--- ## The MALT Project ###### Scientific Computing Forum 02 October 2019 Frédéric Hemmer, Emmanuel Ormancey, Tim Smith CERN IT --- ## Microsoft Licensing Status --- ### The Problem <div> <img src="https://codimd.web.cern.ch/uploads/upload_2b36aa3f93fa815cfc198b66eff71f4a.png" width="40%" style="border: none; float: right;"> <ul style="font-size: smaller; display: block"> <li>Microsoft revoked CERN academic/education status in 2017 <ul> <li>We do not fit in any of the special categories: Government, Education, Health, Non-profit</li> </ul> </li> <li>Consequence: potentially a 10x price increase</li> <li>The new licensing is based on # users <ul> <li>CERN publishes its personnel statistics</li> <li>A user == an email address</li> <li>Leads to ~40000 accounts & mailboxes</li> </ul> </li> <li>The previous contract terminated on 28.2.2019</li> </ul> </div> --- ### The Problem (cont.) <div> <img src="https://codimd.web.cern.ch/uploads/upload_ec4f80926f14c4db36605f38ae4e2c10.png" width="40%" style="border: none; float: right;"> <ul style="font-size: smaller; display: block"> <li>Over years, we have granted access to all Microsoft products, regardless of the needs <ul> <li>E.g. 500 Visual Studio installations, 1500 Visio or Project…</li> </ul> </li> <li>The current offering is based on a bundle <ul> <li>Exiting this bundle likely to double the prices</li> </ul> </li> <li>The big financial impact is due to the server side technologies currently used (e.g. Mail, Authentication, etc…)</li> </ul> </div> --- ## Context and Strategy --- ### Opportunities / Risks <table> <tr> <td width="50%"> <img src="https://codimd.web.cern.ch/uploads/upload_d22c3a21235d955a2104c62678255df7.png" style="border:none; box-shadow:none"> </td> <td width="50%"> <ul> <li>"academic deal forever"<br> <img src="https://codimd.web.cern.ch/uploads/upload_4852dc7a2f6aae38dc807557c6181db5.png" style="border:none; box-shadow:none"><br> </li> <li>"for CERN <em>our service</em> is free"<br> <img src="https://codimd.web.cern.ch/uploads/upload_d1f100b2047936f8c5bc47a005b6b9a7.png" style="border:none; box-shadow:none"> </li> </ul> </td> </tr> </table> --- ### Opportunities / Risks <table> <tr> <td width="50%"> <img src="https://codimd.web.cern.ch/uploads/upload_d22c3a21235d955a2104c62678255df7.png" style="border:none; box-shadow:none"> </td> <td width="50%"> <ul> <li>"academic deal forever"<br> <img src="https://codimd.web.cern.ch/uploads/upload_cadbd1031cdf8726550989077c1b6c48.png" style="border:none; box-shadow:none"><br> </li> <li>"for CERN <em>our service</em> is free"<br> <img src="https://codimd.web.cern.ch/uploads/upload_5d52269ba13fe0f49f55943646e2261a.png" style="border:none; box-shadow:none"> </li> </ul> </td> </tr> </table> --- ### Free(mium) <img src="https://codimd.web.cern.ch/uploads/upload_dd571fdc31d4ace87266aeeb07c1a4e3.png" style="border:none; box-shadow: none"> --- ### Free(mium) <img src="https://codimd.web.cern.ch/uploads/upload_d8b776b84ecb3093e418dd323cf3b6d2.png" style="border:none; box-shadow: none"> --- ### Peers ###### Everyone is in the same boat - Confronted by the same change of licence conditions - Research Labs &emsp; Universities - NGOs &emsp; &emsp; &emsp; &emsp; Hospitals - ... - MALT article - Contacted by 100s of institutes / companies - DE: MPI, Parliament, Federal Ministries, Fraunhofer, ... - FR: CNRS, SNCF, ... - CH: SWITCH, ETHZ, UNIL, ... - EC, UNESCO, ICRC... - ... --- ### MALT Strategy ###### Disentangle services; reduce dependencies and risk <table> <tr> <td width="50%"> <b>Onsite:</b> <ul> <li>Open Source</li> <li>Architecture: Microservices</li> <ul> <li>Coupled, replaceble</li> <li>Agility, lifecycles</li> </ul> <li>Reimplement, reconceive</li> <ul> <li>Not 1-for-1: by