietary features, conferences and contributing to the open source ecosystem.
Open source is incredibly positive. Without projects like Debian, Nginx, Kubernetes, PostgreSQL, Backstage, Tensorflow, React, Jenkins, Sigstore, Kafka... innovation would be painfully slow.
Bringing these technologies into your tech stack is free, but free like a puppy- they need loving care.
Open source in a company's tech stack requires engineering expertise, maintenance and infrastructure. Many companies bridge that gap by facilitating open-source innovation so teams can focus on what they do best. Often these tools are offered through Software as a Service and will offer support and an SLA.
We spoke to Lætitia Avrot, Field CTO at EDB and David Tuite Founder of Roadie to find out more.
EDB provides enterprise software and services based on the open-source database PostgreSQL, and is one of the largest contributors to PostgreSQL. Lætitia was and continues to be, a well-known contributor to PostgreSQL and supporter of women in PostgreSQL before starting to work for EDB. A big selling point for EDB is that it is built upon an open source database which prevents lock-in that commercial databases can suffer from. Lætitia tells us that EDB offers whatever you might need to run PostgreSQL. Lætitia calls EDB the "haute couture for databases".
Roadie is a start-up that provides SaaS for Backstage, which is a service catalog open-sourced by Spotify, that automatically tracks your microservices. David told us how Spotify open sourced backstage the day after he had left his job to set up a proprietary service catalog. Possible disaster was averted after talking to Spotify and realizing there was an opportunity for a commercial company operating in that space.
Having commercial companies working with open source- contributing, engaging with the maintainers, providing services and dealing with users as customers, can lead to a flourishing open source ecosystem.
Why do companies choose to use EDB or Roadie over their open source alternatives?
Support, Service Level Agreements (SLAs), maintenance, proprietary features and expert knowledge are the major reasons to choose a proprietary open source product.
Support, Availability and SLAs
An SLA is a contract between a service provider and a customer that defines the service standards the provider is obligated to meet. SLAs can include guarantees about availability, support, 24/7 on-call engineers, fixes and updates.
For many companies, the main reason organizations choose open source commercial products is for the guarantees that an SLA brings to protect against outages and provide support. Both Roadie and EDB provide SLAs.
Lætitia tells us that the PostgreSQL community is pretty proactive, but there is no guarantee when a fix will be included. If a fix is urgent for a customer EDB can push to a fork while it goes through the process to commit to PostgreSQL.
Maintenance, Security and Updates
Another reason for choosing a proprietary open source product is that they manage upgrades for you, whether they're security patches, minor, or major releases and if it's provided via SaaS then you know you are on the right version whenever you use the product.
David told us that self-hosted Backstage teams could take up to 30% of their time upgrading their instance. Roadie upgrades every month and is more likely to be up to date compared to a self-hosted alternative. The benefit of constant updates and a focus on security can be seen in a recent Backstage vulnerability found by security researchers that did not affect Roadie users.
Lætitia lets us know that PostgreSQL releases at least 1 major version per year and 1 minor version per quarter. On top of that, PostgreSQL only maintains 5 major versions. If you are using an out-of-date version and a security failure is found, PostgreSQL won’t provide you with a patch.
Handing over the maintenance of software is something companies are willing to pay for.
Consultancy, expertise and production adoption
Lætitia tells us that SLAs are when you have a problem but consultancy prevents problems from happening. EDB consultancy services include audits and tuning.
Roadie's customers are early on the journey for Backstage compared to PostgreSQL. Not many teams have experience with Backstage and typescript while Roadie are experts, they have rolled out Backstage at multiple companies and have built up internal tools to help with the process. A big benefit of choosing Roadie as opposed to self-hosting Backstage is the speed at getting to production and getting developers to adopt the technology. David says that you can get going in a few hours with Roadie.
Roadie has built proprietary features on top of Backstage to help solve business problems inside Backstage. Roadie provides drag-and-drop plugins, secure integrations, metrics and production analytics out of the box.
Lætitia says PostgreSQL project does only PostgreSQL and EDB has built up a set of features specifically helping organizations move off Oracle. For this to happen, EDB has built up a fork outside of PostgreSQL which facilitates migrations from Oracle, provides some Oracle SQL flavor compliance and some Oracle functions into Postgres.
Other proprietary features are ones associated with enterprise products like services to ensure high availability and backups.
Relationships with the maintainers are key
Maintaining relationships with the open source community is really important for both EDB and Roadie. You don't just open a PR when you want to make changes. You talk, and you build relationships. This is done over messaging apps, conferences and having a beer.
The relationship isn't all one way- Both EDB and Roadie are big contributors to open source. On top of that Roadie and EDB produce a lot of material to help users adopt Backstage and PostgreSQL which benefit both parties.
Lætitia informs us that PostgreSQL has a certain way of committing new code that you might call old-fashioned. There is no official GitHub of PostgreSQL, so you have to create a patch, send it to the mailing list and wait for it to be reviewed. PostgreSQL prioritizes stability which makes sense for such critical infrastructure. Before any code is written, Lætitia recommends communicating with the reviewers- write an email explaining your idea. Another way the PostgreSQL community meets to discuss new ideas is at the PGCon Conference where there are a number of sessions where anyone can talk.
David explains that the process for contributing to Backstage is simpler than PostgreSQL and more familiar to most developers. Backstage have a Github project where you can open a PR. Relationships are still just as important. Roadie communicates day to day on Discord with thousands of members and had their first Backstage conference in October this year.
Having a commercial presence in your open source community and great communication powered by real relationships will allow the open source ecosystem to bloom.
The future of Open Source
David commented that Commercial Open Source could put "fuel to the fire and speed things up but it shouldn’t be necessary". David believes that no matter what, open source communities will continue to be in a healthy place in the next few years.
Lætitia ended the talk on a really positive note, noting that open source from PostgreSQL is different from a commercial company that has to make money. PostgreSQL is simply done with people happy to write good code and give it back to humanity without any purpose behind it. "I don’t see any challenge as we are just doing code for the beauty of it."