Migration guide
Version 3.0
Software migration guide
Published by the Federal Ministry of the Interior April 2008
Published by the Federal Ministry of the Interior
Reprint, even in part, subject to approval
If you are interested in publications by the Federal Ministry of the Interior which are currently available or if you require further information concerning the documents, please contact
Bundesministerium des Innern Referat IT 2 11014 Berlin, Germany
Homepage: http://www.kbst.bund.de/ E-mail: [email protected]
Migration guide Version 3.0
Software migration guide
1st edition
Berlin, April 2008
Published by the Federal Ministry of the Interior
Foreword to the third version of the migration guide The migration guide has become a hands-on tool with practical relevance for all kinds of migration issues. The guide is generally accepted and highly esteemed at the federal administration and beyond. The document offers IT decision-makers a wealth of technical information concerning proprietary and open source software as well as practical assistance when it comes to planning and implementing software migration projects in the most diverse directions. In view of ever-shorter technological innovation cycles, this migration guide 3.0 comes with updated contents with regard to the technologies found in both current and future migration projects in the years to come. Tried-and-tested elements of the earlier version, such as practical tips concerning the procedure for evaluating economic efficiency and the legal framework for software migration projects are also included in this version 3.0 in updated form. The essentially new element of migration guide 3.0 when compared to its predecessor versions is the completely revised structure concept with a more pronounced modularization approach. This element, in particular, boosts the practical value of this document because it makes it easier for readers to find the right contents which answer their questions. The modular structure of this document is also the basis for easier updating procedures for the different contents. This means that it will be easier in future to achieve shorter publication cycles. The introduction of the new document structure is also an important milestone on the road towards a new form of publication of the migration guide as an interactive web offering. The authors would like to wish the readers of the migration guide an interesting and profitable read and hope that the solution scenarios outlined herein will be helpful for the user's everyday work.
Page 4 Structure and contents of the migration guide Public agencies and organizations are often faced with the need to decide how they want to shape their IT system landscapes in the future. The reasons for this are very diverse: • Manufacturers phasing out support for key products • Increased technical requirements • Consolidation of existing system landscapes • Strategic aims, such as increased manufacturer dependence and increased interoperability. They are hence at present faced with the question as to which systems and components are to form the future basis of their IT structures. The migration guide is designed to assist them with its structural and modular layout as well as its contents.
Amendments to version 2.0 Version 1.0 of the migration guide was published in 2003. This document was downloaded more than 100,000 times from the web and translated into several languages. In 2005, version 1.0 was upgraded and subsequently published as version 2.0. Version 2.1, which was published last on the basis of this document, already contained additional explanations and practical tips for evaluating economic efficiency and legal aspects of planned software migration projects. With this migration guide 3.0, the Co-ordinating and Advisory Agency of the Federal Government for Information Technology in the Federal Administration - KBSt - is now presenting a completely revised and updated version with more pronounced modularization of the technical subjects. What's more, other products and technologies are now included, for example, the complex of teaming and workgroup software (collaboration software) with the "Microsoft Office SharePoint Server", "O3Spaces Work-place 2", "Novell Teaming + Conferencing", "Lotus Quickr 8.0" products as well as the "Mindquarry" open source software.
Structure of the migration guide Embedded in a framework chapter, the migration guide 3.0 includes three core modules, i.e. cross-section issues, infrastructures and applications. In practical work, these modules represent clearly defined complexes with specific tasks. In order to enable readers to easily navigate in the document, each of the three core modules has the same, uniform sub-structure which encompasses five levels as follows: • module, • subjects, • products,
Page 5 • migration paths and • references. Along this substructure, a uniform structure frame is created for all the core modules, so that readers can resolve problems along standardized paths which always remain unchanged. The diagram below shows this structure.
Use by users Example: DBMS migration
• In which environment do • Infrastructure I have a Module problem?
• Which complex • Database does my Subjects problem relate to? • Which products • MySQL are affected? Products/Techn • PostgreSQL ologies • SQL-Server
• Which • e.g. SQL Server migration path Migration paths to PostgreSQL will help me?
• What else do I • e.g. data have to References sources in consider? Office applications
Fig. 1: Structure of the migration guide
In the diagram, the questions which the reader seeking orientation has are related to the points of reference of the document on its contents levels. A reader who is, for example, planning to migrate a database management system will find the solution along the path through the document structure which is outlined in the diagram. When the same reader searches for another solution, for example, in a subject of the "applications" module, he or she can use the same structure path in order to navigate through the document. The "cross-section issues" module diverges from this given structure because this module is only broken down according to subjects.
Contents of the migration guide The contents of the migration guide are related to software migration. The current technical discussion still focuses on the basic software components of IT infrastructures. However, the migration guide intends to include all software components relevant for administrations in its scope in the future. This goal is supported by the new structure described above and by stronger modularization which enables efficient extension and/or adaptation of the guide's contents to the needs of public administrations. Within the "infrastructures" and "applications" core modules, the guide with its subject- centred structure – such as network services or database management systems – initially addresses the individual products and technologies with a view to their technical
Page 6 make-up, technical features and functionalities. Other issues which are addressed include historical development up till now, the availability of different versions and editions as well as the terms and conditions of the licenses applicable to the use of the products and technologies. Both proprietary and open source software will be treated equally.
Definition: Open source software, free software The terms "open source software" and "free software" are used synonymously in this migration guide. The abbreviation used for this is OSS. OSS enables every user to use, analyse, modify and distribute the freely available source code. This openness enables users to learn from the source code and/or adapt it to their personal requirements. OSS is free from license costs and may be copied and distributed even in modified form. The freedom of the software is defined by the related licenses. Proprietary software Unlike open source software, proprietary software is owned by an individual or organization, usually the manufacturer of the software. The use of the software is subject to the terms of the license which the owner of the software has laid down. These terms usually prohibit duplication, dissemination and modification of the software. Software of this kind is sometimes also offered for free on condition that the applicable terms of the license are adhered to. However, this software is not open source software.
The product and technology discussion of each complex is followed by the discussion of selected migration paths. When the first version of the migration guide was published in 2003, the picture at public agencies was still relatively homogenous with regard to the initial situation of their IT infrastructures. This has changed clearly in recent years. Although most IT infrastructures are still Windows-based, the underlying situations differ strongly even in these cases. Furthermore, a host of Linux-based and heterogeneous IT landscapes have emerged parallel. This increasing heterogeneity of IT landscapes means that more differentiated migration paths must be provided and described. A distinction is made between replacing migration paths and continuing migration paths.
Page 7 Definition Continuing migration In the earlier versions of this migration guide, this term was primarily linked to the continuation of Microsoft product lines because the starting situation (Windows NT-based IT infrastructures) at that time was largely uniform at public agencies. Today, there is a host of very different starting situations, so that "continuing migration" now refers to the continuation of an existing product line or product, such as migration from StarOffice 7 to StarOffice 8 or migration from MS Office 2003 to MS Office 2007. Replacing migration Replacing migration consequently means the replacement of an existing product line or product with another product line or product. Examples are the replacement of StarOffice 7 with MS Office 2007 or MS Office XP with OpenOffice.org 2.3 or replacement of the Scalix groupware with Kolab.
Possible paths for replacing migration are: • replacing a proprietary solution with an OSS solution • replacing a proprietary solution with another proprietary solution • replacing an OSS solution with a proprietary solution • replacing an OSS solution with another OSS solution The following types of continuing paths exist: • continuation of a proprietary solution • continuation of an OSS solution Past experience suggests that migration is technically possible in either direction. Especially the opinion that proprietary software is the only sensible approach was rebutted in many migration projects and in countless cases in practical use. Practical experience also shows that, given the appropriate boundary conditions, even heterogeneous IT environments can be economically effective and in line with practical needs in individual cases. This practical experience shows that replacing migration paths may well be considered to be an option in the case of selective migration or migration of certain areas even though this may create or intensify heterogeneity in the IT landscape. Another important question which also often arises in this context is: "Which degree of integration is needed and can this also be achieved in a heterogeneous environment?" In other words: "Can the functionalities which require a certain degree of integration also be achieved in a heterogeneous environment?" The integration subject is discussed in more detail in section I.A 3. The choice of migration paths and the overall design of an IT landscape ultimately depend on the requirements and boundary conditions of an organization or public agency. However, these landscapes differ strongly from agency to agency. The starting situations differ strongly also in terms of the degree of heterogeneity of the IT environment. The requirements are strongly dependent upon the respective tasks. The know-how and number of available employees differ and financial resources are also
Page 8 very different. Migration of complete IT infrastructures is hence not discussed in this migration guide. There are no fundamental differences to be considered for the different paths. Migration is usually feasible unless a suitable migration target (product or technology) is not available for a given path. This may be due to the following reasons: • Lack of alternatives to continuing or replacing migration: The alternatives necessary to identify replacing migration paths do not exist in certain areas. The (proprietary or OSS) products and solutions which are available on the market are either not mature enough or they do not offer the required functionality. Furthermore, it may happen that development of a (proprietary or OSS) product is discontinued, so that it is then no longer possible to consider a continuing path. • Minor differences between consecutive versions: The explicit description of a continuing migration path does not make sense under certain conditions, especially if there are, for example, only minor differences between the version currently used and its successor version (for example, mainly in the form of improvements to existing functionalities) or if an area is concerned where functional requirements are generally stable. The absence of migration targets on the one hand and a product and technology diversity which can be found in many areas on the other are the reasons why it is not possible to discuss all possible migration paths. As a result, workshops were held with experts and manufacturer representatives during the course of preparing the migration guide in order to identify important migration paths which were then considered in this document. Besides technical aspects, the "cross-section issues" module of the migration guide also discusses product-spanning technology aspects, such as integration of software components and the use of standards as well as legal and commercial aspects of software migration projects.
Reference to other eGovernment documents The Federal Ministry of the Interior is the competent and central contact for public administrations when it comes to information and communication technology. In this capacity, the "Co-ordinating and Advisory Agency of the Federal Government for Information Technology in the Federal Administration" (KBSt) as the responsible agency has published a host of IT-related documents some of which are subject to continuous updating. These include, in particular, the following documents and information areas1:
• Version 2.1 of the DOMEA concept2 • eGovernment 2.0 – the Federal Government's programme
• EVB-IT3 contract types
1 www.kbst.bund.de 2 DOMEA – document management and electronic archiving (in the public administration) 3 EVB-IT – supplementary terms and conditions of contracts for the procurement of IT services Page 9 • Migration guide 2.1
• Guide for platform-independent special applications 1.0
• SAGA4 4.0 • IT architecture concept for the federal administration 1.0
• UfAB5 IV version 1.0
• XT procedure model6 release 1.2.1 • WiBe7 4.1
• XML Infopoint With the exception of DOMEA 2.1, migration guide 3.0 has a generally more or less intensive reference to all the other documents. If a migration project involves the acquisition of new software subject to specific criteria, for example, in order to reduce and simplify the scope of future migration projects, the references of such a project are then EVB-IT (supplementary terms and conditions of contracts for the procurement of IT services) and UfAB (document for invitations to tender and evaluation of IT services). In the case of the real implementation, however, the references are V-Modell XT (XT procedure model – procedure model for planning and implementing projects) and EVB-IT (supplementary terms and conditions of contracts for the procurement of IT services), if applicable. First and foremost, however, direct references of the migration guide are SAGA 3.0, the IT architecture concept for the federal administration 1.0, the guide for platform-independent special applications and WiBe 4.1 (economic efficiency assessment). When it comes to reducing the frequency of migration projects, simplifying such projects or reducing their costs, these documents should always be referred to when implementing software migration projects. The updated migration guide 3.0 additionally includes the fundamentals and boundary conditions laid down in these documents in its discussion of products, technologies and migration paths.
4 SAGA - Standards and Architectures for eGovernment Applications 5 UfAB – document for invitations to tender and evaluation of IT services 6 XT procedure model – procedure model for planning and implementing projects – XT meaning "extreme tailoring" 7 WiBe – evaluations of economic efficiency Page 10 Table of contents
Foreword to the third version of the migration guide...... 4
Structure and contents of the migration guide ...... 5
Table of contents...... 11
I. The cross-section issues module ...... 19
A Subject: strategic aspects of software migration ...... 19 1 Manufacturer independence, strengthening competition, open standards...... 19 2 New migration alternatives ...... 21 3 Achieving and implementing integration in a sensible manner ...... 23 3.1 Forms and degrees of integration ...... 23 3.2 Integration and standardization...... 25 3.3 Standardization and open source software...... 26 3.4 Classification of integration depth ...... 26 3.5 Advantages and disadvantages of integrated and standardized solutions ...... 29 3.6 Criteria for the evaluation of integrated solutions...... 31 3.7 Examples and comparison of commonly used, integrated infrastructure solutions...... 32 3.8 Conclusions ...... 38
B Subject: legal aspects of software migration ...... 39 1 Introduction...... 39 2 Method ...... 40 3 The need for legal advice in each individual case...... 40 4 Law of contracts ...... 41 4.1 Introduction ...... 41 4.2 Contractual relations with OSS: contract with dealer...... 43 4.3 Contractual relations with OSS: contract with the owners of rights ...... 45 4.4 Comparison of migration to proprietary software and to OSS ...... 47 5 Copyright law...... 48 5.1 Introduction ...... 48 5.2 Validity of OSS licenses under German copyright law...... 49 5.3 Extent of rights granted with OSS licenses...... 50
Page 11 5.4 Conflicting copyright of third parties...... 51 5.5 Comparison of migration to proprietary software and to OSS ...... 53 6 Patent law...... 54 6.1 Introduction ...... 54 6.2 Conflicting patent rights of third parties in the case of OSS use...... 55 6.3 Comparison of migration to proprietary software and to OSS ...... 56 7 Liability and warranty...... 56 7.1 Introduction ...... 56 7.2 Use of OSS: contractual liability and warranty with usage authorization and limitation contracts ...... 57 7.3 Use of OSS: contractual liability and warranty with open source license agreements...... 59 7.4 Use of OSS: contractual liability and warranty in conjunction with the creation and modification of free software ...... 60 7.5 Use of OSS: non-contractual liability ...... 61 7.6 Use of OSS: contributory default ...... 62 7.7 Comparison of migration to proprietary software and to OSS ...... 62 8 Contract awarding law...... 63 8.1 General ...... 63 8.2 Procurement of OSS: neutral invitation to tender ...... 64 8.3 Procurement of OSS: transparent invitation to tender ...... 65 8.4 Procurement of OSS: the contract awarding decision ...... 66 8.5 Comparison of migration to proprietary software and to OSS ...... 67 9 Conclusions...... 68
C Subject: economic aspects of software migration...... 69 1 Foreword ...... 69 2 Introduction...... 69 3 Methodological principles ...... 71 3.1 Aims and boundary conditions...... 72 3.2 Monetary analysis...... 74 3.3 General considerations of cost identification ...... 74 3.4 Benefit analysis...... 79 3.5 Full cost approach...... 80 3.6 Comparability...... 80 3.7 Applications...... 80 4 Analysis of the starting situation...... 82 4.1 Server infrastructure ...... 82 4.2 Client infrastructure...... 83 Page 12 4.3 Network infrastructure...... 84 4.4 Print infrastructure...... 84 4.5 Server services ...... 85 4.6 Standard software...... 86 4.7 Document templates and macros ...... 86 4.8 Special IT applications...... 88 5 Economic efficiency according to WiBe ...... 91 5.1 Introduction ...... 91 5.2 Economic efficiency in monetary terms ...... 97 5.3 Extended economic efficiency ...... 114 6 Conclusions...... 127
D Subject: Recommendations...... 129 1 General recommendations ...... 129 2 Recommended procedures for migration projects...... 131 2.1 Procedure models...... 133 2.2 Possible effects of the migration paths ...... 137 2.3 Check-list of success factors ...... 138
II. The infrastructures module...... 141
A Subject: database systems ...... 141 1 Products/technologies ...... 142 1.1 MySQL ...... 142 1.2 PostgreSQL ...... 144 1.3 Firebird...... 146 1.4 MaxDB ...... 148 1.5 Microsoft SQL Server 7.0/2000/2005...... 149 1.6 Oracle ...... 153 1.7 IBM DB2...... 155 2 Migration paths...... 157 2.1 Replacing migration of proprietary and open database systems ...... 160 2.2 Continuing migration of database systems ...... 162
B Subject: web servers ...... 163 1 Products/technologies ...... 163 1.1 Apache HTTP Server...... 163 1.2 Microsoft Internet Information Services (IIS)...... 167
Page 13 2 Migration paths...... 170 2.1 Replacing migration of proprietary and open web servers...... 170 2.2 Continuing the product line of web servers...... 172 3 References ...... 172 3.1 File system...... 172 3.2 Network services...... 173 3.3 Authentication ...... 173 3.4 Applications...... 173
C Subject: authentication and directory services...... 174 1 Products/technologies ...... 175 1.1 Linux and Samba with OpenLDAP and Kerberos (MIT/Heimdal) ...... 175 1.2 Fedora directory server (OSS solution with multi-master capability) ...... 183 1.3 Windows NT 4 server as a so-called domain controller (DC) ...... 184 1.4 Windows 2000/ 2003 server with Active Directory and Kerberos ...... 189 2 Migration paths...... 197 2.1 Migration from Windows NT DC to Linux with OpenLDAP, Samba and Kerberos ...... 197 2.2 Migration from Windows 2000 with Active Directory to Linux OpenLDAP, Samba and Kerberos...... 200 2.3 Migration from Linux and OpenLDAP, Samba and Kerberos to Windows 2003 with Active Directory ...... 202 2.4 Migration from Windows NT as DC to Windows 2003 with Active Directory ...203 3 References ...... 205 3.1 General considerations...... 205 3.2 Directory service ...... 205
D Subject: network services...... 207 1 Products/technologies ...... 207 1.1 NetBIOS, WINS, DNS and DHCP under Windows NT/2000/2003 ...... 207 1.2 WINS, DNS and DHCP under Linux with Samba ...... 215 2 Migration paths...... 217 2.1 Migration of Windows NT/2000 network services to Windows 2003 ...... 218 2.2 Migration from Windows DNS (BIND 8) to Linux BIND 9...... 219 2.3 Migration from Windows DHCP to Linux DHCP ...... 220 2.4 WINS/NetBIOS (Windows) to Samba with WINS/NMDB...... 221 3 References ...... 221
Page 14 E Subject: filing system ...... 222 1 Products/technologies ...... 222 1.1 Linux and Samba with SMB/CIFS and POSIX...... 222 1.2 Linux-Server with NFS ...... 229 1.3 Linux Server with OpenAFS...... 230 1.4 Windows NT 4.0/2000/2003 with NTFS...... 231 2 Migration paths...... 241 2.1 Migration from Windows Server NT 4 with NTFS 4 to Linux with Samba (SMB/CIFS) and POSIX...... 244 2.2 From Windows Server 2000/2003 to Linux Server (keeping Active Directory) 244 2.3 From Linux NFS/OpenAFS to Windows 2003 NTFS 5 ...... 245 2.4 From Windows Server NT4 to Windows Server2000/2003 ...... 246 3 References ...... 247 3.1 Authentication service...... 247
F Subject: print services...... 248 1 Products/technologies ...... 248 1.1 General observations...... 248 1.2 Common Unix Printing System (CUPS)...... 253 1.3 Common Unix Printing System (CUPS) with Samba...... 259 1.4 Windows Print Services ...... 261 2 Migration paths...... 268 2.1 Migration from Windows Print Services to CUPS in conjunction with Samba under Linux ...... 268 2.2 Migration from CUPS in conjunction with Samba under Linux to Windows Print Services...... 269 2.4 Migration from Windows NT4/2000 Print Services to Windows 2003 Print Services ...... 269 3 References ...... 269 3.1 System management and monitoring ...... 269 3.2 Authentication and directory services ...... 270 3.3 Network services...... 270
G Subject: system monitoring and management services ...... 271 1 Products/technologies ...... 271 1.1 System management with OSS – Nagios, etc., Linux ...... 273 1.2 Microsoft Systems Management Server (SMS) 2.0/2003 and Microsoft Operations Manager (MOM) ...... 276
Page 15 1.3 HP OpenView ...... 279 1.4 IBM Tivoli system management...... 281 2 Migration paths...... 282 2.1 Migration from Tivoli system management to HP Open View...... 282 2.2 Migration of proprietary system monitoring software to Nagios ...... 283 2.3 Migration from SMS 2.0 to SMS 2003 ...... 283 3 References ...... 284 3.1 Network services...... 284 3.2 Web server...... 284
III. Module: applications ...... 285
A Subject: messaging and groupware...... 285 1 Products/technologies ...... 285 1.1 OpenGroupware.org ...... 285 1.2 OpenXchange...... 289 1.3 eGroupWare ...... 293 1.4 Zarafa...... 297 1.5 Kolab...... 300 1.6 Scalix ...... 305 1.7 Microsoft Exchange Server 2007...... 310 1.8 Lotus Notes...... 313 2 Migration paths...... 315 2.1 Migration from MS Exchange 5.5/2003 to Kolab 2 ...... 315 2.2 Migration from Kolab 2 to MS Exchange 2007 ...... 317 2.3 Migration from MS Exchange 5.5 to MS Exchange 2007 ...... 319 2.4 Migration from eGroupware to Lotus Notes 8 ...... 320 2.5 Scalix to eGroupware...... 323 3 References ...... 325 3.1 Web server and network services...... 325 3.2 Authentication and directory services ...... 325 3.3 Backend integration ...... 325
B Subject: teaming/workgroup software ...... 326 1 Products/technologies ...... 326 1.1 Mindquarry...... 328 1.2 Microsoft SharePoint Server and Services ...... 335 1.3 O3Spaces Workplace 2 ...... 354
Page 16 1.4 Novell Teaming + Conferencing ...... 361 1.5 Lotus Quickr 8.0...... 375
C Subject: Office / desktop ...... 391 1 Products/technologies ...... 391 1.1 OpenOffice.org 2 and 1 / StarOffice8 and 7...... 391 1.2 Microsoft Office 2007/2003/2002/97 ...... 402 2 Migration paths...... 417 2.1 Interoperability of Office applications ...... 418 2.2 Preparing the migration process...... 421 2.3 Migration from MS Office 97 - 2003 to StarOffice 8/OOo 2 ...... 424 2.4 Migration from MS Office 97 - 2003 to MS Office 2007 ...... 428 2.5 Migration of StarOffice 7/8 and OOo1/2 to MS Office 2007...... 430 2.6 Migration from StarOffice 7/OOo1 to StarOffice 8/OOo2Star ...... 433 3 References ...... 435 3.1 Teaming/workgroup software...... 435
D Subject: backend integration...... 436 1 Products/technologies ...... 436 1.1 Microsoft .NET platform (COM, DCOM, OLE, ActiveX) ...... 436 1.2 SUN J2EE platform...... 440 1.3 Object Management Group CORBA...... 444 2 Migration paths...... 446 2.1 Migration of a .NET-based application to J2EE ...... 446
E Subject: Terminal services and client concepts ...... 451 1 Products/technologies ...... 454 1.1 Linux Terminal Server Project...... 454 1.2 NoMachine NX Server ...... 455 1.3 Microsoft Windows Terminal Server ...... 457 1.4 Citrix Presentation Server ...... 459 2 Migration paths...... 461 2.1 Migration from Microsoft Windows Terminal Server to NoMachine NX Server ...... 464 2.2 Migration from Microsoft Windows Terminal Server 2000 to Microsoft Windows Terminal Server 2003...... 465 2.3 From Microsoft Windows Terminal Server to Citrix Presentationserver...... 467
Page 17 3 References ...... 469 3.1 Authentication and directory services ...... 469 3.2 Network services...... 469
IV. Appendix ...... 470
A Abbreviations ...... 470
B Glossary...... 483
C Illustrations...... 490
D Tables...... 493
E Appendix –WiBe for migration projects...... 496 1 Catalogue of WiBe criteria for migration projects ...... 496 2 Matrix for determining software and hardware costs...... 500 3 Legal basis ...... 501
Page 18 I. The cross-section issues module
A Subject: strategic aspects of software migration
1 Manufacturer independence, strengthening competition, open standards Organizations only migrate software if this is necessary for external and internal reasons. • External reasons: o A manufacturer discontinues support for a particular product or product version. o Development of an open source project is discontinued or support for a particular software version is no longer available. o Compatibility with the latest product used by a partner organization makes it necessary to follow suit. • Internal reasons: o Specific functionalities are not available. o Costs must be cut in the medium to long term. o The IT infrastructure needs to be consolidated. Since most migration projects also involve substantial costs – not to mention manpower – each and every public agency is probably interested in minimizing the related costs. In contrast to external reasons, most internal reasons can be internally managed, so that it is left to the agency concerned whether and when a migration project is to be carried out. First of all, external reasons can be influenced to a much lesser degree. These reasons are determined primarily by the software manufacturers with their market policy or by OSS developers with their decisions. As far as the market policy of software manufacturers is concerned, this means that an external influence can only be avoided by achieving the maximum possible independence from manufacturers with their policy which is typically characterized by new software versions being launched every few years, followed by termination of support for the previous version. Open source projects, in contrast, are not characterized by a policy where fundamentally new software versions are launched at short, regular intervals whilst support for older versions is terminated at the same time. Discontinuation of OSS projects is hence a more rare external reason for migration. Furthermore, openness also warrants a high degree of independence because a suitable service provider can be commissioned at any time to perform the required support services. This shows that it is not an ad-hoc problem but a long-term strategic challenge which must be mastered. Public agencies must aim to become independent of manufacturers and to strengthen competition in order to increase options and leeway in the long term, to reduce the number of migration projects and to save costs and time. Although minimizing external influence also means fewer and less frequent migration projects, externally induced migration projects will certainly continue to exist in the future. Page 19 This leads to the second question: How can the migration costs of individual migration projects be reduced? The essential feature of migration is that existing information (data, documents, etc.) as well as automated processes and structures are transferred to the new environment where they can be further processed and used with the required functions. Another question which also often arises, especially in cases of selective migration or gradual migration projects is: How do the migrated systems merge with the existing IT landscape? Are they compatible and interoperable with the existing systems? The easier it is to reuse existing information, processes and structures, the lower the cost of migration. The easier it is to replace existing software with other software and to integrate it into existing system landscapes, the stronger competition will be between suppliers on the market. This, for its part, has a positive impact on the price of software, updates and support and helps users to reduce costs even further. Openness is an essential factor, for example, when it comes to transferring information from A to B and integrating software into legacy system landscapes at a minimum cost. If the way in which information is stored is known, information transfer is then also possible without any major problems. If interfaces and their functions are known, the appropriate interfaces can be found or implemented in order to integrate new software. However, openness alone does not suffice because openness does not mean that interoperability is ensured. Another central factor is the use of standards for interfaces and for the storage of information. The combination of both factors is the best precondition for creating interoperability and compatibility between all the software systems of an IT landscape. Interoperability and compatibility additionally lead to significant cost savings, strengthened competition and hence greater manufacturer independence. The term "open standard" has many facets and is sometimes degraded to a meaningless marketing label. Examples of constructive and meaningful definitions can be found in the European Interoperability Framework (EIF)8, in the Federal Government's initiative paper on the use of open document formats [Initiativpapier der Bundesregierung für den Einsatz offener Dokumentenformate]9 or the minimum requirements for the openness of standards in the form in which they are laid down in SAGA10 . These minimum requirements for the openness of standards are defined in SAGA from the federal administration's perspective as follows: • The standard was published and documentation of standard specifications is either free or at most available against a nominal fee. • The intellectual property (for instance, in the form of patents) of a standard or of parts of a standard must, if possible, be accessible without being contingent upon the payment of a license fee.
8 Refer to http://ec.europa.eu/idabc/en/document/3761/5583 9 Refer to http://www.kbst.bund.de 10 Refer to SAGA 4.0, chapter 2.2, page 20, at: www.kbst.bund.de Page 20 • The federal administration and users of its services must be able to use the standard without restriction. • The standard must remain published and freely usable in the future. One element which almost all definitions have in common is that they are all based on generally similar requirements which a standard must fulfil in order to be classified as open. It also goes without saying that a standard which is subject to fewer use restrictions (for example, in the form of license costs) will be easier to use and hence more widely used too. This is a precondition for real competition and at the same time maximum interoperability of different solutions based on this standard. The use of really open standards as well as manufacturer independence and strengthening of competition must be a strategic aim of public agencies. This means: In order to improve the current situation in the long term with regard to the frequency of migration projects and the related, high costs, public authorities should adopt and implement the above-described aims as part of their IT strategy. It is particularly important to use the really open standards because these are a solid foundation for the implementation of the other aims.
2 New migration alternatives Up to now, when migration was necessary, the question was how an existing software product can be replaced with another, similar software product. How, for example, can a file server be replaced with another file server or an existing word processing system with another one – preferably with an alternative with open, standardized interfaces and data formats? The migration guide has adopted this perspective and discusses the migration alternatives with this in mind. Migration of software solutions within the same solution family is the standard case of a migration project. The migration guide helps to decide where such a migration leads and how it should be designed. However, this does not mean that the decision in favour of migration within the same solution family is always inevitable. Two developments are currently underway which, although they go beyond the subject of this migration guide, will increasingly influence migration decisions and hence the application of the migration guide too. One development is new technologies, new ways of using technologies and new patterns of use which are leading to innovative solutions.11 Most of these patterns of use are of a collaborative nature and find their way – for example, in the form of wikis – into the tool set of large organizations with a long history and tradition. The other development is the fundamental change in the way the public administration sees itself. This is reflected by the term "eGovernment" and aims, amongst other things, to boost process efficiency and customer orientation significantly through process automation.
