In addition to this insert, you can learn more at the Linux Solutions Government Conference and Pavilion at FOSE. During the month of May, Linux Solutions will focus on retail. Then, following in June, Linux Solutions looks at how Linux is being used in the telecommunications industry.
We hope you enjoy the Linux Solutions program, and we hope you find it useful. Linux is open for your business.
More and more, the penguin is waddling into government offices around the world and making folks smile. In countries all around the world, agencies at every level of government are putting Linux on their servers and in their data centers. Moreover, agencies are using the open source software development model to build applications and share them with other agencies that perform the same task. (For an example, see the interview “Leading the Charge” on page XX.)
But it wasn’t all that long ago that governments were bastions of mainframes and legacy applications built to run on an alphabet soup of proprietary operating systems (and custom hardware). Indeed, when Linux first appeared in the 1990s, governments earned a reputation for resisting any move to open source software. Not only did the idea of downloading an operating system for free strike bureaucrats as a questionable, unsupportable business model, but managers feared that the collaborative nature of Linux would leave agencies vulnerable to hackers and theft.
What a difference a few years make. Today, as leading suppliers of Linux have adopted enterprise-style licensing agreements and as some of the largest public-sector IT buyers have clarified their policies on open source, governments have harnessed Linux for departmental and web servers.
For example, in Europe, Norway’s second-largest city, Bergen, consolidated hundreds of proprietary servers onto a single, large Linux-based platform. In South America, the state of Sao Paulo, Brazil signed a pact with IBM to train 980 public employees in open source software. And in the United States, a small Georgia town dumped Microsoft Exchange for a Linux-based application after a worm left their email system in disarray.
“I think 2005 will be the tipping point for Linux in government,” said Larry Rosenshein, Novell’s principal strategist for state and local government.
“More than ever before, governments need to collaborate with each other,” said Brad Westpfahl, IBM’s director of global government industry programs. Agencies need to share data both “laterally” — city to city — and “vertically” — city with state and state with federal. A post-September 11 world, with its no-fly lists and terror alerts, partly drives the urgency to integrate, but it’s not the only motivation. “Governments have awakened to the fact that doing government better and doing government less expensively involves building tighter connections,” Westpfahl said.
Increasingly, governments are rethinking their organizational processes and recognizing the value of innovation. Just as private-sector companies have spent enormous effort rethinking their value chains, the public sector is rooting out antiquated, labor-intensive tasks. While some individual organizations in both private and public sectors remain resistant to change, Westpfahl said, “On balance, government is much more innovative than I think citizens give it credit for.” The growing adoption of Linux and open standards illustrates how government is leading, not following, other institutions.
Governments increasingly see Linux and other open source applications as key building blocks of the new, lower-cost, highly integrated world. Since interaction between any two entities requires a common set of agreed-upon standards, open source projects are an obvious choice: most are based on existing or de facto standards for data exchange. Many routine government functions lend themselves easily to online applications, and open source applications as the Apache web server prove to be handy building blocks for these “e-government” projects.
Wanted: Open Source
Westpfahl said that he spends a lot of time educating his colleagues on the many so-called industries contained within the halls of government. As a whole, the public sector runs many industries found in the private sector: banking, insurance, utilities, transportation of both people and cargo, payroll, and customer service. On top of those basic tasks, governments also do many things beyond the scope of private industry, ranging from prosecuting criminals to guarding nuclear weapons.
“While a commercial industry may find that the commercial software market is serving a large portion of their needs, government is more likely to have to develop, or have someone integrate, solutions to fill all those nooks and crannies because there’s so many of them,” Westpfahl said.
One major difference between the public and private sectors is that governments generally don’t see themselves as direct competitors who must guard their commercial secrets from each other. In fact, collaboration and data sharing are great benefits to jurisdictions. For instance, if a tax cheat owes big bucks to the Internal Revenue Service, chances are he or she is a tax delinquent at the state and local levels, too. And agencies share many common processes with each other and with counterparts around the world. “What a city does in the U.S. is extremely similar to what a city does in Finland or in Japan,” Westpfahl said.
As a result, agencies tend to be able and willing to share their specialized applications with other jurisdictions. If one county develops an efficient dog-license application, why should another county reinvent the wheel? Open source licensing, in which a user’s code enhancement can be quickly and freely shared with other users, makes it easier for jurisdictions to exchange applications with each other or to collaborate on the development of new software.
