Open source and certification don't really seem to go together - or do they? Gary Flood takes a look at the open source market and what the experts say.

Here's a nice little logical puzzle for you. Think of a part of the IT area where there are no dominant players - no Microsoft. Now think how you'd introduce any sort of industry qualifications to this area that everyone will take seriously.

This is what at least some participants in the world of open source say they are facing when it comes to the issue of how to create any kind of sensible certification structure for a software community that, by definition, opposes any central control or 'leadership' by any one vendor or even group of vendors.

The dilemma is nicely summed up by independent IT consultant Graham Oakes: 'Certification tends to "work" in my experience if it is backed by a big organisation - and while open source has a very strong network of support around it, it doesn't have the weight of an Oracle or an IBM in there.'

'There's a very different culture, very much an anti big company, anti "Microsoft" way of doing things in open source,' adds Martin Schneider, Director of Product Marketing at open source CRM application supplier SugarCRM. 'That, I think, has also led to a resistance to things like certification, which is seen as a way to make us pay to play in something that should be free.'

Is it really free?

As it turns out, there are some solid 'commercial' options in open source IT education. Open source in fact already represents quite a significant amount of investment dollars. If it all disappeared tomorrow, one US software company, Black Duck, estimated (in April this year) that it would take the equivalent of $387bn (£228bn) to rewrite it all - that's a dollar 'cost' one could put on all 200,000 ongoing open source projects and the 4.9 billion lines of code so far generated, which is equal to two million software developer man-hours.

This encompasses not just open source operating systems, but real industrial applications like the MySQL open source rdbms and the Compiere ERP platform, among many others.

Still, some things are very much the same. Open source still means software created, evaluated and maintained by a community of developers, not to be paid for, but shared and offered totally gratis. From its OS roots (Linux being an open source riff on UNIX), open source is now present in many parts of the IT stack, from infrastructure all the way up to applications and packages.

Indeed open source is very well established, you could even argue dominant, in some areas in IT: the Apache Web Server system for internet infrastructure is a case in point, and while Firefox, the open source browser alternative to Microsoft Internet Explorer, is hardly the biggest thing out there, it has around 25 per cent market share already, say observers.

Yet despite all this, there are still suppliers in open source, and they still very much look to make money, usually by offering two versions of their goods: a public one (usually called something like a 'community release') and a higher-end, enterprise-focused version.

The software is still free, but you do write cheques for ancillary services and support around the core software 'edition' (or sometimes 'release'). The former is supported by the open source world, but the latter is maintained and paid for by actual customers.

Take open source CRM (customer relationship manager) specialist SugarCRM. It has over half a million free 'users', but it also has 5,000 commercial / paying ones for the enterprise product.

'We're a whale in terms of overall usage, but a minnow commercially,' says Schneider. 'We're not an SAP or an Oracle. We're small, of course we are. But we're solid.'

Certifying knowledge

These companies offer certification, for reasons that sound very much like their 'old world' proprietary rivals.

An open source outfit like Alfresco, whose main offering is an eponymous record and web content management system used by organisations such as Fed Ex, KLM and Virgin Mobile, needs certified representatives, according to its Global Director of Training Carlos Miguens, because 'The issue for customers is how do you guarantee that people providing services around an open source product know what they are talking about.'

'We see training as a key investment,' adds Fredrick Svenson, Business Area Manager of 200-strong open source services firm Redpill Linpro, by his claim the largest independent open source company of its type in Scandinavia.

'The reality is that in open source you can really only compete with your knowledge and expertise anyway. And it really reassures the customer you sell that knowledge on to that the individual has recognised vendor qualifications. As a result I think certification will become even more important in this market.'

So companies like SugarCRM and Alfresco not only support certification, mainly for their partners (e.g. Svenson's company is an authorised learning partner for SugarCRM), they are also looking to expand it.

SugarCRM, for example, offers three certifications around the developer, administrator and systems integrator job functions. Meanwhile, Miguens explains, 'Part of my brief joining here is very much to create our own certification programme', with a new structure set to be up and running in some shape by year end.

Red Hat, probably the biggest open source company of all and supplier of one of the most popular distributions (open source jargon for 'release') of Linux, is not only doing well commercially, it also has a very strong certification story to boot, as its open source colleagues cheerfully admit: 'The Red Hat certification is probably the dominant certification in open source - I can say it is well regarded and I do believe it's a way to claim a higher salary,' offers Miguens.

Jens Ziemann, Training Manager for Central and Eastern Europe at the company, says, 'We first set up a certification programme ten years ago, and we knew it had to be as different an approach as we were taking to the overall way we were supporting the products. We wanted a certification programme that would provide maximum value to customers, in other words.'

The result is a very hands-on, practical, 'not just multiple choice scenarios' set of exams that lead to such qualifications as Red Hat Certified Technician (RHCT), Red Hat Certified Engineer (RHCE), Red Hat Certified Datacentre Security Specialist and Red Hat Certified Architect.

Red Hat delivers training for certification direct in most of the Western European countries where it has its own presence, but uses local partners where it doesn't, e.g. Eastern Europe. There are, according to the company, around 40,000 RCHEs and 30,000 RHCTs in the market already, with a global total of over 500,000 having taken some form of Red Hat training.

'We're giving the customer a really valuable product here, which is based on exams that genuinely aren't easy - I did the RHCE myself a couple of years ago and it was very tough,' Ziemann adds. 'We are constantly upgrading the content and the exams too, to continue to make them useful and real-world.'

In March 2009 IDC decided that 'Red Hat Certified Engineer (RHCE) certification, with a practical, performance-based test methodology, is an example of a meaningful certification that has demonstrated impact on organisational risk mitigation, improved operations and staff productivity... RHCT and RHCE certifications are demanding tests that cover the relevant skills open source administrators need.'