11 Many of these developments are often summarized under the "Web 2.0" buzzword. Page 21 These two developments lead to the new master question which will increasingly influence migration decisions in the future: Is, after all, migration within the solution family the right step? Are the candidate solutions and their application still state of the art on the market of solutions and considering the aims of IT use? Word processing applications can illustrate this concept. They were introduced at a public agency, say, at the end of the 1980s and since then have been migrated from one product generation to the next, along with a continuous increase in performance. This was accompanied by the development of the (proprietary) file formats whose distribution ultimately led to the need for migration. In many cases, a closer look at the actual use of these applications is likely to provide two insights. Firstly, the features of the applications which are today actually used on a regular basis are still the same as in the 1908s and where additional features are used, these are then of little use, but create a lot of interoperability and migration problems. Secondly, the processes which are executed with the help of these applications are still orientated towards their paper-based ancestors. This is no wonder, especially in the case of word processing applications. Historically, they consider themselves to be electronified typewriters and their unreflected use leads to (at times) electronified paper processes. The optimization and automation potential of the processes remains unused in this way. The question as to how the portfolio of IT solutions and their use can be optimized will become increasingly important in the future, probably as a result of the need to migrate. It must, however, be answered before the migration decision is made. One potential optimization decision could be to no longer (or not only) upgrade an existing file service whose only function anyway is to support electronified paper processes. Instead, or in addition, collaboration solutions, document management or even workflow systems should be used instead. One consequence of the introduction of workflow systems could be that mask tools are used instead of work processing systems, i.e. the electronified typewriters. Data would then be stored in clearly defined structures ("data records") rather than being buried in the formatting information of a document. The continuous increase in performance, for example, of the formatting options of work processors, would then become irrelevant for the functioning of the business process and a recurring reason for migration would simply become obsolete from the perspective of the process. The word processing issue is certainly one facet to be considered in this context. It does, however, clearly show that it is not only the use of open and standardized interfaces and data formats which can contribute towards the avoidance of migration needs. However, this can also be achieved by a careful examination of the development of the IT solution market and one's own business processes. Just like the implementation of open standards, this discussion too is a strategic task. If it can be successfully tackled, future migration projects will be less frequent and less complex. If the above-described ideas are considered in the context of developments on the IT solution market for collaboration solutions, it becomes clear that this is by no means utopian. Instead, manufacturers have also come to discover these possibilities and have begun to a certain degree to integrate these into their solutions. The term "document" Page 22 here to a certain extent assumes a new meaning because it no longer necessarily equals "file" as in the case of the classical office suites. Especially when it comes to cooperating with external partners (other public agencies, enterprises), new models emerge which are worth examining if one plans to create shared and uniform processes for external and internal cooperation. This is, for example, part of the Federal Government's eGovernment strategy. The migration guide will look closely at these developments in the future and identify the resultant, alternative migration targets.
3 Achieving and implementing integration in a sensible manner One of the central tasks of operating information technology is to integrate the different software or hardware components of an environment with each other. Operating or virtualization systems must be integrated with hardware components. This typically requires the installation or configuration of drivers. Applications must be integrated, together with other applications, into operating system environments. Furthermore, they must also usually be compatible with software distribution or system management solutions. Server and client applications must authenticate and authorize users and to this effect have to be integrated into identity management systems. Following authorization at the latest, most applications access data and, for this purpose, have to be integrated with database systems and servers (which provide data filing or other applications). This list could go on forever. When an IT infrastructure has reached a certain size, this integration process is a continuous exercise because it is always necessary to replace, upgrade or consolidate hardware or software components or to adapt them to new boundary conditions or requirements. The ongoing integration of IT components is usually a complex and obviously risk-prone process. At first glance, the best solution seems to be to increasingly use components which are already integrated with other components or which can be easily integrated in order to save costs, minimize risks or even add value in terms of functionality and performance of the overall systems. Some market players have expressed the opinion that the different software products and components of proprietary software feature a higher degree of integration amongst each other whilst the integration of products and components available in the open source environment was generally more difficult and often required manual integration beforehand. The higher degree of integration in the field of proprietary software assumed in this way would then ultimately lead to higher economic efficiency of its use. This chapter discusses the question as to whether and under which conditions integrated solutions are or can be advantageous. A general discussion on this subject is then followed by an exemplary comparison of three different solutions. 3.1 Forms and degrees of integration Integration in the context of an IT infrastructure means a number of different aspects, so that at this point an attempt is first made to identify different categories.
Page 23 Configuration integration A simple form of integration is the compilation of combined software packages where the components contained therein are jointly installed and automatically configured during installation in a manner which ensures optimum interaction. Combined packages of this kind are, for example, often found in the area of software appliances. The user receives a system that works "out-of-the-box" with a defined set of features and does not need to know the details of the configuration and implementation of the individual components. In the case of integration exclusively in the area of configuration, the components contained therein do not differ from those which can also be separately obtained, installed and manually configured for correct interaction. This form of integration essentially saves time and money for configuration and implementation without restricting the flexibility of the individual components or of the overall system. Administration integration It must be generally possible to configure systems made up of software components which are integrated with each other by means of a set of parameters. A change in a particular parameter often affects several of the integrated components. The integration of programs, services or software components via mechanisms which ensure that the administrative handling of configuration parameters does not affect the integrity of the overall system and that all the relevant components are reconfigured accordingly is referred to as "administration integration" in this document. Function integration Another form of integration is the use of functions of a program or software component by another program or software component, respectively. One frequent example of this are the OLE functions familiar with Office packages. These operations provide functions for spreadsheet calculations, for example, from a spreadsheet program which can then be presented within a word processing program. However, function integration also includes the provision of certain functions which are needed by different programs, for example, to access the Internet or perform mathematical operations. Integration on this level is hence often characterized by the existence of program libraries which are used by many different applications. Data integration The last form of integration mentioned here is data integration. This means that several applications or services access (physically) identical data in order to avoid redundancy. Data integration is contingent upon the shared use of a uniform data model by all the components involved as well as the use of defined mechanisms for accessing the data in order to avoid inconsistency, for example, as a result of simultaneous access by two applications. These mechanisms are usually made available by function integration in a uniform manner. Examples of data integration in IT infrastructures include identity and infrastructure management systems which provide from a central source information concerning, for instance, users, their privileges and roles or systems and their configuration. Operating systems and applications access this data via defined interfaces and protocols in order to identify, for example, a user's privileges in relation to certain applications and data.
Page 24 Most components found in practical applications are integrated with each other using different integration methods. The integration of the Microsoft Exchange mail and calendar service with Active Directory is a very good example of this. • This is carried out by data integration, so that the Windows logon service and the mail server, for example, use the same user data and credentials. • Through the use of the same program libraries by all the components integrated with each other, function integration ensures that the corresponding data is always accessed by the same mechanisms and protocols, so that any inconsistency is ruled out. • Administration integration methods are used to link the individual services from the administrators' perspective. This means that administrators, when creating a new (Windows) user, can immediately determine this user's mail account settings without having to use another application for this purpose. • Finally, the individual components use the same installation and configuration methods (such as the Windows registry and tools based thereon), so that a coordinated configuration is ensured during the installation process. 3.2 Integration and standardization Every form of integration requires interfaces which enable communication between the components involved. During the configuration integration process, programs are set up which ensure optimum interaction of the components which would not be possible without interfaces via which the applications communicate with each other. In the administration integration case, the coordinated configuration with defined parameters and the integrity of the overall system are ensured by systems on a level above that of the individual components or by jointly used interfaces. Finally, function and data integration requires interfaces and protocols in order to access data or functions. Interfaces and communication are the basis of any kind of integration. However, the term "integration" does not imply any statement as to what extent the components of an integrated environment use standardized interfaces and standardized protocols in order to communicate with each other. Interfaces or protocols can, for example, be called standardized if they are described in documentation which is publicly accessible and if this description is based on a consensus between the interested parties involved therein. One key benefit of standardized protocols and interfaces is the fact that they can be used by different manufacturers of different components without one manufacturer becoming unreasonably dependent upon another manufacturer who uses the protocols or interfaces in question in his components. For users, the use of proprietary, non-disclosed interfaces also always means a risk that these interfaces cannot be used by third-party applications or that they can change within the framework of updates or new versions of certain components. The use of standardized protocols and interfaces in conjunction with the integration of software components can reduce this risk considerably and a higher level of safety is achieved for operators of IT infrastructures. Standardization is largely independent of integration. Integrated solutions can use standardized protocols and interfaces on an exclusive basis, but they can also use Page 25 proprietary and undocumented communication paths. Applications with a low degree of integration or no integration at all usually depend, for their communication or the exchange of data with each other, on a manufacturer-independent definition of the interfaces and protocols used because it is otherwise almost impossible to update these applications independent of each other and across several versions of the corresponding programs. 3.3 Standardization and open source software Standardization processes have several parallels with frequently used development models of open source software. Especially all those open source projects which are designed to proceed with the involvement of a community publish the program code quickly and on a regular basis and try to keep decision-making and discussion processes in the public domain of "those interested". This can be compared to standardization methods where the standard itself or the drafts discussed during its development are disclosed to and discussed by a (specialist) public. This is, however, not an automatic mechanism. Open source licensing does not necessarily mean that the source code of an application must be disclosed to a general public or that its further development must be publicly discussed. However, users of software subject to open source license are thereby automatically authorized to read the pertinent source code and thus receive at least one form of a complete description of the protocols and interfaces used by this software. Compared to users of proprietary software, they are in a better position because the source code enables them to use the corresponding interfaces and they can even modify their open source application, for example, in order to ensure interoperability with other applications. With a view to the protocols and interfaces used, open source software always ensures one aspect of standardization, i.e. the availability of a description for the licensee. Furthermore, many open source projects also work towards public discussion and development as important elements within the framework of standardization. Notwithstanding this, open source and standardization must remain separate and distinct areas especially because of the fact that standards can also be implemented by proprietary software and because open source licenses do not automatically mean a general publication of the source code and a public development and decision model. 3.4 Classification of integration depth In order to assess the degree of integration of software components and the resultant pros and cons, the possible integration depth of components is divided into four levels (none, minor, medium and high) in this document. A higher integration depth usually means more manufacturer dependence so that this will be discussed in conjunction with the description of the four levels.
3.4.1 No integration No integration means that the programs or components concerned are installed independent of each other and can be (sensibly) operated independent of each other. They do not use any functional components of the other components and do not access the data of such other components. The components concerned communicate with each
Page 26 other via publicly documented interfaces which are ideally standardized. The components usually require manual configuration and adaptation to each other. It goes without saying that the degree of manufacturer dependence is very low in a system with components which are not integrated with each other. At the same time, manual integration and parallel updating and administration efforts for components which are not integrated with each other usually involve high costs and substantial manpower input.
3.4.2 Minor integration Minor integration means that the programs concerned can also be installed and used independent of each other. They are, however, integrated in one or more of the following ways: • Configuration integration: Simultaneous automatic installation of the components is possible. The components are already automatically adapted to each other quite well, but only the publicly documented and publicly usable configuration interfaces and parameters are used in this case. • Administration configuration: Administration of the components is possible via a shared or higher-level system, but administration of every single component independent of the other one continues to be possible. • Function integration: The components can use functions of other components if these are available in the environment. However, they continue to be fully functional even without the other components and do not necessarily depend on these. • Data integration: The components can use certain data which is managed by other applications and access such data via documented interfaces and protocols, or the components make data available to other applications via their own interfaces and protocols. However, they do not depend on the existence of the other programs and are capable of managing any relevant data on their own. With a view to manufacturer dependence, minor integration means that users are not in a worse position when compared to the use of components which are not integrated with each other. In the case of minor integration, users benefit from the advantages of integration (see below), but are free at any time to use other, non-integrated components in which case the costs and time input typical for non-integrated components must be borne.
3.4.3 Medium integration Medium integration means that certain components of the overall system are so closely linked to other components that essential functions cannot be made available or at least require substantial effort in order to be made available if the corresponding functions are lacking or if such functions are to be replaced by other functions which offer a comparable functionality but which are not integrated into the overall system. With regard to the four above-mentioned integration types, this means:
Page 27 • Configuration integration: The configuration of the components is contingent upon the existence of the other components and must be modified if certain components are not available or if certain components are to be replaced by others. • Administration integration: Simple administration of the components is contingent upon the availability of certain administration systems. If these administration systems are not available or if other systems are to be used, the corresponding systems either require time- consuming and costly manual administration or adaptation to the alternative systems. • Function integration: The components use functions and elements of the other components even in important areas. Although operation of the individual elements and the use of alternative components offering similar functions is technically possible, this would involve considerable expense and manpower. • Data integration: Wherever this makes sense, the components access data which is managed by other components. In this case too, stand-alone operation of the components and/or the provision of the required data via other components is possible, but involves significantly more costs and manpower than the operation of the integrated variant. This integration depth leads to a certain degree of manufacturer dependence because it is relatively difficult for users to replace components of the integrated solution with other components.
3.4.4 High integration In the case of a high level of integration, it is often difficult to identify the individual components that can be used independent of each other or as programs or systems which can be used together with other, alternative elements. Installation and administration are usually carried out for all the components together. The elimination of a component always means a risk that operation or administration of the other components is no longer possible or at least severely affected. This also applies to functions and data: All the components use functions made available by other elements or data managed by these. In this case too, it would be too complicated or even impossible to use the corresponding programs alone or together with components from other manufacturers even if components communicate via standard protocols and interfaces. Such a high level of integration also generates a high degree of manufacturer dependence. Operation of the individual components of the integrated solution separate from the other components is usually no longer possible and at the same time it is impossible or requires a great deal of effort to use alternative components at one point or other. Users hence usually prefer to obtain all the required components from the same manufacturer.
Page 28 3.5 Advantages and disadvantages of integrated and standardized solutions The essential advantage of integrated solutions is the fact that the individual components are already adapted to each other and interact smoothly from the very beginning without any major effort. Because the components concerned are also updated by their supplier as integrated components, this holds true not just during the implementation of a system, but also throughout its entire life. With an integrated solution it can, for example, be expected that joint updating of all the individual components is better and easier than in the case of a system where the individual components were obtained from separate suppliers, so that repeated adaptation and integrated testing will be required after every update. This means that the individual elements of integrated solutions harmonize with each other and can be easily combined with each other according to the modular principle. This has several economic implications: Concept development and implementation become easier and less costly because it is not necessary to design the way in which two applications interact from scratch, i.e. to constantly re-invent the wheel, and because tests are required to a lesser extent than in the case of components which are manually integrated with each other. Since manufacturers and, if applicable, service providers, administrators and other experts are familiar with the way in which the components were integrated, support for solutions of this kind is additionally easier and hence less costly. Furthermore, the know-how for the implementation and operation of integrated solutions is more readily available from the market thanks to the larger number of implementations compared with individual solutions. Further potential benefits could be that the exchange of data or documents between integrated components is easier because many parts of the overall system use the same functions to display or edit the corresponding data. Integrated systems and solutions can simplify work processes both at the administrator and user end and thereby save time and money. In contrast to this, integration does not increase manufacturer independence and flexibility. As discussed in the previous section, manufacturer dependence even increases and flexibility declines with increasing integration. In contrast to this, the use of standardized interfaces and protocols is an important way of ensuring manufacturer independence and flexibility. Solutions which feature a high degree of integration and which do not use any standardized interfaces and protocols for communication between components are prone to a number of risks: • Interfaces and protocols are not disclosed, so that nobody but the manufacturer of the integrated solution is capable of replacing, supplementing or renewing components. • The result is a high level of manufacturer dependence ("vendor lock-in"): Users can only use the components specified by the manufacturer for the overall solution. Using components from other manufacturers is either not possible or would often mean unreasonable effort.
Page 29 • In this way, manufacturers can force IT users to buy and use additional products and this means additional costs for additional planning, integration and administration work. • Furthermore, a lack of standardization often means that the components in question are essentially only compatible with themselves and/or with other (integrated) components from the same manufacturer whilst the exchange of data with programs or components from other manufacturers is difficult or impossible.
One familiar example of manufacturer dependence as a result of a high level of integration is Microsoft's introduction of Exchange 2000 with the resultant compulsion to use Microsoft Active Directory. This requirement means that users wishing to introduce this or a newer Exchange version not only have to buy Active Directory licenses, but also depend on the concept of this directory service, the integration of Active Directory with existing identity management systems and ongoing administration of Active Directory. The Kolab groupware system is an example of an alternative solution. This system which was also developed as open source software integrates several, widely used open source components to form a mail and groupware system which can be used as an alternative to Microsoft Exchange in many scenarios. However, only generally accessible interfaces and protocols are used here so that this is a case of minor integration. The system uses OpenLDAP as the directory service. However, thanks to the minor integration level, the use of standardized protocols and interfaces and the open source license it is also possible to integrate the system with any other directory service. The same applies to other components used in Kolab, such as SMTP or Webserver. Highly integrated solutions generally lose their key advantages when individual components can be replaced with other components not designed by their manufacturer for this purpose. The table below shows targets for a flexible and economically effective IT infrastructure and the implications which integration and standardization have on these. It shows the extent to which the targets identified there are in fact a property resulting directly from integration and the extent to which they result from the use of standardized interfaces and protocols. Several targets cannot be directly derived from the integration or standardization of interfaces and protocols whilst others are merely an indirect consequence of the two criteria. For example, the fact that components of a system are adapted to each other is a direct consequence of the integration of the corresponding components, whilst standardization merely favours, but does not warrant, good fine- tuning of components in relation to each other. Standardization in this case is hence merely a property which favours the "tuned" condition of components.
Target Effect
Integration Standardization
Components adapted to each other Direct advantage Favouring ("modular principle")
One central supplier / manufacturer / Direct advantage Favouring contact for all the components
Page 30 Target Effect
Integration Standardization
Minimum effort for concept design and Direct advantage Favouring implementation
Good support for updating all the Direct advantage Favouring components as an overall system
Easy to support Direct advantage Favouring
Lower testing effort Direct advantage Favouring
Know-how potentially more readily Favouring Direct advantage available from the market
Simplification of work processes of Direct advantage Favouring users and administrators
Flexibility when it comes to replacing Disadvantage Direct advantage components with components from (with increasing integration other manufacturers depth)
Flexibility in the use of components Disadvantage Direct advantage which were not originally designed for (with increasing integration use in conjunction with the solution depth)
Manufacturer and/or supplier Disadvantage Direct advantage independence (with increasing integration depth)
Table 1: Effects of integration and standardization on selected targets of a public agency
The table shows that there are several, cost-reducing properties of IT infrastructure components which are directly supported by integration. Interestingly, all these properties are at the same time also supported by standardization. 3.6 Criteria for the evaluation of integrated solutions When it comes to selecting new IT systems, the question arises as to what extent components which are already integrated or independent individual elements are to be used. In order to facilitate the related decisions, some questions are offered below. The positive or negative responses to these questions can serve as a basis for evaluating integrated solutions. 1. What is the degree of integration? 2. Is the documentation of the technical implementation of integration publicly accessible? 3. To what extent is the use of alternative components documented and planned? 4. Does the solution use the standard protocols implemented by the respective components for communication between the components, or are there any
Page 31 extensions or add-ons which implement only those interfaces or protocols which are designed for the integration solution? 5. If no standardized protocols and interfaces are used: Are the integration components open source software where the source code has been disclosed and can be changed? 6. If manufacturer-specific interfaces and protocols are used: Is the documentation of the protocols used open and freely accessible? 7. If manufacturer-specific interfaces and protocols are used: Are there any freely accessible reference implementations? 8. If manufacturer-specific interfaces and protocols are used: Is there any software which has been developed independent of the manufacturer of the solution and which implements the protocols in questions or which is used by the interfaces? The evaluation of integrated solutions hence depends on the question as to what extent these solutions use internally standardized interfaces and protocols and to what extent these solutions themselves are open and standardized. As a first approximation, the integration depth can be used for this evaluation. Too high a level of integration poses a risk, at least potentially, of excessive "interlinking" of components. This means that the dependency of the components on each other does not permit individual elements to be exchanged even though standardized protocols and interfaces are used. On the other hand, components with minor integration which use standardized interfaces and protocols to communicate with each other offer significant advantages in terms of concept design, implementation, test, administration and updating. 3.7 Examples and comparison of commonly used, integrated infrastructure solutions This section attempts to evaluate the implementation of different components on the basis of the above-mentioned criteria using the example of the integrated solutions from Microsoft, Novell and Univention. The examples of these three manufacturers were chosen because they represent the categories of purely proprietary software (Microsoft), purely open source software (Univention) and a hybrid of proprietary and open source software (Novell). All three solutions are component-based overall systems with differing degrees of integration. Compared to solutions consisting of individual components which are combined on a project-specific and manual basis, their manufacturers promise advantages through integration and features like "single point of administration" in terms of economic efficiency, security, availability and administration effort. Each of the solutions essentially comprises the following components: server operating system, directory service for identity and sometimes even infrastructure management, logon, file and print services, e-mail and calendar services, an IP management system, a software and update management system, as well as a client operating system with Office package, mail and calendar client as well as a web browser. The solutions hence cover the basic infrastructure demand of organizations, including the management tools necessary for operation.
Page 32 3.7.1 Microsoft Microsoft offers a system of adapted and integrated software products which provide the above-mentioned components. These are, in detail, the following. Windows 2003 Server, Microsoft Operations Manager12 and Systems Management Server13 as well as Microsoft Exchange 2007 and Windows XP/Vista, including Microsoft Internet Explorer as well as Microsoft Office 2007, including Microsoft Outlook. The related products will be discussed in detail elsewhere in this document (refer to the subjects of modules II and III) so that it is not necessary at this point to repeat this description.
3.7.2 Novell Similar to Microsoft, Novell also offers a system of adapted and integrated software products. In this case too, the above-mentioned functions are provided by the following products: SUSE Linux Enterprise Server 10, Open Enterprise Server 2, Groupwise 7, ZenWorks, SUSE Linux Enterprise Desktop 10 with integrated OpenOffice.org Office package, Evolution mail and calendar client and Mozilla Firefox web browser. Novell also distributes the corresponding individual products as an integrated overall solution under the "Open Workgroup Suite" name. Additional information can be found on the Novell websites at: http://www.novell.com/products/openworkgroupsuite/. SUSE Linux Enterprise Server The client and server operating systems used by Novell, i.e. SUSE Linux Enterprise Server (SLES) and Desktop (SLED), respectively, are Linux distributions which are completely published by the manufacturer as open source software and distributed within the framework of a maintenance (or subscription) model. Open Enterprise Server With its "Open Enterprise Server" (OES), Novell offers an SLES-based server operating system with a large part of the server applications which were formerly only supplied together with Novell netware, such as the eDirectory directory service, IP management services (DHCP, DNS), file and print services, as well as the related management tools. This offer users of the "classical" Novell products a fairly easy way of migrating to Linux as the operating system platform whilst the same, proprietary services can still be used on this basis. At the same time, OES expands the scope of functions of classical Linux server distributions with Novell-specific services, such as Novell iFolder or Novell iPrint. Groupwise With Novell Groupwise, a groupware system is integrated into the overall solution which uses SLES as its operating system basis and the eDirectory service which is included in OES for the management of users, e-mail accounts, etc. Groupwise offers the e-mail, calendar and contact management functions which are typical for groupware systems, as well as task and document management functionalities. An instant messaging solution is additionally integrated. Groupwise can be accessed with a separate client for Windows,
12 The current version is System Center Operations Manager 2007. 13 The current version is System Center Configuration Manager 2007. Page 33 a connector from Microsoft Outlook and via Novell Evolution from Linux. The system also supports a number of mobile devices. ZenWorks With Novell ZenWorks for client and server management, another product is integrated into the solution. Just like Groupwise, ZenWorks uses the eDirectory service by default as the basis for identity and infrastructure management. ZenWorks enables the configuration and software management of Windows-based and Linux-based clients and includes, for example, stock-taking functions. SuSE Linux Enterprise Desktop SuSE Linux Enterprise Desktop (SLED) is a Linux distribution which is optimized for desktop PC use and includes components, such as OpenOffice.org, the Evolution mail client and the Mozilla Firefox web browser in a pre-configured variant adapted to the overall solution. The desktop system is designed as a client for the other components and can be centrally managed by these. When compared to the Microsoft and Univention solutions, the software system from Novell can be considered to be a form of compromise: Whilst the operating system platform for the server and client is open source and contains the typical open source programs and services, the services based thereon, such as the directory service, software and client management or groupware system as well as the related management tools, are supplied as proprietary software in the same manner as Microsoft.
3.7.3 Univention Corporate Server With its Univention Corporate Server, Univention offers an integrated infrastructure solution which is comparable to the systems from Novell and Microsoft and which is completely published as open source software. The above-mentioned functions are made available by the following UCS components: UCS basic system, UCS management system with Univention Directory Manager, "Kolab für UCS" as well as Univention Corporate Desktop (UCD) with the OpenOffice.org Office package, the KDE Kontact mail and calendar client as well as the Mozilla Firefox web browser. UCS basic system The basis of Univention Corporate Server (UCS) is a Linux distribution, the so-called UCS basic system. The UCS basic system is based on the free Debian GNU/Linux distribution and is identical to it in many respects. However, Univention uses several of its own developments published as open source software, such as its own installer and its own configuration management. UCS management system On the basis of the core distribution, Univention provides the so-called UCS management system as an identity and infrastructure management system that uses widely used open source components, such as the OpenLDAP directory service, Heimdal Kerberos or OpenSSL as a basis. Similar to the identity and infrastructure management systems from Microsoft and Novell, which are based on Active Directory or eDirectory, respectively, the UCS management
Page 34 system can be used in a flexible manner for the management of different objects, sites, guidelines/directives or organization units. It includes a connector to Microsoft Active Directory with which many aspects of Active Directory can be managed via the UCS management system and vice versa. This connector supports, above all, migration projects from Microsoft systems to UCS as well as permanent parallel operation. Furthermore, other systems and directory services can be connected via different interfaces and APIs. Operation of the UCS management system is possible both via the web-based UCS Directory Manager and via a command line-orientated interface. A special feature of the UCS management system is the so-called LDAP listener mechanism. It enables the registration of plugins on UCS systems which the system calls if certain objects defined in the plugin (such as users, groups or computers) are to be generated, modified or altered. The UCS management system internally uses a domain concept with a concept that is orientated towards the familiar "domains" in Microsoft Windows. In analogy to systems from Microsoft and Novell, the central management of demanding IT infrastructures which are distributed to many locations is thus possible (refer to the "UCS environment" illustration). UCS modules Univention and other manufacturers offer modules which enable the integration of certain services or programs into the UCS management system along with their administration. Important modules offered by Univention are: Services für Windows: On the basis of Samba and other open source components, this module offers all the functions required for the rollout and operation of Windows-based clients and servers. Univention Corporate Desktop is a KDE-based desktop included in UCS; its administration is carried out via the UCS management system with a view to properties, such as functions accessible via menus, desktop icons, printer and share allocations, user privileges, etc. Kolab für UCS is a variant of the Kolab 2 open source groupware system which is integrated into UCS and which can be accessed by different clients, such as KDE Kontact, Microsoft Outlook, in a web-based manner or by mobile devices. A more detailed description of the UCS modules can be found on the Univention websites (www.univention.de). Modules from other manufacturers include, for example, the Scalix and Zarafa groupware systems as well as the OPSI software distribution and stock-taking solution.
3.7.4 Overview of components and protocols The table below shows the products or product components which the different manufacturers use in order to provide the above-described functions.
Page 35 Component Microsoft Novell Univention
Server operating system Windows 2003 Server SuSE Linux Univention Corporate Enterprise Server 10 Server 2.0 (on the basis of Debian GNU Linux "Etch")
Directory service Active Directory eDirectory OpenLDAP
Logon services Kerberos, NTLMv2, NMAS, Kerberos, Kerberos, NTLMv2 etc. NTLMv2, etc. (Samba), PAM, etc.
File services CIFS, NFS NCP, NFS, CIFS NFS, CIFS (Samba) (Samba)
Print services Windows print iPrint CUPS (Common Unix services Print System)
E-mail and calendar Exchange 2007 Groupwise 7 Kolab 2 für UCS services
IP management Active Directory ZenWorks OpenLDAP, Univention Directory Manager, ISC DHCPD, ISC DNS
Software and update Active Directory / MSI ZenWorks OpenLDAP, management Univention Directory Manager APT, OPSI für UCS
Client operating system Windows XP / SuSE Linux Univention Corporate Windows Vista Enterprise Desktop Desktop
Office package Office 2007 OpenOffice.org OpenOffice.org
Mail and calendar client Outlook 2007 Novell Evolution KDE Kontact
Web browser Internet Explorer Mozilla Firefox Mozilla Firefox
Table 2: Overview of components and protocols of the examples of integration solutions
3.7.5 Degree of integration and manufacturer dependence The systems from Microsoft and Novell both feature a very high degree of integration. Certain components, such as Microsoft Exchange and Microsoft Active Directory, are co- dependent on each other under all circumstances. In the case of Novell too, ZenWorks is fully dependent on the eDirectory service. A relatively high degree of integration also exists in the case of the Univention solution in the area of configuration and administration. The components can be installed in a manner adapted to each other and uniform administration is carried out via uniform mechanisms, such as registries and a directory service-based management system. However, the components used are practically the same as the open source
Page 36 components which are also available independent of Univention, so that there is only a very low degree of integration on the function and data levels. In terms of licenses, Univention is the only manufacturer which publishes all parts of the integrated overall solution as open source software. Although Novell's basic operating system (SUSE Linux Enterprise Server or Desktop, respectively) including the distribution components contained therein is open source software, the Open Enterprise Server components which are based thereon, such as eDirectory or Groupwise, are proprietary and are not published in the source code. Microsoft does not provide any of the components discussed here under an open source license. In view of the fact that the integration depth with Univention is rather low compared to the systems from Microsoft and Novell, and because Univention provides all components as open source software, the use of alternative components and/or the stand-alone use of individual UCS components is easiest in this case and hence manufacturer dependence lowest even though this may mean that the advantages of the integration solutions can, at least in part, be lost. The table below provides an overview of the questions which are relevant for evaluating integrated solutions on the basis of the above-described infrastructure solutions from Microsoft, Novell and Univention:
Criterion Microsoft Novell Univention
What is the degree of High Medium to high Low to medium integration?
Is the technical In part In part In part / fully via the implementation of the source code integration publicly documented?
Is the use of alternative In part In part Fully components technically feasible?
Does the solution No No Yes exclusively use standard protocols and interfaces?
Are the integration No In part Yes components open source software and can the source code be viewed and changed?
Are any proprietary, non- In part In part No disclosed or licensed protocols used?
Is the documentation of In part In part Yes the protocols used open and freely accessible?
