---
## The MALT Project
###### Scientific Computing Forum
02 October 2019
Frédéric Hemmer, Emmanuel Ormancey, Tim Smith
CERN IT
---
## Microsoft Licensing Status
---
### The Problem
<div>
<img src="https://codimd.web.cern.ch/uploads/upload_2b36aa3f93fa815cfc198b66eff71f4a.png" width="40%" style="border: none; float: right;">
<ul style="font-size: smaller; display: block">
<li>Microsoft revoked CERN academic/education status in 2017
<ul>
<li>We do not fit in any of the special categories: Government, Education, Health, Non-profit</li>
</ul>
</li>
<li>Consequence: potentially a 10x price increase</li>
<li>The new licensing is based on # users
<ul>
<li>CERN publishes its personnel statistics</li>
<li>A user == an email address</li>
<li>Leads to ~40000 accounts & mailboxes</li>
</ul>
</li>
<li>The previous contract terminated on 28.2.2019</li>
</ul>
</div>
---
### The Problem (cont.)
<div>
<img src="https://codimd.web.cern.ch/uploads/upload_ec4f80926f14c4db36605f38ae4e2c10.png" width="40%" style="border: none; float: right;">
<ul style="font-size: smaller; display: block">
<li>Over years, we have granted access to all Microsoft products, regardless of the needs
<ul>
<li>E.g. 500 Visual Studio installations, 1500 Visio or Project…</li>
</ul>
</li>
<li>The current offering is based on a bundle
<ul>
<li>Exiting this bundle likely to double the prices</li>
</ul>
</li>
<li>The big financial impact is due to the server side technologies currently used (e.g. Mail, Authentication, etc…)</li>
</ul>
</div>
---
## Context and Strategy
---
### Opportunities / Risks
<table>
<tr>
<td width="50%">
<img src="https://codimd.web.cern.ch/uploads/upload_d22c3a21235d955a2104c62678255df7.png" style="border:none; box-shadow:none">
</td>
<td width="50%">
<ul>
<li>"academic deal forever"<br>
<img src="https://codimd.web.cern.ch/uploads/upload_4852dc7a2f6aae38dc807557c6181db5.png" style="border:none; box-shadow:none"><br>
</li>
<li>"for CERN <em>our service</em> is free"<br>
<img src="https://codimd.web.cern.ch/uploads/upload_d1f100b2047936f8c5bc47a005b6b9a7.png" style="border:none; box-shadow:none">
</li>
</ul>
</td>
</tr>
</table>
---
### Opportunities / Risks
<table>
<tr>
<td width="50%">
<img src="https://codimd.web.cern.ch/uploads/upload_d22c3a21235d955a2104c62678255df7.png" style="border:none; box-shadow:none">
</td>
<td width="50%">
<ul>
<li>"academic deal forever"<br>
<img src="https://codimd.web.cern.ch/uploads/upload_cadbd1031cdf8726550989077c1b6c48.png" style="border:none; box-shadow:none"><br>
</li>
<li>"for CERN <em>our service</em> is free"<br>
<img src="https://codimd.web.cern.ch/uploads/upload_5d52269ba13fe0f49f55943646e2261a.png" style="border:none; box-shadow:none">
</li>
</ul>
</td>
</tr>
</table>
---
### Free(mium)
<img src="https://codimd.web.cern.ch/uploads/upload_dd571fdc31d4ace87266aeeb07c1a4e3.png" style="border:none; box-shadow: none">
---
### Free(mium)
<img src="https://codimd.web.cern.ch/uploads/upload_d8b776b84ecb3093e418dd323cf3b6d2.png" style="border:none; box-shadow: none">
---
### Peers
###### Everyone is in the same boat
- Confronted by the same change of licence conditions
- Research Labs   Universities
- NGOs         Hospitals
- ...
- MALT article
- Contacted by 100s of institutes / companies
- DE: MPI, Parliament, Federal Ministries, Fraunhofer, ...
- FR: CNRS, SNCF, ...
- CH: SWITCH, ETHZ, UNIL, ...
- EC, UNESCO, ICRC...
- ...