The European Union (EU) encourages all levels of government within its member nations to develop open source tools on Linux and share code. The European Commission, the executive body of the EU, sponsors a project called IDABC, which stands for Interoperable Delivery of European eGovernment Services to public Administrations, Business and Citizens. Aiming to foster the development of pan-European online governmental services, IDABC helps spread innovations around the public sector through its open source software inventory.
Meanwhile, in the U.S. the chief information officer of the State of Massachusetts, Peter J. Quinn, has spearheaded a fledgling effort called the Governmental Open Code Collaborative to foster code sharing at state and local levels. Its closed repository still holds only a few applications, but advocates expect it to grow over time, especially after showing it off at the LinuxWorld conference this spring.
One large state-government customer of Novell’s, the State of Ohio, recently imported a large child support application from Washington state, Rosenshein said. Novell has held roundtable discussions with state IT officials to share issues and solutions.
Selling the Government
Nowadays, agencies tend not to specify operating systems in bid documents, but instead give vendors some flexibility to meet those requirements, said Shawn P. McCarthy, a senior analyst and program manager for government IT opportunities at IDC of Framingham, Mass. Some naysayers counter that procurement requirements are often written to specifically eliminate a certain type of system from the competition or are written so broadly that nothing can be achieved. Perhaps, but Linux is competing on an increasingly level playing field. Many governments are requiring some sort of open source component in new IT projects, said Jeffrey Wade, Hewlett-Packard’s worldwide Linux marketing manager. That requirement opens the door for open source applications such as MySQL and JBoss, as well as for Linux.
Vendors who want to sell Linux to government agencies need to be aware of public-sector policies, which vary among jurisdictions. For example, Massachusetts mandates that any code developed for its state government can be shared only with other governmental bodies. U.S. federal agencies must comply with a memorandum that the Office of Management Budget (OMB) issued in July 2004. OMB’s directive to senior federal procurement officials, issued in response to numerous inquiries about open source licensing, said IT procurements must be “technology and vendor neutral,” and urges managers to involve their agency’s legal counsel when considering software licensing agreements. Linux advocates and commercial vendors alike praised the memo for its diplomacy on the subject of software acquisition.
And on the federal level, the Chief Information Officers Council has spent the past two years developing the Federal Enterprise Architecture, a framework that is supposed to make the U.S. government IT infrastructure more efficient. The reference models within the framework establish strict guidelines for data classification, formatting, and the description of business processes that online applications support.
Defense and intelligence agencies, unsurprisingly, have more stringent security requirements for computer platforms than civilian agencies. For Linux fans in the Defense Department, the watershed event for the penguin was a May 2003 memorandum from John P. Stenbit, chief information officer of the entire Defense Department, who said that DOD agencies and the armed forces were free to use open source software as long as the software complies with the same security and validation requirements as those imposed on proprietary software.
The United States, Canada, and some European nations have combined their formerly disparate trustworthiness requirements into a single set of guidelines known as the Common Criteria for IT Security Evaluation. Within the United States, the civilian National Institute for Standards and Technology (NIST) and the military National Security Agency (NSA) jointly administer the National Information Assurance Partnership (NAIP), which manages the evaluation and certification of trusted combinations of hardware and software. In other words, the government wants some assurance and validation that computer products actually do what their makers claim they do.
However, NIAP doesn’t actually test computer platforms; rather, vendors pay third-party laboratories to do the testing prior to the certification. For years, NIAP’s list of validated operating systems included only proprietary operating systems, because only the big companies shelled out the money for the expensive Common Criteria testing. But in the summer of 2003, Linux made its debut on the NIAP list when SuSE Linux Enterprise Server 8 running on certain IBM servers, gained Common Criteria validation.
Since then, Novell has had SuSE Linux Enterprise Server 8 upgraded to a higher level of NIAP assurance, and Red Hat has garnered varying levels of certification for its Enterprise Linux 3, Enterprise Linux WS, and Enterprise Linux AS products. Novell and IBM continue to work on getting the highest level of certification for the combination of their products.
Before the first Common Criteria validations for Linux, many people assumed that because by nature of its open source, that Linux could not gain that kind of certification, Westpfahl said.
Built by Committee?
When it comes to basic reliability, governments want their IT platforms to be as bulletproof as possible, with minimal downtime.