Table 3: Evaluation of the degree of integration of the exemplary solutions
Page 37 3.8 Conclusions The use of integrated solutions offers a lot of advantages from the point of view of IT users: The components are adapted to each other; concept design, testing and implementation effort and requirements are reduced, and integrated solutions are often easier to support and update during operation. At the same time, integrated solutions involve a risk of manufacturer dependence. Especially the integration depth, but also the question as to what extent standardized interfaces and protocols can be used despite integration, can help when it comes to answering the question as to how much dependence on a manufacturer will in fact result from the use of an integrated solution. This dependence is generally lower if the solution in question is published as open source software. In this case, it is possible at any time for the source code to be analysed and changed either by the public agency itself or by any suitable external service provider commissioned with this task. The example of Univention Corporate Server and, to a large extent, also the solution offered by Novell show that integrated systems are now also available in the environment of Linux and open source software. These integrated systems offer many of the advantages of Microsoft's system components which are adapted to each other, but they lead to a significantly lower degree of manufacturer dependence thanks to a lower integration depth and open source licensing.
Page 38 B Subject: legal aspects of software migration
1 Introduction The decision by a public agency in favour of migration to proprietary and migration to open source software (OSS) is primarily based on technical and economic criteria. However, developments in recent years have shown that legal aspects have a relatively unimportant role to play. Although suppliers of proprietary software products regularly point to the alleged legal risks for users of OSS, a closer look at the legal situation does not provide any points which might be relevant for a decision against the use of OSS. Although many public agencies and enterprises having been using OSS for many years, the risks mentioned time and again have not yet materialized. Furthermore, several German courts have confirmed the sustainability of the license model under German law in recent years14. Furthermore, the legislator has meanwhile amended copyright law to include four special requirements in favour of the OSS license model15 which have helped to clarify the individual questions discussed there and which have demonstrated that the legislator is determined to strengthen the license model by amending legislation accordingly. In recent years, the legal problems related to the use of OSS in practical life hence proved to be limited. The "OSS as a legal risk" argument must be additionally put into perspective when comparing the legal situation of OSS with the potential legal problems in conjunction with the use of proprietary software. When using conventional, licensed programs, numerous legal risks must also be taken into consideration. One ultimately has to consider the specific legal advantages which the use of OSS can bring with it. Public agencies can obtain very far-reaching rights of use and hence strategic advantages from the use of OSS. The following chapter is designed to provide decision-makers at public agencies with the basic legal information necessary to select the appropriate option. Migration to OSS or to other proprietary software means that the public agency must co-operate with new contract partners. The profile of the services used changes, and this also applies to the legal evaluation of these contractual relationships. Questions related to copyright and patent law must be answered in this context. Furthermore, liability risks must be evaluated and the question must be answered as to which claims a public agency can raise against its contract partners and third parties if the programs are defective or if third-party rights prevent the use of programs. Finally, procurement processes must be designed in such a manner that invitations to tender and awarding decisions are compatible with the requirements of contract awarding law. During this process, the legal risks and opportunities in conjunction with the use of OSS or proprietary software must be compared to each other in each case.
14 Refer to, in particular, Landgericht München [Munich regional Court], decision dated 19 May 2004, case: 21 O 6123/04, Computer und Recht 2004,p. 774; LG Frankfurt a.M. [Frankfurt am Main Regional Court], decision dated 6 September 2006, case: 2-6 O 224/06, Computer und Recht 2006, p. 729; LG München [Munich regional Court], decision dated 12 July 2007, case: 7 O 5245/07, Computer und Recht 2008, p. 57 (not yet non-appealable). 15 Refer to sections 31a (1) sentence 2, 32 (3) sentence 3, 32a (3) sentence 3, 32c (3) sentence 3 of the German Copyright Act [§§ 31a Abs. 1 S. 2, 32 Abs. 3 S. 3, 32a Abs. 3 S. 3, 32c Abs. 3 S. 3 UrhG]. Page 39 The following discussion will focus on the public agency as a user of information technology. Questions related to the development and distribution of OSS by public agencies will be dealt with only marginally. These issues are outside the focus of this migration guide. This chapter will concentrate on four aspects as follows. • Law of contracts • Copyright and patent law • Liability and warranty • Contract awarding law
2 Method The legal discussion generally deals with both migration paths. The legal situation with the use of OSS is to be examined as the starting point for the discussion of the above- mentioned aspects. Remarks at the end of the individual sections will serve to compare the situation of a migration to proprietary software. The special legal aspects related to the use of OSS will be of prime interest. This focus is justified because migration to proprietary software initially means that there will be no differences compared to the starting situation for a public agency. In contrast to this, migration to OSS leads to significant changes in the legal situation. Against this background, it is clear that decision-makers are primarily interested in the legal situation of OSS. This migration guide is orientated towards this focus of interest. Legal issues related to OSS have caused a real flood of legal publications in recent years16. Furthermore, the above-mentioned decisions by German courts must be taken into consideration which have confirmed the legal validity of many aspects of GPL. It should, however, also be noted that no supreme-court decisions have so far been passed on legal issues related to OSS which would have finally determined the legal issues presented here. Furthermore, the strongly academic legal literature does not agree on all issues. This migration guide cannot claim to present each and every detail of this specialized legal debate. Instead, an understandable presentation and brief explanations of prevailing opinion in each case are to support the readers in their decisions. Dissenting views on individual issues in legal literature are hence possible.
3 The need for legal advice in each individual case The section on legal aspects has two aims. One the one hand, it offers targeted information in order to counteract unjustified concerns. On the other hand, it appears to be necessary to point to legal problems where these really exist. When one of the legal problems actually occurs, this migration guide cannot replace legal advice in the individual case in question. Public agencies will then have to refer to legal offices, legal departments or external expertise, in particular, from legal counsels. This is also applicable to the design of contracts in every single case.
16 A list of around 60 German and many foreign language articles can be found at: http://www.ifross.de. Page 40 4 Law of contracts 4.1 Introduction One argument which is typically raised against the use of OSS concerns the allegedly unclear contractual relations. Suppliers of proprietary programs often point out that, with their distribution model, public agencies can obtain everything from a single source so that the names of the contact partners for the public agencies are clear whilst OSS users are faced with a decentralized community of developers spread all over the world, so that it would be impossible to reach those responsible in cases of liability or warranty, for example. A detailed examination of the contractual situation of an OSS purchase puts pay to this argument. In a typical case where a public agency buys OSS from a dealer or service provider in order to use such OSS according to its proper purpose, the only contract which is made is with this very dealer or service provider. The legal situation is then neither more complex nor legally more disadvantageous than in the case of proprietary software. Software license agreements generally cover two different objects, i.e. the software as such, i.e. the bits and bytes, and the right to use the software which, in line with international usage, is often termed the "license". The license can grant the user different rights. It can permit the simple use of the software, or it can grant users development and distribution rights. Proprietary software licenses typically permit the running of the program only; OSS licenses, in contrast, are characterized by the granting of particularly far-reaching rights. OSS users normally do not receive the software as such directly from the owners of the rights, i.e. from the owners of the intellectual property rights in OSS as the developers or companies who created the programs. Users typically buy a distribution, either directly from the distributor or from a service provider. One case which is also conceivable for small public agencies – although of lesser relevance in practical use – is the purchase of a distribution from a retailer. In all of the above-mentioned situations, the acquisition of the rights from their owner on the one hand and the purchase of the bits and bytes on the other constitute separate transactions. This typically takes the form of a three-party relationship between user, owner of the rights and dealer (distributor, software house, consulting firm, retailer, service provider) with legally independent contractual relationships in each case:
Fig. 2: Contractual relationships
Page 41 As a precondition for using the software, the user initially needs a contract with the dealer. This contract is the basis for purchasing the software as such. The purchase of a lawfully distributed program copy alone entitles the user to use the program in accordance with its terms of use. If a user wishes to make use of the additional rights under the GPL or another OSS license, another contract must be signed, this time, with the owners of the rights. The OSS license is only relevant if such use of the OSS is desired. If, in contrast, the user only wishes to run the software, it is not necessary to sign a license agreement with the owners of the rights. The most important OSS licenses (GPL version 217, GPL version 318 and Lesser GPL version 319) exclude the simple use of the program from their scope of application; refer to section 0, paragraph 2 of 2 GPL version 2 ("Activities other than copying, distribution and modification are not covered by this license; they are outside its scope. The act of running the program is not restricted [...].") as well as section 9 of GPL version 3 ("You are not required to accept this license in order to receive or run a copy of the Program."). This corresponds to German copyright law. Pursuant to section 69d (1) of the German Copyright Act (UrhG), the "use of a computer program in accordance with its terms and conditions" does not depend on a license or other permission by the owner of the right on condition that the program was lawfully distributed. As long as the distributor and the dealer adhere to the terms and conditions of the license and on condition that the program was lawfully distributed, the user does not require a contract with the owners of the rights in the program for the simple use of the program. The GPL or another OSS license is then irrelevant. Some OSS licenses do not explicitly exclude simple use; this applies, above all, to BSD licenses20. However, this does not affect the fact that users of a lawfully distributed program usually do not require another license if they only wish to use the program in accordance with its terms and conditions. If no license agreement is signed, the relationship is that of a simple two-party relationship between user and service provider. This means that any liability and warranty claims must be directed against the service provider. Pursuant to the German Copyright Act, use in accordance with the terms and conditions also includes a backup copy (section 69d, (2)), the elimination of defects (section 69d, (1)) as well as decompiling for the purpose of achieving interoperability with other programs (section 69e). A license agreement must not be signed unless and until more program copies than one backup copy are made and distributed or unless and until the program is modified for any purposes other than the elimination of defects. Whether the OSS licenses are relevant for a public agency is thus dependent upon the type of program use in the specific case. If, for example, a public agency uses a single Linux distribution in order to equip a large number of workplaces, this will have to be interpreted as an act of duplicating under German copyright law, so that an OSS license must be obtained. The same applies to the distribution of program copies to other public
17 Refer to: http://www.gnu.org/licenses/old-licenses/gpl-2.0.html 18 Refer to: http://www.fsf.org/licensing/licenses/gpl.html 19 Refer to: http://www.gnu.org/licenses/lgpl.html 20 Refer to: http://www.opensource.org/licenses/bsd-license.php Page 42 agencies, the provision of public access in data networks, as well as further development.
Use without a license agreement Use with a license agreement Running the program Running the program Backup copy Backup copy Elimination of defects Elimination of defects Decompiling for interoperability Decompiling for interoperability
- Duplication - Modification - Distribution - Making publicly available
Table 4: Relevance of OSS licenses for users
4.2 Contractual relations with OSS: contract with dealer Different cases subject to different legal provisions are conceivable for the relationship between the public agency as the user and the party from which it received the program. This is important especially for liability and warranty issues. In the simplest constellation, the public agency acquires a standard OSS without availing itself of any further services of its contract partner. If consideration is to be paid, the provisions concerning purchase agreements must be applied. If, in contrast, the software is distributed for free, the provisions of gift law are applicable. This concerns, for example, the free downloading of a program from a distributor's website. Public agencies are also entitled to make use of offers of this kind. The legal situation is more difficult if the program is made available within the framework of a larger work or service. As a general rule, one can say that an artificial split-up of the individual parts of the work or service into individual contracts to the disadvantage of the public agency is not possible under the law of contracts. If, for example, hardware is distributed with pre-installed OSS and if single consideration is demanded for the overall performance, the underlying contract is a single purchase agreement. If, in contrast, the software is explicitly given for free whilst the hardware is sold, the provisions of purchase and gift contracts must be combined. This applies analogously to the integration of the software license into a comprehensive service offer. In this case, the statutory provisions concerning service contracts must be combined with those of purchase or gift contracts, depending on whether consideration must be paid for the program or not. The explanation of the development of new software must be limited to an overview at this point. The treatment of contracts on the development of custom software is at present very controversial in legal literature. Pending a final court decision, one will have to accept that some experts maintain that the law on contracts for work and services
Page 43 must be applied, whilst others consider the law on contracts for sale to be relevant.21 If existing OSS is to be further developed on behalf of a public agency, the legal assessment depends on whether the previously existing program parts were already available at the public agency or whether these had to be provided by the supplier beforehand. The first case is that of an isolated contract for work and services or a contract of sale for the newly added program parts, whilst the second case represents a single contract. If the special terms and conditions of contracts for IT (EVB-IT) or the special terms and conditions of contracts (BVB)22 are applied, it must be examined from case to case whether the terms and conditions of the contract are compatible with those of the relevant OSS licenses. The use of the standard agreements without modification can pose problems under certain conditions. Two examples will illustrate this in more detail. The application of the supplementary terms and conditions of contracts for the procurement of IT services (EVB-IT), contract type A and type B, is subject to certain conditions if the standard open source software is obtained from a dealer. The above- mentioned contracts foresee the granting of rights by the supplier (i.e. the dealer); this is, however, usually not possible if OSS is acquired because the dealer does not own the corresponding rights and is hence unable to grant any rights of use. This means that the clauses concerning the granting of a license would have to be deleted here in order to be able to use the form. The application of the special terms and conditions of contracts (BVB) without modification is only possible if the public agency orders a completely new development. In the case of contracts on the further development of existing GPL software, the contract form requires certain modifications: It contains clauses which are not compatible with the terms and conditions of the GPL and which would hence have to be deleted or modified23. The contract between the public agency and service provider is always subject to German law if both the public agency and the service provider are domiciled in Germany. In this case, both the legal effect of the contracts and the contractual liability and warranty are subject to German law. If the service provider, in contrast, has its place of business outside Germany, foreign law may be applicable unless the contract with the public agency provides that German law is applicable. This is urgently recommended. Since the OSS licenses are irrelevant for this contract, the parties are free to design the contract as they deem appropriate to the extent permitted by law.
Type of service provided by the dealer Type of contract Standard OSS, against payment Contract for sale
Standard OSS, free Contract for gift
Combination of hardware and standard Single contract for sale OSS: Both against payment or free software
21 For an up-to-date overview of the state of the debate, refer to Redeker, IT-Recht (4th edition 2007), pp. 91 seq. 22 Available at: http:///www.kbst.bund.de/. 23 This is applicable, in particular, to the right-of-use clause in section 6 and the provision concerning the disclosure of the source texts to the customer. Page 44 Type of service provided by the dealer Type of contract New development of OSS Contract for work and services (other opinion: purchase)
Further development of OSS Contract for work and services (other opinion: purchase)
Table 5: Contracts between user and dealer
4.3 Contractual relations with OSS: contract with the owners of rights The mere running of programs by the public agency does not require the conclusion of a license agreement. The only contractual relations which are established are with the dealer from whom the public agency has bought the software. However, if the public agency wishes to use the software in a manner which goes beyond the scope of "use in accordance with the terms and conditions" within the scope of section 69d of the German Copyright Act, it will require the consent of the owners of the rights to this effect. This is the only case in which the OSS licenses are of any practical relevance. In order for the OSS licenses to become legally relevant, a corresponding contract must be made, i.e. an offer must be submitted and accepted. In legal terms, a program which was subjected to an OSS license constitutes an offer to anybody to enter into a license agreement subject to the applicable terms and conditions of the license (GPL or equivalent). Whoever wishes to enter into such a license agreement can accept this agreement by performing an act which any licensee is permitted to perform under the license, i.e. to copy, distribute or modify the program. The license agreement is automatically concluded by this act alone without the need for any direct contact with the owners of the rights via e-mail or in any other form. Under German contract law, a contract can be effectively concluded even when the offerer waives receipt of the declaration of acceptance24. The effective conclusion of such a contract is not prevented by the fact that the only legally binding form of the OSS licenses which are typically used is the English version of such contracts. Pursuant to the decision by Munich Regional court dated 19 May 200425 and according to the vast majority of legal authors, this is at least the case if a company or a public agency wishes to become a licensee. One legal problem with OSS contracts is, however, the fact that it is often very unclear who the owner of the rights is. This applies to all those OSS programs which were written by a wide-spread community of developers. GNU/Linux is the most familiar example of this. Hundreds of programmers all over the world have worked on this program. Some of them were free developers who own the copyrights for those parts which they contributed. Others worked as employed programmers. In this case, their employers are the owners of the most important rights26. Other programmers, on the other hand, have assigned their rights to organizations, such as the Free Software Foundation Europe which holds and manages these rights in trust.27 Whoever acquires a
24 Refer to section 151 of the German Civil Code (§ 151 BGB). 25 Refer to Munich Regional Court, decision dated 19 May 2004; see footnote above. ■ 26 Refer to section 69b of the German Copyright Act (§ 69b UrhG). 27 Refer to the corresponding project of Free Software Foundation Europe at: http://www.germany.fsfeurope.org/projects/ftf/fla.de.html. Page 45 GNU/Linux license today, simultaneously enters into identical agreements with all those owners of rights with the contents of the GPL/LGPL. This makes the legal situation very complex in theory. In practice, however, this does not lead to any disadvantages for users which might be relevant for a decision. Since all the owners of the rights use the same terms and conditions of contracts for a program licensed according to the terms and conditions of the GPL and since they all conclude the contract with the user at the same time, it does not make any difference at the end of the day whether the user receives the offer to acquire rights to use the program from one or more owners of rights. Furthermore, the problem of a widely distributed community of owners of rights is not equally pronounced with all OSS programs. Some of the most frequently used programs were developed by companies and only later released subject to the terms and conditions of an OSS license. This is, for example, the case with OpenOffice.org. The rights in the most important parts are owned by a company, so that the contract situation is simpler. As far as applicable law is concerned, differentiation is necessary for the license agreements. All the (initial) questions of copyright and patent law – above all, whether corresponding rights exist, who is the owner of the right, under which conditions can licenses be granted – are subject to German law on condition that the relevant use activity (copying, distribution, modification, etc.) takes place in Germany. Issues related to the law of contracts – in particular, preconditions for the conclusion of the contract, interpretation of licenses, contractual liability and warranty – are not subject to German law unless the owners of the rights have their domicile or regular place of residence in Germany. In many cases, however, the owners of the rights are domiciled in the US or any other country rather than in Germany. This then means that the above-mentioned issues are subject to the laws of the respective foreign country. A jurisdiction clause is unlikely to help in most of these cases. If the rights in a program are owned by a global developer community, it will hardly be possible to reach any special agreements beyond the terms and conditions of the standardized OSS licenses. If, in contrast, the rights are owned by a company or a smaller community, it may be possible to reach a special agreement concerning applicable law.28
28 MySQL, for example, offers two license options. Users can either use the software subject to GPL conditions or obtain a "commercial license"; refer to http://www.mysql.com/company/legal/licensing. In this case, jurisdiction clauses may be possible from case to case. Page 46 Legal question Applicable law
Contract with dealer Coming into effect of the The law of the country where contract the dealer has its place of business Interpretation
Legal consequences of failure to perform
Contractual liability and warranty
Contract with the Coming into effect of the The law of the country where owners of rights contract the owner of the rights has its place of business Interpretation
Legal effects of conflicting rights of third parties
Protection capability of the The law of the country for work or invention which protection is sought (i.e. the country where activities Existence of copyright and with relevance for copyright patent rights and/or patent law have taken place) Ownership of rights
Assignability
Licensability
Table 6: Applicable law
4.4 Comparison of migration to proprietary software and to OSS If the suppliers of proprietary software are to be believed, the contract relations for the use of proprietary software are simpler and hence more advantageous than with OSS. This is, however, only the case under certain conditions; other situations may mean that the contract situation with proprietary software is less favourable compared to OSS. Differentiation is hence necessary. Constellations are possible with both distribution models where the public agency must sign just one contract with one partner in order to obtain a software license. In certain cases, the owner of the rights in a proprietary software may even directly grant these rights to the public agency. This contract is then a contract between two (legal) entities covering both the use of the bits and bytes on the one hand and the granting of rights of use on the other.29 The advantage of this is a clear-cut and simple structure. As long as the public authority uses the software solely in accordance with its terms and conditions, there is nothing except such a two-party relationship even in the case of OSS. This is because no license agreements are concluded with the owners of the rights if OSS is used solely in accordance with its terms and conditions (which is the typical case).
29 Refer, for example, to contract type A within the scope of the supplementary terms and conditions of contracts for the procurement of IT services (EVB-IT) which is tailored to this application; to be found at: http//www.kbst.bund.de/. Page 47 However, in the case of a three-party relationship involving user, owner of rights, and dealer, legal problems increase in the case of proprietary software. Proprietary software is not always made available on the basis of a two-party relationship. Smaller public agencies, in particular, often buy software from dealers or other local service providers rather than from the owner of the rights. This case can also lead to three-party relationships whenever the owner of the rights demands the conclusion of a license agreement. Suppliers of proprietary programs typically demand that the buyer of a standard program enters directly into an additional "End User License Agreement" (EULA) in addition to the purchase agreement with the dealer. This license agreement typically comes into effect by clicking an "OK" button or by using the software.30 Renowned authors have good reason to deny the legal effect of such agreements.31 However, court decisions on this matter are not available. The owners of rights have so far not filed action against customers for compliance with the often restrictive license agreements. In contrast to this, the distribution of OSS via retailers or dealers and/or service providers poses less of a problem. As long as the public agency uses the software exclusively in accordance with its terms and conditions, no license agreement is made and entered into with the owners of the rights. If, however, a license agreement is necessary because the public agency wishes to make use of the rights under the GPL or any other OSS license (for example, because the agency wishes to copy or modify the program), the resultant three-party relationship generates fewer legal problems than EULAs do. Whilst the OSS license grants to users rights which go beyond use according to the terms and conditions of use as permitted by law, EULAs restrict these rights by imposing bans on distribution, CPU clauses and the like to the users' disadvantage. But why should a user who bought a lawfully distributed program copy and thereby acquired the right to use a program in accordance with the terms and conditions of use pursuant to sections 69d and 69e of the German Copyright Act be retroactively accept any restriction of these rights? It is more than questionable to interpret the clicking of the "OK" button as the user's consent if the only way to use the software already bought is to click this button. These specific problems of EULAs do not apply to OSS licenses.
5 Copyright law 5.1 Introduction A second group of legal arguments which allegedly speak against the use of OSS is related to copyright issues. Suppliers of proprietary solutions often argue that the granting of rights in the normally used OSS licenses is not compatible with German copyright law. Another point is the allegedly increased risk of violating third-party copyrights with the use of OSS and the related claims for damages. In practical life however, the legal issues mentioned in this context do not lead to any risks for users that are worth mentioning. Instead, a comparison with customary terms and conditions of
30 Concerning the contracts typically used today in this area, refer, for example, to Marly, Softwareüberlassungverträge (4th edition 2003), pages 213 seq. with numerous practical examples of contracts. 31 This result is also reported by Marly, loc. cit., page 225; refer also to Dreier/Schulze, Urheberrechtsgesetz (2nd edition 2006), section 69 c [§ 69c], marginal number 33; Redeker, IT-Recht (4th edition 2007), pages 170 seq. Page 48 licenses for proprietary software shows that the use of OSS is advantageous for public agencies from a copyright perspective. 5.2 Validity of OSS licenses under German copyright law If it is necessary for a public agency to obtain an OSS license, the question now is whether the rights and obligations set forth in the licenses are valid with a view to copyright law aspects. This is an important point for planning safety in terms of the rights acquired and the related obligations. If the host of relevant legal publications were to be put in a nutshell, one could say that the GPL and the other commonly used OSS licenses are in principle compatible with German copyright law. This is also the result of the above-mentioned decisions by the Munich and Frankfurt am Main Regional Courts which ruled that the central provisions of the GPL (sections 2, 3 and 4) are unobjectionable from a copyright perspective.32 The legal concerns expressed by authors in relation to individual clauses of the OSS licenses have not yet materialized as lawsuits or other practical problems. However, these issues will be discussed here in order to counter potential concerns on the part of public agencies. A first problem which is often mentioned is the fact that due to section 31 (4) of the German Copyright Act (old version), German copyright law does not permit the granting of rights for uses which are not known at the time the contract is made. If the time the license was granted for the first time by the owner of the rights is taken as the relevant point in time, it is argued, it may well be questionable, for example, for the Linux kernel whether this also includes uses where the economic importance of use did not become apparent until the end of the 1990s.33 The so-called Application Service Providing is mentioned here as an example. In the past, this problem has not visibly materialized in practical life. Furthermore, it was resolved for the future by the revised Copyright Act which came into effect on 1 January 2008. Pursuant to section 31a (1), sentence 2 of the German Copyright Act, OSS licenses can in future also grant rights in unknown types of use without the need to adhere to the written form which is otherwise required pursuant to section 31a of the German Copyright Act. Furthermore, payment of special remuneration is not necessary as a precondition for the granting of the corresponding rights of use because the legislator has implemented an exemption rule for OSS licenses in section 32c (3), sentence 3 of the German Copyright Act. A second aspect which is mentioned is the principle of exhaustion pursuant to section 69c, No. 3, sentence 2 of the German Copyright Act.34 However, the question of exhaustion of the distribution right is irrelevant from the public agency's perspective as a user. The OSS licenses do not prohibit the distribution of a program copy which was lawfully brought into circulation, with no conditions being attached to the distribution thereof.
32 Refer to Munich Regional Court, decision dated 19 May 2004; see footnote above. ■; Frankfurt am Main Regional Court, decision dated 6 September 2006, see footnote above ■; Munich Regional Court, decision dated 12 July 2007, see footnote above ■. 33 Refer, for example, to Spindler, Rechtsfragen bei Open Source (legal issues with Open Source) (2004), pages 75 seq. 34 Refer to Spindler, Rechtsfragen bei Open Source (legal issues with Open Source) (2004), pages 91 seq. Page 49 A final aspect to be mentioned here concerns the rights of personality of the software developers as the originators of the program.35 Pursuant to section 69a (4), (14) of the German Copyright Act, the originator of a computer program can defend himself or herself against distortion or impairment of his or her work in as far as such distortion or impairment is capable of violating his or her personal or intellectual interests. This right of prohibition is in conflict with the freedom of modification which the OSS licenses grant to every user. If a computer program is changed, the rights of personality of the originator are probably only violated in exceptional cases. However, no conflicts between owners of rights and users of OSS have been reported so far from practical applications. 5.3 Extent of rights granted with OSS licenses The theoretical problems described here in conjunction with the granting of rights of use through OSS licenses should not conceal the fact that the granting of rights of use through OSS licenses involves considerable practical advantages for the user. These advantages can be relevant for a migration decision at public agencies. If a public agency needs to use a program beyond the pure use thereof in accordance with its terms and conditions, this is possible without any problems in the case of OSS. A license only corresponds to the criteria of the open source definitions36 and of the free software definition37 if it grants users comprehensive "freedom" in the use of the program, in particular, the freedom to copy and distribute the program in a modified or unchanged form. In legal terms, this means the granting of simple rights of use subject to copyright law pursuant to section 31 (2) of the German Copyright Act. This acquisition of comprehensive rights is a very simple process. Whoever wishes to make use of the rights under the licenses can do so as long as he or she abides by the obligations under the respective license. The rights of use are granted for free. Some authors point out that the granting of the right of non-physical distribution, in particular, the making available for downloading via the Internet, is questionable with some of the most important OSS licenses.38 Although both the GPL and the BSD license explicitly grant the right to physically distribute the program, they do not explicitly mention the case of non-physical distribution. In this context, reference is also made to section 31 (4) of the old version of the German Copyright Act, the question being as of when the economic importance of distribution in data networks was known.39 One must, however, also consider that the US term "distribute" also covers forms of non- physical distribution. Furthermore, the interpretation will be generally subject to one of the 50 US contract laws because the licensor has its place of business in the US. If interpretation is subject to German law, however, one must consider that the terminology of the above-mentioned OSS licenses refers to US law. This means that this terminology must also be considered when German law is applied.40 Finally, the last paragraph of
35 Refer, for example, to Teupen, "Copyleft" im deutschen Urheberrecht (2007) ["Copyleft" in German copyright law], p. 192. 36 Available at: http://opensource.org/docs/osd. 37 Available at: http://www.gnu.org/philosophy/free-sw.html. 38 Refer, in particular, to Spindler, loc. cit., page 82. 39 Refer, in particular, to Spindler, loc. cit., page 82. 40 Refer to Metzger, in: Hilty/Peukert, Interessenausgleich im Urheberrecht [Interest harmonization in copyright law] (2004), 253, 260 with further references. Page 50 section 3 GPL version 2 should be referred to. It reads: "If distribution of executable or object code is made by offering access to copy from a designated place [...]; in this context, the term "designated place" can only mean an Internet address from which the program can be downloaded. This also suggests that non-physical distribution is included. With a view to section 31 (4) of the German Copyright Act, the above explanations can be referred to. As a result, one can hence assume that distribution via data networks, such as the Internet, is also permitted pursuant to GPL version 2 and the BSD license. Section 2 of GPL version 3 now explicitly foresees the permission of online distribution. The term "propagate" as used therein also includes, according to the definition in section 0 of the license, the right to provide public access.41 This problem will hence become even less important in the future because many OSS programs can already be used on the basis of the terms and conditions of GPL version 3 and, furthermore, because further projects are likely to change to the new license. 5.4 Conflicting copyright of third parties An often-heard concern in conjunction with the use of OSS is the issue of conflicting copyright of third parties. Are OSS users exposed to a higher risk of claims for damages and forbearance? The lawsuit between SCO and IBM which has been underway for many years offers a practical example42. SCO blames IBM for having integrated into Linux parts of programs in which SCO claims to have the rights without IBM having the necessary permission and thereby for having violated business secrets, contracts and the copyright in the modules in question.43 The details of this lawsuit will not be discussed further in this document. This merely serves to illustrate the following question: Which risks does a public agency have to fear if it is retroactively discovered that OSS is subject to third parties' rights? Two situations must be distinguished in order to answer this question. It makes a difference whether the public agency (1.) copies, distributes or changes the software or (2.) whether it merely uses the software in accordance with its terms and conditions. In the first case, it is obvious that such use is only permitted under copyright aspects if the owner of the rights has granted the relevant rights, in particular, if the owner of the rights has subjected the program or the parts thereof in which it owns the rights to an OSS license. If it is retroactively found that the apparent licensor does not own the rights in the complete program, the public agency can be prohibited from future distribution etc. of the complete program. Damages can be claimed for the past in the case of a fault on the part of the public agency.44 Users of copyrighted goods must inform themselves of the rights necessary for this purpose in order to avoid violating their diligence obligations. If the programs in question are known OSS programs or modules which have been freely
41 Refer to Jaeger/Metzger, Die neue Version 3 der GNU General Public License, Gewerblicher Rechtsschutz und Urheberrecht 2008 [The new version 3 of the GNU General Public License, industrial property protection and copyright law] 130, 134. 42 Refer to the action filed in Salt Lake City on 6 March 2003 at: http://www.sco.com/scoip/lawsuits/ibm/ 43 With regard to the course of the lawsuit, refer to the numerous documents generated during the action which are available at: http://www.groklaw.net. 44 Concerning the calculation of damages, refer to Schricker-Wild, Urheberrecht [Copyright law] (2nd edition 1999), § 97, marginal numbers 56 cf. Page 51 available for some time without any objections having been raised and which have additionally been widely distributed, for example, by way of addition to an official release of one of the major distributors, a public agency should usually be able to trust in the purported licensors owning the rights in the programs. However, in the case of less widely distributed programs, which have not been available as OSS until recently, it may be advisable to actively explore who actually owns the rights, in particular, by contacting the purported owners of the rights as well as suppliers of similar, proprietary competition products. Claims for both forbearance and damages always only refer to that part of the program which is subject to conflicting rights of third parties. This means that the distribution of the other parts of the program which are not subject to rights of third parties can continue. The legal situation is somewhat more difficult in the second case. One potential problem in this context is that the dealer from whom the public agency received the program was not authorized to distribute it because the OSS license did not grant him the rights necessary for this. As a result, the public agency is prevented from invoking section 69d (1) of the German Copyright Act because its program copy was not lawfully brought into circulation. At first glance, the result seems to be that the public agency is prevented from using the program as a whole because it was not lawfully brought into circulation. However, this first impression is deceptive. As already mentioned, some OSS licenses, such as the BSD license, also grant users the right to simply use the software, i.e. to run the software in accordance with the applicable terms and conditions. These clauses become relevant if the user is unable to invoke the statutory license under section 69d (1) of the German Copyright Act because the underlying preconditions are not fulfilled. The GPL too, which does not include simple use in its sphere of application, offers users a remedy for this situation. Section 7 of GPL version 2 and section of 12 GPL version 3 prohibit the distribution of a program under the GPL if this has been prohibited by a court ruling or in any other way. In such a case, however, only the licensee's rights are to be terminated pursuant to section 4 of GPL version 2 and section 8 of GPL version. In contrast to this, legal positions of third parties who have received copies of the program from the licensee are to remain unaffected as long as such third parties abide by the terms and conditions of the license. It is clear that this can only apply to those parts of a program for which the licensors actually own the rights. Use of these program parts can continue. With regard to those parts of the program which are subject to third parties' rights, claims for forbearance and damages may be raised against the public agency under the conditions as aforestated. Imagine the following example. A development project places complex database software under GPL and distributes the program. Public agency A downloads the software, modifies it for agency-specific requirements and distributes it to public agencies B, C and D. If it is subsequently found that one of the programmers in the project was careless and adopted individual parts of the program in violation of copyright, the owner of the rights in such program parts can generally only forbid the distribution and use of these program parts. This means that A can be prohibited from distributing these program parts, but not the rest of the program. If the violating part can be replaced, distribution of the entire program thus corrected can be resumed. B, C, and D too can only be prohibited from using the program parts that are subject to third-party rights. If
Page 52 these parts can be replaced or deleted, for example, because the respective user does not need the program parts in question, it is possible to continue using the rest of the program. Whenever a public agency is faced with claims based on conflicting rights on the part of third parties, the question is in each case whether the public agency, for its part, can raise claims against its contract partners. This is a warranty question (refer also to chapter I.B 7). 5.5 Comparison of migration to proprietary software and to OSS With regard to copyright issues, several relevant differences exist between migration to proprietary software and migration to OSS from a public agency's view as a user.
