Open Source Migration Guide

This document sets out to describe the various routes that organisations can take when migrating towards the use of Open Source Software (OSS). We believe that there are many benefits to be gained from increasing the use of OSS within the typical organisation's IT portfolio, including reduced total cost of ownership, higher stability, increased security and greater overall control.

If you spot glaring errors or inconsistencies or can add useful further information, then we will try to incorporate your comments where possible. Please send your comments to, preferably with a detailed suggestion for corrections or enhancements and which paragraph or subsection of the document you are referring to.

The planned contents list and thrust is as follows:

  1. The business case. Descriptions of the benefits of using Open Source software, high-level commercial and strategic issues.
  2. Case studies drawn from a range of industries cross-linked with Open Source component descriptions in part 3.
  3. A framework for the migration process.
  4. Background and capability descriptions of specific Open Source components such as Samba, Apache, Linux etc. cross-linked with case studies.
  5. Supporting appendices providing more detailed information on licensing issues, development models, statistics, market share studies and other suitable information. Links and references to other important resources.
  6. Examples of software (not necessarily Open Source) which are widely used and supported by vendors on or in relation to Open Source software components. Instances are likely to include Oracle, WebSphere and numerous others.

The Document


Management Briefing

Two-page summary of key issues intended to persuade decision-makers to read and investigate further.

The Business Case for Open Source

See here for the draft of the benefits document.

Background and Capability of Specific Open Source Components

There are numerous Open Source Software projects ranging from fundamental infrastructure tools through to specific niche products. The entire internet is supported by open source tools such as BIND and Sendmail, and the vast majority of Internet data originates in and is routed by software derived from (or which still is) Open Source. Not all Open Source projects choose the same licenses, but those listed below all use licences that we consider to be open enough. Some also have commercial counterparts available.

This section will expand to provide more detailed descriptions of each component, see at present the Apache description as an example. It has been divided into three sections based on editorial opinion as to whether each component is of leading, significant, or other importance. Clearly it is impossible to cover all of the thousands of Open Source projects here, our decision is based on general commercial impact. We welcome comments about glaring omissions but our decision is based on our opinion of what is important to business migration to Open Source use.

This listing forms a representative selection of some of the most relevant Open Source projects. This guide is not intended to be comprehensive but instead representative. Our goal is to provide information about the scope and range of what is available in the Open Source world rather than to enumerate every single project or package, which would require a huge directory and massive maintenance.

Leading Open Source Projects

Apache Webserver

As businesses move their IT infrastructure to a web services model, the need for powerful and reliable web server software is becoming ever more crucial. Apache is the world's leading web server. Surveys conducted by NetCraft indicate that for a number of years, Apache has been the server software chosen by a majority of users. At the time of writing it runs on over 55% of all web servers – about 10 million at present. Moreover, according to Netcraft's latest figures, its usage levels are growing nearly twice as fast as those of its nearest competitor. This link should show current figures from Netcraft.

Why do so many people rely on Apache? Apache has all the advantages that serious users have come to expect from open-source software: reliability, security through auditability, flexibility, efficiency, standards compliance, and low cost.


Apache has long proven to be among the most reliable of web servers. Netcraft measure web site uptimes, and list a league table of the top fifty longest running sites. Apache drives all but four of them. Many high-profile sites (The Register, Amazon, Verio, Hewlett-Packard, IBM, Deutsche Bank, European Central Bank, Bank Italia, Abbey National) choose Apache because its uptime is usually limited only by the reliability of the underlying operating system. Moreover, many of these sites must handle many millions of HTTP clients each day.


It is extremely hard (if not impossible) to guarantee that any complex piece of software is free of security vulnerabilities. However, high-quality software is carefully written to minimise both the likelihood and the severity of security flaws. Apache falls into this category. Though it has contained vulnerabilities, they have tended to be relatively minor, easy to fix, and few in number.

The fact that Apache is open-source software constitutes a significant advantage in this respect. As with all open-source software, Apache has large numbers of people using the software, discovering bugs in it, auditing it, and ultimately correcting it – and note that availability of source code is crucial in this respect.

It is instructive to compare this situation with that for Microsoft's IIS, Apache's nearest competitor in terms of market share. IIS has had a number of bugs which permit remote attackers to execute any program on the server, and these bugs have been widely exploited. One such exploit was the so-called ‘Code Red’ worm, which defaces pages on infected machines. Once Code Red has infected a susceptible IIS server, it aggressively tries to search out other machines to infect. This leads to an explosive growth in both the number of machines infected and the amount of network bandwidth devoted to this worm's self-propagation. Later, more virulent strains of Code Red also enabled attackers to acquire system-level access to compromised machines.

The effects of the Code Red worm were serious. Many high-profile websites — including some machines running Microsoft's own Hotmail service — were compromised. Some analysts estimated the costs of the damage caused world-wide to be in the billions of dollars, and while this may be an over-estimate, it is undeniable that the costs were significant. In the wake of these events, the respected analysis firm Gartner advised that “enterprises hit by both Code Red and Nimda [another IIS-targeting worm] immediately investigate alternatives to IIS, including moving Web applications to Web server software from other vendors, such as iPlanet and Apache.” (Gartner Group ‘ditch IIS’ report.)


Extendable. Cross-platform.


Apache is not designed specifically as a high-performance webserver although the current release has recently been reengineered to provide specific performance enhancements. Performance of the server software is almost never an issue in most applications and we would advise against taking this to be an important or even relevant question. The fact that so many high-profile sites run with Apache is probably evidence enough of the adequacy of its performance for all normal tasks.

Standards compliance

Full HTTP/1.1 implementation. Commitment to track future web standards. Earliest HTTP/1.1 server used in the wild; exposed client implementation bugs in IE, JDK, Navigator, AOL, etc.

Low cost

As an open-source application, Apache may be freely downloaded from the Internet for the cost of the download. Most serious users are well aware that initial purchase cost is a small part of the total cost of ownership of a piece of software. However, the inherent insecurity of many of Apache's competitors, including IIS, means that system-administration staff must spend significant amounts of time tracking and installing security patches. Apache's superior security record means that both its initial purchase cost and its total cost of ownership are low.




News Sources

Software Directories and Information Sources

Other Open-Source software

Closed Source But Runs On OS Platforms



The references section is now in a separate document.

Unsorted, Various