In its early days, Linux had the reputation of being “built by committee,” owned by everyone and no one, and lacking the government-grade technical support typically offered by traditional software companies. “A commercial entity that makes money satisfying the customer will get an engineer to crank out a bug fix in a day or so,” McCarthy said. The perceived lack of support was holding many customers back from adopting Linux.
But Novell’s acquisition of SuSE Linux in January 2004 was a watershed for government and business customers, Rosenshein said. Novell legitimized Linux. And just this February, Red Hat, the chief competitor of Novell’s SuSE Linux, opened a federal division in the Washington suburb of Vienna, Virginia, to focus on its customers in government agencies and the big systems integrators who actually build most IT projects for those agencies.
Besides security, collaboration, and openness, another distinct Linux driver is cost, Rosenshein said. The State of Michigan, which is one of Novell’s ten biggest customers in any category, has seen its IT budget drop about 35 percent over the last three years. No one ever seems to get a bigger technology budget, and at any conference or meeting of governmental IT managers, “doing more with less” is the oft-repeated mantra.
A Linux server can be built and brought online quickly and cheaply, which makes it attractive to IT administrators who need to add capacity to meet a sudden surge in demand. For that reason, Linux is likely to remain a popular commodity item with IT administrators inside government and with the big systems integrators who work with them. About 20 percent of the U.S. state governments are running a Linux application somewhere, Greenblatt estimated.
The California Performance Review, an intensive study on all aspects of California state government issued last summer, urged agencies within the Golden State to consider open source software as a means to cut costs.
The Desktop Dilemma
Desktop workstations are popular with Defense Department employees and with employees who are comfortable with tweaking their machines for optimum performance. McCarthy, the IDC analyst, said he doesn’t foresee office workers and managers migrating in large numbers from the Windows desktop platform.
Linux desktops still require a level of technical sophistication that most people don’t want to invest the time to acquire, McCarthy said. They want to focus on their jobs and their tasks and not worry about twiddling the technology inside the box.
However, Tom Quinn, vice president of East Coast operations for Linux Networx, disputed that notion because desktop user interfaces for Linux now rival those of Microsoft Windows. “Most of the tools have evolved, so that you don’t have to touch a command line if you don’t want to,” he said.
Beyond the desktop, Linux is an obvious choice for technical workers. A decade ago, researchers might have used expensive Unix workstations that were the only desktop machines powerful enough to run complicated technical models. The market for those$ 15,000 proprietary-source boxes has declined rapidly, McCarthy said, because power users now can get a dual-processor Pentium 4 machine running Linux for a fraction of the price of the proprietary workstations.
The trend toward Linux is obviously strongest at the server level, and Westpfahl said he doesn’t expect governments to pass up Linux on the server because they aren’t using Linux on the desktop. HP, Wade said, sees its government customers implementing Linux on the low-end Web, departmental, and application servers- the workhorse machines of the 21st-century office- while large back-end databases still run on high-end Unix systems.
The Number Crunchers
Speaking of high-end systems, the ultra-fast machines government researchers use to predict the weather and test military weapon designs were once the exclusive province of tightly-integrated, proprietary operating systems and highly-specialized and expensive hardware. Nowadays, those same research tasks run on Linux, supplemented by specialized software that distributes the computing workload among hundreds or even thousands of processors and memory chips.
The idea for running Linux on supercomputers originated with the experimental Beowulf project of the mid-1990s, in which NASA researchers clustered some ordinary computers together with Linux and Ethernet and wrote some open source parallel processing code. Since then, commercial vendors have since entered the field, and one vendor, Linux Networx, has delivered one of the largest systems to date, a 2,048-processor supercomputer to the Army Research Laboratory in Aberdeen, Maryland. That supercomputer, named after computing pioneer John von Neumann, starts doing full-fledged technical simulations this spring.
Data warehouses and data centers have been somewhat more conservative in adopting Linux clusters than the research community, said Tom Quinn, vice president of East Coast operations for Linux Networx. But the Utah-based company is starting to see data center customers take an interest in smaller Linux clusters and Linux storage systems.
The Bean Counters
Some doomsayers have argued that support and training costs eat up any savings otherwise realized from open source software. McCarthy and other analysts, however, discount such concerns, saying that most Unix training easily carries over to the Linux world.
