What type of embedded device?
Different device types have different requirements in terms of what open source middleware needs to be incorporated. Middleware can differ in size, complexity, and number of lines of code that need to be modified, tested, and maintained over time. The more complex the software, the higher the cost of ownership and maintenance, which includes bug fixes and backporting throughout the device lifecycle. We list here the most relevant device types, representing a good percentage of the device market.
Do your devices require high availability or fault tolerance?
If your device is subject to penalties associated with downtime, you definitely need high availability (continuous operation for a desirably long length of time). Generally speaking, you also need all the features specified by Carrier Grade Linux (CGL) standards, such as tolerance to faults and ability to minimize reboot time. These features, such as serviceability, performance, and support for 99.9999% availability, are needed in order to achieve CGL capabilities. Adding such functionalities means introducing new middleware and/or system complexity that increases the cost of maintenance and ownership over time, including the cost of testing and registering device software against CGL specifications.
Are you considering virtualization?
If you're planning to use real-time Kernel-based Virtual Machine (KVM) technology or containers to virtualize some of your device functions, you're going to add complexity to your system. The cost of ownership and maintenance will be directly related to increased complexities—for instance, the combination of the guest operating systems and hypervisor. Complexities add more cost than the size of middleware added. The exception to this rule is management middleware like oVirt, Docker, or OpenStack, which will increase your software size to millions of lines of code (which will impact cost of maintenance).
What is the device footprint?
Simply put, the bigger the device footprint, the more lines of code you will have to integrate, tailor to your needs, test, and maintain. This contributes to a higher cost.
Are you shipping globally?
Owning software is not just about integration, testing, and bug fixing. If your devices are shipped globally, you will also have to comply with trade and export regulations. This means you will end up spending a lot of time analyzing the millions of lines of code that you ship with your device, looking for things such as cryptography algorithms that impact your ability to sell in certain countries. Wind River performs such analyses and classifications for you.
Do you require policies for free open source software (FOSS) and open source licensing?
Your legal department might want to know which open source licenses apply to all the different packages you ship with your device. Additionally, they might want you to avoid certain types of licenses, or they might prefer some to others. No matter what the case is, you will find yourself analyzing all packages you ship, for example, the Package Associated License (PAL), in order to properly answer your legal team's questions. Wind River takes care of this for you and provides you with the list of all PALs that ship with Wind River open source products.
Are your devices connected to the Internet/Intranet?
When devices are connected to the Internet, they become more exposed to security threats. These threats could be latent or planted with the purpose to exploit weak and unsecure parts of the system. There are many thousands of security vulnerabilities found to affect open source software every year. You need to keep an eye on all of those, determine if they apply to your software, and fix them any time they do, in order to keep your device secure. The Wind River Security Response Team analyzes about 5,000 security vulnerabilities every year and fixes about 10% of them, providing relief to their customers in under 24 hours. Staffing a dedicated Security Response Team adds value and keeps your devices secure, but it does not come for free, and adds to your total cost of ownership.
What is the device lifespan? (Years)
Take your cost of ownership—especially the cost of bug fixing, security monitoring, and security fixing—and multiply this number by the amount of years your devices will be deployed in the field. Don't assume open source is free because it is freely available. The truth, instead, is that owning this software, which is initially free to download, will cost you tomorrow, next year, the year after, and for the entire life of the device. And the costs are not small.
Do you plan to update your device software once devices are deployed in the field (bug fixes, security fixes, etc.)?
If you plan on deploying your devices and thereafter forgetting that they exist, then you are unconcerned with bug fixes or security fixes over time. Your cost of maintenance is going to be very low, and you will face mostly development costs. If, on the other hand, you plan to keep your devices updated, then you need to plan on clearing export and trade compliance, analyzing open source licensing, and testing all bug fixes and security fixes in order to ensure that none of your device functionality will break. You need to make this plan every single time you roll out an update. That's the reality of cost of ownership.