---
### MALT Strategy
###### Disentangle services; reduce dependencies and risk
<table>
<tr>
<td width="50%">
<b>Onsite:</b>
<ul>
<li>Open Source</li>
<li>Architecture: Microservices</li>
<ul>
<li>Coupled, replaceble</li>
<li>Agility, lifecycles</li>
</ul>
<li>Reimplement, reconceive</li>
<ul>
<li>Not 1-for-1: by use cases</li>
<li>Reduce to necessary</li>
<ul>
<li>Not eliminate</li>
</ul>
<li>Example: SharePoint</li>
</ul>
</ul>
</td>
<td width="50%">
<b>Clouds:</b>
<ul>
<li>Affordable
<li>Data control and exit clauses
<li>Cloud Office, Cloud Policy
<ul>
<li>datatransferproject.dev</li>
<li>confidentialcomputing.io</li>
</ul>
</li>
</ul>
<img src="https://codimd.web.cern.ch/uploads/upload_5e3922828fa37b2715e894184ad8f86e.png" width="70%" style="border: none; float:right">
</td>
</tr>
</table>
---
## The Projects
---
### Mail
###### From *Exchange* to *Kopano*
<div>
<img src="https://codimd.web.cern.ch/uploads/upload_b2b32102f27bdbd959a836c7197da627.png" width="30%" style="border: none; float: right; box-shadow: none">
<ul style="font-size: smaller; display: block">
<li>New mail service based on <i>Kopano</i> (<a href="https://kopano.com">https://kopano.com</a>)
<ul>
<li>Groupware system (e-mail, calendar, contacts)</li>
<li><b>FOSS, on premise, no lock-in, can exit anytime</b></li>
<li>Developed by Kopano BV (Netherlands/Germany)</li>
<li>Optional support and maintenance contract</li>
<li>Deployed in enterprises of similar scale</li>
</ul>
</li>
<li><b>Validation criteria passed</b> (functionalities, technical, support)</li>
<li>Impact on users
<ul>
<li><i>Outlook</i> to be replaced by <i>Kopano DeskApp/WebApp</i>
<ul>
<li>No cached mode, need to be online</li>
</ul>
</li>
<li>Transparent for all other mail clients
<ul>
<li><i>Thunderbird</i> even gets contacts and calendar support</li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
---
### Telephony
###### Replacement of *Skype for Business* and analog phones
<div>
<img src="https://codimd.web.cern.ch/uploads/upload_4b6e060a7ba8c869b3775c5ee4e2f379.png" width="40%" style="border: none; float: right;">
<ul style="font-size: smaller; display: block">
<li><b>Replacing Alcatel PBX by FOSS solution</b>
<ul>
<li><i>Asterisk</i> (https://www.asterisk.org)</li>
<li>End of analog phone support</li>
</ul>
</li>
<li>Developping & deploying "CERN Phone" app (WebRTC-based)
<ul>
<li>All platforms: desktop and mobile versions</li>
<li><a href="https://github.com/cern-phone-apps">https://github.com/cern-phone-apps</a></li>
</ul>
</li>
<li>Impact on users
<ul>
<li>Major change for analog phone users</li>
</ul>
</li>
</ul>
</div>
---
### Devices & Applications
###### From Managed Devices to Managed Applications
<div>
<img src="https://codimd.web.cern.ch/uploads/upload_558decd9c4101a2ab67a64ca6441521a.png" width="40%" style="border: none; float: right;">
<ul style="font-size: smaller; display: block">
<li>Reduce managed Windows number to the necessary
<ul>
<li><b>Hardened PCs</b>: Secured, controlled managed PCs</li>
</ul>
</li>
<li>Offer self-managed Windows PCs
<ul>
<li><i>Windows 10</i> delivered preinstalled, managed by the user</li>
<li>Using <i>Windows Pro OEM</i> licence instead of *Enterprise* version</li>
</ul>
</li>
<li>Offer the same app catalogue on all platforms
<ul>
<li><b>One stop shop: "CERN AppStore"</b></li>
<li>Platform independent front-end: deliver apps to <i>Windows</i>, but also Mac, SmartPhones...</li>
<li>Platform specific package manager</li>
</ul>
</li>
</ul>
</div>
---
### Devices and Applications
###### Enlarge web applications panel
<div>
<img src="https://codimd.web.cern.ch/uploads/upload_95887ba484fbff22d08e2f4f07129005.png" width="40%" style="border: none; float: right;">
<ul style="font-size: smaller; display: block">
<li>Offer a web-based applications portfolio à la Google Apps</li>
<li>Build on top of <i>OwnCloud</i> (<a href="https://owncloud.org">https://owncloud.org</a>)</li>