Vendors are generally willing to help governments with the training if they ask for it. Under the agreement between IBM and the state of Sao Paulo, Brazil, IBM will train 980 state workers in Linux and related IT security, application development, document management, and portal technology. Many of the HP customers asking about Linux systems are coming from a Unix background, thanks to the similarity between the two operating systems, Wade said. Unix users need hardly any retraining to embrace Linux, whereas the Windows-to-Linux transition carries much more training overhead.
Rosenshein encouraged agencies to take a longer-term view of training issues. Many state and municipal CIOs are concerned that they will lose 30 to 40 percent of their staffs to retirement in the next five years. Similar concerns are cropping up in the federal government. Over the long term, the consistency of Linux may make it easier to train people on Linux than on frequently-updated proprietary platforms.
In some cases, aging systems help IT officials make a decision about platforms. A fair number of agencies are still running PCs with slower processors and an older version of Windows. What happens when the operating system is no longer supported or the old hardware dies? Should they wait until Longhorn (the code name for the next version of Windows) arrives, only to find out that their hardware doesn’t support it? Rosenshein said he knows of a county in Colorado that switched its desktop computers to Linux so that it didn’t have to buy all new hardware for its workers.
Patience is a Virtue
The main obstacle to broader adoption of Linux is simply time, Westpfahl said. Other operating environments for well-established systems that are serving the public well won’t vanish immediately, but when they wear out, Linux will replace many of them. “We don’t see Linux as the solution for all the world’s IT challenges,” Westpfahl said. “We just see it as a good fit in a lot of environments.”
Wade, of HP, echoed that sentiment. Setting up customers to run multiple operating systems, and making sure those systems talk to each other, is all part of his company’s “adaptive enterprise” strategy.
Under CIO Peter Quinn, Massachusetts state government has made a big push toward Linux on mainframes and mid-range boxes, but state officials, conscious of their obligation to maintain public records in perpetuity, started getting concerned about the long-term viability of documents. If the state develops a document in Microsoft Word, should everybody have to have that application in order to open that state document? What if someone in the future wanted to open that document using an open source reader or some technology as yet undreamed of?
In a Center for Digital Government online conference in January 2005, Peter Quinn announced that Massachusetts has reached an agreement with Microsoft to make public documents created on the Office 2003 suite accessible to anyone, even with an open source or GPL-licensed reader. In return, Massachusetts is loosening its requirement to make all documents available in an open format such as HTML. In other words, the XML-based documents created by Office 2003 applications will also be considered “open format.” Quinn said that the agreement over access to Office 2003’s patented XML extensions would preserve Microsoft’s intellectual property rights while ensuring perpetual access.
“Today, most people seem to embed most of their text inside their e-mails,” Peter Quinn said. While some state workers will always need the tools to create complex documents and slide presentations, the use of document readers will grow. That need for versatile readers, along with the migration to Web services and service-oriented architectures, means that the state government employees of the future will be able to rely on a slimmer desktop machine — potentially running Linux — with a robust browser.
Linux and open source have “unleashed the innovative juices of many of the employees that work in the commonwealth” of Massachusetts, Peter Quinn said. “They’ve been very excited about the prospect of working in this kind of collaborative environment.”
According to Wade, HP has demonstrated how open source technology collaborations can benefit both public and private sectors. Last year HP worked with the Energy Department, Lawrence Livermore National Laboratory, Sandia National Laboratories, and Cluster File Systems of Medford, Massachusetts, to develop a new open source file system for high-performance Linux clusters. Cluster File Systems makes the software, called Lustre, available under the GNU General Public License, but HP has incorporated the technology into its HP StorageWorks Scalable File Share product.
The Center for Digital Government’s online conference with Greenblatt and Peter Quinn asked its 250 or so participants, mostly state and local government officials, what they saw as the greatest barrier to open source within their jurisdictions. Roughly one third cited cultural resistance, whereas the rest were divided among the challenges of political resistance, lack of policy and legal guidance, and lack of faith in the software.
To get their software accepted in government circles, according to IDC’s McCarthy, open source developers should work with the big IT systems integrators, who have vast experience in helping the government deploy IT. “Get these guys to pay attention to your software, and the government will pay attention to your software,” McCarthy said.
Patricia Daukantas is a freelance technology journalist who specializes in servers, high-performance computing, and computational science. E-mail her at