German Foreign Ministry Migrates Desktops To OSS

ruphus13 writes "Here's another example of 'German Engineering' — The Foreign Ministry in Germany is migrating all of its 11,000 desktops to GNU/Linux and other open source applications. According to the article, 'this has drastically reduced maintenance costs in comparison with other ministries. "The Foreign Ministry is running desktops in many far away and some very difficult locations. Yet we spend only one thousand euro per desktop per year. That is far lower than other ministries, that on average spend more than 3000 euro per desktop per year ... Open Source desktops are far cheaper to maintain than proprietary desktop configurations," says Rolf Schuster, a diplomat at the German Embassy in Madrid and the former head of IT at the Foreign Ministry ... "The embassies in Japan and Korea have completely switched over, the embassy in Madrid has been exclusively using GNU/Linux since October last year", Schuster added, calling the migration a success.' The Guardian has additional coverage of the move."

Rather outdated

[Anonymous Coward]

The 'additional coverage' is from Sunday June 22 2003...

Re:Really?

[Bazman]

Yeah. Did you read The Guardian article (actually The Observer)? It's dated June 22nd. Of 2003. Two Thousand And THREE.

Re:so..

[betterunixthanunix]

Managing software installs, at least in Red Hat, is just a matter of setting up a local Red Hat Satellite repository. In Fedora, there is also Cobbler, which lets you spin a Fedora installer with customized software packages.

As for logins, there are a variety of mechanisms. You can go with old school NIS, or even just use Samba, which can be especially useful during migration when you will probably have a heterogeneous environment (assuming the migration is away from Windows). Also, there is autofs, which can automatically mount a network mapped home directory when a user logs in...

Some more interesting tidbits from the article

[bomanbot]

According to the article, the migration is already well underway. From the 11.000 desktops, 4.000 already are migrated to Open Source and about half of the embassies are on Open Source Software now. That explains where they get their maintenance cost numbers from, good to see that the cost savings seem to be real and backed by their own data instead of being estimates :)

They also started the switch a long time ago, according to article, the infrastructure switch started in 2001 and the decision for the destop migration was done in 2004, so I think they have some solid experience with handling Open Source now, which I think is good.

Re:But will it stick?

[rohan972]

From TFA: The Foreign Ministry in 2001 began migrating its back-end IT systems to Open Source in order to provide all embassies and consulates with Internet access and email. "Our strategy was to use as far as possible Open Standards and Open Source. Reduction of costs was the main reason for this decision." Upon completion of this project, the ministry decided in 2004 to also migrate the desktops.

It's 2008, 7 years since they started the migration, I think they're sticking to it.

Re:Yes.

[Tubal-Cain]

Wasn't that Mussolini?

Re:Thats bloody beautiful

[jbolden]

Well, no one suffered great harm but some of the early switchers might have. IBM for example failed in being able to switch, they couldn't get their divisions coordinated well enough. Sun (which switched to Sun desktop) had problems with customers and file formats as well as secondary software (much to their embarrassment).

The most successful switchers were companies like PitBoys and Burlington Coat Factory that were SCO / Solaris shops and weren't on Windows to bgin with. Windows lock-in seems to work.

What is unique about Munich is that they have remained focused year after year on this goal. They missed their early deadlines but they kept funding the project and kept moving forward. They were determined to make it happen, they had problems and (and possibly still have) but they addressed them. So this isn't a "just another example" test case but rather the best example we have of a very large organization with a huge range of needs and without a high level of technical expertise in their staff that was determined to make the switch.

And you wonder why OSS isn't more popular . . .

[Anonymous Coward]

The biggest hurdle proved to be to convince the two hundred IT workers a(sic) the ministry. "Their issues were not technical. They just did not know anything about Linux and Open Source and we had to change their views. We took all of them on a crash course of using Linux servers and configuring Apache. There they discovered that it works."

Re:so..

[Terrasque]

At least the debian / ubuntu system easily support this, using meta packages.

you have an empty package, leys say blah-desktop-graphics that all employees working with graphics have installed. You want to install graphics program Foobar. You add Foobar to your local repository, and release a new version of the metapackage that depends on Foobar. So package manages sees "oh, new version of blah-desktop-graphics. Great, lets grab that. Hm, for that I need Foobar too, so lets grab that one, and install it."

Exactly how apt deals with new dependencies under updates can be configured, from ignore, to ask, to install automatically. Since you're deploying a default image, and have already pointed that image to your internal update server, it would just be a small additional step to set that option correctly. As a bonus you have 100% control over what gets pushed to your machines.

Re:Rather outdated

[KDR_11k]

To be fair there is talk about how it has reduced maintenance costs, I suspect you don't get enough data to say that for sure until years later.

Re:so..

[Bert64]

What i always found amusing about windows policies, is that they're implemented in userland and trivially easy to bypass...
As an example, the one that prevents you from using cmd.exe
Take a copy of cmd.exe and run it up in a debugger, you will notice it checks a registry key to see if it's allowed to run, and displays an error if it's not. Well, hexedit the binary and break the check (just rename the key so it wont find it) and run the modified cmd.exe on a machine with a group policy that doesn't allow it... Running cmd.exe will get around the userland restrictions in explorer.exe that prevent you seeing certain drives too.

Now how stupid is this? Surely a more sensible approach is a kernel level check?

Re:so..

[turbidostato]

"I am not a debian packager...can you use meta-packages to force removal of an existing installed package? Lets say you update"

Short answer: yes.
Long answer: have a look at the "conflicts" tag.