That's a claim backed up by one Red Hat 'graduate', Jeroen van Meeuwen, Senior Systems Engineer at Dutch firm Operator Groep Delft and Red Hat RHCE of the Year for 2008. 'It's a tough qualification and you really do need a lot of both experience and expertise to achieve it. This tells the customer I know how to do what he needs me to do. I think it's very relevant. Too many other certifications out there are "entry level IT" - this certainly isn't.'

And for those who worry if any of the effort involved in getting a certification translates to the all-important bottom line, he adds, 'I can confirm getting RHCE status gave me both promotion and a raise - directly - and also has given me a lot of respect internally here.'

Measuring skills

Strong as the Red Hat certification story is, it's not by any matter of means covering all that's going on in open source. It's not even, to be frank, all that's going on in Linux itself. This brings us back to the issue of whether or not it would make any sense to have any more generic open source qualifications.

At least some open source bodies have felt there is such a gap. And at least one has admitted defeat. 'We've filed it in the "too hard" box for the moment,' admits Graham Taylor, CEO of Open Forum Europe, a non-profit open source organisation set up to promote the approach.

'We looked into how we could get better recognition of skills in open source about three years ago with a programme we'd set up called the Open Source Academy,' he says.

There was a perception issue and a lot of blockers to open source use, like "What is it? How can it be supported? What are the measures of skills?" We felt this was particularly important for the UK local government sector. At the time there really wasn't anything out there - I think Novell and Red Hat might have had a basic Certified Engineer thing.'

Meanwhile another open source, specifically Linux-oriented, body carries on with its attempt to craft a genuine 'open' open source qualification: step forward the Linux Professional Institute, or LPI, a vendor-neutral, not-for-profit standards body in the open source world, this year celebrating its tenth anniversary. The institute has been trying to set up a range of open source structures, including its own certification programme.

'I'd say it's a work-in-progress,' is the honest appraisal of its penetration by one of its supporters - Rebecca Thomas, a Marketing Executive with ForLinux, a UK open source hosting and training company.

'There are fantastic advantages as it gives the Linux person a lot of potential credibility in the enterprise and a good benchmark of ability, but as it's not yet backed by enough big organisations not everyone's seen its potential yet.'

However, ForLinux itself has put all its technical staff through the courses and found them to be very well designed and highly practical.

For Elizabeth Ziph, an open source veteran and CEO of Linux Box, a US open source consultancy, the reality is that neither LPI or even Red Hat certifications are really that relevant.

As open source has grown, so has the body of people generally skilled in its uses and approaches. 'When people hire they just don't ask questions about that,' she says. 'Basically we've given up on certification here.'

That sounds very negative, but Ziph's point is that certification is never likely to gain much traction in the open source world. 'There's just not so much need for it,' she believes.

The argument - voiced by more than a few open source people - is that open source by its special nature doesn't need the sort of industry, post-college training so much IT certification is all about.

One reason for this is that colleges are doing a good job of immersing students in the world of open source. 'The kids now get so exposed to open source of all sorts at college level that you can get a computer science graduate up to speed really, really quickly when they get in a company,' believes Ziph.

'They are better prepared and happier to take on a broader scope of work than they would be with a proprietary system that they're less likely to have been exposed to on their courses.'

A slightly different take on this comes from SugarCRM's Schneider: 'I believe the training and education culture is different in open source than in proprietary.

'In open source, you tend to see a lot of engagement with social media, and a lot of Twittering goes on when people have technical questions. There's an element of almost hyper-communication here, but that makes sense, as the kind of people who'd be into open source tend to be very "virtual" people too.'

But not everyone thinks that someone fresh from university - even one brimming with open source project experience at the undergraduate level - needs no training at all on specific open source technology.

'People leaving universities are great and already have been exposed to the concepts, yes. But they still need to take that knowledge and develop and fine-grain it on the specific tools and applications organisations are using,' worries Svenson. 'I think just saying "I know open source" is too vague.'


So what's going to happen in open source regarding industry-relevant qualifications and proof of expertise? Could there ever be any kind of unifying, generic open source qualification, as envisaged by people like The Open Source Forum?

At least some believe that this has to happen, one way or another. 'Things are changing and we are seeing the shape of the next phase - a place for a commercialised open source people will be happy with,' thinks Schneider, for instance.

'A more standard, universal set of qualifications fits well here as that would mean it'd be that much easier to work with partners and all sorts of different companies. Some of the best practice of the commercial software world will definitely end up in here.'

And this might happen quicker than events so far suggest. 'One of the issues around open source is that it's really accelerated - it's had a short, concentrated history,’ Schneider explains. ‘A year in open source is more like five years for a proprietary product.'

‘I think the scope for open source training is tremendous, at several levels,' concludes Oakes. 'For basic skills like Office productivity, ECDL etc., training is dominated by the Microsoft suites, but as tools like Open Office gain market share, there’s a lot of scope to use them for this type of training.

'There’s also a lot of scope for training in things like Linux administration skills, as more organisations start to build infrastructure on Linux. Higher in the application stack, where we're looking at ERP, CRM and content management, there are fewer dominant open source applications, so probably less scope.’

But we do have to come back to the central issue that the nature of open source itself may continue to militate against the certification model per se. We'll leave the last word to someone who should know, Open Forum's Taylor: 'One, I don't think the colleges will support this, looking at the way they have started to align behind vendor and industry qualifications - and two, there is no cross-industry drive to make it happen, to be frank.

‘As open source isn't bolted down into one individual company, it's going to need a multi-point drive to provide this - if in fact, we really feel we need it.'