First of all, it should be noted that the legal problems of OSS licenses discussed in chapter 5 can also occur with proprietary license models in as far as these can become practically relevant at all. These legal questions are not specific to OSS. The related legal problems can occur both with OSS and with proprietary software. There are significant advantages of OSS compared to competing proprietary products with a view to the extent of the rights granted. OSS licenses permit public agencies very comprehensive use of the programs; the acquisition of these rights is free and the procedure could not be easier. In contrast to this, proprietary software licenses typically restrict the use of the software to the underlying terms and conditions. Furthermore, customary software licenses contain a host of restrictions on use and distribution which additionally limit the freedom of users which is very limited anyway. Users who need additional rights, for example, in order to modify the software or to use it in a broader context typically have to pay a higher fee. Contracts of this kind are quite customary and also legally effective in many cases, for example, the increase in license fees if software is used on more powerful hardware.45 In as far as claims for forbearance and damages as mentioned in chapter I.B 5.4 are concerned, certain advantages may arise for migration to proprietary software. Although one must say that a public agency as a user of software can never be absolutely certain that no rights of third parties conflict with the further use of a program, problems of this kind are all the more unlikely the more trustworthy and transparent the origin of a program. OSS may under such circumstances be subject to certain disadvantages because the origins of a program may be impossible or difficult to trace whilst those of a competing, proprietary product are very clear. This highlights the disadvantages of distributed development within the framework of communities which may be spread all over the world. However, the opposite situation is also conceivable where the origin of a proprietary program is less transparent than that of competing OSS; this is all the more valid because in the case of OSS the public agency can inspect the source code in each case and thereby obtain information concerning the origin of the program. This means that competing products must be compared from case to case. When evaluating migration projects to proprietary software, one will also have to consider the experience which a public agency made in the past with the respective suppliers.
45 Refer to the Federal Court of Justice (Bundesgerichtshof) decision dated 24 October 2002, Neue Juristische Wochenschrift 2003, 2014. Page 53 Migration to OSS Migration to proprietary software Legal validity of individual No legal problems with No legal problems of any license clauses under practical relevance from the practical relevance given a copyright law users' point of view suitable design of contracts
Scope of rights granted Very far-reaching Restrictive in many cases
Risk of conflicting rights on the Higher in the case of unclear Higher in the case of unclear part of third parties origin, lower in the case of origin, lower in the case of trustworthy projects trustworthy suppliers
Table 7: Copyright issues
6 Patent law 6.1 Introduction In recent years, patent law questions have moved into the focus of the debate on the legal security of OSS. Fear of legal risks from patents are fuelled both by competing suppliers of proprietary products and by OSS projects themselves which regularly point to the legal risks from software patents, most recently in a prominent place in the preamble to GPL version 3. A closer look, however, shows that the legal risks from the use of OSS can be mastered. The much-discussed legal questions are explicitly excluded in the following sections of the migration guide which focuses on the legal status quo from the perspective of a public agency as a user. When looking at the status quo, one should first point out that the European Patent Office alone has granted more than 30,000 patents for program-related inventions in all fields of technology and engineering since 1993. These patents include inventions, for example, in automobile construction, mechanical engineering and control and instrumentation technology because computer programs are used in these areas. The patents issued by the German Patent and Trade Mark Office in this area must be added to this number. This today already provides a realistic picture of the legal problems which OSS users may be faced with as a result of patents in the diverse fields of information technology, irrespective of the European "directive on the patentability of computer-implemented inventions" which failed in July 2005.46 However, the legal problems discussed in the following will inevitably increase in number as the number of patents grows. The "Limux" project of the city of Munich is one historical example of a migration project by a public body which had to be temporarily suspended because of patent law issues.47 A study commissioned by the city of Munich concluded that "the risk that the city of Munich will be involved in a patent infringement lawsuit can be rated as low in the light of the current legal situation".48 The city consequently continued the project. No patent infringement lawsuits against OSS users on the grounds of this use have been reported so far.
46 Concerning the drafts by the European Commission, the Council of Europe and the European Parliament in detail, refer to Metzger, Softwarepatente im künftigen europäischen Patentrecht [Software patents in future European patent law], Computer und Recht 2003, 313 and Metzger, EP: Eindämmung der Softwarepatente verabschiedet [EP: Adoption of software patent restrictions], Computer und Recht 2003, p. 871. 47 Refer to: http://www.muenchen.de/limux. 48 Refer to the Sedlmaier/Gigerich study dated 10 September 2004, to be found at: http://www.jurpc.de/aufsatz/20050010.htm Page 54 6.2 Conflicting patent rights of third parties in the case of OSS use Patent law problems can occur, in particular, for public authorities using OSS if patents which are infringed by the use of software are owned by third parties. The question as to whether a patent is infringed upon must be decided by reference to section 9 of the German Patent Act (§ 9 PatG). Both in the case of a so-called product patent pursuant to section 9 No. 1 of the German Patent Act (combination of hardware and software, program-controlled machines, etc.) and in the case of a process patent pursuant to section 9 No. 2 of the German Patent Act (doctrines for technical action implemented in software, for example, a program-controlled measuring method), one will have to assume that the use of proprietary software merely in accordance with its terms and conditions can already constitute an infringement of this patent. In as far as the product patent is concerned, the use of the program can constitute "use" as defined in section 9, No. 1 of the German Patent Act. If, for example, a public agency uses a patented machine, this constitutes an infringement of the patent. Restrictions to this are only conceivable if only part of the product used by the public agency is patented. The crucial question here is whether the patented part is of material importance for the whole. In the case of a process patent, the mere use of software alone can constitute "use" of the patented process in the meaning of section 9, No. 2 of the German Patent Act and hence a patent infringement. The distribution of the program ("bringing into circulation" or "offering") also constitutes a patent infringement in both cases. In the case of a patent infringement, claims for forbearance and damages can be raised against the public agency. Damages are to be paid even under patent law aspects only in the case of a fault on the part of the public agency which may include cases of slight negligence. Courts pursue a very restrictive line especially in the case of companies. It is, in principle, expected that users inform themselves about existing property rights. A somewhat less restrictive approach is, however, possible in cases in which a company uses the program just like an end user without having more profound technical knowledge49. These principles will have to be applied in the case of public agencies too. Public agencies using as end users programs which they bought from professional distributors or service providers can usually rely upon the supplier having examined and proceeded in accordance with the intellectual property right situation when compiling the programs. The public agency does not have any special examination obligations in such a case. Under these conditions, it is very unlikely that any claims will be raised against the public agency because the owners of the intellectual property rights will initially raise their claims against the provider or supplier. However, if there are concrete indications that patents exist, the public agency may have an obligation to exercise a greater degree of care and attention. Furthermore, a greater obligation to exercise care and attention may exist if the public agency has special expertise in the specific area of information technology in question or if the public agency distributes the program on a large scale. The determination of whether or not the public agency can be blamed for default will ultimately always depend on the facts of the case in question, so that the above- mentioned criteria can only serve as a very general guideline.
49 Refer to Kraßer, Patenrecht (5th edition 2004), page 876; Benkard, Patentgesetz [Patent Act] (10th edition 2006), Section 139, marginal number 47. Page 55 In the case of conflicting patent rights of third parties, there is ultimately always the question as to which claims the public agency for its part can raise against its own suppliers. This is a question of contractual warranty. 6.3 Comparison of migration to proprietary software and to OSS The above-mentioned legal problems which can occur in conjunction with the use of OSS as a result of conflicting rights of third parties are by no means specific to this type of development and distribution. Problems of this kind can also occur in the case of competing proprietary products. With a view to claims under patent law, the argument of greater transparency of the origin of the individual parts of a program does not apply to migration to proprietary software either. Even if detailed documentation is available as to who wrote which part of a program and that the related rights were acquired, this does not provide any indication as to the extent to which patents of third parties are affected. Since the patent protects the underlying technical solutions rather than the concrete form of programming, it is not sufficient with a view to potential patent rights to acquire all the rights of the programmers involved. In order to achieve real legal security, patent research must be carried out and, when necessary, licenses to use the patent must be obtained from third parties. From a patent law perspective, the same legal risks generally exist with both migration paths in relation to software patents.
7 Liability and warranty 7.1 Introduction One of the central questions in the evaluation of the respective risks of migration to proprietary software or to OSS concerns the extent of liability and warranty in each case. This can only be identified from case to case by examining the legal requirements and the contents of the concrete contract in question. The legal situation is not correctly reflected by the general statement that OSS is free from any liability and warranty because the software is available at no cost, whilst in the case of proprietary software the seller is obliged to provide full protection. Given a suitable design of the relevant contracts, there are no major differences between the use of OSS or proprietary software by public agencies. First of all, however, the different claims and addressees of such claims must be identified. Warranty means responsibility for the contractual condition of the program. Liability initially refers to contractual responsibility for damage caused to the other party's other assets, such as damage to hardware or other software (contractual liability). Liability also covers any other non-contractual liability for damage (non-contractual liability). Depending on the specific design of the particular contract in question, liability and warranty can be subject to different legal requirements. Far-reaching warranty and liability release provisions apply, for instance, to contracts for the free provision of goods and services, whilst software provided against payment is subject to full liability. The parties to a contract can deviate within certain legal limits from the statutory provisions and agree to a more or less restrictive liability and warranty regime. Public agencies should make sure that no liability and warranty waiver is agreed to which could be to their disadvantage. In the event that such agreements are of no legal effect, for example,
Page 56 because the framework permitted by law is exceeded, the legal liability provisions are then applicable. A clause setting forth additional contractual liability is permitted by law and common practice. OSS distributors often offer the contractual acceptance of the liability risk of their customers in relation to claims by third parties ("indemnification program", "assurance program", etc.). Different parties can be potential liability and warranty counterparties for the public agency in the case of migration to OSS. On the one hand, claims can exist in relation to the distributor or other software suppliers. On the other hand, claims may also exist in relation to the respective licensors if the public agency has obtained an open source license in order to modify, copy and distribute the software. Furthermore, non-contractual liability claims can also be directed against different counterparties. In detail, the principles described below apply to the different types of contracts. 7.2 Use of OSS: contractual liability and warranty with usage authorization and limitation contracts Usage authorization and limitation contracts for open source software between a dealer and a public agency must be classified as a sale or gift irrespective of whether the parties agree to the use against (once-off) payment or for free. Sale against payment can, in particular, be the option of choice because the supplier's warranty and liability risks are higher in the case of a sale against payment. This means that the risk of a migration project to OSS may be easier to assess. If law on sales is applicable, the public authority can demand that the dealer supplies the OSS in a condition free from material defects and defects in title. The dealer must warrant that the subject matter of the contract has the contractually agreed or implied properties and that it is free from any rights of third parties – in particular, copyrights and patents – which prevent its use in accordance with the applicable terms and conditions. Distributors and other dealers are already obliged to provide this warranty when concluding a simple software license agreement. No special contractual agreement is required for this purpose. If an "indemnification program" or "assurance program" is agreed to with the distributor, it should hence be checked in detail as to whether additional claims of the customer against the supplier can result from this. It is, for example, possible that the supplier assumes an obligation to actively assist the customer in lawsuits with third parties or that in the case of a patent infringement by the customer the patent portfolio of the distributor or other parties with whom contractual relations exist can be used in the defence of such claims. In the event of a defect, the public agency can first and foremost demand supplementary performance. In the event that such supplementary performance fails, the buyer can choose between several remedies. The buyer can cancel the contract (sections 440, 323 of the German Civil Code (BGB)). The alternative which the buyer has is not to cancel the contract but to reduce the purchase price instead (section 441 of the German Civil Code). Finally, the buyer can also claim damages pursuant to sections 280, 440 of the German Civil Code if the dealer – as implied by law – is responsible for the damage or defect. This always includes cases of slight negligence as well. Furthermore, the dealer is generally also liable for damage to other assets owned by the public agency, in particular, hardware or other software. The public agency can claim damages in this case on the grounds of section 280 of the German Civil Code. A
Page 57 precondition for this is again that the dealer is responsible for the damage. However, a fault is generally assumed in such a case; the dealer is required to prove the contrary. The parties to the contract can deviate from the statutory distribution of the liability and warranty risk within certain boundaries. Dealers often try to introduce contractual terms which are more favourable for them and to obtain a far-reaching waiver of liability and warranty claims by the other party by referring to the customary license clauses in open source licenses. However, waivers of this kind are usually not justified because the dealers distribute the software against payment. Public agencies should by no means waive their claims, and should insist on adherence to the statutory standards instead. Another aspect to be considered in favour of the public agency is the fact that limitations of liability and warranty can be agreed to only to a limited extent, especially in standard contracts ("general terms and conditions"). This is why a complete liability and warranty waiver of the kind found in the smallprint of some GNU/Linux standard distributions is in most cases without any legal effect. However, public agencies should not rely on this but should strive for a reasonable contractual solution from the very beginning. The warranty and liability50 provisions of the supplementary terms and conditions of contracts for the procurement of IT services (EVB-IT), license types A and B, are generally also suitable for contracts for the purchase of standard OSS. If the public agency has obtained the software for free, the contract is typically subject to the provisions of the law on gifts. The supplier's liability is then subject to very narrow limits. The donor is only responsible for ensuring that the software features the characteristics to be regularly expected and that its use is not prevented by conflicting rights of third parties if the donor maliciously failed to disclose the defect (sections 523, 524 of the German Civil Code). The supplier must know the defect or at least consider the defect to be possible. Furthermore, an information obligation is necessary, i.e. the recipient can expect to be previously informed of the defect in question. With regard to damage to the recipient's other assets, the supplier of a free product is only liable in cases of intent or gross negligence (section 521 of the German Civil Code). In the event that the program causes damage to the recipient's other assets, the supplier is only liable if he knowingly causes the violation of rights or fails to fulfil his diligence obligations in a particularly serious manner. A support agreement is often concluded together with the software agreement. In this support agreement, the software supplier undertakes to update and maintain the programs supplied. The question which arises here concerns the relation between liability for defects under the software agreement and the service provider's obligations under the support agreement. If the software is supplied against payment, the public agency can generally demand the elimination of defects without separate remuneration therefor. This means that payment may be demanded during the warranty period only for those services which exceed the scope of what a public agency can already demand within the framework of statutory warranty, such as 24-hour service and a guarantee to eliminate defects within defined response times. Contracts in which the software is made available to the public agency for free whilst a fee is charged for support services are difficult to assess. In such a case, it must be assumed in favour of the public agency that
50 Nos. 7-9 of the supplementary terms and conditions for the procurement of IT services (EVB-IT), license type A, and Nos. 7-9, license type B (liability for defects). Page 58 it is not possible to effectively implement the artificial splitting up into a free portion with minimum warranty obligations only and a paid portion which is subject to more extensive warranty obligations. In the event that a service constitutes a single, paid service from the public agency's perspective, the supplier must also warrant the general working condition of the program. Warranty obligations of this kind for this basic scope may not be charged as support services for which payment is required.
Purchase against Material defect Supplementary performance payment Defect in title
In the event that supplementary performance fails: • Reduction of purchase price • Cancellation of contract Damages in the case of fault
Damage to other legal assets Damages in the case of fault
Gift Material defect Damages in the case of intention Defect in title to deceive
Damage to other legal assets Damages in the case of gross negligence / intent
Table 8: Contractual liability and warranty claims against the dealer
7.3 Use of OSS: contractual liability and warranty with open source license agreements Open source license agreements must be distinguished from usage authorization and limitation contracts for software. Contracts of the latter type are made directly with the owners of the rights. The subject matter of such OSS licenses is the granting of certain rights to use the software, in particular, the rights to copy, distribute and modify the software. The fact that these are different transactions is very important for the question of contractual liability and warranty because the warranty obligations of every party to the contract are limited to the subject matter to be supplied by this party, and every party is responsible for compliance with its own contractual obligations only. This means that the originators are responsible to the licensee under the OSS license primarily for the existence and maintenance of the rights of use. This is the only extent to which the public agency has contractual claims against the originators. The actual suitability of the software for the use of the program, in contrast, is a question of liability of distributors or other dealers under the usage authorization and limitation contracts. The same applies to the public agency's right to use the software in accordance with its terms and conditions; this right typically originates at the time a lawfully distributed copy of the program is acquired. If this is not the case, the distributor rather than the owners of the rights is liable.
Page 59 With regard to the question concerning the extent to which the respective originators are liable for the existence of the rights of use, one can first state that the scope of warranty and liability is typically not subject to the related clauses in the OSS licenses in question because the vast majority of OSS licenses include a comprehensive, complete liability and warranty waiver.51 Clauses of this kind are invalid under German law.52 The legal effect of this invalidity is that the statutory provisions apply. Open source licenses are so-called license agreements for which no explicit liability and warranty provisions exist in law. Since, however, the rights of use are granted by the originators without demanding payment of a license fee, the prevailing opinion is that the liability and warranty provisions of the different contracts on free software must be applied analogously to these agreements.53 Since the granting of rights is at the heart of the OSS licenses, liability for defects in title is hence the focus of warranty questions. Warranty for material defects is usually irrelevant. With regard to defects in title – i.e. in particular to the fact that the licensor is the owner of the licensed rights of use and that no conflicting rights of third parties prevent the granting of the license – the licensor is only responsible in analogy to the law on gifts and loans if the licensor has maliciously failed to disclose the defect. In the absence of an intention to deceive, the public agency must, pursuant to law, bear the risk of the existence of defects in title. In this respect, the additional protection mechanisms against the rights of third parties ("assurance program", "indemnification program", etc.) offered by OSS distributors regularly fail to provide any protection because they protect the customer only with a view to the use of the program in accordance with the applicable terms and conditions, but not with a view to a more far-reaching distribution or other use. Special insurance products, at best, can offer adequate protection in the case of more far-reaching use. With regard to damage to other assets of the public agency, the liability of the owners of the rights is also limited to cases of intent or gross negligence in analogy to the provisions for contracts for free delivery. The owners of the rights are hence only liable in cases of intent or particularly gross violation of their diligence obligations. 7.4 Use of OSS: contractual liability and warranty in conjunction with the creation and modification of free software If software is produced for a customer against payment, the law on contracts for work and services or, according to dissenting opinion, the law on contracts for sale is applicable. With regard to software customized to a public agency's particular demands against payment, warranty and liability are also subject to the principles of the law on contracts for work and services or sales, depending on how the underlying transaction is classified.
51 Refer, for example, to sections 11 and 12 of GPL version 2, sections 15 and 16 of GPL version 3. 52 For details, refer to Jaeger/Metzger, Open Source Software: Rechtliche Rahmenbedingungen der Freien Software [Legal boundary conditions of free software] (2nd edition 2006), marginal number 219 seq. 53 Refer to Jaeger/Metzger, loc. cit, marginal numbers 210 seq..; Spindler, Rechtsfragen bei Open Source [Legal issues with Open Source] (2004) , pp. 152 seq., However, diverging opinion in: Hoeren, Open Source und das Schenkungsrecht - eine durchdachte Liaison? [Open Source and the law on gifts – a well-reflected liaison?], in: Recht und Risiko [law and risk] - Festschrift for Helmut Kollhosser , Vol. 2 (2004), pp. 229 seq. Page 60 Irrespective of whether the above-mentioned contracts are contracts for sale or contracts for work and services, the public authority can at first demand supplementary performance from the other party to the contract, with differences existing in terms of the exercising of this right depending on the particular type of contract. In the event that supplementary performance fails, the customer can reduce the purchase price, cancel the contract and claim damages in the case of a fault on the part of the other party to the contract. Whether the public authority is additionally entitled to eliminate the defect itself or to have the defect eliminated and to claim for compensation for the related costs and expenses depends on whether the contract must be considered to be a contract for work and services rather than a contract which is subject to the law on sales. As far as the supplier's contractual liability is concerned, the supplier is liable for any damage culpably caused to other assets of the buyer. The supplier is already liable for damage caused by negligence. Like with all contracts, the parties are at liberty to agree to deviating terms within certain boundaries. With a view to the fact that the legal situation is by no means clear, this possibility should be used especially in the case of contracts on the creation and modification of OSS. In this case, the duties and obligations of the parties should be set forth and, in particular, provisions for acceptance (known from the law on contracts for work and services) should be explicitly included in addition to provisions concerning deadlines for the notification of defects, etc. 7.5 Use of OSS: non-contractual liability Damage in conjunction with migration to OSS can lead not only to contractual claims against the respective counterparty, furthermore, non-contractual liability situations must also be considered, in particular, under product liability law and under the aspect of general liability in tort pursuant to sections 823 seq. of the German Civil Code. The Product Liability Act provides for liability solely for personal injury and other damage caused to any property other than the defective product. However, this act is chiefly designed to protect consumers and does not provide for liability for any property which is not primarily used for private purposes.54 Manufacturers will hence not have to face claims for damages from non-private users on the basis of this act. In this respect, public agencies are largely prevented from demanding compensation for damage to property on the basis of the Product Liability Act. Besides liability without fault under product liability law, non-contractual liability on the grounds of general, non-contractual liability conditions (tort) is also possible. These provisions are particularly relevant for public agencies because the Product Liability Act only protects private property in cases of damage. Claims based on tort can be raised without the existence of a contract. If, for instance, a public agency obtains a program from a dealer, it can only raise non-contractual claims against the distributor with whom no contract was made. Section 823 of the German Civil Code is of particular interest in this respect. This section provides that anybody who, intentionally or by gross negligence, unlawfully violates life, body, property or similar, "unconditionally" protected legal assets is liable for damages. The question as to when a violation was caused "by negligence" is difficult to answer and
54 Refer to section 1 (1) of the German Product Liability Act (§ 1 Abs. 1 ProdHaftG). Page 61 depends on the conditions of each and every single case. Negligence requires a violation of diligence obligations. In the case of the individual software developers, the diligence requirements cannot be too restrictive. During the development of OSS, unfinished solutions on which the community is working are also regularly distributed. In contrast to this, the non-contractual liability of OSS distributors is clearly more far- reaching. Distributors usually provide a finished product, so that more restrictive diligence requirements seem to be appropriate from the very beginning. In practical cases, it is often difficult to prove all the facts necessary for a claim for damages to be founded. However, if a product is manufactured and distributed on an industrial level, the principles of so-called producer's liability developed in court decisions may be considered. This concerns, above all, the manufacture of complete operating system distributions by distributors. Within the framework of producer's liability as aforestated, parties who suffered damage will find it easier to prove their claims in several respects.55 7.6 Use of OSS: contributory default In the case of both contractual and non-contractual liability, it must be remembered that claims can be limited as a whole or in part due to contributory default on the part of the public agency. In extreme cases, claims may even become completely void due to "predominantly" contributory default by the public agency. One important area where problems of potential contributory default are often encountered in practical applications is liability for the loss of data stocks. Here it should be noted that it is usually regarded as a matter of course for commercial applications that users ensure reliable, timely and comprehensive data backup procedures. The same can also be expected from public agencies. 7.7 Comparison of migration to proprietary software and to OSS A comparison between migration to proprietary software and to OSS shows far-reaching parallels in terms of liability and warranty in as far as contracts are made which foresee delivery against payment. If software is purchased for use within a public agency, claims for contractual liability and warranty must be directed against the respective counterparty of the usage authorization and limitation contract. This applies to both migration to OSS and to migration to proprietary software. In the event that the software fails in accordance with the terms of the contract, or in the event that third parties' rights prevent the use of the software, the dealer is always obliged to eliminate the obstacle. The dealer is also liable for damage to other assets of the public agency. The extent of statutory liability remains the same as long as the software is obtained against payment. If, in contrast, the public agency uses the option to obtain the software for migration to OSS for free, it must then accept a reduced extent of liability and warranty because the law affords privileges to the software supplier if software is given for free. One might consider in such a case whether the purchasing costs saved are used for risk protection measures (support and warranty agreements, insurance). If the appropriate contracts are
55 Refer to Schiffner, Open Source Software (2002), pp. 253 seq. Page 62 concluded, there are no decision-relevant differences between OSS and proprietary software with regard to the issue of liability and warranty. If the public agency wishes to obtain license rights - in order to copy or modify the software or to distribute it to other public agencies, for example – these rights are always granted for free in the case of OSS. In the case of migration to proprietary software, in contrast, a license fee must always be paid – if the corresponding rights are granted at all. In view of the differences between the underlying contracts, the scope of liability and warranty also varies considerably. Granting of rights for free is accompanied by far- reaching privileges. In this case, however, the public agency is at liberty to use purchasing cost savings for insurance cover in migration projects to OSS. Certain differences in the scope of liability exist in the area of non-contractual liability. Since the proprietary manufacturer can influence all steps of the development process, a higher degree of care and diligence can be reasonably expected from the manufacturer. On the other hand, questions of non-contractual liability of manufacturers of computer programs have up to now had only a minor role to play in practice.
