Back-office migration supports anti-terrorism

Late 2002 the German Bundeskartellamt migrated their entire back-office to Linux and other Open Source software. This move was coordinated by the Federal Government\'s anti-terrorism programme, initiated after the attack in the U.S. on 11th September 2001. This paper describes the background to the migration, what exactly was accomplished, and how.

supports anti-terrorism

Introduction

The German Bundeskartellamt (Federal Cartel Office) is an independent federal authority of the Federal Ministry of Economics and Labour. Together with the German competition authorities of the different regions, it is responsible for protecting competition in the country\'s free market economy. Located in Bonn, the office employs 280 people, among which are 130 lawyers and economists.
 supports anti-terrorism1
 
The number of people working in the IT department of the Bundeskartellamt is limited and all have different backgrounds. They consist of two computer scientists and an administrator with qualified training. Furthermore there are two persons involved in user support and user administration.

Case

Early 2002 the infrastructure consisted of 17 Windows NT servers, of which one was used as a file server. The other servers were used for application services, database services and Intranet services. Internet access and e-mail traffic had been operating on two Linux servers since 2000 already.

Technological progress in the market, combined with Microsoft\'s end-of-life announcement for Windows NT, forced the Bundeskartellamt to consider how their future infrastructure was going to look. A primary concern was how to at least uphold the quality of the infrastructure, while changing its implementation. In particular it concerned the question which operating system should be used for the servers and which for the networking facilities.

The following two variants were discussed:

1.MS Windows 2000 combined with Active Directory and a migration of the servers and clients;
2.A migration to another operating system, which was to be Open Source based.

The first option proved to be expensive, as calculations showed that the office would have had to spend half of its annual IT budget on licenses. But the advantage of this alternative was that much of the system administrators\' existing knowledge could be reused to implement the new infrastructure. The Open Source alternative was clearly a valid option as well. Proponents said it would enhance the infrastructure\'s security and also reduce the dependency on one specific vendor. However it received little support at first, as Open Source would be a new technology for most of the organisation.

After some lengthy discussions, the decision process was suddenly accelerated by an unexpected event. The attacks in the United States on the 11th September 2001 led to the creation of an anti-terror programme by the German Federal Government. Among other things, this programme specified that software used in public offices was to be made safer.

Implementation of the programme was delegated to the \'Koordinierungs- und Beratungsstelle der Bundesregierung für Informationstechnik in der Bundesverwaltung\' (Coordination and Advisory Board of the Federal Government for Information Technology in the Federal Administration), or KBSt for short. This office started an inquiry in public administrations asking for suggestions for projects that offered higher levels of security by the use of Open Source software. The idea was to identify pilot projects, which would document their findings in order to help possible future migration projects dealing with OSS.
 supports anti-terrorism2
 
This is where the Bundeskartellamt came in. Given their on going discussion combined with their good experience of the two existing Linux servers, they saw a way of having a migration to Linux supported by another government agency. They proposed two pilot projects:

1.Migrate all existing servers to Linux/OSS; and
2.Migrate the network administration tools to Linux/OSS.

Both proposals were accepted and combined into one project. The execution of the project was delegated to the \'Bundesamt für Sicherheit in der Informationstechnik\' (Federal Office for Security in Information Technology), or BSI. This office was also responsible for documenting the migration experiences and making sure that lessons learnt were available to other organisations.
 supports anti-terrorism3
 
The project itself began early August 2002 was completed by the end of October, just short of three months later. It had four main objectives:

1.Transition of the Windows NT domain to Samba/OpenLDAP;
2.Migration of all the database applications in use to Open Source databases;
3.Migration of their current Content Management System (CMS) to an Open Soure CMS; and
4.Consolidate as many servers as possible. The goal was to end up with only 6 servers.

The project was executed by three independent contractors, each made responsible for one of the tasks 1-3 above. During the course of the project, it was considered important that the regular users would be able to use their Windows environments as usual, and not notice anything about the migration activities.

Mr. Stephan Orti von Havranek, system administrator of the Bundeskartellamt, comments: \'We planned the project well, but no matter how thorough your plan is, you know that you are going to encounter show-stoppers.\'

As an example, he names the database services, for which the initial opinion was that a standard Open Source database (PostgreSQL) could easily replace the closed one (MS SQL Server) used by the applications. However, after a month it became clear that some applications would not function properly, because the database lacked certain functionalities. Time and money constraints led the project members to look for alternative solutions.

Orti comments: \'We looked at SAPdb and found it to be a good match feature-wise, but it lacked proper driver software. We turned to the SAPdb developer community and in retrospect our contacts with them were exemplary. They understood our problem and saw that solving it would be in their own interest too. They came up with the driver software we needed in only two days.\'

Evaluation

The migration was completed successfully and, in the eyes of the project team, in a record-breaking time. The number of servers was indeed reduced to six, providing a more stable server environment with a higher availability. Using OpenLDAP has proven to be a good choice and is found to be a meaningful replacement for Active Directory by being cheaper and truly open for future extensions.

As in every project, there were also some interesting things learned. For instance, the project proved that preparation is crucial, especially when dealing with challenging time constraints. Although the project team planned the migration minutely, there were still some mistakes made. An example was the fact that it was assumed that all workstation PCs still had their original configurations compared to the time when they were rolled out. This assumption quickly proved to be false as some users had indeed changed their configurations. \'This led to unnecessary work, which a few tests or checks could have prevented very early on,\' Orti says in retrospect.

Another issue that arose was the fact that while the whole project was focussed on a transparent migration for the users, the changes for the administrators themselves were somewhat underestimated. After the migration itself, the learning curve they were supposed to take was too steep to conquer, especially given their diverse technical backgrounds. This was later on alleviated by providing proper training courses, but even today the administrators are still learning about their own systems.

On the technical side, the project team has come to the conclusion that a very large number of existing applications can be run with Open Source software today. One must however take care in selecting candidates for migration, as this conclusion does not hold for all applications.

Looking back, Orti is satisfied with the overall project. He gladly recalls a worried colleague he met at the coffee machine sometime in mid-November, asking him when the migration would take place. He smiled and calmed the colleague down. The project had already ended two weeks before.
 
 supports anti-terrorism4

 
Future

Now that the migration is completed and the last of the technical glitches are being worked out, the system administrators are getting more and more comfortable with their new environment.

Orti comments: "We have taken the first steps towards better security, stability and more flexibility, and all at a lower cost. In the future we will see if Linux on the desktop is something for us."

However, for now a number of both technical and practical issues remain to be solved, which holds them back. They will however closely monitor the market and the experiences of other organisations. When the time is right, they feel confident that they have all the experience needed to make such a move successful.

References

BSI homepage
http://www.bsi.bund.de

Bundeskartellamt homepage
http://www.bundeskartellamt.de

Debian homepage
http://www.debian.org

KBSt homepage
http://www.kbst.bund.de

KBSt migration guide
http://www.kbst.bund.de/Themen-und-Projekte/Software-,223/Migration.htm

OpenLDAP homepage
http://www.openldap.org

PostgreSQL homepage
http://www.postgresql.org

Postnuke homepage
http://www.postnuke.org

Samba homepage
http://www.samba.org

XFS filesystem
http://www.sgi.com/software/xfs/overview.html

 

Paper version of this case study 
Bundeskartellamt migration (pdf 183 kB) 
Image removed.Image removed.[182 Kb]

© European Communities 2005
Reproduction is authorised provided the source is acknowledged.
The views expressed are not an official position of the European Commission.
Disclaimer

Categorisation

Type of document
Open source case study
Login or create an account to comment.