Oracle Corp. and Red Hat Inc. recently announced their intention to submit Red Hat Advanced Server for ISO security certification, a move some analysts say is designed to further strengthen Oracle’s position in the government market by expanding the potential for its Linux offerings.
The move makes good business sense for Oracle, analysts say, as more and more government agencies are looking to migrate to open source solutions in an effort to save money and create cross-agency compliance. By having a certified open source platform (Red Hat Advanced Server) available to government agencies, Oracle has another avenue to pitch its Linux-based solutions.
“They are mostly covering all bases,” said Bill Claybrook, research director for Linux and open source with the Aberdeen Group in Boston.
As of July 2002 all U.S. federal government agencies have to purchase “evaluated and validated” products, those which pass the ISO 15408 standards. Though the Canadian government has no specific requirements, Canada was one of the original nations involved in the creation of the Common Criteria for Information Technology Security Evaluation, eventually adopted as ISO 15408. Individual Canadian government departments can require a vendor be ISO certified to get on an approved vendor list.
Oracle’s own 9i database release 2 on Linux is also being submitted for security evaluation. Oracle is submitting for EAL 4, Red Hat for EAL 2. It typically takes eight to 10 months to complete an evaluation, which is often done by third parties.
Claybrook sees another reason for Oracle’s interest in Red Hat’s success.
“One of the reasons that they like Linux is that they would like to have an Intel play to go up against (Microsoft) SQL server,” he said. “Oracle has never liked Microsoft,” he added.
“The government is extremely interested in Linux, not only Linux servers but also Linux on the desktop,” Claybrook said.
“[But] the place where Linux has not made it prime time is running e-business type applications in enterprises,” he added. This is where Oracle 9i on Linux comes in.
A company could create an enterprise-wide Linux-based solution, say, using Oracle’s 9i, Red Hat’s Advanced server and Sun’s Star Office.
Alister Sutherland, director of software research at IDC Canada Ltd. in Toronto, said there is another reason for the government move to Linux.
“A big push has to do with the fact it is truly an open source,” he said. “If you make any change to the kernel you have to publish it and make it available to anybody else,” he continued. “[So] it is very easy for different Linux providers and users to be compliant with one another.”
Both Sutherland and Claybrook agree that there are some myths about the cost of Linux.
Linux is viewed as being less expensive and government agencies are “tired of haggling with the RISC Unix vendors and Microsoft,” Claybrook said. “They believe that they can save money (with Linux).”
Though it is often cheaper than high-end RISC systems, Claybrook said, it is no more affordable than a typical Windows environment. Concern over security is the reason governments (and to some extent enterprises) are not set on Windows.
“[Linux] is an alternative to Windows since…the government doesn’t see Windows as being all that secure, though whether that is true or not is up in the air,” Claybrook said.
“Though admittedly Microsoft is getting better in its technology and reaction to security breaches…it takes a long time for the credibility to accrue,” Sutherland said.
Regardless, many of the large vendors (IBM, Oracle, Sun) see Linux as the next big wave.
“Oracle is making a huge bet on Linux,” Sutherland said. “It is the fastest growing server operating environment and it will continue to grow.”
Claybrook agreed, saying “most people have always believed that there is a huge market eventually for Linux,”.