use cases</li> <li>Reduce to necessary</li> <ul> <li>Not eliminate</li> </ul> <li>Example: SharePoint</li> </ul> </ul> </td> <td width="50%"> <b>Clouds:</b> <ul> <li>Affordable <li>Data control and exit clauses <li>Cloud Office, Cloud Policy <ul> <li>datatransferproject.dev</li> <li>confidentialcomputing.io</li> </ul> </li> </ul> <img src="https://codimd.web.cern.ch/uploads/upload_5e3922828fa37b2715e894184ad8f86e.png" width="70%" style="border: none; float:right"> </td> </tr> </table> --- ## The Projects --- ### Mail ###### From *Exchange* to *Kopano* <div> <img src="https://codimd.web.cern.ch/uploads/upload_b2b32102f27bdbd959a836c7197da627.png" width="30%" style="border: none; float: right; box-shadow: none"> <ul style="font-size: smaller; display: block"> <li>New mail service based on <i>Kopano</i> (<a href="https://kopano.com">https://kopano.com</a>) <ul> <li>Groupware system (e-mail, calendar, contacts)</li> <li><b>FOSS, on premise, no lock-in, can exit anytime</b></li> <li>Developed by Kopano BV (Netherlands/Germany)</li> <li>Optional support and maintenance contract</li> <li>Deployed in enterprises of similar scale</li> </ul> </li> <li><b>Validation criteria passed</b> (functionalities, technical, support)</li> <li>Impact on users <ul> <li><i>Outlook</i> to be replaced by <i>Kopano DeskApp/WebApp</i> <ul> <li>No cached mode, need to be online</li> </ul> </li> <li>Transparent for all other mail clients <ul> <li><i>Thunderbird</i> even gets contacts and calendar support</li> </ul> </li> </ul> </li> </ul> </div> --- ### Telephony ###### Replacement of *Skype for Business* and analog phones <div> <img src="https://codimd.web.cern.ch/uploads/upload_4b6e060a7ba8c869b3775c5ee4e2f379.png" width="40%" style="border: none; float: right;"> <ul style="font-size: smaller; display: block"> <li><b>Replacing Alcatel PBX by FOSS solution</b> <ul> <li><i>Asterisk</i> (https://www.asterisk.org)</li> <li>End of analog phone support</li> </ul> </li> <li>Developping & deploying "CERN Phone" app (WebRTC-based) <ul> <li>All platforms: desktop and mobile versions</li> <li><a href="https://github.com/cern-phone-apps">https://github.com/cern-phone-apps</a></li> </ul> </li> <li>Impact on users <ul> <li>Major change for analog phone users</li> </ul> </li> </ul> </div> --- ### Devices & Applications ###### From Managed Devices to Managed Applications <div> <img src="https://codimd.web.cern.ch/uploads/upload_558decd9c4101a2ab67a64ca6441521a.png" width="40%" style="border: none; float: right;"> <ul style="font-size: smaller; display: block"> <li>Reduce managed Windows number to the necessary <ul> <li><b>Hardened PCs</b>: Secured, controlled managed PCs</li> </ul> </li> <li>Offer self-managed Windows PCs <ul> <li><i>Windows 10</i> delivered preinstalled, managed by the user</li> <li>Using <i>Windows Pro OEM</i> licence instead of *Enterprise* version</li> </ul> </li> <li>Offer the same app catalogue on all platforms <ul> <li><b>One stop shop: "CERN AppStore"</b></li> <li>Platform independent front-end: deliver apps to <i>Windows</i>, but also Mac, SmartPhones...</li> <li>Platform specific package manager</li> </ul> </li> </ul> </div> --- ### Devices and Applications ###### Enlarge web applications panel <div> <img src="https://codimd.web.cern.ch/uploads/upload_95887ba484fbff22d08e2f4f07129005.png" width="40%" style="border: none; float: right;"> <ul style="font-size: smaller; display: block"> <li>Offer a web-based applications portfolio à la Google Apps</li> <li>Build on top of <i>OwnCloud</i> (<a href="https://owncloud.org">https://owncloud.org</a>)</li> <li>Unify home directories on <i>OwnCloud</i> ("CERNbox") <ul> <li>For <i>Windows</i>, <i>MacOS</i>, <i>Linux</i> and SmartPhones</li> </ul> </li> <li>CERNbox web site to become CERN hub for web apps <ul> <li>Offering growing panel of apps for dedicated use cases <ul> <li><i>Draw.io</i>, <i>Gantt viewer</i>, <i>OnlyOffice</i>, etc.