What type of embedded device?
Different device types have different requirements in terms of what open source middleware needs to be
incorporated. Middleware can differ in size, complexity, and number of lines of code that need to be
modified, tested, and maintained over time. The more complex the software, the higher the cost of
ownership and maintenance, which includes bug fixes and backporting throughout the device lifecycle. We
list here the most relevant device types, representing a good percentage of the device market.
Do your devices require high availability or fault tolerance?
If your device is subject to penalties associated with downtime, you definitely need high availability
(continuous operation for a desirably long length of time). Generally speaking, you also need all the
features specified by Carrier Grade Linux (CGL) standards, such as tolerance to faults and ability to
minimize reboot time. These features, such as serviceability, performance, and support for 99.9999%
availability, are needed in order to achieve CGL capabilities. Adding such functionalities means
introducing new middleware and/or system complexity that increases the cost of maintenance and ownership
over time, including the cost of testing and registering device software against CGL
specifications.
Are you considering virtualization?
If you're planning to use real-time Kernel-based Virtual Machine (KVM) technology or containers to
virtualize some of your device functions, you're going to add complexity to your system. The cost of
ownership and maintenance will be directly related to increased complexities—for instance, the
combination of the guest operating systems and hypervisor. Complexities add more cost than the size of
middleware added. The exception to this rule is management middleware like oVirt, Docker, or OpenStack,
which will increase your software size to millions of lines of code (which will impact cost of
maintenance).
What is the device footprint?
Simply put, the bigger the device footprint, the more lines of code you will have to integrate, tailor
to your needs, test, and maintain. This contributes to a higher cost.
Are you shipping globally?
Owning software is not just about integration, testing, and bug fixing. If your devices are shipped
globally, you will also have to comply with trade and export regulations. This means you will end up
spending a lot of time analyzing the millions of lines of code that you ship with your device, looking
for things such as cryptography algorithms that impact your ability to sell in certain countries. Wind
River performs such analyses and classifications for you.
Do you require policies for free open source software (FOSS) and open source
licensing?
Your legal department might want to know which open source licenses apply to all the different packages
you ship with your device. Additionally, they might want you to avoid certain types of licenses, or they
might prefer some to others. No matter what the case is, you will find yourself analyzing all packages
you ship, for example, the Package Associated License (PAL), in order to properly answer your legal
team's questions. Wind River takes care of this for you and provides you with the list of all PALs that
ship with Wind River open source products.
Are your devices connected to the Internet/Intranet?
When devices are connected to the Internet, they become more exposed to security threats. These threats
could be latent or planted with the purpose to exploit weak and unsecure parts of the system. There are
many thousands of security vulnerabilities found to affect open source software every year. You need to
keep an eye on all of those, determine if they apply to your software, and fix them any time they do, in
order to keep your device secure. The Wind River Security Response Team analyzes about 5,000 security
vulnerabilities every year and fixes about 10% of them, providing relief to their customers in under 24
hours. Staffing a dedicated Security Response Team adds value and keeps your devices secure, but it does
not come for free, and adds to your total cost of ownership.
What is the device lifespan? (Years)
Take your cost of ownership—especially the cost of bug fixing, security monitoring, and security
fixing—and multiply this number by the amount of years your devices will be deployed in the field. Don't
assume open source is free because it is freely available. The truth, instead, is that owning this
software, which is initially free to download, will cost you tomorrow, next year, the year after, and
for the entire life of the device. And the costs are not small.
Do you plan to update your device software once devices are deployed in the field (bug fixes,
security fixes, etc.)?
If you plan on deploying your devices and thereafter forgetting that they exist, then you are
unconcerned with bug fixes or security fixes over time. Your cost of maintenance is going to be very
low, and you will face mostly development costs. If, on the other hand, you plan to keep your devices
updated, then you need to plan on clearing export and trade compliance, analyzing open source licensing,
and testing all bug fixes and security fixes in order to ensure that none of your device functionality
will break. You need to make this plan every single time you roll out an update. That's the reality of
cost of ownership.