8 Contract awarding law 8.1 General The choice made by the public agency between migration to proprietary software and migration to OSS must be made with a view to the principles of contract awarding law56. Purchases of information technology must be generally made in line with competition principles; refer to section 97 (1) of the German Fair Trading Act (§ 97 Abs. 1 GWB). This act provides that all competitors must be treated equally ("principle of equal treatment", refer to section 97 (2) of the German Fair Trading Act). Awarding criteria not related to the economic efficiency of an offer or the expertise, performance capability and reliability of a prospective vendor may not be considered (refer to section 97 (4) of the German Fair Trading Act). In the event that the value of the order exceeds the thresholds laid down in the awarding ordinance57, bidders who have not been successful can demand that the contract awarding decision be examined pursuant to the provisions of the German Fair Trading Act. This can delay procurement processes and involves the risk of additional costs for the proceedings before the contract awarding chamber and may even require repeated tendering procedures if the public agency has neglected the principles of contract awarding law. The awarding office should hence proceed according to the principles described below. This principles are based on an evaluation of literature related to contract awarding law. The legal situation has yet to be finally clarified by the contract
56 Refer, in detail, to Heckmann, IT-Vergabe, Open Source Software und Vergaberecht [IT awarding, open source software and contract awarding law], Computer und Recht 2004, 401 as well as Demmel/Herten-Koch, Vergaberechtliche Probleme bei der Beschaffung von Open-Source Software [Problems related to contract awarding law in conjunction with the procurement of open source software], Neue Zeitschrift für Baurecht 2004, 187; Müller/Gerlach, Open-Source-Software und Vergaberecht [Open source software and contract awarding law], Computer und Recht 2005, 87. 57 IT orders by the supreme and upper federal authorities and comparable federal institutions: €137,000; all other IT contracts: €211,000. Page 63 awarding chambers of the Federal Government, the Federal-land administrations and the courts. 8.2 Procurement of OSS: neutral invitation to tender The principle of competition and the equal treatment principle require that the services to be rendered be specified in a neutral manner in the invitation to tender as the first requirement for procurement in conformity with contract awarding law. The requirements for a neutral specification of services are laid down in more detail in section 8 of the procedures for the awarding of contracts for public supplies and services (§ 8 VOL/A). Pursuant to section 8, No. 3, para. 3 VOL/A, it is only permitted to demand particular products or processes if "this is justified by the type of service to be purchased." Para. 4 continues that the description of technical parameters may not have the effect "that certain companies or products are preferred or excluded unless such a specification is justified by the service to be purchased." Some authors, partly referring to above- mentioned requirements, demand that invitations to tender for IT contracts should not be limited to open source software from the very beginning. However, such a view appears to be too undifferentiated. The principle is that an invitation to tender must describe the required services in a manner which also enables suppliers of competing, proprietary products to offer their services on condition that the public agency's aims can be achieved with such products too. Accordingly, both a specification of "Linux server" as well as the terms "open source software" should in principle be avoided. Instead, the concrete features of the required services must be described in abstract terms, so that proprietary competitors are also capable of offering their services. Rather than specifying "Linux server", a neutral description of the features which the server must offer is hence required. If the specifications are described in correspondingly neutral terms, servers using other UNIX derivatives should also be able to fulfil the specifications. Rather than using the term "open source software", the public agency should instead describe its concrete aims. From a contract awarding law perspective, it is questionable whether disclosure of the source codes can be demanded if bidders are unable to understand why the public agency demands the specified features. On the other hand, a reference to the requirement of open source code seems to be permissible if the public agency states, for example, that an increased level of security is necessary as a protection against backdoors, virus attacks and the like in order to fulfil its public tasks or that future adaptation or updating of the software will be contingent upon receipt of the source codes. This enables proprietary bidders to take part in the tendering procedure by disclosing the source code from case to case.58 The same principles are also applicable to specifications which include OSS licenses as a specified feature ("GPL software", etc.). Specifications of this kind should be replaced by neutral descriptions which refer to the extent of the desired rights of use and state the purposes for which the public agency wishes to use such rights. It can be justified if the public agency wishes to acquire the rights of use in order to have the program further
58 Microsoft's "shared source" program which discloses the source texts of the Microsoft programs to certain licensees shows that this opens up a realistic opportunity for proprietary bidders. Refer also to http://www.microsoft.com/resources/sharedsource/default.mspx. Page 64 developed at a later point in time by its own staff or external providers, or if it wishes to use the program at the lowest cost possible on other PCs or in other offices. Notwithstanding this, proprietary tenders should also be given a chance with a view to the rights of use by providing an abstract description of the expected scope of the rights of use to be acquired. This means that the advantages of OSS may be considered in the contents of the performance specifications. Requirements in conjunction with the neutral invitation to tender also exist for the design of the invitation to tender. One question of particular interest in this context is whether software provision and support must always be tendered as one package or whether they can be procured separately. Some authors consider the splitting up of the two items to be a violation of the requirement of the neutral invitation to tender because the contract awarding office, by splitting up the individual parts, by-passes the real economic decision.59 This would, for example, be the case if the delivery of open source is classified as free with the consequence that no invitation to tender would be necessary at all for this part, 60 whilst support, which is paid for, is the subject matter of the invitation to tender. A complete picture could only be obtained in such a case if software and support are jointly compared as a single transaction. This means that the invitation to tender would have to permit the comparison of overall economic efficiency in order to avoid putting proprietary suppliers at a disadvantage from the very beginning. However, this view appears to be too restrictive61. The combined offering of software and support by one supplier is not customary in the industry and is not necessary from a contract awarding law perspective. Furthermore, it should also be noted that contract awarding law – just like competition law in general – has a rather critical view of the combination of services. Accordingly, section 97 (3) of the German Fair Trade Act explicitly demands that invitations to tender should be generally broken down into sub-lots in order to enable medium-sized enterprises to submit bids in response to the related invitations to tender. 8.3 Procurement of OSS: transparent invitation to tender In order to achieve real competition between bids, the invitation to tender must include any circumstances have influence the decision (refer to section 97 (1) of the German Fair Trade Act, section 8 (2) of the procedures for the awarding of contracts for public supplies and services). Factors which are not mentioned in the invitation to tender may not subsequently play a role in the decision. Public agencies considering migration to OSS must hence mention in the invitation to tender any factors which might support such a decision. This should, however, be carried out in a manner which also enables suppliers of proprietary products to submit a bid. It appears to be permissible under aspects of contract awarding law to mention the special importance of the compatibility of the programs and files created using these programs with other programs and files created by these programs. The importance of the use of standard interfaces should also be stated. It can also be mentioned to this effect that maximum independence from individual suppliers is desired with a view to other information technologies and support services. Furthermore, the invitation should clearly
59 Refer, in particular, to Heckmann, loc cit., 402. 60 Refer to section 99 of the German Fair Trading Act (§ 99 GWB): "Public contracts are contracts for consideration [...]. 61 For example, Müller/Gerlach, loc. cit., 89. Page 65 point out that the services to be rendered should enable sustainable development of the public agency's hardware and software. Specifications designed along these principles should enable all bidders to adapt to the public agency's decision-making criteria and to draft their bids accordingly. 8.4 Procurement of OSS: the contract awarding decision The correct time for a migration decision from the perspective of contract awarding law is the time the bids are evaluated during the course of the contract awarding decision. Pursuant to section 97 (5) of the German Fair Trade Act, the contract must be awarded to the bidder submitting the economically most effective bid. Section 25 No. 3 of the procedures for the awarding of contracts for public supplies and services provides that the lowest bid alone is not decisive. There is hence no reason to object from the perspective of contract awarding law if public agencies accept, despite short-time monetary attractions, a higher-priced offer. The crucial factor for assessing the economic efficiency of an offer is the most favourable relationship between the desired service and the price offered. Criteria not related to the awarding process must be eliminated unless they are explicitly foreseen by federal or federal-state law (refer to section 97 (4) of the German Fair Trade Act). Laws demanding the preferred procurement of OSS have not yet been enacted at federal or federal-state level. "Fundamental resolutions" like those which the German Parliament adopted on 9 November 2003 for the "introduction to the federal administration of products created under open source licenses"62 cannot be interpreted to replace a law in the sense of section 97 (4) of the German Fair Trade Act, nor do they release public agencies from the requirements of contract awarding law. The contract awarding decision must hence be orientated towards the principle of economic efficiency even if recommendations have been issued. If these principles are applied, the picture is as follows. General references to the promotion of OSS or competition on IT markets are criteria not related to the awarding process and hence not permissible. Procurement of IT equipment by public agencies is not the right place for competition policy. This applies also to social or other general considerations. Public agencies may not consider criteria of this kind in order to justify a contract awarding decision. It should, however, be noted that public agencies are not obliged to limit themselves to simply comparing the prices of all the bids. Experience shows that short-term financial advantages often turn out to be very expensive in the long run. This can happen especially if public agencies buy products which can only be combined with products from the same supplier or for which only this supplier offers support services. Short-term price disadvantages can be set off in the medium term by independence from individual suppliers on downstream markets. OSS offers a strategic advantage in this respect. Open source texts and the freedom to modify these ensure that important downstream markets are open to a multitude of suppliers. This ensures competition and cost advantages. Consideration of specifically foreseeable parallel and follow-up costs is desirable in the interest of a sustainable use of public funds. However, the costs to be
62 Refer to the motion by the government factions underlying the resolution, Bundestag document 14/5246, pp. 4 seq. Page 66 expected in the medium and long term should not be directly mentioned here because the awarding criteria must always be related to the service being the subject matter of the invitation to tender. Instead, the above-mentioned properties of OSS must be considered as an advantage of migration to OSS within the framework of the cost-to- benefit analysis. Technical and legal independence on downstream markets must hence be considered to be a valuable property of the bid. In terms of contract awarding law, any other criteria are also permissible if they can be sensibly used to judge the value of the individual bids. Aspects which can be considered in this context include, for instance, technical safety of the IT bids, compatibility with other programs, compatibility of the documents generated using the program, technical and legal uses, as well as questions of liability and warranty. However, criteria of this kind may only be considered if they were explicitly mentioned in the invitation to tender. 8.5 Comparison of migration to proprietary software and to OSS The requirements of contract awarding law are equally applicable to migration to OSS and to migration to proprietary software. Invitations to tender may not be designed in such a manner that certain bidders – be it bidders of proprietary or OSS products – are in fact unable to qualify from the very beginning. This is ultimately the aim of the German Parliament's fundamental resolution dated 9 November 2003 and similar resolutions. However, proprietary IT products are subject to certain problems under contract awarding law which do not apply to the same extent to OSS. One of these problems, above all, is the frequently encountered problem of lacking compatibility between the software of certain suppliers with products from other suppliers. In the past, public agencies were often faced with the problem that, when it came to migrating parts of their own IT infrastructures, only services and products of the same supplier were considered because migration strategies to products of other suppliers would have been technically difficult. Other bidders were also faced with problems in cases where a public agency has to exchange electronic documents with other public agencies or private citizens and when the programs of one supplier constitute some kind of practical standard at other public agencies or citizens, so that access to the documents is not possible with other programs. In recent years, this problem prevented, for example, migration to OSS from MS Office to other products from the point of view of many public agencies. In procurement processes, the principle of competition was often bypassed in a manner not permissible under contract awarding law by not checking other programs for compatibility from the very beginning.63 Problems of this kind occur to a lesser extent with OSS because OSS programs are often designed to ensure maximum compatibility with other products, including proprietary products. OpenOffice.org, for instance, enables text files to be exported as PDF documents and stored as MS Word documents. Another aspect of special importance is the fact that the default file format in OpenOffice.org is an open XML file format. It is hence possible to access the corresponding documents even without using OpenOffice.org. This reduces system both dependence and technical obstacles to
63 Refer, for example, to the German Federal Cartel Office, 2nd federal contract awarding chamber, decision dated 8 August 2003, file reference No.: VK 2-52/03, pp. 30-32 (to be found at: http://www.bundeskartellamt.de). Page 67 migration. The use of technical solutions which support the transition to other products reduces problems in the procurement of IT products from the perspective of contract awarding law.
9 Conclusions An overall view of the legal questions discussed does not suggest any greater legal risk in conjunction with migration to proprietary software or with migration to OSS. Public authorities should hence not be discouraged by the general reference to the alleged legal risks of migration to OSS. In the final analysis, the risks of OSS and proprietary software appear to be very similar. However, a final evaluation depends in each case on the programs in question, their suppliers, the respective contracts and other terms and conditions as well as the use intended by the public agency. Besides the legal risks, the advantages of OSS in terms of license law should be considered in the public agency's purchasing decision. OSS licenses permit comprehensive use of the programs. OSS can be used, modified, copied and distributed in any manner by each user. This leads to strategic advantages for public agencies. Services and modifications of the programs can be performed not just by the supplier of the program, but also by different service providers. This can lead to cost advantages. If the public agency wishes to change the extent or the other conditions of use at a later point in time, it is not necessary to spend a lot of money on the related rights of use. The same applies to program adjustments. The advantages related to license law should also be considered in order to come to a reasonable and justified decision regarding the choice of OSS or proprietary software.
Page 68 C Subject: economic aspects of software migration
1 Foreword This section presents an adapted methodology for evaluating the economic efficiency of migration projects of basic software components 64 on server and desktop PC systems. This is based on the evaluation methods and criteria of WiBe 4.165, of the IT updates66 and of migration guide 1.067. The tips and recommendations concerning the evaluation of the economic efficiency of IT update and/or migration projects from the year 2000 constituted specific instructions at that time already. This was supplemented in 2003 by the migration guide. A completely revised edition of the WiBe was published as version 4.0 in 2004. WiBe 4.1 was published in 2007. An intra-agency group of experts examined, selected and, when necessary, amended and/or modified the criteria identified in these basic works of reference as well as their definition with a view specifically to their suitability for migration projects. The result is a guide which is designed to offer users targeted support for migration projects.
2 Introduction As the discussion on studies currently available on the subject of total cost of ownership (TCO) in conjunction with the use of open source software (OSS) and proprietary software under Linux shows, evaluating the economic efficiency of IT measures is generally a very difficult task which is almost impossible to resolve in light of the often multi-dimensional models of economic efficiency. A broad-based and multi-faceted analysis – which is definitely the case when comparing the costs of Microsoft and OSS/Linux platforms – must ensure comparability of the subjects analysed and the appropriate extent of the analysis as major requirements. Another aspect to be considered in a study is user structures. The size of organizations and the different starting scenarios for an IT environment are particularly relevant aspects when the economic efficiency of a migration project is considered. One common observation is that smaller public agencies (in the municipal sector, for example) use IT infrastructures that can be set up and operated with simple means and without extensive
64 These include, in detail, the following components: server services, standard software, office communication, documents and macros; refer also to chapter I.C 4. 65 Refer to IT-WiBe 4.1 – Recommendation on Economic Efficiency Assessments in the German Federal Administration, in Particular with Regard to the Use of Information Technology, Version 4.1, KBSt publication series, Volume 92, January 2007. 66 Refer to "Hinweise und Empfehlungen zur Durchführung von Wirtschaftlichkeitsbetrachtungen bei IT-Update- beziehungsweise Umstellungsvorhaben auf Grundlage der IT-WiBe-97" [[Tips and recommendations – on economic efficiency assessments in conjunction with IT update and/or migration projects on the basis of the IT WiBe-97], KBSt publication services, ISSN 0179-7263, 04/2000 brief, November 2000. 67 Refer to "Migrationsleitfaden, Leitfaden für die Migration der Basissoftwarekomponenten auf Server- und Arbeitsplatz-Systemen" [ [A guide to migrating the basic software components on server and desktop PC systems], version 1.0, KBSt publication series, ISSN 0179-7263, Volume 57, July 2003. Page 69 user training. In contrast to this, the reliable operation of infrastructures or computer centres for large and/or specialist public agencies and data centres with service level agreements requires higher user training levels, organizational rules for downtimes and emergencies, as well as different hardware in many cases. Taking this reference framework into consideration, a multi-dimensional approach is necessary in order to analyse the economic efficiency of information and communication systems. Even before IT costs are analysed, a substantial increase in economic efficiency can be achieved by suitable personnel-related, organizational and streamlining measures at public administrations. In addition to this, a suitably designed IT strategy can also provide a major contribution towards boosting economic efficiency. The overall economic efficiency of IT systems is significantly influenced by the following parameters. • The degree to which low-cost standard products cover the required functions • Quality, modification flexibility and development capability of the standards, technologies and products used • Efficient introduction and system management • Smooth and consistent integration of components and systems into a process- oriented value chain • A good (internal or external) service organization as well as high-quality expertise • Economic product lifecycles • Cost and efficiency of the purchasing/sourcing process • Competition in the field of products and services Optimum interaction between all these factors over an extended observation period is a prerequisite for establishing and controlling economic efficiency. This means that a simplified analysis of individual cost items normally fails to fully reflect the overall picture. Besides the identification and comparison of costs, the evaluation of the possible utility values is another important aspect of an evaluation of economic efficiency. Especially in this area, strategic considerations and forecast benefits play an important role in enabling an integrated evaluation of both the starting situation and prospects. Example: In a strategic context, the higher cost of an individual component can still lead to a significantly better total result thanks to manufacturer independence and hence a better position in software license fee negotiations. This context of an overall view of costs and benefits becomes particularly clear in the result of the "Client Studie der Landeshauptstadt München" [Client study of the Federal State Capital of Munich]68 which, as a result of the evaluation of economic efficiency in monetary terms, considers migration to Windows XP and Office XP to be more efficient whilst the overall view of
68 Prepared by Unilog Integrata Unternehmensberatung GmbH, Unilog Management, supported by the Federal State capital of Munich, Directorate AfID, department 5, München [Munich] 2003 http://www.muenchen.de/vip8/prod2/mde/_de/rubriken/Rathaus/40_dir/limux/publikationen/ clientstudie_kurz.pdf. Page 70 monetary economic efficiency and benefit analysis gives preference to a target system with Linux and Open Office.org69. Both the method and the result can thus merely serve as an aid in determining an organization's own economic efficiency and hence the development of its own IT strategy. The focus is now on methodological explanations. Examples of calculations merely and exclusively serve explanatory purposes. A productivity analysis in the IT value chain is not performed within the framework of this migration guide because the necessary unbiased long-term studies are not available, especially in public administrations. On the basis of today's experience and especially with a view to the fact that both Linux/UNIX and Microsoft platforms are mature products with a long development history, such an analysis would probably lead to a balanced result. Furthermore, the effects of special integration aspects are not discussed in more depth in the following evaluations of economic efficiency. In light of the intention of the migration guide, the integration aspects can only be addressed in detail within the scope of the evaluation of the economic efficiency of the individual public agencies and hence of their requirements.
3 Methodological principles No. 2.1 of the administrative regulation on section 7 of the Federal Budget Code (BHO) reads as follows: "Analyses of economic efficiency during the planning phase are the basis for parallel and conclusive success monitoring. Economic efficiency analyses must provide information on at least the following sub-aspects. • An analysis of the starting situation and of the need for action • Goals, priority concepts and potential target conflicts • Relevant solution options as well as their costs and benefits (including follow-up costs) even if these cannot be expressed in monetary terms • The financial implications for the budget • The suitability of the individual solution options with a view to target achieval, taking the legal, organizational and human resources framework into consideration • The time schedule for implementing the measure • Criteria and methods for monitoring success (refer to No. 2.2, administrative regulation on section 7 of the Federal Budget Code (BHO))."
69 A closer look at the results of the study is worth-while, on the one hand, with a view to where the reasons for the advantages of XP in the analysis of economic efficiency in monetary terms come from and, on the other hand, what the reasons are for the advantages of Linux and OSS in a benefit analysis. Page 71 In principle, these requirements constitute the framework and structure for economic efficiency assessments.
Identify Compare objectives & alternatives general Calculate conditions advanced Define profitabilty guidelines & assumptions Calculate profitability Control circuit Agree the model of (cost/ profit) of investment economic appraisal contemplation
Plan staffing Collect dara Create a project schedule including Find out measures technical solutions
Fig. 3: Control loop of the evaluation of economic efficiency
The public agency's expectations are a major element, as are potential target conflicts and boundary conditions in the form of specifications and assumptions. Fine-tuning of the model of the economic efficiency evaluation also belongs to this sphere. In addition to this, the actual situation of the IT landscape to be migrated must be recorded. Information on infrastructure, hardware and software products, special IT methods as well as agency-specific document templates is gathered in this context. This then forms the basis for identifying potential technical solutions and the related cost basis. This includes not just the cost of hardware and software but also the cost of external and internal manpower. The following determination of economic efficiency calculates the costs and benefits of the IT measure and the implications for the budget. A coarse project plan and a time schedule for implementation of the IT measure are necessary in order to assess personnel costs. 3.1 Aims and boundary conditions
3.1.1 Aims Prior to implementing any IT measure, the public agency's operative aims should be identified as laid down in the IT framework concept or derived from strategic expectations. A comparison of these aims with the IT project measures potential conflicts with targets and other projects. Furthermore, this also constitutes the foundation for success monitoring as demanded in No. 2.2 of the administrative regulation on section 7 of the Federal Budget Code.
Page 72 The development of a general system of targets and requirements for the IT measure helps to analyse potential solutions with regard to their suitability, irrespective of their economic efficiency. This refers in detail to the definition of requirement criteria which must be evaluated for the individual solution alternatives in the form of benefit analyses70 . Some of these criteria or criteria groups can serve as a scale for success. It should be noted here that the definition of the public agency's aims and the related necessary activities should be identified in a separate strategy process. Tried-and-tested methods are available to this effect, helping to define a public agency's overall strategy and supporting the development of an IT strategy.
3.1.2 Premises and assumptions Every IT measure must be implemented in the context of an existing IT landscape, an existing organization as well as existing laws, regulations and standards. Identification and documentation of these external influence factors are hence vital for the success of an IT measure. The design of the process of performing the economic efficiency evaluation usually includes specific definitions which should be identified and briefly described once, i.e. general parameters which are imported from outside the system (such as manpower costs) rather than being determined during the determination of economic efficiency itself. Any such information which forms an important basis for the calculation must be recorded. Examples of some boundary conditions are described below as "assumptions". An evaluation of economic efficiency can, for example, be based on the following premises.
1. Net present values are calculated using an interest rate equal to the recommended nominal interest rates from the personnel cost rates of the Federal Ministry of Finance. (Source: www.bundesfinanzministerium.de – key word: Personalkostensätze [personnel cost rates]) 2. Internal personnel costs according to the personnel cost rates of the Federal Ministry of Finance. (Source: www.bundesfinanzministerium.de – key word: Personalkostensätze [personnel cost rates]) 3. External personnel costs: average of €1,200 per man-day. 4. The depreciation period for hardware and software is 5 years. 5. The monitoring period is defined as 8 years from 2005 to 2012. 6. The analysis refers to actual costs. 7. Process-related productivity changes/improvements are not taken into consideration.
70 Refer to WiBe 4.0 – Recommendations on Economic Efficiency Assessments in the German Federal Administration, in Particular with Regard to the Use of Information Technology, version 4.0 – 2004, pp. 80 seq. Page 73 3.2 Monetary analysis The net present value method is used to determine the monetary effects of the projects. As a dynamic method, it evaluates investment projects on the basis of their net present value, i.e. by realistically describing money flows (revenue and expenditure, budget- relevant and not budget-relevant) with a focus on a common reference time. Revenues, expenditures and savings which can be related to the project can be planned for the time ahead corresponding to the economic life of the assets in question. The current market value of future values is determined by discounting, using an interest rate determined by the Federal Ministry of Finance. 3.3 General considerations of cost identification Some general considerations regarding the identification of the necessary costs will be discussed below. The individual migration phases in particular and the related measures, personnel costs and price structures of suppliers will be explored in this context.
3.3.1 Migration phases The costs of a migration project are identified best on the basis of a migration phase model by defining the measures related to the individual phases. The model used here encompasses three main phases (refer to table 9): • Planning phase (rough and detailed concept)71 o Workshops (Kick-off, involving the specialist departments and IT disciplines concerned, identifying any relevant issues, setting priorities, identifying decision-making needs, determining approach and project plan, detailed estimate of expenditures, defining sub-projects and setting up workgroups) o Stock-taking (Application landscape, communication lines, network infrastructure, central services, operating procedures, future requirements) o Solution approaches / general and detailed concepts (Preparing performance specifications, refining the project plan and defining work packages, technical feasibility, implementation of an integration and test environment, description of the remaining production environment, application integration, hardware selection and evaluation) • Implementation phase (process creation/development and testing and acceptance) o Concepts, methods, installations (Detailed definition of the range of functions, integration into the remaining IT environment, development of installation procedures and software distribution, integration into operations, rollout planning, pilot planning, training of IT personnel)
71 The evaluation of economic efficiency accompanies the entire qualification phase. Page 74 o Testing processes and validating the function of installations (feature stop, supplying a representative user group, load tests, integration of the UHD (user help desk), first sizing check, feedback to detailed concept) • Practical phase (introduction and operation, roll-out) Provision of functions in the network and installations throughout the organization (setting the installation procedures into operation, duplicating the server systems, user information and training, support by the project team, transition to regular operation)
Planning phase (General and detailed concepts, 1 Detailed concept / performance specifications workshops, solution approaches) 2 Migration plan for infrastructure
3 Migration plan for system management
4 Migration plan for client
5 Approval of consolidated migration plan (detailed technical concept)
Implementation phase (Process creation/development, 6 Implementation of infrastructure basis concepts, methods, installations) 7 Infrastructure services
8 System management
9 Groupware – messaging
10 Terminal server
11 Desktop design
12 Desktop installation method
13 Migration of system management functions
14 Packaging: 1 – 2 applications / 1 man-day
(Testing and acceptance of processes, 15 Pilot operation 1 month / 20 – 50 users functional test of installations) 16 Migration manual trial run
17 Documentation of migration manual
Practical phase (Introduction and operation, providing 18 Migration of data/privilege structures functions in the network, installations throughout the organization) 19 Migration of client structures
Table 9: Migration phases
Page 75 3.3.2 Manpower demand for migration Personnel costs are incurred for a host of items during a migration project. In table 9, the individual phases are broken down into migration-typical activities. Within the framework of these activities, the migration of documents and macros, as well as project management, quality assurance and, above all, user support must be planned. The tables below72 are examples that provide an overview of the percentages of man-day and manpower cost planning73. Fig. 4 shows the personnel costs of the individual activities for the examples of three alternatives. Fig. 5 combines for three exemplary alternatives the manpower costs and the above-mentioned additional activities with those of the migration phases to present an overall view.
Phase Variant 1 Variant 2 Variant 3 BA external BA external BA external Su total costs € 391,972 329,944 385,552 Su cost internal/external € 84,972 307,000 72,944 257,000 98,552 287,000 Su total man-days 526.0 445.0 541.0 Su internal/external man-days 219.0 307.0 188.0 257.0 254.0 287.0 Planning phase 62.0 122.0 62.0 107.0 62.0 122.0 General and detailed Detailed concept / performance specifications 30.0 30.0 30.0 30.0 30.0 30.0 concepts, workshops Migration plan for infrastructure 10.0 30.0 10.0 25.0 10.0 30.0 solution approaches Migration plan for system management 10.0 30.0 10.0 25.0 10.0 30.0 Migration plan for client 10.0 30.0 10.0 25.0 10.0 30.0 Approval of consolidated migration plan 2.0 2.0 2.0 2.0 2.0 2.0 (detailed technical concept) Implementation phase 97.0 125.0 71.0 100.0 92.0 100.0 (Process creation/ Implementation of infrastructure basis 72.0 98.0 51.0 77.0 65.0 77.0 development, concepts, Infrastructure services 15.0 17.0 8.0 10.0 15.0 10.0 methods, installations) System management 20.0 25.0 10.0 15.0 20.0 25.0 Groupware – messaging 12.0 16.0 8.0 12.0 12.0 12.0 Terminal server 20.0 35.0 20.0 35.0 15.0 30.0 Desktop design 5.0 5.0 5.0 5.0 3.0 25.0 27.0 20.0 23.0 27.0 23.0 5.0 7.0 5.0 7.0 4.0 7.0 15.0 15.0 10.0 11.0 18.0 11.0 5.0 5.0 5.0 5.0 5.0 5.0 (Testing and acceptance of 40.0 30.0 40.0 30.0 40.0 35.0 processes, functional test of Pilot operation 1 month / 20 – 50 users 25.0 15.0 25.0 15.0 25.0 20.0 installations) Migration manual trial run 10.0 5.0 10.0 5.0 10.0 5.0 Documentation of migration manual 5.0 10.0 5.0 10.0 5.0 10.0 Practical phase 20.0 30.0 15.0 20.0 60.0 30.0 (Introduction and operation, Migration of data/privilege structures 10.0 20.0 5.0 10.0 10.0 20.0 providing functions in the Migration of client structures 10.0 10.0 10.0 10.0 50.0 10.0
Fig. 4: Example: manpower costs during the migration phases
72 Since no fractional digits are shown in the table, rounding differences may occur in individual cases. 73 The data shown here serves as an example of a larger public agency. Page 76 Solutions Smart Client Terminal Server Scenarios 1 OSS 2 Gemischt OSS 3 MS TS Man-days Factor internal external internal external internal external 388.00 1000 388.0 1000 388.0 1000
Su total costs € 765,795 703,411 709,044 Su internal/external costs € 234,938 530,857 218,982 484,429 230,717 478,327
Su total man-days 1136.4 1048.8 1073.0 Su internal/external man-days 605.5 530.9 564.4 484.4 594.6 478.3
Planing 162.2 220.2 135.7 194.7 159.1 199.7 Implementation 40.8 30.6 40.8 30.6 40.8 35.7 Migr. Migr.
Phases Use 20.4 30.6 15.3 20.4 40.2 30.6
Documents/applications 50.0 50.0 50.0 50.0 25.0 25.0
PM/QA/user support 332.0 199.4 322.6 188.7 329.5 187.3 of which project mgmt. (PM) 15.00% 41.0 49.7 36.3 44.4 39.8 43.7 of which quality assurance (QA) 15.00% 41.0 49.7 36.3 44.4 39.8 43.7 of which user support 0.00% 0.0 0.0 0.0 0.0 0.0 0.0 of which user support 1) absolute 250.0 100.0 250.0 100.0 250.0 100.0 Fig. 5: Example: total manpower costs
3.3.3 Price structures of suppliers Besides manpower expenditure, software and hardware costs represent another important area. Price information must be typically obtained from manufacturers / suppliers for this purpose. This data should be obtained for different financing models. Significant differences can exist from case to case between the purchase, rent and leasing options. The supplier price lists generally serve as a basis. In this case, however, framework contracts between the public agency and its suppliers may have to be used if such contracts exist. Since migration projects generally concern the server end or sometimes also the client end, the summary of price information is broken down into these two areas.
3.3.3.1 Server The following structure is recommended in this area:
Server
Software
Operating system Operating system
Infrastructure services Directory
Logon service
File
DNS/ DHCP/ BOOTP
Page 77 System management Software distribution
Stock-taking
Helpdesk
System monitoring
Network monitoring
Databases DBMS (database management systems)
Groupware and messaging Groupware
Terminal server
Hardware
Table 10: Price information summary, hardware/software - server
3.3.3.2 Desktop PCs The structure shown below was found to be helpful at the client end too:
Desktop PC
Software
Operating system Operating system
Standard software Document exchange format, PDF viewer/writer
Web browser and mail client
Word processing
Spreadsheet
Presentation
Compression
Tools (image processing, etc.)
