[discussion] openSource network-software vs. commercial network-software



  • I just finished a lenghty argue with my professor about the preferences of companies to use commercialy accepted network software like watchguard over "free" network software like pfSense.

    His main arguments where:

    • A company does not want to use software that requires a "crack" to be managed.
    • A company wants to use software with a contract in the back. In case of a failure they have someone to blame.
    • With widely accepted software it's easier to replace someone to manage it. (May it be that the person goes, is being gone, or death)

    I dont know what to say….
    Can it be that he didnt believe that there can be network software that is easy to manage?

    Any ideas? Similar experiences? Other stubborn people?



  • Errare humanum est  ;)



  • sounds like a dinosaur to me and we all know what happened to them in the end  ;)



  • Finis coronat opus  ;)



  • Lorem ipsum… ahm...sorry... but his attitude is as ancient as this language. Unfortunately a lot of proffessors don't really get the thought about open source though you should expect it just to be the opposite.



  • I've certainly come across the second point often - a support contract is something a lot of people put a lot of stock in.  I have had success challenging that, but it's not easy.



  • The US public school system and television have created mindless sheep. In other mindless, not too bright, obedient workers. Sheep follow the crowd and the path of least resistance. Sheep wait for learning to be handed to them on a platter or force fed to them by someone in authority. They don't have a desire to learn. Its not entirely the sheep's fault they don't even realize that they are intellectually sleeping.

    • A company does not want to use software that requires a "crack" to be managed.
      Even if you have to get under the hood of pfSense it really isn't a crack since the underlying software is stable released software, and in most cases only the config needs to be changed.

    • A company wants to use software with a contract in the back. In case of a failure they have someone to blame.
      You can get a support contract for pfSense so this point is invalid. Even though watchguard had a support contract with my previous company 4 years ago I still saw it meltdown under a continuous 20mb load. No support person could solve the stability issues no matter how high we were escalated. We received hardware upgrades and yet problems persisted until we dropped that vendor. Keep in mind this was 4 years ago it might be better now. My point is just because there is a support contract it doesn't guarantee a good product. In fact it is much much harder to convince the larger software or hardware companies that their product has a critical bug that needs to be fixed. I just went through this process with Cisco Wireless Mesh Access Points. Cisco TACS couldn't solve it no matter how many calls, no matter how far it was escalated. They kept RMA-ing equipment, or telling us that it must be because an item on the network was not Cisco branded (passing the buck). Eventually disovered this Cisco Mesh layer 2 is buggy and not ready for production. Convincing Cisco there was a bug took 3 months and many very long phone calls. Last I heard Cisco wireless mesh layer 2 mode is still broke.

    • With widely accepted software it's easier to replace someone to manage it.
      If the company is more obsessed with paper credentials then aptitude and ability to learn quickly then this could be a valid point.

    Argument for open source solutions:
    1. Closer connection between developers and end users.
    I reported a hiccup I had with pfSense on the forum and the next day it was fixed. On the other hand I never got the bugs fixed with Watchguard (dumped watchguard) or Cisco (work around using layer3 instead of layer2).

    2. Influence on an active project. If you have a suggestion or a need it is much more likely to be heard and observed.

    3. Community with open source is a big strength. Diversity of the community provides a diverse set of instructions, tutorials, and questions found all over the internet and search-able with any search engine. If you don't understand instructions from one author you can likely find another one that words it in another way from another perspective. Contrast that with Cisco's books and documentation that look like they are written by a robot.



  • @GruensFroeschli:

    His main arguments where:

    • A company does not want to use software that requires a "crack" to be managed.
    • A company wants to use software with a contract in the back. In case of a failure they have someone to blame.
    • With widely accepted software it's easier to replace someone to manage it. (May it be that the person goes, is being gone, or death)

    I have changed last year all of my "other firewalls" e.g. cisco, checkpoint, astaro  etc. and we aren´t running in a blind alley. As mcrane says, a support contract
    doesn´t guarentee a good product. All of my colleague have become internal trainings to support pfsense with all the features, so if one person goes…, it shouldn´t be a problem... :)



    • A company does not want to use software that requires a "crack" to be managed.

    what does that mean?

