Elastic, the company founded by the creators of the Elasticsearch search server, recently announced a change to the license of its core product. Previously under the permissive Apache 2 license, future versions of the software will be dual-licensed allowing users to choose between Elastic’s own license or the Server Side Public License (SSPL) created by MongoDB.
What does this change mean for users of the software? At this point I should note that although I am very familiar with open source search engines, I am not a lawyer — so please do take your own legal advice!
The Rapid Rise of Elasticsearch
Let’s start with a quick look at Elasticsearch's history before exploring the reasons for this decision.
Shay Banon, current Elastic CEO, originally released Elasticsearch back in 2010, building on an earlier creation of his named Compass. He decided to license the software using the well-known Apache 2 license, which is also used for Lucene, the underlying search library that powers Elasticsearch and Apache Solr, an earlier search server.
In the intervening years, Elasticsearch has become a hugely popular product, providing an alternative to Solr with arguably more ease of use, simpler scalability and better integration with other products such as Logstash (for data ingestion) and Kibana (for visualization) — although Solr has very much caught up in recent years. Elasticsearch has been particularly popular with those building large-scale data analysis applications, for example log monitoring, and competes directly with products such as Splunk. However, it is also used for more traditional text search applications including site search and enterprise search.
Related Article: Is Open Source Part of Your Search Stack?
Granting Freedom with Apache 2
The Apache 2 license is known as permissive because it allows for many different situations: you can modify the software, choose to release or not release these modifications and build the software into other products, be they closed source or open source. It’s a well-understood license and popular in the enterprise with few if any identified risks. Unlike the GNU Public License (GPL) and its variants it contains no "copyleft" clauses, which imply that using the licensed software could force you to release other software associated with it. Apache 2 licensed projects are thus widely adopted by commercial organizations, some of which also also contribute back to these projects, helping drive improvements and enhancements.
Open Source and the Risks of Freeloading
However one risk for software creators of using Apache 2 is that because it allows so much freedom, it also allows someone else to compete with any business you have built up around your creation.
This is what happened to Shay Banon and his colleagues at Elastic, as their business built around subscriptions and hosting for Elasticsearch has suffered competition from internet giant Amazon. Elastic has attracted over $160 million in funding and a recent flotation valued the business at between $1.5 billion and $3 billion, so there is considerable value to protect. At heart, the reasons for this relicensing are purely commercial.
For open source advocates this move can be seen as closing off some of the original freedoms implied by the open source model. Elastic has always been protective of its code — any contributions to Elasticsearch were controlled by the company, and some recent enhancements outside the core search engine code had only been released under the company’s own Elastic license. In response, Amazon Web Services (AWS) has produced its own version of Elasticsearch, OpenDistro, containing only the Apache 2 licensed parts of Elastic’s own distribution and adding various third-party software. AWS also offer a hosted Elasticsearch service. In an attempt to protect its business, Elastic sued AWS for trademark infringement and also a German company providing security enhancements for allegedly copying code.
Elastic and others have argued that Amazon, by taking open source projects and offering them as SaaS without making significant contributions back to the project, are freeloading on the efforts of others. The new Elastic and SSPL licenses are deliberately constructed with copyleft clauses to prevent use of the software in a SaaS product, which will affect not just Amazon, but smaller SaaS providers who are probably not of great concern to Elastic’s business model. Elastic leadership have said they would welcome discussions around partnership with anyone wishing to use their software in this way, although one would imagine that any partnership would lean in Elastic’s favor.
Of greater concern, the boundaries of what constitutes a "Prohibited SaaS Offering" are not entirely clear and Elastic’s own license text directs users to email Elastic to find out.
Related Article: Can You Talk to Your Search Vendor?
Elasticsearch Is No Longer Open Source
Elasticsearch will thus no longer be open source software (as neither Elastic or SSPL licenses have been accepted by the Open Source Initiative, the generally accepted arbiters). Many open source contributors, some of whom have helped build Elasticsearch by contributing code, have decried this move, quoting Elastic’s previous promise to use the Apache 2 license "now and always." It remains to be seen what Amazon’s response will be.
Personally, I am not particularly surprised by this move. Although Elasticsearch creator Shay Banon is always at pains to point out his personal commitment to
"open," what that means in practice has shifted several times as his company has grown, taken investment and gone public. Elastic’s actions over the years, such as deliberately mixing Apache 2 and Elastic licensed code, have shown it was shifting away from a true open source model.
How Elasticsearch's Move Affects Users
Users who have built their own online services on Elasticsearch, particularly those that operate as SaaS products, will be wary of the change and should examine their options.
The move is unlikely to affect any service that doesn’t directly expose Elasticsearch as a generic search engine service — for example, a site search for an ecommerce store, or a library book search. If the service doesn’t compete directly with Elastic’s own hosting, it is likely to be safe. Those considering Elasticsearch for new projects will have to consider how important they regard the freedoms of a true open source license and perhaps examine alternatives such as Apache Solr (which has no single company controlling contributions) and Vespa (which although not as well known, powers Yahoo and has several innovative new features). For many users, especially those already signed up as Elastic subscribers or partners, the licensing changes won’t matter.
If the licensing change does trigger a migration from Elasticsearch to another search engine, approach with care. My colleague Max Irwin’s presentation on The Search Migration Circus details the risks and some recommendations for managing what is often a difficult process.
Related Article: Diagnosing Enterprise Search Failures
One of the central principles of open source is for creators to grant users various freedoms in what they can do with that software. These freedoms have helped drive the open source movement forward as an astonishingly successful way to build and maintain software. However, this move by Elastic demonstrates that to preserve their own commercial interests, creators may eventually choose to restrict the freedom of others. When an open source product is controlled by a single company, such relicensing is always a possibility.