Page 78 Terminal server (client access)
Hardware
Table 11: Price information summary, hardware/software – desktop PC
This information must then be entered into the project matrix in order to be available for the calculation of economic efficiency. 3.4 Benefit analysis Whilst a decision must also consider effects which cannot be measured in monetary terms, selected criteria are available for migration projects (refer to chapter I.C 5.3.1, "Urgency criteria", and chapter I.C 5.3.2, "Quality and strategic criteria"). The benefit analysis of the WiBe for migration projects applies the same principle as WiBe 4.074 and evaluates individually and independently weighted target criteria that are subsequently included in a final evaluation. Evaluation scales are used in order to quantify the so- called "soft" factors. We recommend evaluating the results in two steps as follows. 1. Priority must be given to the results of the monetary evaluation of economic efficiency for migration projects. Costs and benefits are represented by an ROI indicator which is determined using the above-described method75 . 2. The results of the benefit analysis for migration projects lead to key indicators for the following aspects. o Urgency of the IT measure o Qualitative and strategic importance of the IT measure Note: Migration has generally no or only limited effects on the customers of a public agency. The criteria for external effects of the IT measure in conjunction with migration projects are hence discussed, in as far as necessary, within the scope of the qualitative and strategic criteria. This second step is mainly designed for handling cases in which an evaluation of economic efficiency according to monetary aspects is neither generally sufficient nor does it enable a clear profitability assessment. Urgency and/or strategy criteria can always require a high implementation priority for a project, irrespective of monetary criteria. The WiBe 4.0 documentation contains a detailed discussion of the methodology of the benefit analysis which is hence not repeated in this migration guide.
74 Refer to WiBe 4.0, Recommendations on Economic Efficiency Assessments in the German Federal Administration, in Particular with Regard to the Use of Information Technology, version 4.0 – 2004, pp. 80 seq. 75 Refer to the chapters dealing with WiBe 4.0. Page 79 3.5 Full cost approach The full cost approach must be generally adopted in evaluations of economic efficiency. This means that all costs and benefits which can be directly and indirectly quantified in monetary terms must be assigned to the IT measure. This implies the requirement to consider even those costs which are not budget-relevant76. 3.6 Comparability The evaluation of economic efficiency is carried out for two scenarios in order to ensure the comparability of the different evaluations. • Migration of individual or several migration objects77 (partial migration) in the case of clearly definable products or product groups78 • Complete migration, i.e. migration of a complete IT environment – servers, clients, infrastructure, special applications The selected evaluation criteria of the WiBe for migration projects must be applied to the migration of migration objects and in the case of complete migration. Since migration of specialist applications is often discussed in the case of complete migration, it should be noted here that this must be implemented in the form of separate projects. This also requires separate evaluations of economic efficiency. The savings identified thereby may well be assigned to a corresponding part of the migration measure and reported in that context. Another aspect is that a comparative analysis of economic efficiency only makes sense if the different alternatives are comparable in technical and functional terms. The following fields of application can be considered to be comparable: • Infrastructure services o File services o Print services o Logon services o Network services • Messaging and groupware systems • Office packages • Database and web application servers 3.7 Applications In order to obtain a sensible result, the analysis is carried out within an overall context that encompasses several applications. The overall evaluation of the costs to be studied includes the following fields:
76 Budget-relevant costs and benefits result from the measure in question and lead to applications for additional or lower funds in the coming budget. 77 Refer to the "Approach" chapter for the definition of objects. 78 For example, desktop applications as migration objects with word processing, spreadsheet and graphic functionalities as well as an Internet browser as products. Page 80 • Server infrastructure o File services o Print services o Logon services o Network services • Desktop infrastructure o Office o Web • Messaging/groupware • Database and web applications This list is certainly not exhaustive, but constitutes a common denominator for cost infrastructure areas of a public agency. Migration of special IT applications involves different requirements for organization units and service providers / software suppliers. If the special IT methods are broken down into different technical clusters (terminal, web, DOS, MS Access, macros, standalone), three risk classes can be distinguished for a migration project (refer to table 12): 1. Simple migration is possible. 2. Average degree of difficulty; variable migration path, emulation, terminal server, replacement 3. Difficult migration; usually to be performed by the manufacturer. The special applications to be analysed can be assessed, for example, according to the information gathered and on the basis of the migration matrix.
Type Risk Migration scenario Terminal Usually negligible Not applicable Web Usually browser-dependent For example, ensuring standard conformity DOS Low degree of difficulty For example, DOS emulation, terminal server and replacement MS Access79 Average to high degree of difficulty For example: new development by possible; main risk areas: large developers (if applicable, Web, number, no documentation, no Access2WEB), emulation (WINE), manufacturer, very low degree of terminal server, replacement acceptance
79 In this context, internal developments (for example, C++, etc.) must be considered to be IT specialist applications which, by definition, are not considered in this study. These must be handled as an independent project. Page 81 Type Risk Migration scenario Others All levels of difficulty possible, For example: maintaining Office (templates, depending on the given situation; applications through emulation, macros, forms) main risk areas: number and porting to OpenOffice.org, complexity of macros replacement C/S Migration typically difficult. Porting by the manufacturer; Porting possible by the manufacturer options: web, emulation, only terminal server, replacement
Table 12: Price information summary, hardware/software – desktop PC
4 Analysis of the starting situation The analysis of the starting situation covers the hardware infrastructure (server, workplace terminals, network and printers) on the one hand and existing software services and systems for operating the IT landscape and supporting the business processes on the other. The following structure was found to offer good stock-taking80 support in a number of projects. • Server infrastructure • Client infrastructure • Network infrastructure • Print infrastructure • Server services • Standard software • Office • Special IT applications • Document templates 4.1 Server infrastructure The stock-taking of data concerning the servers used provides information whether migration is possible with the material available or whether new hardware will also be required. The following information (refer to Fig. 6) is necessary for this purpose: service / use, distribution, version, initial installation, total number, age (< 1 year, 1 to 3 years, > 3 years), investment costs, and/or acquisition/leasing and maintenance costs, respectively.
80 The examples of the different data gathering areas shown in the following examples can be downloaded from the Internet. Refer to: www.kbst.bund.de. Page 82 Computer centre infrastructure - server Name Service/use Distribution Version First-time installation aggregate Age in years Investment/costs Remarks < 11 - 3> 3 Totals
Fig. 6: Example of a server infrastructure data collection template
4.2 Client infrastructure Besides computers with up-to-date system environments, devices as old as 8 years (and the related system environments of the same age) are used, for example. Since certain migration scenarios have enormous implications in this area (new software products, for instance, require the acquisition of new hardware because the new products do not run on older system environments), the information to be compiled here has an important role to play. The existing clients can now be combined to form groups. In some cases, this was already carried out within the framework of stock-taking and recording of the related information in the fixed-asset accounts. Otherwise it would be possible to define sensible groups of clients which can be orientated mainly towards majorities of information to be gathered (refer to Fig. 6). The structure of such groups is as follows. Operating system, number of clients (APC) in the network, central installation, central administration, performance (for example: age > 5 - 8 years, processor < 100 MHz, memory < 32MB; age > 3 - 5 years, processor 100-400 MHz, memory < 64MB; age > 2 - 3 years, processor 400 - 700 MHz, memory 64 - 128 MB; age up to 2 years, processor > 700 MHz, memory > 128MB), input aids.
Computer centre infrastructure Desktop PC (DPC) [1]
Performance [2] ... of which … Number Data gathering area [3] Operating of DPCs Old 8 years 5 years 3 years 2 years central central Input aids Remarks system in the processor < 100 MHz 100 - 400 MHz 400 - 700 MHz, > 700 MHz network installation administration memory < 32 MB < 64MB 64 - 128 MB > 128 MB Totals APC-Kat. 1 APC-Kat. 2 APC-Kat. 3 APC-Kat. 4 Stand-alone PC
[1] DPC = Desktop PC [2] Please adapt the performance criteria to the given situation. [3] Please orientate and adapt the data capturing groups (in this case, referred to as "DPC cat. 1 to 4", for example) to your particular situation. Fig. 7: Example of a desktop computer data collection template
Page 83 4.3 Network infrastructure The existing network equipment (refer to Fig. 8) is the basis for interaction between clients and servers. When it comes to defining migration scenarios, this is an area that should not be neglected. • Network equipment o Ethernet o ATM o Token ring • Speed • Router • Switches
Computer centre infrastructure - Network Data gathering area Interfaces with Number of Number Number of Anzahl Product used Manufacturer Office Remarks sytems of licenses clients applications
Network infrastructure Network equipment - Ethernet - ATM - Token ring Speed Router Switches
Fig. 8: Example of a network infrastructure data collection template
4.4 Print infrastructure Printers supplement the hardware information so far gathered. Some software products are not compatible with all printer types. This means that the verification of potential migration scenarios also requires the gathering of printer data. The following information (refer to Fig. 9) is necessary for this purpose: total number, age (< 1 year, 1 to 3 years, > 3 years), investment costs, and/or acquisition/leasing and maintenance costs, respectively.
Page 84 Computer centre infrastructure - Printers Age in years Costs for Total Data gathering area < 1 1 - 3 > 3 Purchase Leasing Maintenance Remarks number Total costs
Totals Network printers Fax machines Network cards Graphic cards Acceleration Scanners Desktop printers Installation of drivers for desktop printers
Fig. 9: Example of a printer infrastructure data collection template
4.5 Server services This area concerns the central services provided by servers in the computer centre, such as: • Infrastructure services o File storage (file server) o Print services (print server) o Network services DNS DHCP WINS RAS VPN BOOTP
o Authentication services • System and management services o Software distribution o System and network monitoring o Data backup systems • Directory services o NDS o OpenLDAP • Messaging and groupware • Terminal server • Document management systems
Page 85 Stock-taking is broken down into the following elements (refer to Fig. 10): number of systems used, operating system, product used, manufacturer, number of licenses, number of clients, interfaces with Office applications.
Computer centre infrastructure - Central server services Data gathering area [1] Interfaces with Number of Operating Number of Number Product used Manufacturer Office Remarks systems used system licenses of clients applications Infrastructure services File storage (file server) Print services (print server) Network services - DNS - DHCP - WINS - RAS - VPN - BOOTP … Authentication services System and management services Software distribution System and network monitoring Data backup systems Directory services NDS OpenLDAP Messaging & groupware eGroupware Terminal server Document management systems
[1] Please orientate and adapt the data capturing groups to your particular situation. Fig. 10: Example of the server infrastructure services data collection template
4.6 Standard software Standard software often accounts for a significant share in software licenses. Information on the products used and/or licensed here is gathered on the basis of the following structure (refer to Fig. 11): manufacturer, purpose, licenses (current quantity, quantity needed in future), present and future costs (licenses and maintenance/updating).
Standard software
Licenses Costs today Costs in future Quantity Name Version Manufacturer Purpose in future Licenses Insurance Licenses Insurance Remarks today Acrobat Reader Mozilla Open Office Outlook WinZip Access Excel Poweroint Word
Fig. 11: Example of a standard software data collection template
4.7 Document templates and macros Document templates (for word processing, spreadsheet, etc. applications) and macros are an important factor for migration costs. This is an area where significant obstacles
Page 86 often exist in practical life, because overviews of these documents are often not available. Besides server-based files, this concerns, in particular, the files on the users' desktop PCs. Depending on the quality and acceptance of standard processes, if any, for process support, users either make use of such standard processes or create their own macro applications on their PCs (depending on their respective programming skills). In order to ensure the success of a migration project for the entire organization and, above all, acceptance of the project by the respective users, this aspect must be mastered. This means that a determined effort should be made in order to identify the document templates and macros and to classify these according to the system proposed below (refer to Table 13).
Documents Classification
Document templates Low degree of complexity, preparation time < 0.5 days
Average degree of complexity, preparation time 0.5 to 2 days
High degree of complexity, preparation time 2 to 4 days
Very high degree of complexity, preparation time > 4 days
Macros Low degree of complexity, preparation time < 0.5 days
Average degree of complexity, preparation time 0.5 to 2 days
High degree of complexity, preparation time 2 to 4 days
Very high degree of complexity, preparation time > 4 days
Table 13: Classification of document templates and macros
Office - Document templates and macros Data gathering area Document templates Macro applications Complexity of creation Complexity of creation low average high very high low avarage high very high Total Program Directory Quantity number < 0,5 0,5 - 2 2 - 4 > 4 < 0,5 0,5 - 2 2 - 4 > 4 Remarks of days Word
Excel
PowerPoint
Access
.. Other ..
Vital, productive … Fig. 12: Example of an Office data collection template
Page 87 4.8 Special IT applications The same considerations apply to special IT applications which are also relevant for document templates and macros. The purpose of these methods is to support users in their day-to-day work. If migration offers an opportunity to improve this in several ways (if new or re-programming is necessary, for example), users will automatically accept the projects. Otherwise the existing standard must at least be restored after migration. Special applications should be recorded in information clusters as follows:
Architecture Users Client/server operating systems
Database systems Application server User administration
Administration of rights Interfaces Hosting
Development of processes and Characteristics Outlook methods
Costs Remarks
Table 14: Information cluster for stock-taking special IT applications
The same considerations apply to special IT applications which are also relevant for document templates and macros. The purpose of these methods is to support users in their day-to-day work. If migration offers an opportunity to improve this in several aspects (if new or re-programming is necessary, for example), users will automatically accept the projects. Otherwise the existing standard must at least be restored after migration. Special applications should be recorded in information clusters as follows: • Architecture and users • Client/server operating systems, database systems and application servers • Administration of users/rights and interfaces • Hosting, development of applications and characteristics • Outlook, costs and remarks
4.8.1 Architecture and users The architecture should be differentiated in terms of single-layer and 2 to n-layer architectures. Possible description criteria of 2-layer and multiple-layer architectures are: client/sever, terminal, host and web. The number of users per special IT application provides information on the dissemination of an application. The number of users as a percentage of the total number of users helps set priorities. Aims and boundary conditions must once again be considered at this point. It is conceivable that applications which are used by very few users only are nevertheless strategically very important and must hence be automatically given a high priority. With regard to the users, the data to be gathered should include information on an application's sphere of use in the public agency, on the total number of users per Page 88 application, on the number of users in the individual departments and on whether the application is used by multiple departments. (Refer to Fig. 13).
Special IT applications 1 - Architecture and users Description Architecture User 1 2-/n-tier Total Used in Departments Specialist departments Product name TierC/STerm.HostWebnumber department 12345678910111213141512345678910 Summen
Fig. 13: Example of an "IT applications – architecture and users" data collection template
4.8.2 Client/server operating systems, database systems and application servers At this point, information on operating systems, databases and application servers is to be compiled and on the operating system / product version under which the different IT applications can run and/or are used in the organization. To this effect, a structure should be adopted which reflects the following, currently used, operating systems (refer to Fig. 14: Windows NT, Windows 2000/ 2003/ XP, Linux and Unix.
Description Client operating system(s) Server operating system(s) used available used available Product name Windows Linux Unix Windows Linux Unix Windows Linux Unix Netware Windows Linux Unix Netware NT XP NT XP NT XP NT XP Total
Fig. 14: Example of an "IT applications – architecture and users" data collection template
Special IT applications 22 - Database systems, application server Description Database systems Application server used available used available Product name Windows Linux Unix Windows Linux Unix Windows Linux Unix Windows Linux Unix NT XP NT XP NT XP NT XP Total
Fig. 15: Example of an "IT applications – database systems and application server" data collection template
Page 89 4.8.3 Administration of users/rights and interfaces With regard to the administration of users and rights (refer to Fig. 16), it should be determined whether it has a directory service or other elements within the application. Interfaces can exist with other IT applications, standard software, document templates and macros. In the latter case, the question arises as to how complex the application is, hence refer to Table 13.
Special IT applications 21 - Client/server operating systems, database systems and application servers Description Administration Interfaces Users Rights/privileges with document templates to makros to other to standard low avarage high very low avarage high very Complexity Product name via via IT methods, software, high high within the directory within the directory name of name of the Creation < 0,5 0,5 - 2 2-4 > 4 < 0,5 0,5 - 2 2-4 > 4 application service Other application service Other the method method time [1] Total
[1] Creationen time in day Fig. 16: Example of an "IT applications – administration of users/rights and interfaces" data collection template
4.8.4 Hosting, development of applications and characteristics In the case of IT applications not owned by the organization, information is necessary regarding responsibility for and operators of the respective applications (hosting by an external provider, external department/unit, own IT department). Data on the development of applications (refer to Fig. 17) should provide information concerning the cost framework of an application. The following questions must be answered to this effect: Was the application developed internally or externally, what is the development input in terms of internal and external man-days and the related costs, what is the product description (name and version) and who (company, department) can provide support? The following information on characteristics is important should re-programming become necessary: degree of complexity, requirements for availability and support requirements (rated as high, average and low in each case).
Page 90 Special IT applications 4 - Responsibility, development, hosting, characteristics Description Hosting Process development Characteristics Type Input Development environme Complexity Requirement Process Process owner Support input [1] Costs Days Days Product Support Availability Product name responsibility A B C internel Version by: high average low high average low high average low internal external Total
[1] e = internal, f = external Fig. 17: Example of an "IT applications – hosting, development of applications and characteristics" data collection template
4.8.5 Outlook, costs and remarks The outlook (refer to Fig. 18) is designed to supply information on the future of the application (for example, discontinuation, updating or replacement with another product). In the case of applications which are not yet available under Linux, the question is whether this is planned in future. Platform independence and, most recently, SAGA conformance too are important criteria in this context. With regard to costs, annual figures are recorded for the following cost types: internal and external support, licenses (from internal allocations and/or external licenses), rent, maintenance, training, others.
Special IT applications 5 - Outlook, costs and remarks Description Outlook Costs Product Support Licenses Remarks Brief description Discont name Replace Linux Platform Total Internal External internal external Rent Maintenanc Training Others Updating inuatio ment availa independ costs in Euro in Euro allocations licenses n bility ence p.a. p.a.
Summen
Fig. 18: Example of an "IT applications – outlook, costs and remarks" data collection template
5 Economic efficiency according to WiBe 5.1 Introduction
5.1.1 Structure and procedure of WiBe for migrations
5.1.1.1 Structure of WiBe for migrations The economic efficiency analysis presented within the scope of this document is based on the methodology issued by the Co-ordinating and Advisory Agency of the Federal Government for Information Technology in the Federal Administration (KBSt) for determining the economic efficiency of migration measures.
Page 91 The current WiBe for migration measures is based on the evaluation methods and criteria of WiBe 4.081 and of the IT update82 of KBSt the contents and methods of which were adapted to the specific situation and elements of migration measures or which were further developed if necessary83. The fundamental structure of the WiBe has been left unchanged. Extended economic efficiency is evaluated in addition to the evaluation of the economic efficiency in monetary terms. Monetary economic efficiency is made up of the evaluation of • development costs / introduction costs and benefits • operating costs and operating benefits. As far as the criteria of extended economic efficiency are concerned, the criteria group of the "determination of external effects" was omitted (compared to the make-up of WiBe 4.0) because this group of criteria has no or only an insignificant role to play in conjunction with migration measures. Extended economic efficiency hence includes a qualitative evaluation of the • urgency of the migration measures and • quality/strategy criteria.
5.1.1.2 Questionnaires in order to identify the actual and target states in advance of WiBe As a new feature of the WiBe approach as it has been so far known, the WiBe for migration projects is preceded by two questionnaires which are designed to clarify specific migration questions in advance of the real WiBe process. On the one hand, a questionnaire was developed for the qualitative assessment of the actual status which is designed to identify the concrete need for action for a migration project. On the other hand, a questionnaire was developed which focuses on the qualitative assessment of the target status. The second questionnaire can be used in order to examine potential migration alternatives with a view to whether these should be generally pursued further. Both questionnaires offer orientation and assessment guidance for migration alternatives and scenarios in advance of the real WiBe process.
5.1.1.3 Procedure within the scope of monetary and non-monetary WiBe If the quantitative analysis of the questionnaire concerning the actual status shows that there is concrete need for action with regard to the implementation of a migration project, the economic efficiency of the project must be evaluated during the planning phase by reference to the monetary and non-monetary economic efficiency criteria described in the following. The following must be considered in this context:
81 Recommendations on economic efficiency assessments at the federal administration, in particular, in conjunction with the use of IT, WiBe 4.0, August 2004. 82 Hinweise und Empfehlungen zur Durchführung von Wirtschaftlichkeitsbetrachtungen bei IT- Update- beziehungsweise Umstellungsvorhaben auf Grundlage der IT-WiBe-97 [Tips and recommendations – on economic efficiency assessments in conjunction with IT update and/or migration projects on the basis of the IT WiBe-97], November 2000. 83 For an overview of the revised criteria, please refer to Figs. 25 to 30 in the appendix. Page 92 • The observation period of the WiBe should refer to the project implementation time and a suitable subsequent use period. The observation period can deviate from the value of 5 years which was recommended in former WiBe versions because periods of more than 5 years are / can be justified in the case of strategic migration measures. The period of use (operational use) of 5 years stated in previous technical concepts is not an absolute requirement but more an orientation value. Justified deviations are permitted84. • Foreseeable technical or process changes and the resultant potential benefits must be evaluated in separate alternatives. If several technical solutions are possible for a migration project, this means that the economic evaluation should be carried out according to separate alternatives. Since different technical solutions can also have different effects on the processes, different potential benefits are likely to arise from the different alternatives. • Technical modifications and/or new features may be regarded as "nice to have" functionalities. The question then within the scope of migration is which functionalities are really required for the job in question. • An economic efficiency evaluation for migration measures does not cover the aspect of process optimization. If the user includes a complete process analysis with the migration project or if a complete process analysis is necessary, this must then be carried out as a separate measure. • This means that the potential benefits to be included in the WiBe must be agreed to. Potential benefits can be derived from the components (manpower, services, hardware, software, etc.). An analysis of process optimization is generally not included within the framework of migration measures. This can be additional effects from other measures. Budget information becomes relevant within the scope of the monetary evaluation, i.e. costs and revenues and/or savings which are set off against each other and thereby provide the project benefits. A capital value is then ultimately calculated on this basis. If the net present value is positive (i.e. if savings (or revenues) exceed expenditure) this then leads to a recommendation to implement the migration measure85. In order to limit the risk of future budget values, WiBe 4.0 for migration measures offers the possibility to identify risk factors for the individual criteria which ultimately reduce the net present value. A cost analysis with a view to the introduction of new technologies must generally differentiate between a new introduction and the migration of processes and systems. As a general rule, one can say that a new introduction is usually simpler and cheaper than migration where different, sometimes historically grown architectures must be replaced
84 In the case of major IT measures with several years of development, it may be advisable to increase the 5-year period by this development time.Infrastructure projects (such as the installation of cabling systems in buildings) may justify even longer periods.If, however, it is foreseeable and justifiable from the outset that the life of an IT measure will be less than 5 years, a shorter time horizon is mandatory for the IT WiBe. 85 Refer to WiBe 4.0 – Recommendations on Economic Efficiency Assessments in the German Federal Administration, in Particular with Regard to the Use of Information Technology, version 4.0 – 2004, pp. 71 seq. Page 93 and data migrated without disrupting operations to a larger extent and without losing data of the former application. As any migration method is always dependent on its starting situation, it is hardly possible to make any generally valid and all-encompassing statements concerning its cost. Whilst migration is in some cases possible without any problems and almost without any additional cost, the existence of user-developed applications to be migrated, the transfer of legacy data, special user and access privilege structures or other special features may generate substantial project costs which must be evaluated from case to case, also taking criticality aspects of the particular public agency concerned into consideration. If no economic efficiency can be achieved in monetary terms (expenditure exceeding savings), the WiBe for migration projects has the two additional areas of extended economic efficiency (urgency criteria, quality/strategy criteria). These corresponding criteria are weighted in the form of benefit analyses which yield a score of between 0 and 100 for each of these two areas. In the case of a negative net present value of the migration project, the implementation of the IT measure can be recommended with a high score86.
5.1.2 Actual status questionnaire The exemplary questions (aa to ag) below should be used as a basis for checking whether there is a concrete need for a migration project to be carried out. The answers to the individual questions should be generally explained in writing and documented in a suitable manner (before the real WiBe). Possible results of the answers to the questions concerning the actual status are: • Migration is possible. Requirement: A WiBe must be carried out in order to make a detailed decision. • Migration is not necessary, so that no WiBe is needed.
The questions in detail: aa) Support continuity for the old system • Is support still available for the old system? (Manufacturer, alternative suppliers/providers, hardware, own staff) ab) Stability of the old system – defects and failures (downtime) • Do defects and downtime increasingly occur? • Do these lead to noticeable impairment of work completion?
86 Refer to WiBe 4.0 – Recommendations on Economic Efficiency Assessments in the German Federal Administration, in Particular with Regard to the Use of Information Technology, version 4.0 – 2004, pp. 80 seq. Page 94 • Is the completion of work affected to such an extent that work results and deadlines are not achieved or with difficulty only? • Are defects and failures, if any, above the tolerance levels agreed to in the service level agreements? (In your explanation, please specifically address frequency and causes). ac) Stability of the old system – maintenance problems, manpower bottlenecks • Will the operation of the old system at present or in the short to medium term foreseeably lead to greater service and maintenance requirements or must serious service and maintenance problems be expected? • Does this involve manpower bottlenecks (for example, with a view to personnel qualification, legal situations)? ad) Flexibility of the old system – limits of further development / expansion • Is the further development and/or expansion necessary no longer possible? ae) Flexibility of the old system - interoperability, present/future interface problems • Are any interfaces needed not available? af) Flexibility of the old system – operability and ergonomics (user-friendliness) • Are there major shortcomings in terms of operability and ergonomics which materially affect users in their work? ag) Fulfilment of data protection/security requirements • Are there any security shortcomings which adversely affect operations?
5.1.3 Requirements for the target situation The exemplary questions (ba to bj) below should be used as a basis for checking potential migration alternatives in order to determine whether the alternatives in question should be pursued further. The answers to the individual questions should be generally explained in writing and documented in a suitable manner (before the real WiBe). Possible results of the answers to the questions concerning the target situation are: • Different realistic migration alternatives exist which are suitable for the specific situation. Requirement: A separate WiBe must be prepared for each alternative and a comparative calculation must be performed in order to define priorities. • There is only one realistic migration alternative which is suitable for the specific situation. Requirement: This requires an additional description which answers the question as to why no alternative exists. A WiBe must then be prepared for this single option.
Page 95 The questions for the target system in detail: ba) Dissemination / availability of training • Does the agency's own staff have sufficient knowledge? • Is trained personnel available on the market? • Are qualified training and further training programmes available on the market? Explanation: If qualification or recruitment measures are necessary, these will generate costs which must be considered in the monetary part of the WiBe KN. bb) Market penetration • What is the degree of market penetration of the software? • Which conclusions can be drawn from this? Explanation: This aspect refers to the market share of the software to be used. Shrinking or obsolete market penetration poses the risk that the software and/or its further development will be discontinued. Furthermore, good market penetration suggests a high degree of acceptance and/or the intensive use of the software which, by on the other hand, promises the continued existence of the software. Given sufficient market penetration of the product(s), one can generally assume sufficient investment security. bc) Software certification • Is certification required? • If so, is the software certified? Explanation: The purpose of this question is to check whether the software to be used complies with statutory and/or agency-specific or industry-specific requirements or whether such compliance must be organized by the user organization itself. In the former case, the manufacturer/supplier of the software ensures its certification, so that no further costs are incurred. In the latter case, the user organization must ensure certification in order to cover its business processes. In this case, the user organization itself incurs costs that cannot be calculated on a general basis. bd) System management tools • Are system management tools (for example, admin tools) available for the software? Are these required? Explanation: Administration of the software products to be used is sometimes not very user-friendly or even difficult. This aspect focuses on tools which perform or support the administration of tables and master data. Suitable system management tools can increase volume and quality and optimize the use of resources. If this is not the case, the increased costs of specialist staff must be taken into consideration in the WiBe KN.
Page 96 be) IT security • Which security level is required according to the IT baseline protection catalogues87 ? Explanation: It must be examined whether the migration alternative in question fulfils the applicable security requirements, for example, with a view to communication security, application safety/security and failure safety. bf) User-friendliness of the software • Are there, for example, graphic user interfaces, understandable error dialogues, German menu texts within the scope of the user-friendliness of the software. Explanation: The concrete user group must be taken into consideration when answering these questions. bg) Scalability • Are there any requirements concerning scalability of the software, for example, with a view to the number of users? bh) Flexibility • Development to include necessary and/or foreseeable specialist and technical requirements, such as mobile computing? bi) Interfaces • Are the interfaces which are necessary or which can be expected available? bj) Documentation • Are documentation and manuals available in an adequate form and format? 5.2 Economic efficiency in monetary terms
5.2.1 Systematics Evaluations of economic efficiency in the federal administration are subject to section 7 of the Federal Budget Code (§ 7 BHO) and the administrative regulations enacted under this which mainly consider economic methods (refer also to chapter I.C 3, "Methodological principles"). In order to adapt these regulations to the specific requirements of information technology, the Co-ordinating and Advisory Agency of the Federal Government for Information Technology in the Federal Administration (KBSt) already issued an administrative directive in 1992 titled "Empfehlung zur Durchführung von Wirtschaftlichkeitsbetrachtungen beim Einsatz der IT in der Bundesverwaltung (IT- WiBe) (recommendations on economic efficiency assessments for IT systems)“. A completely revised edition was issued in 2004. The WiBe includes three major steps as follows.
87 Refer to the IT Baseline Protection Catalogues of the German Federal Office for Information Security (BSI), http://www.bsi.de/gshb/deutsch/index.htm, 2006 revision (8th supplement). Page 97 • Identifying influence variables (selecting criteria) • Gathering/evaluating data • Determining key performance indicators
Step 1 Step 2 Step 3
Calculate1) Calculate1) profitability Collect Assess profitability with risks data risks KN KN / R Cost/ profit
Cost/ profit / risk monetary
determine 2) influencing Collect Assess Calculate Urgency data criteria D variables
Collect Assess Calculate2) qualitativ/ strategic . data criteria weight Q
2) Collect Assess Calculate External effects nonmonetary data criteria E
⇒ Verified ⇒ Consistent ⇒ Key indicators criteria data structure 1) Net present value method, 2) Value benefit analysis Fig. 19: Methodology of the "Migration" WiBe
5.2.1.1 Specific catalogue of criteria for migration projects The specific catalogue of criteria for migration projects is the underlying pattern for the WiBe for migration projects. The catalogue contains all the criteria to be considered within the scope of a WiBe of this category. The catalogue of criteria is your tool for recording and assessing the effects of your measure. The measure will have costs and benefits which can be quantified in monetary terms (1st effect dimension; economic efficiency in a monetary sense). The urgency (2nd effect dimension) of the measure can vary, and the measure can vary in terms of its qualitative and strategic importance (3rd effect dimension).