    • A company wants to use software with a contract in the back. In case of a failure they have someone to blame.

    yes this is always a good idea. many of the experts here support pfsense professionally. usually the customer does not care or want to know what the product is. what the customer wants is a secure network. 
    I always ask people about the last time they had problems with windows and how MS helped them. that shuts them up :-)

    • With widely accepted software it's easier to replace someone to manage it. (May it be that the person goes, is being gone, or death)

    thats just indicative of bad policy. the company should not be dependent on particular products or particular people.
    a cisco guy wont want to work on watchguard. the juniper guy wont know about checkpoint. the market is fragmented and it is better to have people who understand networks and security rather than product specialists.



  • @sai:

    • A company does not want to use software that requires a "crack" to be managed.

    what does that mean?

    Someone very specialized in a certain field of knowledge.
    I think he meant with this mainly people that are able to work with unix OS's.



  • See it the right way….thanks to these people we have work !! ;-)

    I stopped having that kind of discussion.....when they get hacked,defaced,"wormed" they learn by themselves.



  • Most companies want to stick to 'proven business software' which means older, more well-known software titles.

    This is because if something goes wrong, they have less of a chance to be blamed for a bad decision of going with new unproven methods. This is way more common when you have a larger company that has stockholders to hold them responsible for their actions.

    In the corporate world, company officers can be held financially and criminally responsible for major blunders. Going with a newer or untested technology which apparently caused a major loss for the company is pretty easy to put the blame on in court.

    To sum it up, going with the time-tested solution is often just the safest way in many experienced people's opinion. I'm not saying that it is the best solution, but statistically speaking, it is often the safest way to keep your job if something goes awry.



  • Your description of corporate motivations is accurate.

    Corporations are often so bureaucratically tied down that it stifles their own ability to innovate. Their work around for this problem is often to buy smaller innovative companies. I've named this buynovation. Cisco is a prime example of buynovation. The innovative company is then assimilated into the corporate environment until the innovation is again stifled. This phenomena is not all bad… it creates a niche that smaller innovative companies can and do fill.


  • LAYER 8 Moderator

    I think heiko himself is a good example for mcrane's remarks.

    They wanted scheduled rules and "donated" money to the project -> all users got a really high rated feature including him and his company. No better way than that to get hands on a feature, that you need badly. What if you wanted sth alike from Cisco? Watchguard? Had a lot of argument about that with my last company 'cause they "glued" themself to Bintec/Funkwerk and their routers. They simply were crap. Hands down. But the company was using them since day one and they were reliable for a long time. So they stayed with them and were loosing customers 'cause of the bad and expensive boxes that even had many device or power-adapter failures. I could have provided them with a solution that (based on a WRAP or ALIX solution) is even cheaper and better (e.g. no hidden costs as for VPN licenses). But they only wanted their old boxes.

    Yes, known brands can make quite an impression. But I can only see one half-valid remark of that prof and that's

    • A company wants to use software with a contract in the back. In case of a failure they have someone to blame.

    Not quite true, most of the time I saw companies asking about support contracts it was only to ensure, that there is (good) support available to the product, so they aren't let alone to read in forums or to spend some time in search engines to keep the software running. So in my case it was the best thing, that pfSense people finally brought up commercial support. I introduced the software before that and my bosses were quite scared, that the project would be unable to handle later but now with commercial support and the awesome forums and mailing list also available (and with seeing it running without problems quite some time) - no problems at all.

    So the only argument I see is "Afraid of having no/minimal support for (bigger) problems and/or not having the ability to buy a support contract as safety measure"
    All other things are quite like Holger or Heiko said - very old fashioned prejudices.

    Greets



  • Just to give my piece of mind :).

    I am supporting not only my own company but also an insurance company.  I (we) use SourceForge projects in several locations

    • pfSense I use for Wan Aggregation (2 instances)
    • Untangle for Spam, Anti virus, Intrusion, Spyware etc. (4 Instances, one is commercial licensed)
    • SquirrelMail (two instances)
    • phpGoogle

    The "Microsoft" argument goes a long way.  The argument I mostly use is that Commercial Software, you pay for support up front, if you need it or not.  With most Sourceforge products, you can purchase support only when needed.

    Over the years I have ran the companies Networks and Websites I have probable saved then thousands of $$$  .

    So, I am now a "crack"-head, possibly yes, but I am proud of that.

    ~Gerry


Log in to reply