Gluu 2022 Open Source Strategy

Since we started Gluu in 2009, the mission has not changed: to build a business that supports the development of an open source identity and access platform. Fundamentally, we believe that a strong business model drives long term innovation. But what business model to pursue has changed over the years, and in 2022, this evolution continues. This blog will lay out our current strategy, and how that impacts our upcoming product roadmap.

Gluu Server 4.x

For those organizations using Gluu Server 4.x, the good news is that we will continue to support and patch this distribution for the next five years, until 2027. The primary goal of updates to this distribution is stability and security.  At the end of 2022, we anticipate extending Gluu 4.x support for an extra year–until 2028.  

Organizations with a Gluu VIP support contract will have early access to patches (e.g. log4j). Community users will have access to security fixes in the next release (e.g. 4.3.1). New features will still appear in Gluu 4.x. However the rate of new features will slow. 

Introducing Gluu Flex

Last year, we moved our core software development community to the Linux Foundation Janssen Project, which enabled us to democratize the governance of the project. While Gluu is a leader of the project, others can have a seat at the table and help us set the direction by joining the Janssen Project Steering Committee.

The Janssen Project is where we will implement the latest features–only some of which will be back-ported to Gluu 4.x. For example, most of the features implemented for Open Banking only exist in the Janssen Auth Server.  Janssen will contain new protocols and many improvements–some of which may be non-backwards compatible.

Our first commercial release of a product based on the Janssen Auth Server was the Gluu Open Banking Platform. This is a minimal distribution that satisfies a very specific use case, enabling third parties to call a bank’s API while leveraging the cryptographic keys published by a central trusted authority (e.g. a bank regulator). In 2022, we are introducing  a new Janssen-based Gluu product called “Gluu Flex”–a general purpose enterprise solution that enables organizations to launch a cloud native digital identity service, including secure authentication, e.g. multi-factor or passwordless authentication.

The Janssen Project provides an opportunity for us to fix some of the things that bug us about Gluu 4.x. The biggest change is configuration management. We introduced a Configuration API that de-couples config from the front-end. In Gluu 4.x, the oxTrust component provides both the config API and an administrative web interface. With Gluu Flex, admins can now configure the Gluu Server by either calling a standalone API or running a command line tool (which itself calls the Config API).

With Gluu Flex, we are moving to an “open core” business model:  Gluu is introducing a fancy web admin user interface that is commercially licensed. We have seen this open source strategy work well for companies like Kong and Tyk. It will enable Gluu to draw a clear line between what is free, and what is commercial. The Gluu Admin UI itself calls the open source Config API, so we are not holding back any core server features.

Finally, a cloud Gluu Server

The most important monetization strategy for many open source software vendors is a cloud hosted offering of their product. It took us a while, but Gluu is finally introducing Gluu Solo–a 4.x hosted offering that includes installation, upgrades, monitoring, and backup/restore. We expect this service to launch in January of 2022. Sometime after that, we will introduce a cloud hosted version of Flex. Both of these are “single-tenant” offerings, meaning that your organization’s data will not be mixed with that of other customers. You can also pick a geographic region for deployment. Customers of Solo will even get ssh login to the server and access to the underlying database.

Move to Mono Repo

One of the challenges of building the community for Gluu has been that Gluu is a number of related projects–Auth Server, Config API, FIDO, SCIM, etc. It’s been hard for us to execute campaigns to generate stars on Github for this reason. In 2022, we’re introducing a new strategy to create a master repository on Github for all the projects. This will make it easier for us to publish the code, assets, releases, and documentation. Sign-up for our email mailing list or look for our social media posts on Twitter or Linkedin to get the earliest possible notification about this change.

Community Support to StackOverflow

Gluu engineers answer many questions about our platform on our Support Portal. However, maintaining our own support portal software is burdensome, and we’ve decided to move commercial support contracts to a Zoho Desk-based solution. This changes the economics of community support, as we are now paying “per user” for each account. It will be harder to offer free accounts for everyone.

In 2022, we will end-of-life the old support portal. Our working plan is to move community support to StackOverflow. We’re hoping this will make the content even more available, and enable contributors to build reputation. It’s a change of venue, but our commitment is the same. We will monitor StackOverflow for questions about Gluu Server Community Edition, and provide pointers on basic configuration and customization.

Conclusion

Many companies in the digital identity space have moved away from open source. For example, Forgerock no longer maintains an open source distribution. Cloud identity platforms like Okta are inherently commercial. But Gluu is doubling down on our commitment to open source development. By expanding the project governance, providing binaries (not just code), integrating CI/CD tools to improve the transparency of the development process, funding developers and community managers, and continuing to answer questions–we are backing this commitment with a significant portion of our research and development budget. 

Business and open source are not mutually exclusive–used correctly they are symbiotic. Gluu’s goal is to both build a multi-billion dollar business and catalyze the most advanced and ubiquitous digital identity platform in the world. 2022 will see the final execution of an important pivot to enable us to achieve these goals.

Want to learn more about Gluu?