5.2.1.2 Economic efficiency in a monetary and in a broader sense Costs and benefits which can be quantified in monetary terms (WiBe KN) represent economic efficiency in a monetary sense. The urgency (WiBe D) and the qualitative and strategic importance (WiBe Q) of the measure are considered in determining its extended economic efficiency. The compilation of costs and benefits in the WiBe KN is based on the net present value method in order to give adequate consideration to the development of costs and benefits over time. The calculation of urgency and qualitative and strategic importance in the WiBe D and Q is based on the benefit analysis as a standard method for assessing qualitative factors.
Page 98 This short overview constitutes a complete list of the WiBe modules. The method itself and its individual phases are described in detail together with additional application and implementation information. A complete overview of the monetary criteria as well as the assignment of costs/benefits to the "budget-relevant" and "not budget-relevant" categories can be found in the tables in the appendix.
5.2.2 Criteria of economic efficiency in monetary terms Criteria group 1 development costs / introduction costs and benefits Group 1 of the catalogue of criteria covers the development costs and development benefits which will occur prior to the introduction of an IT measure. The real development costs (criteria group 1.1) may be confronted by monetary benefits due to the replacement of the old, former process (criteria group 1.2). → It is essential to split up all the monetary figures into a budget-relevant and a non- budget relevant portion. Please generally note for all individual monetary criteria: • In as far as it is not possible to numerically quantify a criterion with sufficient precision, this criterion will affect both the WiBe KN and the supplementary WiBe KN/R ratio. With regard to data capturing, a "plausible and well-founded" approach must be presented which is included as the "probable estimate" in the monetary economic efficiency assessment (WiBe KN). Any increases in this estimate which can happen under worst-case conditions must be entered as a risk markup for the risk estimate (WiBe KN/R). • In as far as effects related to a monetary benefit criterion (savings) can be described in qualitative terms only, no monetary value is to be entered for this criterion. Instead, the qualitative effect must be considered in the assessment of the related qualitative and strategic criterion in the WiBe Q (usually in sub-groups 4.2, 4.3 or 4.4). Criteria group 1.1 Determination of development costs Development costs are incurred before the (or completion, respectively) of the new IT measure and end when the IT measure is officially handed over to its user organization units for use. Any costs incurred thereafter constitute operating costs according to group 2 of the catalogue of criteria. Migration of a complete landscape also includes the specialized applications which become necessary for new developments or re- programming. These activities must be considered as "development costs". Migration of migration objects typically requires no development costs, but costs for introduction. In order to underline these circumstances, the "development cost" criterion is amended by the term "Introduction".
Page 99 Criteria group 1.1.1 Planning and development costs This item covers all budget-relevant costs as well as any costs with no immediate budget relevance which are related to the preparation, planning and development of the IT measure. Examples of this in the narrower sense are the personnel costs of the agency's own project team as well as costs of external consultants. Examples in the broader sense are special training courses for those involved in the IT measure as well as technical equipment, if any, and travel costs. The costs of system support and maintenance/updating following its introduction do not constitute planning and development costs. Any such costs must be recorded as operating costs (i.e. group 2 criteria). The costs (types) must be generally considered in the WiBe in the sense of a full cost analysis: all the cost (types) must be considered and calculated no matter whether or not separate funds will have to be applied therefor in the budget.
Criterion 1.1.1.1 Personnel costs (own personnel) Presentation of costs - not budget-relevant Expenditure for own personnel during the project phases. The costs of the agency's own personnel (the working time of those involved in the IT measure) must be quantified indirectly. This requires a project plan/budget which indicates the "man-days" planned for the officers. By reference to the personnel rates88 (published by the Federal Ministry of Finance), you can convert this time information to personnel costs of the IT measure. The development of the organizational/technical design concept and the definition of requirements for system selection will be the major factors determining the necessary personnel costs. Visits to reference installations and tests must also be considered, if applicable, in this context. When planning the man-day requirement, please also remember the need to ensure interoperability even beyond your own agency, and carefully check and calculate the time required to this end. Neglecting the internal ("imputed") personnel costs would distort the economic efficiency assessment. Consideration of these costs is mandatory. A project plan with a structure corresponding to that of the migration phases and their individual activities facilitates the calculation of costs (refer to Table 9 and Figs. 4 and 5). In the interest of simple classification, costs should be budgeted separately for the different remuneration groups. Although this may appear to be too detailed, it has often been found in practical use that detailed planning facilitates subsequent understanding on the one hand as well as progress monitoring which begins during the implementation phase on the other. If this is neither possible nor desired, the average value should be calculated for the remuneration groups involved on a pro-rata basis which can then be used as a uniform weighting factor for the personnel cost components. The method applied to this effect should be described in the Assumptions and premises (refer to chapter 3.1.2).
88 Information concerning personnel rates can be downloaded from the website of the Federal Ministry of Finance at: www.bundesfinanzministerium.de – key word: Personalkostensätze [personnel cost rates] Page 100 An alternative approach would be to compile these costs on the basis of the required project team members. The share of the working time of the personnel involved in the project team should then be estimated in this case. In both cases, the costs can be determined on the basis of the remuneration groups as stated in the circular by the Federal Ministry of Finance. The full amount determined must be generally recorded under the "non-budget relevant" heading.
Criterion 1.1.1.2 Costs of external advisors Presentation of costs - budget-relevant The costs of external advisors can be found more or less directly in the relevant contracts and agreements. Please note that this criterion may in some cases overlap with criterion 1.1.2.2. If external consultants are commissioned with aspects of the technical concepts as well as with software-related concepts and if a pro-rata distribution is neither possible nor makes sense, the costs must then be shown under criterion 1.1.1.2. The gross principle must be applied, i.e. the costs of external advisors also include any ancillary costs (such as travel cost refunds, statutory value-added tax, etc.). This is where external personnel costs are shown. In this case too, the project plan serves as the basis. In the interest of easier assignment, the costs should be budgeted separately according to suppliers. The full amount determined must be generally recorded as "budget-relevant".
Criterion 1.1.1.3 Costs of the development environment Presentation of costs - budget-relevant Under this criterion, all the costs are to be shown which are incurred in conjunction with the acquisition of hardware and software for the developer team. Purchases of hardware and software for testing are also covered by this criterion. The costs of the development environment in the broader sense also include the costs resulting from the necessary configuration management and/or generally from the federal government's procedure model. If existing hardware and software are used (for all or part of the work), it is not necessary to calculate such pro-rata (non-budget relevant) costs. In as far as costs of external training for the officers involved in the IT measure are incurred, the pure training costs ("seminar fees") must be recorded under this criterion. The full amount determined must be generally recorded as "budget-relevant".
Page 101 Criterion 1.1.1.4 Other costs of physical resources / auxiliary resources Presentation of costs - budget-relevant and/or not budget-relevant The costs of physical resources / auxiliary resources include (in analogy to the previous criterion) costs of materials, auxiliary resources and equipment necessary to support the officers involved in the IT measure. If existing hardware and software are used in this context (for all or part of the work), it is not necessary to calculate such pro-rata (non- budget relevant) costs. The full amount determined must be generally recorded as "budget-relevant". In as far as internal cost rates are available for existing space, such costs must be included as "non budget-relevant" in the WiBe. If suitable space must be rented for project officers, the resultant costs must be recorded as budget-relevant.
Criterion 1.1.1.5 Travel costs (own personnel) Presentation of costs - budget-relevant The travel costs (own personnel) criterion includes all costs for travel, accommodation and daily allowances for the project team members89 (for example, visits or information trips to other public agencies or suppliers) which are incurred in conjunction with the preparation and implementation of the migration project. The full amount determined must be generally recorded as "budget relevant". It should, in particular, be examined whether travel costs are justified at all: Almost every provider and supplier today offers a host of information via the Internet, so that selective planning of information visits is possible.
Criteria group 1.1.2 System costs This item covers any budget-relevant as well as not directly budget relevant costs related to the production (provision) of the necessary hardware and software. These costs do not include the costs of the real system introduction. These costs must be recorded separately in criteria group 1.1.3. It must be decided whether the IT measure replaces an existing IT system and whether this generates once-off expenditure for the old system. Any such imputed "residual values" must be additionally recorded under criterion 1.1.2.1 (proceeds, if any, from sales must be recorded at a later stage under criterion 1.2.2).
Criteria group 1.1.2.1 Hardware costs Direct monetary quantification of hardware costs (and the pertinent costs of system accessories and/or materials) is usually possible. Offers and/or orientation values from the different suppliers are also available in this respect in the preliminary study.
89 Travel costs include, for example, costs of airline tickets, rail tickets, public transport, mileage allowance, taxi and parking costs, etc. Page 102 This criterion is broken down in terms of host/server, network operation (1.1.2.1.1) and workstation computers (1.1.2.1.2). In as far as your organization plans to install larger quantities of workstation computers in forthcoming years, we recommend using flat-rate costs for this purpose in order to simplify and standardize the calculation in the individual WiBes. The amount determined must be generally recorded as "budget relevant". For each of the migration alternatives, it must be examined whether the existing hardware can still be used or whether a longer useful life can be expected for one of the alternatives.
Criterion 1.1.2.1.1 Host/server, network operation Presentation of costs - budget-relevant A migration project is usually planned against the background of a need for comprehensive hardware replacement. This means that migration always generates hardware expenditure. This can, for example, include the database server, application server, firewall, web applications, infrastructure / network, router, printers (if at the server end), etc.
Criterion 1.1.2.1.2 Desktop PCs / clients Presentation of costs - budget-relevant New investment can also be necessary in the case of desktop PCs. The related costs (for PCs, notebooks, printers, etc.) must be recorded under this criterion.
Criteria group 1.1.2.2 Software costs In the case of software produced by or obtained from external suppliers, direct monetary quantification is possible and the costs can be fully recorded as budget relevant. In as far as software is developed internally by your organization, please check whether you have already recorded these costs under item 1.1.1.1 (personnel costs, own personnel). Otherwise the software costs must be calculated indirectly. Multiply the necessary man- day input of software developers by the applicable personnel cost rate (rather than recording the costs as non-budget relevant). At the beginning of the IT measure, you will have to rely on estimates unless you can make use of empirical values from comparable IT measures. However, make sure to avoid "polished-up" figures: system development estimates often turn out to be over-optimistic. This criterion is broken down into real development costs (1.1.2.2.1; core of the IT measure), cost of adaptation of other software and interfaces (1.1.2.2.2) and cost of software evaluation, certification and quality assurance (1.1.2.2.3). It should be noted that added functionalities which are not used are not considered in the WiBe.
Page 103 Criterion 1.1.2.2.1 Costs of the development and acquisition of software Presentation of costs - budget-relevant The costs of licenses, rent and/or purchase are shown here. Open source software is usually not subject to license fees because the copy obtained can be lawfully multiplied and distributed. When compared to proprietary software, this offers a significant cost saving potential which can be calculated on the basis of the workplaces concerned.
Criterion 1.1.2.2.2 Costs of modification of software and/or interfaces, drivers Presentation of costs - budget-relevant If software modification is necessary, the related costs can be recorded here, irrespective of whether such costs concern man-days90 or fixed-price contracts. In the case of OSS projects, you are free to select the supplier when it comes to adapting interfaces, drivers, etc. – the transparent competitive situation can generate more favourable offers.
Criterion 1.1.2.2.3 Costs for evaluation, certification and quality assurance Presentation of costs - budget-relevant This item covers any budget-relevant as well as not directly budget-relevant costs related to the testing of software with regard to its suitability for the specified purpose. Furthermore, this item also covers the costs of software certification, if necessary, by an authorized company or organization, costs of preparing a list of defects and nonconformities, as well as the costs of rework or trouble-shooting (unless such costs are covered by guarantee and support services or considered in other criteria of the IT WiBe). (Costs of software adaptation necessary on a local basis are covered by criterion 1.1.2.2.2; consultancy services which are offered as a "bundle" together with the software are covered by criterion 1.1.3.2.)
Criteria group 1.1.3 Costs of system introduction This item covers all budget-relevant as well as all costs which are not directly budget relevant which refer to the change from the old process to the new IT measure and which ensure that the new IT measure can be used by the users without any restrictions.
90 Internal man-day costs must be determined on the basis of the method described earlier. This determination is based on the project plans and the man-days are weighted with the applicable cost rates. The premises and assumptions determine whether an average internal rate or remuneration rates are used as a basis. Page 104 These costs do not include the costs of ongoing support and maintenance/updating of the system after the introduction phase; such costs must be recorded later as ongoing operating costs according to criteria group 2.2.3.
Criterion 1.1.3.1 System and integration testing Presentation of costs - budget-relevant / not budget-relevant Prior to accepting the system, it must be checked whether the required functionality is provided. Application-orientated testing of the interfaces is particularly recommended if different system components are to be integrated within the scope of the system solution. Interoperability (in particular, with other public agencies) must be ensured. This means that a simple and reliable solution must be in place for the reciprocal use of information. In the case of a "hybrid" form of different proprietary software products or open source software and proprietary software, this examination will be more difficult and will require more time.
Criterion 1.1.3.2 Costs of system installation Presentation of costs - budget-relevant All the personnel costs other than those covered by 1.1.1.1 as well as all material costs related to the installation of the new method/process must be shown under this criterion. Material costs in conjunction with the system installation result, for example, from the acquisition of tools for software distribution. In the case of a complex installation, it should be checked whether the installation routine can be automated; this will lead to significant time savings compared to individual installation.
Criterion 1.1.3.3 Import of existing data Presentation of costs - budget-relevant / not budget-relevant Data imports are necessary during the course of a migration project. The related costs must be budgeted here. Stock-taking of the given situation provides a basis for assessing the related activities. These can be expressed in man-days or as fixed-price offers from external suppliers offering import or adaptation services for special data areas. In the case of this criterion, it should be checked to what extent the new application software is able to read the former data formats or whether additional development work will be necessary, including the related (budget-relevant or not budget-relevant) costs. In the case of OSS with its disclosed interfaces, different service providers "competing with each other" can be generally commissioned with the adaptation and/or expansion work. Manual re-work following the import of existing data must also be taken into consideration. For this purpose, you will have to apply a suitable scale in order to determine the data volume and derive the costs. If the application(s) concerned is/are
Page 105 offered both in the present (proprietary) operating system and in the OSS operation system, the costs of importing the data are likely to be moderate.91
Criterion 1.1.3.4 Initial training for users and IT specialists Presentation of costs - budget-relevant / not budget-relevant The costs of initial training for users and IT specialist staff can be quantified exactly for each participant in external training programmes. If special certification costs (for example, by the software manufacturer) are incurred for IT specialists, these costs must then also be considered under this criterion. In this case too, budget-relevant and non-budget relevant cost shares must be distinguished. According to the full cost approach, these include not just seminar fees and ancillary costs (business travel, accommodation), but also personnel costs of the time of absence from the job. In the case of larger public agencies, flat rates should be calculated for internal training programmes, representing the training costs per training programme type and training day and, together with the personnel costs of the applicable salary grade or remuneration group, expressing the total training costs. The initial costs of training or IT specialists in conjunction with migration to OSS cannot be expressed by a flat amount. Training is usually provided externally and thereby generates budget-relevant costs the amount of which can be determined by comparing offers from different providers. Identical qualification and training targets must be identified for all migration alternatives. Costs related to working time lost during staff training must also be budgeted here. Costs of this kind are not budget-relevant.
Criterion 1.1.3.5 Familiarization costs of users and IT specialists Presentation of costs - budget-relevant / not budget-relevant Familiarization costs of users are always incurred if a transitional familiarization phase is necessary (despite initial training). In the case of new software, users will not be able to immediately use all functions with the desirable routine. During an initial phase, this means reduced work output (in quantitative terms). These familiarization costs (which vary from individual to individual) are difficult to quantify. It is hence not possible to make any generally valid statements. Experience shows that this criterion is seldom used even though it is relevant in almost all cases. This criterion can be generally relevant in the case of first-time use of new interfaces / user interfaces in the client area: temporary reductions in performance are possible here.
91 Please also check in this context whether other public agencies have already ordered the corresponding conversion tools. If such tools are OSS, your public agency can use them at no cost. Page 106 Criterion 1.1.3.6 Other costs of adaptation/change Presentation of costs - budget-relevant / not budget-relevant Other migration costs can be covered by this item. It is important to clearly state the reasons and/or to comment on the individual cost components. It should also be sufficiently checked whether the cost items to be posted could not also be considered within the specific monetary criteria of the WiBe.
Criteria group 1.2 Development/introduction benefits due to replacement of the old process The term "development benefits" in this context represents the benefits which can be quantified in monetary terms and result from the (agency-wide) application of the IT measure. Development benefits end when the IT measure is officially handed over to the user organization for its use.
Criterion 1.2.1 Once-off cost savings (avoidance of maintenance/upgrading costs of the old system) Presentation of costs/benefits - budget-relevant / not budget-relevant Development benefits initially reflect the relatively rare case of savings which can result from the fact that the IT measure helps avoid investment in the existing system. In as far as investment and/or maintenance costs are finally earmarked or technically inevitable for the old system, these sums can be regarded as savings. • Material and operating costs of maintenance include, for example, future replacement investment in hardware components, etc. Material and operating costs of upgrading include, for example, the purchase of data storage capacity, peripheral equipment as well as external software with extended functionality. • Personnel costs of maintenance and/or upgrading are, for example, costs related to changes in hardware or software characteristics on condition that this work is carried out by internal staff. If the IT measure helps avoid costs of this kind, the related sums must be considered in the WiBe. In as far as funds are already earmarked for these purposes in the budget, the related savings are also budget relevant. In any case, however, the ways such cost savings are calculated must be precisely justified and documented.
Criterion 1.2.2 Once-off revenue (resulting from the disposal of the old system) Presentation of benefits - budget-relevant Once-off revenue – if at all – results from the disposal of the old system by way of selling the hardware (or, rarely, the software).
Page 107 In as far as no concrete sums have already been agreed to with regard to such revenues, it must be examined whether and at what price disposal is possible. The revenue must be considered as (once-off) monetary development benefits in the WiBe.
Criteria group 2 Operating costs and operating benefits Group 2 of the criteria catalogue contains the operating costs and benefits which will arise following introduction of the IT measure. These operating costs and benefits are to be typically determined for a period which, together with the time required for the development/introduction of the IT measure in question, results in a calculation period of 5 financial years. A different period can be chosen in justified cases92. → It is essential that all the monetary figures be split up into a budget-relevant and a non-budget relevant portion. General considerations related to data capturing: • Operating costs and operating benefits can be related to material costs (criterion 2.1), personnel costs (2.2), maintenance and/or system updating (2.3) and other items (2.4). • Operating costs are incurred as a result of the use of the new process. All costs must be considered in this context in the sense of a full cost analysis. • (Monetary) operating benefits occur in the form of savings due to the discontinuation of the previous, old process. • The economic efficiency determination generally analyses every single criterion with regard to the costs of using the new process and confronts these with the savings which can result from the discontinuation of the old process. • The balance represents additional operating costs or lower operating costs (savings) for each criterion. These balances are subsequently considered in the WiBe KN. Please generally note for all following individual criteria: • In as far as it is not possible to numerically quantify a criterion with sufficient precision, this criterion will affect both the WiBe KN and the supplementary WiBe KN/R ratio. With regard to data capturing, a "plausible and well-founded" monetary approach must be presented which is included as the "probable estimate" in the monetary economic efficiency assessment (WiBe KN). Any increases in this estimate which can happen under worst-case conditions must be entered as a risk markup for the risk estimate (WiBe KN/R).
92 In the case of major IT measures with several years of development, it may be advisable to increase the 5-year period by this development time. Infrastructure projects (such as the installation of cabling systems in buildings) may justify even longer periods. If, however, it is foreseeable and justifiable from the outset that the life of an IT measure will be less than 5 years, a shorter time horizon is mandatory for the IT WiBe. Page 108 • In as far as effects related to a monetary benefit criterion (savings) can be described in qualitative terms only, no monetary value is to be entered for this criterion. Instead, the qualitative effect must be considered in the assessment of the related qualitative and strategic criterion in the WiBe Q (usually in sub-groups 4.2, 4.3 or 4.4). Criteria group 2.1 Material costs / savings of material costs Material costs are costs that result from the operation of the new IT measure and which represent neither personnel nor maintenance costs. Savings of material costs are all the costs of the old process which will become obsolete once the new IT measure is introduced and which represent neither personnel nor maintenance costs.
Criterion 2.1.1 (Pro-rata) host, server and network costs Presentation of costs/benefits - budget-relevant / not budget-relevant The criterion of the "(pro-rata) host, server and network costs" refers to (imputed) costs caused by the IT measure at the computer centre, in host mode, and/or in local networks (client/server architecture). Usually these costs must be considered as non-budget relevant in the WiBe (exception: the IT measure in question requires upgrading measures). The costs include (besides hardware rental costs, if any) the costs of personnel in charge of operating the host/server and the operability of the infrastructure of internal networks. The exact calculation of such costs (both for the present and for the new process) poses a problem if detailed cost accounting (cost recording) is not performed at your agency. A cost rate for the "actual costs per CPU second" should be available as a minimum, approximate basis to be used in your calculations.
Criterion 2.1.2 (Pro-rata) costs of desktop PCs
Presentation of costs/benefits - budget-relevant / not budget-relevant The criterion of the "(pro-rata) costs of workstation computers" refers to operating costs caused by the IT measure at the users' workplaces. The costs must usually be considered as non-budget relevant operating costs in the WiBe. (Exception: the IT measure in question necessitates upgrading and/or replacement of leased/rented hardware at the users' workplaces). These costs also include the costs of the pertinent periphery (workplace printers, etc.). Hardware and software for the individual workplaces are typically bought rather than rented or leased. This means that no amounts have to be considered in conjunction with this criterion.
Page 109 Criterion 2.1.3 Energy and space costs Presentation of costs/benefits - budget-relevant / not budget-relevant Energy and space costs do not have to be calculated or considered: • as long as these costs are not attributed in other projects or in calculating the costs of IT measures adopted, • for smaller IT measures or measures where you can justify a net effect of 0 between the "old and new" processes. In other cases, you will have to carry out a detailed calculation, considering the technical specifications of the hardware (i.e. chiefly the power consumption of each device in terms of kWh, the number of devices, the costs per kWh when it comes to calculating energy costs). With regard to space costs, reference can be made to the rent actually paid, to the figures used in the cost-to-benefit calculation, or to the personnel rates of the Federal Ministry of Finance.
Criteria group 2.2 Operating personnel costs / savings of personnel costs Personnel costs are costs that result from the operation of the new IT measure and which represent neither material nor maintenance costs. Savings of personnel costs are all the costs of the old process which will become obsolete once the new IT measure is introduced and which represent neither material nor maintenance costs.
Criterion 2.2.1 Personnel costs related to system use Presentation of costs/benefits - not budget-relevant The criterion of the "personnel costs related to system use" must be considered if you expect that the users' time requirement for the use of the system will change. This item concerns all personnel costs incurred in the user organization unit in conjunction with the new process. System downtime must also be considered in this context. This means that the entire annual working time must be determined which will be "tied up" at all the workplaces and/or organization units as a result of the use of the new process. Savings of personnel costs in conjunction with the use of the system represent all personnel costs which were previously incurred in the user organization units in conjunction with the old process and which are now obsolete. The total personnel costs result from the salary grade and/or remuneration group (based on the currently valid personnel cost rates). The "benefit collection" of calculated personnel cost savings is in many cases the critical parameter of an IT measure: in most cases, potential personnel cost savings are the crucial element which contribute to the positive capital value for an IT measure. Special attention must hence be paid to calculating the net effect of the personnel costs. Net effects which enable staff reductions ("cost-relevant jobs") typically call for special measures in order to implement these potential savings in a budget-relevant manner.
Page 110 Criterion 2.2.2 System support and administration Presentation of costs/benefits - budget-relevant / not budget-relevant Personnel costs of management and administration of the new IT system arise if staff of central support units (user service) are appointed to answer questions by system users. (These costs do not relate to maintenance and updating costs). The costs must be calculated indirectly from the annual number of hours (or the percentage of the total annual working time) which staff will probably have to devote to user support services within the framework of this IT measure. This criterion also covers all personnel costs incurred at central support units (computer centre operation) for the administration of the IT system. The determination of manpower requirements for system support and administration depends heavily on the development level of the IT equipment and the complexity of the applications (refer to "Grundsätze zur Bemessung des IT- Fachpersonals in obersten Bundesbehörden“ [Principles for assessing the demand for IT specialists at supreme federal authorities], letter from the Federal Ministry of the Interior to the Interdepartmental Coordinating Committee for Information Technology (IMKA) dated 1 July 1996, file reference: – OI3 – 195 052-1/12). These costs may already be included in the pro-rata host costs (2.1.2), so that this item can be omitted here. Otherwise quantification is necessary: the annual working hours for system administration must be roughly applied in the WiBe on the basis of the personnel cost rates of the respective salary grade. These considerations apply analogously to the calculation of personnel cost savings due to the discontinuation of the old process. If, however, new posts must be created, the resultant costs are budget-relevant.
Criterion 2.2.3 Ongoing training / qualification Presentation of costs/benefits - budget-relevant / not budget-relevant Personnel costs for training and further qualification of system users result from the need to familiarise, following initial training (refer to criterion 1.1.3.3), new users with the system and/or to introduce subsequent new features related to system operation to all users. Furthermore, selected user groups may also need further training. The considerations concerning initial training apply analogously (refer to criterion 1.1.3.3). As an orientation value, an annual value of 10% of the initial training costs may instead be used (in the absence of other, specific data and/or in the event that the calculation of such figures seems to require unreasonable costs and effort). External training costs are shown as budget-relevant. In contrast to this, the weighted working time lost during staff training is not budget-relevant.
Criteria group 2.3 Operating costs / savings for maintenance / system service Operating costs in the case of this criterion are costs other than host, server, network and personnel costs which are caused by use of the new method.
Page 111 Savings in the case of this criterion are all costs other than host, server, network and personnel costs which no longer apply as of the time of introduction of the new method.
Criterion 2.3.1 Hardware maintenance/service Presentation of costs/benefits - budget-relevant / not budget-relevant The manufacturer/supplier of hardware usually offers a warranty which covers 36 months in many cases. If the WiBe covers a longer period of time, costs must be budgeted for the time beginning as of the 4th year. Such costs can be recorded either directly on the basis of an available offer or estimated by applying customary rates of between 10% and 20% of the purchase price. However, this should always be preceded by suitable research in order to identify the most probable value for this rate. These costs are budget-relevant. If maintenance is carried out by the agency's own personnel, the costs of this personnel must then be shown. Costs of infrastructure and/or equipment for maintenance staff must be taken into consideration in as far as such infrastructure and/or equipment are necessary for maintenance operations. In the case of normal IT workplaces, the flat rate for material costs, plus a mark-up for computer workplaces, as applied by the Federal Ministry of Finance, may well be adopted here. Internal costs of this kind are not budget- relevant.
Criterion 2.3.2 Software maintenance/update Presentation of costs/benefits - budget-relevant / not budget-relevant License costs for update and service releases are covered by this criterion. Updates of proprietary software which occur on an almost regular basis cause significant costs; these costs are generally not incurred with OSS. Besides the real update price, installation costs (i.e. time spent by the staff employed for this purpose) must then also be considered. Update/maintenance costs in the broader sense also include the required support which, if necessary, is purchased as an external service. (In the case of OSS, you can usually approach several competing providers – this option also exists with proprietary software, albeit not always to the same extent.) Furthermore, the (personnel) costs must be considered here which are incurred in conjunction with the ongoing licensing of software products and/or with proof of the license rights. These costs can be considerable in the case of proprietary software and are significantly lower with open source software. In the case of software developed within the agency itself, more concrete empirical values and/or update plans (version concept) may be available. The maintenance costs can then be calculated indirectly on the basis of the necessary manpower and CPU time.
Page 112 Criterion 2.3.3 Replacement/supplementing costs Presentation of costs/benefits - budget-relevant / not budget-relevant This criterion can be used to consider, in addition to standard maintenance costs, any costs which may result from ongoing, planned upgrading of hardware and software during the operating phase of the IT measure. Replacement costs are related to the partial or complete replacement of commercially available hardware (such as components of workplace printers, etc.). Supplementing costs are related to foreseeable upgrades of commercially available hardware and software during the operating phase. If a longer technically possible useful life of existing hardware can be expected in the case of alternative solutions, these effects must be generally considered in monetary terms as described in the following.
5.2.3 Migration and supplier scenarios A migration typically consists of different scenarios for selection, with different suppliers submitting bids for different scenarios or parts thereof. The evaluation of economic efficiency should consider this in any case. Chapter I.C 5.2.1, "Systematics", forms the basis for the underlying structure of the WiBe. An alternative view at the WiBe helps represent the respective states of the different scenarios and offer situations. Criteria to which different bids may apply are filled with the applicable offer values in the different alternatives of the evaluation of economic efficiency. The different alternatives of the WiBe hence supply independent statements on net present value and profitability. A comparison of the alternatives can then correlate the individual versions and provide a basis for decision-making. The illustrations below show an example of a monetary WiBe for the areas of introduction and operating costs/benefits (refer to the two illustrations below).