<li>Unify home directories on <i>OwnCloud</i> ("CERNbox")
<ul>
<li>For <i>Windows</i>, <i>MacOS</i>, <i>Linux</i> and SmartPhones</li>
</ul>
</li>
<li>CERNbox web site to become CERN hub for web apps
<ul>
<li>Offering growing panel of apps for dedicated use cases
<ul>
<li><i>Draw.io</i>, <i>Gantt viewer</i>, <i>OnlyOffice</i>, etc.</li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
---
### Devices & Applications
###### Objective: Reduce the number of licences by proposing alternatives
<div>
<img src="https://codimd.web.cern.ch/uploads/upload_8e1718644a8ac822cea4978cea9d89b3.jpg" width="18%" style="border: none; float: right;">
<ul style="font-size: smaller; display: block">
<li><i>Office</i> won’t be installed by default on new devices
<ul>
<li>Product selection at installation for <i>Office</i> choice
<ul>
<li><i>OnlyOffice</i> (<a href="https://www.onlyoffice.com">https://www.onlyoffice.com</a>) currently being compared with <i>LibreOffice</i> (<a href="https://www.libreoffice.org">https://www.libreoffice.org</a>)</li>
<li><i>MS Office</i></li>
</ul>
</li>
</ul>
</li>
<li><i>Project</i> alternatives
<ul>
<li><i>JIRA</i> (<a href="https://www.atlassian.com/software/jira">https://www.atlassian.com/software/jira</a>)</li>
<li><i>Gantt viewer DHTMLX</i> (<a href="https://dhtmlx.com">https://dhtmlx.com</a>)</li>
<li><i>MS Project</i> licenses available via special request</li>
</ul>
</li>
<li><i>Visio</i> alternatives
<ul>
<li><i>Draw.io</i> (<a href="https://www.draw.io">https://www.draw.io</a>), <i>MS Visio viewer</i></li>
<li><i>MS Visio</i> licences available via special request</li>
</ul>
</li>
</ul>
</div>
---
### AuthN & AuthZ
###### From ADFS/AD to *KeyCloak/FreeIPA*
- **New Single Sign-On based on FOSS solution**
- *KeyCloak* (https://www.keycloak.org)
- Multi-factor support (GAuth, Yubikey & more)
- ID federation support
- External providers support (GitHub, Google, FB...)
- Programmatic access support (OpenID, OAuth, SAML2)
- **New Kerberos/LDAP service based on FOSS solution**
- *FreeIPA* (https://www.freeipa.org)
---
### Web and content management
###### From monolytic systems to targeted microservices
<div>
<img src="https://codimd.web.cern.ch/uploads/upload_ae6d5dd46c4d0d5cf5f09710fdc2d30f.png" width="40%" style="border: none; float: right;">
<ul style="font-size: smaller; display: block">
<li>Review of all <i>SharePoint</i> sites to suggest alternative options</li>
<li><b>Offer ready-to-deploy templates for targeted services</b>
<ul>
<li><i>Wordpress</i> (https://wordpress.org/) for blogging & info</li>
<li><i>Discourse</i> (https://discourse.org) as forums solution</li>
<li><i>Jekyll</i> (https://jekyllrb.com) & <i>Hugo</i> (https://gohugo.io) for static content management systems</li>
<li>Forms, surveys, document collaboration, etc. being evaluated</li>
</ul>
</li>
<li>Impact on application owners
<ul>
<li>Select the appropriate framework for their use case</li>
</ul>
</li>
</ul>
</div>
---
### Summary
- Mail: Pilot in IT starting now, migration Q4-2019 to end 2020
- Telephony: Pilot in IT starting now, Migration 2020
- Devices and Applications:
- CERNBox (Owncloud) migration: Pilot since Q4 2018, migration Q4 2019
- Office choice: in September 2019
- Project & Visio alternatives: production H1 2019
- Self-managed devices and CERN AppStore: Pilot Q4 2019, transition in 2020.
- SSO: Prototype and pilots in 2019, transition in 2020
- Web and content management: Pilots H2 2019, more in 2020
---
### Conclusion
- It's not an isolated move
- It's part of a trend - other vendors are following suit
- We can't avoid it
- We are not alone
- We need everyone's participation
---
### More information
- Reference Site
- http://cern.ch/malt
- IT news
- https://computing-blog.web.cern.ch/
---
{"title":"(Scientific Computing Forum 02.10.2019) The MALT Project","tags":"MALT, MExit, CDA, IT","slideOptions":{"theme":"cern5"}}