</li> </ul> </li> </ul> </li> </ul> </div> --- ### Devices & Applications ###### Objective: Reduce the number of licences by proposing alternatives <div> <img src="https://codimd.web.cern.ch/uploads/upload_8e1718644a8ac822cea4978cea9d89b3.jpg" width="18%" style="border: none; float: right;"> <ul style="font-size: smaller; display: block"> <li><i>Office</i> won’t be installed by default on new devices <ul> <li>Product selection at installation for <i>Office</i> choice <ul> <li><i>OnlyOffice</i> (<a href="https://www.onlyoffice.com">https://www.onlyoffice.com</a>) currently being compared with <i>LibreOffice</i> (<a href="https://www.libreoffice.org">https://www.libreoffice.org</a>)</li> <li><i>MS Office</i></li> </ul> </li> </ul> </li> <li><i>Project</i> alternatives <ul> <li><i>JIRA</i> (<a href="https://www.atlassian.com/software/jira">https://www.atlassian.com/software/jira</a>)</li> <li><i>Gantt viewer DHTMLX</i> (<a href="https://dhtmlx.com">https://dhtmlx.com</a>)</li> <li><i>MS Project</i> licenses available via special request</li> </ul> </li> <li><i>Visio</i> alternatives <ul> <li><i>Draw.io</i> (<a href="https://www.draw.io">https://www.draw.io</a>), <i>MS Visio viewer</i></li> <li><i>MS Visio</i> licences available via special request</li> </ul> </li> </ul> </div> --- ### AuthN & AuthZ ###### From ADFS/AD to *KeyCloak/FreeIPA* - **New Single Sign-On based on FOSS solution** - *KeyCloak* (https://www.keycloak.org) - Multi-factor support (GAuth, Yubikey & more) - ID federation support - External providers support (GitHub, Google, FB...) - Programmatic access support (OpenID, OAuth, SAML2) - **New Kerberos/LDAP service based on FOSS solution** - *FreeIPA* (https://www.freeipa.org) --- ### Web and content management ###### From monolytic systems to targeted microservices <div> <img src="https://codimd.web.cern.ch/uploads/upload_ae6d5dd46c4d0d5cf5f09710fdc2d30f.png" width="40%" style="border: none; float: right;"> <ul style="font-size: smaller; display: block"> <li>Review of all <i>SharePoint</i> sites to suggest alternative options</li> <li><b>Offer ready-to-deploy templates for targeted services</b> <ul> <li><i>Wordpress</i> (https://wordpress.org/) for blogging & info</li> <li><i>Discourse</i> (https://discourse.org) as forums solution</li> <li><i>Jekyll</i> (https://jekyllrb.com) & <i>Hugo</i> (https://gohugo.io) for static content management systems</li> <li>Forms, surveys, document collaboration, etc. being evaluated</li> </ul> </li> <li>Impact on application owners <ul> <li>Select the appropriate framework for their use case</li> </ul> </li> </ul> </div> --- ### Summary - Mail: Pilot in IT starting now, migration Q4-2019 to end 2020 - Telephony: Pilot in IT starting now, Migration 2020 - Devices and Applications: - CERNBox (Owncloud) migration: Pilot since Q4 2018, migration Q4 2019 - Office choice: in September 2019 - Project & Visio alternatives: production H1 2019 - Self-managed devices and CERN AppStore: Pilot Q4 2019, transition in 2020. - SSO: Prototype and pilots in 2019, transition in 2020 - Web and content management: Pilots H2 2019, more in 2020 --- ### Conclusion - It's not an isolated move - It's part of a trend - other vendors are following suit - We can't avoid it - We are not alone - We need everyone's participation --- ### More information - Reference Site - http://cern.ch/malt - IT news - https://computing-blog.web.cern.ch/ ---
{"title":"(Scientific Computing Forum 02.10.2019) The MALT Project","tags":"MALT, MExit, CDA, IT","slideOptions":{"theme":"cern5"}}