Ronald Hudson - Fotolia
The cloud has upended assumptions in almost every industry and profession, and the commercial open source market is no exception.
The efficiency, flexibility and usability of cloud services has collided with the established order in the development and commercialization of open source software. The latest example is the long-simmering feud between AWS and Elastic, which came to a head earlier this year.
Elastic, whose developers founded and then commercialized the Elasticsearch project, changed the licensing terms for the analytics and data visualization software to prevent AWS from packaging it as a service. AWS promptly responded with the open source equivalent of the nuclear option: It forked the project and created a separate version customized for its use.
The two sides presented their cases in dueling blog posts that left users confused about creeping restrictions in OSS licensing and software founders concerned about the funding implications for future projects.
Shay Banon, founder and CEO of Elastic, said the license was changed to ensure companies could not take Elasticsearch and Kibana products and offer them as a service without collaborating with Elastic. Additionally, Banon wrote in the Elastic blog, "So imagine our surprise when Amazon launched their service in 2015 based on Elasticsearch and called it Amazon Elasticsearch Service."
In response, AWS executives wrote that "AWS will step up to create and maintain a ALv2-licensed fork of open source Elasticsearch and Kibana." AWS added that all new releases of its Elasticsearch Service will be based on its fork and that the change won't "slow the velocity of enhancements" to the service.
The latest salvo came this month, when AWS renamed the forked project from Open Distro for Elasticsearch to OpenSearch. It also plans to change the name of its existing Amazon Elasticsearch Service to Amazon OpenSearch Service.
The move is an apparent response to a lawsuit from Elastic claiming trademark infringement by AWS over its use of the Elasticsearch name. AWS noted in the announcement that other companies can use the OpenSearch name to promote their own offerings based on the project, adding, "Broad adoption benefits all members of the community."
OpenSearch only has 45 contributors compared with almost 1,600 for the original project and about one-tenth the level of commit activity. However, it's enough effort to complete a point release an average of every six weeks since mid-2020.
Open source monetization
Open source licensing has changed significantly since the GNU project originated the free software movement. Today, there are dozens of open source licenses, though a handful account for the vast majority of usage, dominated by the Apache 2.0 and MIT licenses.
Apache 2.0 and MIT are known as permissive licenses because they enable a commercial vendor to redistribute open source software (OSS) along with proprietary additions. However, they can only do this if they also redistribute the source code and copyright for the original OSS.
Permissive licenses are popular because OSS developers, like Banon, can monetize their work by packaging the original code with proprietary add-ons in a commercially supported product without "tainting" the proprietary code with an open license -- a requirement of restrictive licenses like the GNU General Public License.
Companies like Cloudera, Elastic, MongoDB and Talend rely on a business model by which users get hooked on the free, open source version of the software, then realize they need additional enterprise features and on-call support before using it for production applications. MongoDB said as much in its 2017 S-1 IPO filing, where it mentioned that the free version of its database doesn't have all the features of the commercial version, but it exists "to encourage developer usage, familiarity and adoption of our platform."
COSS model under threat
This commercial open source software (COSS) model worked well in an era when enterprises installed and operated software on private infrastructure. However, cloud services upended these assumptions. The problems started when application service providers began selling access to COSS products over the internet.
Cloud services represent a deeper threat to the COSS model since they offer rentable access to OSS features and APIs via production-grade services. Such access is created by wrapping the core OSS code with proprietary enhancements -- typically to make it work well on multi-tenant cloud infrastructure and with other proprietary cloud services -- without distributing anything.
Companies like AWS aren't selling the Elasticsearch software, they're selling the infrastructure, operational support and Elasticsearch capabilities. In this case, they are also selling distributed search using REST APIs or SQL syntax as a consumption-based, on-demand service.
A cloud vendor's OSS-as-a-service product doesn't directly threaten the COSS business model, since these companies can restrict their proprietary features with a separate license. However, problems arise for COSS when:
- Enterprises replace privately-operated installed software with an equivalent cloud service that includes the security, reliability and integration features sold by COSS vendors as enterprise add-ons.
- Companies like Elastic use the goodwill of the open source movement by creating pseudo-OSS licenses to protect their proprietary code but retain the mantle of an OSS product.
The future for COSS in the era of cloud
At this point, Elastic wants to have it both ways, which only adds to the confusion. It wants the virtue of being an OSS champion and the profits of a commercial software vendor. To make matters worse, it's using a new Server Side Public License (SSPL) -- mocked by the Open Source Initiative (OSI) as fauxpen source -- to restrict commercial usage of its software.
The OSI points out several problems with Elastic's SSPL, particularly for OSS advocates whose good-faith contributions to a project they have long supported could be locked behind a proprietary, restrictive license in the future. The OSI argues that Elastic's changes don't represent any failure in the OSS licensing model. Rather, it's a reflection that "Elastic's current business model is inconsistent with what open source licenses are designed to do."
Indeed, AWS' OpenSearch fork is the best solution to the Elasticsearch imbroglio. But enough independent developers -- i.e., those not associated with AWS -- will have to participate for the project to truly succeed.
And while the Elasticsearch incident highlights flaws with the COSS business model in the cloud era, it doesn't have to be the death knell for OSS innovators who wish to capitalize on their labors. Instead, they need to create features that add value within the context of IaaS and SaaS and package their services in ways that can be distributed on cloud marketplaces as adjuncts to OSS-based cloud services.