momius - Fotolia
A high-profile confrontation between an open source software vendor and a hyperscale cloud provider has some industry watchers concerned about wider implications for open source funding.
The years-long battle between AWS and Elastic came to a head over the last two weeks as Elasticsearch license changes prompted the community to fork the project. Starting with version 7.11, due out this quarter, Elasticsearch log analytics and Kibana data visualization tools will switch from a single Apache license to a dual model consisting of the Server Side Public License (SSPL) and an updated version of the company's own Elastic License, which was first introduced in 2018.
These licenses, considered proprietary, keep the projects' source code available and open to contributions from the community but either inhibit or indirectly prohibit their use to offer a hosted service to third parties -- the SSPL requires that users offering a managed service also open source the management software used to provide it, while the Elastic License v2 expressly prohibits using Elasticsearch or Kibana to offer a managed service.
"The issue we had was not with the legal use of our Apache 2.0 code, it was all of Amazon's other behaviors," Banon said in an emailed statement through a spokesperson. "Including what we believe is misuse of our trademarks [and] falsely claiming a partnership to launch and promote their service."
In response to the Elasticsearch license change, a consortium of more than 100 interested contributors that represent more than 60 companies, including SaaS vendors such as Logz.io, indicated plans last week to establish a separate repository, or fork, using version 7.10 of Elasticsearch and Kibana code, which remain freely distributable under the Apache license.
"If anything, this opens up the door for innovation and contributions of code from many different companies," said Jonah Kowall, CTO at Logz.io. "It not only makes it easier to incorporate it back from the community to our service but helps everybody provide better services."
The forked versions of the projects will also be renamed to avoid running afoul of Elastic trademark claims, according to Kowall. AWS separately indicated it plans to fork Elasticsearch and Kibana, and Kowall said there is only one fork project planned, but AWS officials did not respond to request for confirmation that it will participate in the same project Kowall described.
Elastic's Banon said in an interview that he expected a fork as a result of the Elasticsearch license change, though he would have preferred for it not to happen. Banon also said he understands why some contributors to the code feel they can no longer contribute under the new licenses, though they are still welcome to do so. Previous community contributions will remain available in version 7.10 and all previous versions under the Apache license, he added.
However, Elastic employees produced 95% of the Elasticsearch and Kibana code, Banon estimated.
"I'm excited to just take that and focus our engineering efforts toward the benefit of our community," he said.
Logz.io's Kowall said his company's engineers had tried to contribute to Elasticsearch in the past but gave up because Elastic didn't accept their changes into the core project and introduced breaking changes to plugin APIs as it released new versions.
"We have made it clear that we do not prioritize maintaining backward-compatibility for these APIs, which could slow down the pace of innovation in our products," Banon responded in an emailed statement.
IT pros tie Elasticsearch license drama to funding issue
For enterprise users of open source software, these developments are unlikely to have any major short-term effect, IT experts said. Eventually, the bifurcation of the Elasticsearch and Kibana project could even result in more choices for log analytics users, as Kowall indicated.
Still, enterprise IT pros said they are uncomfortable with both the Elasticsearch license change and the ways it reflects problems with open source funding in the industry. Open source software is appealing in part because of its free price tag, but not having to pay upfront for software means open source project creators must find other ways to maintain a viable business long-term. This problem is compounded when such creators must compete with their own product, in a sense, because it's freely available to giant cloud vendors such as Amazon.
"When the large cloud providers exploit open source software and compete directly with the creators [of the] software, there is a funding problem, no doubt about it," said Thomas Ornell, senior IT infrastructure engineer at ABAX, a telematics company in Norway that used Elasticsearch until a switch to Datadog about a year ago, and uses many other open source projects, including Rancher. "I'm guessing most customers would rather just get the [version] in their cloud console."
Tobie LangelPrincipal, UnlockOpen
This week's Elasticsearch license change is an effort to maintain both free software for enterprise customers -- neither license requires payment upfront -- and preserve Elastic's business by blocking its use by SaaS providers. The Elastic License v2 also specifically states that third parties can't hack Elastic's proprietary add-on features and donate them to open source, another effort to preserve Elastic revenue.
But while Ornell is sympathetic to Elastic's motivations, he said he doesn't agree with changing the license of an established codebase from open source to proprietary.
"My personal preference here is, I'm not super happy when companies that are built on open source decide to go commercial," he said. "Your company was built on, yes, your hard work, but also the unpaid hard work of others -- to then commercialize that ... to me feels [unfair]."
The Elasticsearch license issue raises thorny questions that users of open source software, particularly from open core vendors similar to Elastic, must consider long-term, industry watchers said.
"Open source is a good thing, but it essentially commoditized software creation," said Tobie Langel, principal at UnlockOpen, an independent open source strategy consulting firm in Geneva. "By doing so, it let the only way of actually making money off of software be providing the infrastructure for running it."
In Langel's view, the kinds of competitive struggles now taking place between Elastic and major cloud providers are a natural outcome of that market condition. Elastic hardly seems to be suffering financially -- after a successful IPO in late 2018, it now has a market cap of $15 billion. But its license change could have an impact not just on AWS, but on smaller SaaS providers that offer Elasticsearch services, which Langel said troubles him.
"I'm concerned about the problem of having a few huge cloud vendors and huge companies sort of funding open source, a kind of weird charity-driven ecosystem of people writing the exciting key code," he said. "And then sort of really boring jobs in a whole bunch of companies where you're essentially writing glue code to tie all of this together -- it feels sort of dystopian."
Open source funding worries lack simple answers
This isn't the first time the pitfalls of open source funding and economics have come to light in licensing discussions -- cloud-native database vendor MongoDB created the SSPL Elastic now uses for much the same reasons: The company argued that it otherwise stood no chance of competing with cloud giants such as AWS.
Not every SaaS provider agrees, however -- including those that now stand to be in violation of the new Elastic license terms and plan to move to the Apache-licensed fork.
"Our customers expect open source," said Heikki Nousiainen, CTO and co-founder at Aiven, a 140-employee startup in Helsinki, that provides open source database and messaging services to approximately 600 customers. "We have to make sure there's a viable ecosystem and room for healthy businesses, but moving away from open source is not the solution."
Langel said he also remains a passionate supporter of open source, but that the community must reckon with open source funding issues or face unintended long-term consequences.
"Open source isn't just a vendor being nice," he said. "The bigger problem that we're not really talking about has a broader societal impact now -- are we OK with having computing infrastructure essentially belonging to a few huge mega-corps?"