Open Source
Microsoft alternatives – migration to open source technologies
We are developing a migration strategy from Microsoft 365 to open source technologies for a large German research company. On the one hand, it’s a question of regaining cyber souvereignty and, on the other hand, of meeting increased security requirements. This is to be achieved by using free and open source software (FLOSS). Overall, the project is similar to the Microsoft Alternatives Project (MAlt) at CERN and the Project Phoenix of Dataport.
The principles of the project are:
- The same service should be offered to all employees
- Vendor lock-ins should be avoided in order to reduce the risk of dependency
- Most of the data should be owned by the research company
Plans for 2020
For 2020 it is planned to evaluate alternative solutions for many services and to publish prototypes and pilot projects.
| Product group | Service | Product to evaluate | Status |
|---|---|---|---|
| Identity and access management | LDAP | OpenLDAP | Production |
| Personal Information Management | Zimbra | Evaluation | |
| Calendar | Zimbra | Evaluation | |
| Contacts | Zimbra | Evaluation | |
| Collaboration | File sharing | NextCloud | Production |
| Office integration | NextCloud | Evaluation | |
| Direct mails/chat | Mattermost | Production | |
| Video conferences | Jitsi Meet | Production | |
| Search | Search engine | Elasticsearch | Evaluation |
| Frontend/ Visualisation | Kibana | Evaluation | |
| Authentication/ Access control | Open Distro Security | Evaluation | |
| k-nearest neighbors | Open Distro KNN | Evaluation | |
| Project management | Issues/Milestones | GitLab | Evaluation |
| Time tracking | gitlabtime | Evaluation | |
| Documentation | GitLab Wiki | Evaluation | |
| Research software [1], [2] | Package manager | Spack | Produktion |
| IDE | JupyterHub | Produktion | |
| Development environments | Jupyter Kernels | Production | |
| Software versioning | Git | Production | |
| Data versioning | DVC | Production | |
| Gathering and storing data | Intake | Pilot | |
| Spreadsheet | ipysheet | Production | |
| Geospatial data | PostGIS | Production | |
| Map creation | OpenStreetMap | Production | |
| DevOps | GitLab CI/CD Pipeline | Pilot | |
| Documentation | Sphinx | Production |
Hosting strategy
There are essentially three different hosting variants within the research company:
- Society-wide infrastructure
- Infrastructure, which is used by most of the research projects and administrations across the institutes, is to be provided by the research company’s central IT.
- Institute-wide infrastructure
- Infrastructure that is required for the special research areas of one institute or that needs IT support on site should be provided by the IT of the respective institute.
- Operational and geo-redundancy
- These are mainly produced through institute cooperation or through cooperation between individual institutes and the IT of the research society. In terms of technology, floating IPs and the Virtual Router Redundancy Protocol (VRRP) are used for this, with decisions being made on the basis of BGP announcements.
Update 14.01.2021
On 14 January 2021, Elastic announced that they are changing the license of Elasticsearch and Kibana from the Apache v2 open source license to the Server Side Public License (SSPL). Basically, this is a proprietary licence dressed up as open source. Users of SSPL software may be forced to release any supporting software under the SSPL as well. Even if the FAQ says otherwise, the wording of the licence remains binding. For the further use of Elasticsearch and Kibana, the risk of a legal violation has therefore increased significantly.
See also:
- Upcoming licensing changes to Elasticsearch and Kibana
- Elasticsearch and Kibana are now business risks
| [1] | There is extensive German documentation for the infrastructure on which the research software is developed, which is published under the BSD 3 Clause license: |
| [2] | The planned uniform API represents a significant simplification here; see also Announcing the Consortium for Python Data API Standards. |