Open Source or a commercial offering?

Bart Silverstrim bsilver at
Thu Aug 16 13:40:40 UTC 2007

Anthony M Simonelli wrote:
> I've been working on an Internet Gateway/Proxy/Email filter box for work
> using Postfix, AmavisD-New, Spamassassin, ClamAV, Squid, Dansguardian,
> etc.  I've put in many hours trying to get it to work the way I want,
> (granted I have spent a lot of those hours learning and documenting
> along the way) and I'm happy with the results, but I am beginning to
> wonder, am I really benefiting my company?  Am I saving them money with
> a more superior product?  Let's say that after benefits and everything,
> someone in IT is paid $25 an hour and spends 20 total hours getting a
> Linux server setup for the functionality above.  That's $500 worth of
> work.  Now compared to a commercial offering such as the SonicWall TZ
> 180 TotalSecure 10 priced at $480 that does all of the above, what is
> the benefit of running a free, open source solution?  Don't get me
> wrong, I am a huge fan and promoter of open source, but from a purely
> business perspective, am I doing the right thing?  Your thoughts and
> opinions please...

Is this all you do?  Just set that up?  Or are you their department?

My opinion is that "free" implementations of solutions are indeed 
expensive in that they take up someone's time.  You have to learn what 
you're doing or know it already.  In that regard, you're actually 
profiting from the're getting an education on their time.

BONUS! Ka-Chow!

So...initial outlay: proprietary solutions tend to be pricey in terms of 
cash, cheap on the purchaser in terms of hassle and time.  Open source: 
opposite.  Winner: If you can get time and want the education, open 
source.  If you want minimal hassle and someone to blame when things go 
wonky (which of course is the privilege you pay for), go commercial.

Second, once implemented, if done "right", open source solutions tend to 
be largely self-maintaining with the exception of possibly doing updates 
by hand and/or tuning of rules and filters. I've had very very few 
problems with the OS just tweaking out on me.  Windows, I've been bitten 
several times by the OS just deciding to go south at inopportune moments 
for no apparent reasons.  Your mileage may vary though.  We've had some 
Windows servers that have been workhorses and won't die.  Others, flaky 
as a croissant.  Given the choice I avoid the Windows solution.  And no, 
it's not for zealot reasons.

So, for long term cost: many, if not all, spam solutions and virus 
solutions have a subscription model.  You're going to budget for it. 
That's what you pay for...they do the work of keeping you "up to date" 
and you just need to make sure the appliance/solution retrieves updates 
periodically.  Sound good for your situation?  Go commercial.  Open 
source takes some more work.  You have to sometimes do manual updates or 
script updates, check they are still working periodically, and have to 
tune it.  So it's again an investment in time.

What it comes down to is your situation.  If your organization is 
worried about being hit with financial cost worries, I'd say open source 
is fantastic if they have a tech person or department that wants to 
invest in personal learning and growth and competence. The cost is 
encapsulated into investing in the person or people and they become, 
hopefully, more competent and savvy from using and configuring the 
solution, and they definitely become more educated in keeping up with 
the "bad guys".

If your organization doesn't mind throwing money into a solution in 
return for piece of mind that comes from having someone to blame and 
they don't want to invest in in-house expertise, go commercial.  It's 
"cheaper" in terms of tangible labor and but more expensive in terms of 
hard cash.  This is great for businesses that don't have IT people 
and/or prefer outsourcing everything they don't have or want in-house 
expertise in.

In the long run I think it's cheaper to do the open source route since 
you'd have people get up to speed and dedicated to maintaining the 
solution.  It's investing in your people and your IT department if your 
business has one.


More information about the ubuntu-users mailing list