Microsoft alternatives – migration to open source technologies

We are developing a migration strategy from Microsoft 365 to open source technologies for a large German research company. On the one hand, it’s a question of regaining cyber souvereignty and, on the other hand, of meeting increased security requirements. This is to be achieved by using free and open source software (FLOSS). Overall, the project is similar to the Microsoft Alternatives Project (MAlt) at CERN and the Project Phoenix of Dataport.

The principles of the project are:

  • The same service should be offered to all employees
  • Vendor lock-ins should be avoided in order to reduce the risk of dependency
  • Most of the data should be owned by the research company

We evaluate alternative solutions for many services, implement prototypes and pilot projects.

Product group Service Product to evaluate Status
Identity and access management LDAP OpenLDAP 🏭 Production
Personal Information Management eMail Zimbra 🚦 Evaluation
Calendar Zimbra 🚦 Evaluation
Contacts Zimbra 🚦 Evaluation
Collaboration File sharing NextCloud 🏭 Production
Office integration NextCloud 🚦 Evaluation
Direct mails/chat Mattermost 🏭 Production
Video conferences Jitsi Meet 🏭 Production
Search Search engine OpenSearch 🚦 Evaluation
Frontend/ Visualisierung OpenSearch Dashboards 🚦 Evaluation
Authentication/ Access control Open Distro Security 🚦 Evaluation
k-nearest neighbors Open Distro KNN 🚦 Evaluation
Project management Issues/Milestones GitLab 🚦 Evaluation
Time tracking gitlabtime 🚦 Evaluation
Documentation GitLab Wiki 🚦 Evaluation
Research software [1], [2] Package manager Spack 🏭 Production
IDE JupyterHub 🏭 Production
Development environments Jupyter Kernels 🏭 Production
Software versioning Git 🏭 Production
Data versioning DVC 🏭 Production
Gathering and storing data Intake 🛫 Pilot
Spreadsheet ipysheet 🏭 Production
Geospatial data PostGIS 🏭 Production
Map creation OpenStreetMap 🏭 Production
DevOps GitLab CI/CD Pipeline 🛫 Pilot
Documentation Sphinx 🏭 Production

Hosting strategy

There are essentially three different hosting variants within the research company:

Society-wide infrastructure
Infrastructure, which is used by most of the research projects and administrations across the institutes, is to be provided by the research company’s central IT.
Institute-wide infrastructure
Infrastructure that is required for the special research areas of one institute or that needs IT support on site should be provided by the IT of the respective institute.
Operational and geo-redundancy
These are mainly produced through institute cooperation or through cooperation between individual institutes and the IT of the research society. In terms of technology, floating IPs and the Virtual Router Redundancy Protocol (VRRP) are used for this, with decisions being made on the basis of BGP announcements.

[1]

There is extensive German documentation for the infrastructure on which the research software is developed, which is published under the BSD 3 Clause license:

[2]The planned uniform API represents a significant simplification here; see also Announcing the Consortium for Python Data API Standards.