Item Criterion, explanation concerning selection Nominal, total, 8 years Present values, total, 8 years
Note: start year = 2005, term = 8 years, discount rate = 3.8%, WiBe break even, total in the 5th year, 2009 total budget- non budget- total budget- non budget- relevant relevant relevant relevant
KN Cost/benefit development / introduction and operation 3,077,501 29,819 3,047,682 2,307,062 -127,577 2,434,639 of which costs -3,802,487 -2,437,901 -1,364,586 -3,630,750 -2,325,694 -1,305,056 of which benefits 6,879,987 2,467,720 4,412,267 5,937,812 2,198,118 3,739,695 KN aggregate 3,077,501 29,819 3,047,682 2,307,062 -127,577 2,434,639 1 Development costs / introduction costs and development benefi -2,349,509 -1,422,031 -927,478 -2,349,509 -1,422,031 -927,478 of which costs -1,627,351 -927,478 -2,554,829 -1,627,351 -927,478 of which benefits 205,320 0 205,320 205,320 0 1.1 Development/introduction costs for the new IT method -2,554,829 -1,627,351 -927,478 -2,554,829 -1,627,351 -927,478 1.1.1 Planning and introduction costs -1,165,910 -641,235 -524,675 -1,165,910 -641,235 -524,675 1.1.1.1 Personnel costs (own personnel) -568,175 -43,500 -524,675 -568,175 -43,500 -524,675 1.1.1.2 Costs of external consultants -452,632 -452,632 0 -452,632 -452,632 0 1.1.1.3 Costs of the development environment 0 0 0 0 0 0 1.1.1.4 Other costs for non-personnel/ancillary items -139,303 -139,303 0 -139,303 -139,303 0 1.1.1.5 Travel costs (own personnel) -5,800 -5,800 0 -5,800 -5,800 0 1.1.2 System costs -786,596 -786,596 -786,596 -786,596 1.1.2.1 Hardware costs -165,880 -165,880 -165,880 -165,880 1.1.2.2 Software costs -620,716 -620,716 -620,716 -620,716 1.1.3 Costs of system introduction -602,322 -199,520 -402,802 -602,322 -199,520 -402,802 1.2 Development/introduction benefit due to replacement of the old metho 205,320 205,320 205,320 205,320 1.2.1 Once-off cost savings (avoidance of maintenance/ upgrading 205,320 205,320 0 205,320 205,320 0 1.2.2 Once-off revenue (from sale of old system) 0 0 0 0 0 0 Fig. 20: WiBe – Example 2 of a WiBe cost calculation 1, introduction costs/benefits
Page 113 Item Criterion, explanation concerning selection Nominal, total, 8 years Present values, total, 8 years
Note: start year = 2005, term = 8 years, discount rate = 3.8%, WiBe break even, total in the 5th year, 2009 total budget- non budget- total budget- non budget- relevant relevant relevant relevant
KN Cost/benefit development / introduction and operation 3,077,501 29,819 3,047,682 2,307,062 -127,577 2,434,639 of which costs -3,802,487 -2,437,901 -1,364,586 -3,630,750 -2,325,694 -1,305,056 of which benefits 6,879,987 2,467,720 4,412,267 5,937,812 2,198,118 3,739,695 KN aggregate 3,077,501 29,819 3,047,682 2,307,062 -127,577 2,434,639 1 Development costs / introduction costs and development benefi -2,349,509 -1,422,031 -927,478 -2,349,509 -1,422,031 -927,478 2 Operating costs and operating benefits 5,427,009 1,451,850 3,975,159 4,656,571 1,294,455 3,362,117 of which costs -810,550 -437,108 -1,075,921 -698,343 -377,578 of which benefits 2,262,400 4,412,267 5,732,492 1,992,798 3,739,695 2.1 Current material costs / cost savings 2.1.1 (Pro-rata) host, server and network costs 2.1.1.1 Current costs from NEW IT method 0 0 0 0 0 0 2.1.1.2 Current benefits from omission of OLD IT method 0 0 0 0 0 0 2.1.2 (Pro-rata) costs for workstation computers 2.1.2.1 Current costs from NEW IT method 0 0 0 0 0 0 2.1.2.2 Current benefits from omission of OLD IT method 0 0 0 0 0 0 2.1.3 Energy and office space costs 2.1.3.1 Current costs from NEW IT method 0 0 0 0 0 0 2.1.3.2 Current benefits from omission of OLD IT method 0 0 0 0 0 0 2.2 Current personnel costs / personnel cost savings 3,882,359 -92,800 3,975,159 3,280,375 -81,741 3,362,117 2.2.1 Personnel costs from system use 4,412,267 4,412,267 3,739,695 3,739,695 2.2.1.1 Current costs from NEW IT method 0 0 0 0 0 0 2.2.1.2 Current benefits from omission of OLD IT method 4,412,267 0 4,412,267 3,739,695 0 3,739,695 2.2.2 System support and administration -437,108 -437,108 -377,578 -377,578 2.2.2.1 Current costs from NEW IT method -437,108 0 -437,108 -377,578 0 -377,578 2.2.2.2 Current benefits from omission of OLD IT method 0 0 0 0 0 0 2.2.3 Ongoing training / qualification -92,800 -92,800 -81,741 -81,741 2.2.3.1 Current costs from NEW IT method -92,800 -92,800 0 -81,741 -81,741 0 2.2.3.2 Current benefits from omission of OLD IT method 0 0 0 0 0 0 2.3 Current costs/savings related to service/system maintenance 1,544,650 1,544,650 1,376,196 1,376,196 2.3.1 Hardware service/maintenance 303,850 303,850 274,964 274,964 2.3.1.1 Current costs from NEW IT method -230,550 -230,550 0 -195,754 -195,754 0 2.3.1.2 Current benefits from omission of OLD IT method 534,400 534,400 0 470,717 470,717 0 2.3.2 Software service/maintenance 1,240,800 1,240,800 1,101,232 1,101,232 2.3.2.1 Current costs from NEW IT method -487,200 -487,200 0 -420,848 -420,848 0 2.3.2.2 Current benefits from omission of OLD IT method 1,728,000 1,728,000 0 1,522,080 1,522,080 0 2.3.3 Replacement/upgrading costs 2.3.3.1 Current costs from NEW IT method 0 0 0 0 0 0 2.3.3.2 Current benefits from omission of OLD IT method 0 0 0 0 0 0 2.4 Other current costs and savings 2.4.1 Current costs from NEW IT method 2.4.1.1 Current costs from NEW IT method 0 0 0 0 0 0 2.4.1.2 Current benefits from omission of OLD IT method 0 0 0 0 0 0 Fig. 21: Example 2 of a WiBe cost calculation 2, operating costs/benefits
A WiBe should also provide an overview of the budget-relevant costs. Part of this overview is given in the lines of the WiBe shown above in the "of which costs" section. 5.3 Extended economic efficiency Extended economic efficiency is evaluated on the basis of qualitative criteria. This is achieved by subjecting each criterion to a benefit analysis with the respective criterion being answered on the basis of a described scale from 0 to 1093 . Each criterion has a weight94 in its group with the sum of weights adding up to 100 within the group.
93 This scale is an ordinal scale with ascending values for the circumstances found, where 0 is the minimum and 10 the maximum rating. 94 Refer to the criteria catalogues for "Urgency" (refer to Fig. 76 in the appendix) and "Quality" (refer to Fig. 78 in the appendix) criteria catalogues and their weighting tables; weighting of urgency (refer to Fig. 77 in the appendix), weighting of quality (refer to Fig. 79 in the appendix). Page 114 5.3.1 Urgency criteria Urgency criteria refer to the urgency to replace the old system from a technical point of view on the one hand and on compliance with administrative rules and laws on the other. Monetary quantification of these criteria is not possible. Instead, they form part of a benefit analysis. The criteria to be assessed are described in qualitative terms. This description, for its part, must be translated to a score for every criterion. A scale from 0 to 10 is available for this purpose for each criterion. By referring to the number of a criterion in the catalogue of criteria for migration projects, an explanation and/or definition of the criterion is always found at the beginning. This is then followed by the table with the scale which assigns a score for implementation.
Criteria group 3.1 Urgency to replace the old system Criterion 3.1.1 Continuity of support for the old system This criterion refers to the current status as it is: In as far as hardware and software are already used with the current status, the extent of (future) support by the supplier is important. If the supplier discontinues this support, this could mean that it will be necessary to internally replace the (functioning) old system. The importance of this criterion must be assessed in qualitative terms. 3.1.1 Support continuity for the old system
0 2 4 6 8 10
Not en- No bottleneck Support is Support is Support is Support is dangered. foreseeable. about to be about to be about to be discontinued, phased out; phased out; no phased out; new solution is replacement at problems in the replacement is vital. present not short term. urgently necessary. needed.
Table 15: Rating scale for support continuity for the old system
Criterion 3.1.2 Stability of the old system This criterion evaluates the existing solution with a view to its suitability in "everyday" use. Relevant information in this context includes both qualitative statements concerning error and fault frequencies or even system crashes as well as evaluations of system maintenance problems (technical aspects) and/or related personnel bottlenecks (availability of trouble-shooting know-how).
Page 115 Criterion 3.1.2.1 Bugs, errors and downtime 3.1.2.1 Stability of the old system: Bugs, errors and downtime
0 2 4 6 8 10
Not en- Hardly en- Endangered to Endangered to Above-average Very seriously dangered. dangered. a minor extent, an average risk, highly affected, not still acceptable. extent, problematic. acceptable. problematic.
Table 16: Rating scale for bugs, errors and downtime
Criterion 3.1.2.2 Service problems, personnel bottlenecks 3.1.2.2 Stability of the old system: Service problems, personnel bottlenecks
0 2 4 6 8 10
Irrelevant Seldom, low. To a minor ex- Low, however, Medium, Permanent, tent, still with a increasing. serious. acceptable. foreseeable increasing trend.
Table 17: Rating scale for service problems, personnel bottlenecks
Criterion 3.1.3 Flexibility of the old system This criterion evaluates the existing solution with a view to its future suitability. Relevant information in this context concerns future upgrading and expansion options, interoperability and/or (future) interface problems with other IT systems as well as operability and ergonomics of the old system. The sub-criteria can be described in qualitative terms only.
Criterion 3.1.3.1 Limits of expansion / upgrading 3.1.3.1 Flexibility of the old system: Limits of expansion / upgrading
0 2 4 6 8 10
Not restricted. Hardly Restricted, Restricted; Seriously Expansion restricted. minor medium re- restricted; many and/or requirements quirements are requirements upgrading not can be fulfilled. hard to be cannot be possible, but fulfilled. fulfilled. necessary.
Table 18: Rating scale for limits of expansion / upgrading
Page 116 Criterion 3.1.3.2 Interoperability, present/future interface problems 3.1.3.2 Flexibility of the old system: Interoperability, present/future interface problems
0 2 4 6 8 10
Not restricted. Problems at Problems Necessary Numerous, Adaptation present foreseeable, no adaptation difficult urgently unlikely. adaptation difficult, but adaptation necessary, problems. urgent. tasks, urgent. overdue.
Table 19: Rating scale for interoperability, present/future interface problems
Criterion 3.1.3.3 Operability and ergonomics (user-friendliness) 3.1.3.3 Flexibility of the old system: Operability and ergonomics
0 2 4 6 8 10
Irrelevant Minor Minor degree of Medium degree Serious Very serious ergonomic work of work shortcomings, shortcomings, shortcomings. impairment. impairment. change intolerable. necessary.
Table 20: Rating scale for operability and ergonomics (user-friendliness)
Criteria group 3.2 Compliance with administrative regulations and laws Criterion 3.2.1 Compliance with laws This criterion is used to determine the extent to which existing, old systems meet with existing or amended legal requirements, i.e. with formal legislation.
This criterion is a so-called MUST criterion: If a score of "10 points" is assigned to this criterion, it is mandatory that the IT measure be immediately performed in any case.
3.2.1 Compliance with laws
0 2 4 6 8 10
Ensured Foreseeable Foreseeable Pending Insufficient No compliance amendments to amendments to amendments to degree of with applicable laws already laws partially laws not taken compliance with laws. taken into taken into into consider- applicable laws. consideration. consideration. ation.
Table 21: Rating scale for compliance with laws
Page 117 Criterion 3.2.2 Fulfilment of data protection/security requirements This criterion refers to the question as to whether all legal data protection requirements are fulfilled by the existing IT system and/or the present process solution. Furthermore, data security must be evaluated here, i.e. the question as to what extent the existing system is protected in technical and organizational terms against loss of confidentiality, integrity and availability of data. If security requirements are high, it must be examined whether the requirements issued by the Federal Office for Information Security (BSI) are fulfilled (for example, with a view to the disclosure of source codes). Because the source code is available with OSS, it is generally always possible to achieve a higher testing depth during evaluation/certification. Manufacturers of proprietary software are often unwilling to disclose the source code, so that a higher testing depth is generally not possible. In such a case, the entire method would have to be replaced if the requirement of a higher testing depth is retroactively issued. This aspect must be taken into consideration in view of data protection and data security requirements following certification. In as far as the analysis of the existing IT system shows any deviations from requirements and recommendations (for example, recommendations by the Co- ordinating and Advisory Agency of the Federal Government for Information Technology in the Federal Administration (KBSt)) (such as IT Baseline Protection Catalogues and/or the IT Protection Manual), these deviations must be considered here. This criterion addresses the security of internal and, above all, external communications. How is data transmission secured? Are secure protocols used? Are transmission protection, access control mechanisms, etc. in place? Can the software be checked with regard to IT security? How susceptible is the software to attack from outside, viruses, etc.? Does the software feature a modular design (separation of system and application programs, option to minimize application programs to the necessary functions)? Are there any access control mechanisms? Does security management exist? Does a security concept exist which is known to all those involved? Does a descriptive process for security checks and the related documentation exist? 3.2.2 Fulfilment of data protection and data security requirements
0 2 4 6 8 10
Not impaired. Minor, Minor short- Minor Insufficient Serious negligible comings, can shortcomings, compliance with violations, shortcomings. be remedied medium-term data protection adaptation elsewhere or in need for a and data urgently other ways. change. security needed. requirements.
Table 22: Rating scale for fulfilment of data protection/security requirements
Page 118 Criterion 3.2.3 Correct procedures and workflows Workflows and business processes as well as the related IT measures must comply with certain rules of procedure, for example, according to the Joint Rules of Procedure of the Federal Ministries (GGO). These rules of procedure supplement existing laws (for example, with a view to auditability/transparency, correct file-keeping and/or documentation). The criterion expresses the extent to which these (internal) guidelines are fulfilled by the existing IT system. The error rate of the old system can serve as an evaluation aid. Furthermore, the correctness of workflows and work processes is also regarded as a crucial precondition for reducing corruption among officers. If the existing system fails to ensure the correctness of workflows and work processes, investment in a new system is necessary which must be capable of restoring correctness and thereby of limiting potential abuse. 3.2.3 Correct procedures and workflows
0 2 4 6 8 10
Irrelevant. Minor Correctness Correctness Correctness Correctness not impairment. ensured, but occasionally permanently ensured. complex impaired and impaired and process. complex complex process. process.
Table 23: Rating scale for correct procedures and workflows
Criterion 3.2.3 Compliance with requirements and recommendations Another important aspect is the answer to the question as to whether and to what extent license-conformant work is currently ensured in the organization. Proprietary software, for example, is subject to license and use restrictions which vary depending on the particular product and/or the related agreement and adherence to which requires special care. 3.2.4 Compliance with other requirements and recommendations
0 2 4 6 8 10
No deviations. Minor Minor Many Process as a Process in deviations, not deviations deviations. whole in need conflict with substantial. which can, of improvement concrete however, be because of sub- requirements or overcome even stantial recom- without a new deviations. mendations. system.
Table 24: Rating scale for compliance with requirements and recommendations
Page 119 5.3.2 Quality/strategy criteria This group of the catalogue of criteria contains the quality and strategy criteria of IT measures. These criteria are related to the priority of the IT measure, to quality improvements within the public agency, and to the effect on public administration staff. Just like the WiBe D, the WiBe Q also uses a scale in order to rate the criteria in qualitative terms.
Criteria group 4.1 Priority of the IT measure Criterion 4.1.1 Relevance within the IT framework concept This criterion can be used in order to assess the IT measure in qualitative terms with a view to its contribution towards implementing the applicable IT framework concept (compared to other ongoing and/or proposed IT measures). The importance of the IT measure as a precondition for other, subsequent measures must be justified.
This criterion is a "quasi-MUST criterion": if a score of "10 points" must be assigned to this criterion, the IT measure must be generally carried out. As a precondition for this score, the IT measure in question must be a condition sine qua non for the implementation of many of the plans of the IT framework concept. This means that only a few IT measures of a public agency can be given 10 points, i.e. only IT measures with top priority. We hence recommend assigning priorities to all the IT measures of a public agency and using these priorities as a basis for justifying the points awarded in this criterion.
4.1.1 Relevance within the IT framework concept
0 2 4 6 8 10
Irrelevant. Minor Important IT Implementation Important, Key role in the relevance. measure, not is a time-critical IT IT framework urgent in terms precondition measure. concept. of time. for further, important IT measures.
Table 25: Rating scale for relevance within the IT framework concept
Criterion 4.1.2 Integration into the IT landscape of the federal administration in general This criterion can be used in order to determine whether the IT measure fits into the federal government's information management strategy, i.e. the agency-spanning importance of the IT measure is expressed here. This aspect refers to all parameters aimed at a joint (integrating, standard-setting and/or standard-conformant) development of information technology.
Page 120 4.1.2 Integration into the IT landscape
0 2 4 6 8 10
Irrelevant or no Minor support of More far- IT measure is IT measure is IT measure is positive effect, the IT reaching important, but important and vital for IT respectively. landscape. support of the not time-critical. time-critical. integration in IT landscape. the federal ad- ministration.
Table 26: Rating scale for integration into the IT landscape of the federal administration in general
Criterion 4.1.3 Follow-up effect for communication partners This criterion concerns the agency-spanning connectability (interoperability) of the IT measure. Migration to OSS solutions can lead to other standard formats for data exchange and/or require other processing mechanisms for further use. This effect can be important both within a ministry (in particular, in relations between the ministry and the area of competence) and between ministries. The more unnoticed the related secondary effects are for other communication partners (even outside the public administration), the higher the quality of the solution. Furthermore, this criterion also covers effects on third parties outside an agency's own administration (citizens, companies, other administrations). It must, for example, be ensured that citizens, companies and other administrations are not forced to buy certain software products (browsers, word processing programs) in order to be able to use online services. If access to such online offerings is only possible with certain (commercial) software, this would reduce the level of acceptance among these third parties and hence also affect potential synergies in the agency's own administration. 4.1.3 Follow-up effects for communication partners
0 2 4 6 8 10
No positive No improve- Occasional Significant im- Significant im- Significant im- effects on an ment of improvement in provement with provement with provement agency- information agency- regard to one regard to thanks to spanning level exchange spanning in- type of process several process agency-span- perceivable for formation ex- can be types can be ning standard- users to be change to be achieved. achieved. ization of data expected. expected. structures and process routines.
Table 27: Rating scale for follow-up effect for communication partners
Criterion 4.1.4 Pilot project nature of the IT investment project The first-time development and use of innovative processes and methods within the scope of migration projects can be economically ineffective in monetary terms in the sense of the WiBe KN for the investing administrative unit. At the same time, however, this method can generate important results for subsequent projects which lead to
Page 121 development cost savings in other administrative units. Ideally, it should be possible to transfer the migration methods and solutions to other administration units of the federal government (one-for-all principle).95 The pilot character of the migration project and the possibility for third parties to re-use all of the project results for their own purposes form the heart of this criterion. The following list contains some criteria which show whether the results of the migration measure were adapted or are suitable for re-use in other projects: • Quality and scope of the result documentation • Project design and approach (for example, according to the procedure model) • Degree of the necessary modifications (adaptation effort) • Ways of cooperation during implementation and further development The strategic rank must be rated higher the more expanded and the more wide-spread the range of application of the innovative solution is in the federal administration und the more plausible the re-use concept of a migration measure is. 4.1.4 Pilot project nature of the IT measure
0 2 4 6 8 10
Irrelevant. First-time use of First-time use of Pilot project Pilot project Pilot project a standard an in-house within a public with further, with proposed, solution. development, agency, no agency- agency- further standard spanning fields spanning use development solution, follow- of application. (one-for-all stages are up investment. principle). planned.
Table 28: Rating scale for the pilot project nature of the IT investment project
Criterion 4.1.5 Use of existing technologies by other organizations This criterion can be used in order to evaluate whether the proposed IT measure uses technical solutions (processes) which have already demonstrated their value at other administrative units of the federal government. The use of existing technical solutions by other organizations often not only minimizes investment costs but also contributes towards the establishment of technological standards and thereby towards avoiding insular solutions within the administration. Important: Approaches related to the use of existing technology by other organizations which can be evaluated in monetary terms are already assessed within the framework of the WiBe KN. The purpose of this criterion is to address aspects which can be evaluated in qualitative terms only.
95 The reuse of project results for comparable projects is one goal of public investment (also refer, in particular, to the Kiel decisions). Page 122 4.1.5 Use of existing technologies by other organizations
0 2 4 6 8 10
Adoption of a Adoption of a Adoption of a Adoption of a Adoption of a Adoption of a process is not process: major process: process: minor process: process: minor possible. adaptation medium adaptation medium adaptation effort, minor adaptation effort, minor adaptation effort, higher degree of effort, minor degree of effort, higher degree of dissemination. degree of dissemination. degree of dissemination. dissemination. dissemination.
Table 29: Rating scale for the use of existing technologies by other organizations
Criterion 4.1.6 Platform/manufacturer independence You can use this criterion in order to determine the extent to which the proposed solution allows itself to be used on different platforms and, on the other hand, allows to design (also) in future further development levels of the IT architecture96 to be as free as possible and independent of specifications by the hardware or software manufacturer, as well as the use of products from different suppliers. With a view to their introduction, platform-independent solutions are often less favourable from a monetary perspective than comparable solutions which depend on proprietary platforms. Platform independence concerns different types of platforms as follows: • Hardware • Operating system • Infrastructure software (such as database management system) • Standard software (such as Office applications) • Development platforms Platform independence pursues a rather (medium to) long-term strategic approach. Platform-independent solutions can extend both the product lifecycle and the time of use. This means that the economic benefits of a platform-independent solution will be more important in the future if it is no longer necessary to revise or even replace the solution when a platform is replaced and, on the other hand, if it is possible to replace the platform when necessary (for example, for economic reasons) without the need to also replace all the solutions which are based on this platform. The easier a solution can be migrated between platforms, the higher the degree of platform independence and this also usually means the higher the degree of manufacturer independence (if different platform suppliers exist).
96 Architecture of a public agency covering the totality of its applications. Page 123 4.1.6 Platform/manufacturer independence
0 2 4 6 8 10
Irrelevant, or no Minor quality Software can be Platform/ Platform/ Far-reaching major effects to improvement ported with manufacturer- manufacturer- design auto- be expected. without strategic minor effort to independence independence nomy, along importance (for other platforms. is ensured and and investment with continued example, Existing hard- the proposed protection are use of existing solution is ware/ periphery solution ensured, hardware and available in can remain in contributes requirements software. several versions use even in towards from the IT for different future within the extended architecture97 platforms planned time further are fulfilled. (pseudo- frame. development / independence)) modification options.
Table 30: Rating scale for platform/manufacturer independence
Criteria group 4.2 Increase in quality of specialist tasks Criterion 4.2.1 Improved job performance (improved performance of …) This criterion evaluates the qualitative effects related to work, in particular, whether the quality of the work process as such and hence also of the product will be improved. Qualitative improvements to be assessed can, for example, be simplified internal workflows as well as elimination of redundant and routine operations. Other examples include more up-to-date, less redundant and more complete information sources as well as a lower error rate thanks to interactive help and user support functions. IT measures can also contribute towards high quality standards (for example, quality management according to the ISO 9001 standard or according to the EFQM model) of complex processes. The new development of specialist applications which is, for example, necessary in the case of migration to OSS solutions can thus at the same time enable a quality leap in the user's work performance. When evaluating this criterion, the effects should be differentiated in terms of formal improvement (the workflow improves itself) and material improvement (the result of the workflow is improved). 4.2.1 Improved job performance
0 2 4 6 8 10
Irrelevant or no Minor improve- Medium im- Significant im- Significant im- Significant im- positive effects, ment of the provement with provement of provement of provement of respectively. formal work regard to the the formal work the material the formal work process. formal work process. work result. process and of process. the material work result.
Table 31: Rating scale for improved job performance
97 Internal specifications of a public agency concerning the implementation of its architecture, definition of standards, technologies, interfaces, etc. Page 124 Criterion 4.2.2 Acceleration of workflows and work processes IT measures usually improve work quality by speeding up workflows and work processes. In as far as these effects can be calculated in the form of shorter working time, they are already considered in monetary terms as operating benefits in the WiBe KN. Acceleration of workflows and processes enables shorter cycle times. The effects are due to electronic communications, elimination of media inconsistency, access to up-to- date databases by all authorized users, and elimination of individual process stations. More up-to-date and more precise forms of communication reduce transport time, dead time and preparation time. The assessment of the qualitative criterion is the result of a critical evaluation of the improvements which the IT measure will offer to users in the organization unit concerned. 4.2.2 Acceleration of workflows and work processes
0 2 4 6 8 10
Irrelevant or no Minor accelera- Present cycle Present cycle Present cycle Present cycle positive effects, tion can be ex- time can be time can be time can be time can be respectively. pected, but reduced by up reduced by up reduced by up reduced by effects cannot to 10%. to 30%. to 50%. more than 70%. be assessed.
Table 32: Rating scale for the acceleration of workflows and work processes
Criterion 4.2.3 Standardized and uniform administrative work This criterion questions the extent to which the new IT measure will replace formerly different workflow procedures (both in formal and in material terms) with uniform standards in future. This can be due to up-to-date access to data with uniform structures and due to the harmonization of administrative procedures on both organizational and IT level. The external effect (in the sense of: "how is the process perceived by different external addressees?") must be considered in any case with this criterion. 4.2.3 Standardized and uniform administrative work
0 2 4 6 8 10
Irrelevant or no No significant Occasional im- Significant im- Significant im- Significant im- positive effects, reduction of provement with- provement with provement provement respectively. special cases to in the public regard to one thanks to thanks to be expected. agency. type of process. standardization agency- of data spanning structures and standardization process of data routines within structures and the public process agency. routines.
Table 33: Rating scale for standardized and uniform administrative work
Page 125 Criterion 4.2.4 Increasing understandability and reproducibility This criterion evaluates the contribution of the IT solution towards increasing understandability and reproducibility for both internal and external users. Key aspects include, for example, the provision of information, the distribution of information as well as the transparency of (management) decisions. 4.2.4 Increasing understandability and reproducibility
0 2 4 6 8 10
Irrelevant or no Only minor Various minor Major former Qualitatively Qualitatively positive effects, change com- shortcomings shortcomings directly per- directly per- respectively. pared to the eliminated. eliminated. ceivable im- ceivable, signi- current as-is provement for ficant improve- status. individual ment for many addressees. addressees.
Table 34: Rating scale for understandability and reproducibility
Criterion 4.2.5 Image improvement The image of the public administration is rather negative ("red tape") in some areas. This image can be improved through improved service quality (rated as described above) and more effective communication of this improved performance to external addressees. In as far as the IT measure can make a positive contribution to this end (despite subjective assessment and many uncertainties), this effect must be considered here. 4.2.5 Image improvement
0 2 4 6 8 10
Irrelevant or no No significant Positive effect Positive effect Sustainable Sustainable positive effects, change in the can be in the medium positive effect positive effect respectively. short term. expected for term for many for several for many individual addressees. addressees. addressees. addressees.
Table 35: Rating scale for image improvement
Criteria group 4.3 Staff-related effects Criterion 4.3.1 Attractiveness of working conditions The introduction of new IT solutions usually changes former work processes and also involves the use of new hardware and software. Users may perceive this as a boost to the (subjectively felt) attractiveness of their jobs which can also be achieved by higher qualifications based on the use of state-of-the-art technology. A positive influence on job attractiveness will also foster a trend towards greater job satisfaction and hence towards higher productivity. This criterion must be examined in the case of OSS solutions in the client area. Migration to new, different user interfaces can in the worst case cause uncertainty, fear or even resistance. However, these familiar effects which can result from the introduction of new elements are set off by positive effects on the other hand. OSS can be used even for
Page 126 private purposes without any legal or tax problems and this increases the attractiveness of working conditions. 4.3.1 Attractiveness of working conditions
0 2 4 6 8 10
Not improved / Minor improve- Medium im- Medium im- Significant im- Significant im- irrelevant. ment. provement in a provement in provement in a provement in few areas. several areas. few areas. several areas.
Table 36: Rating scale for attractiveness of working conditions
Criterion 4.3.2 Ensuring/expanding qualifications The introduction of new IT solutions can (in the medium term) influence the qualifications of the staff concerned in two ways. On the one hand, IT solutions lead to the development of skills in handling IT systems. The introduction of such solutions then indirectly contributes towards higher user qualifications. However, the use of new IT solutions can also mean the opening up of more demanding and more complex tasks on the other hand. Together with user training, this leads to enhanced qualifications in the direct sphere of responsibility. 4.3.2 Ensuring/expanding qualifications
0 2 4 6 8 10
Not influenced Minor effects to Significant Significant Significant in- Significant in- or no positive be expected effects to be effects with a crease in task- crease in tech- effects, with a view to IT expected with a view to IT related nical respectively. handling. view to IT handling and qualifications. qualifications. handling. task-related further develop- ment.
Table 37: Rating scale for ensuring/expanding qualifications
6 Conclusions At this point, it should be finally emphasized that it is not possible to effectively derive generally valid recommendations in favour of one migration scenario or another from the methodology of the evaluation of economic efficiency presented in this document. In practical application, requirements differ strongly even if the starting conditions appear to be identical, so that statements which claim to be generally valid do not make sense in this context. It is hence necessary to plan each and every migration project on the basis of the methods proposed and to calculate its economic efficiency accordingly. The migration procedure explained in chapter 5.1.1 "Structure and procedure of the WiBe for migration" and, in particular, the "Procedure within the scope of monetary and non-monetary WiBe" (chapter I.C 5.1.1.3) give users access to the initial considerations for evaluating the economic efficiency of migration projects. These are:
Page 127 • Questions concerning the actual status The starting situation for the migration project is evaluated at this point. The questions shown there are used as a basis for identifying the concrete need for action which can lead to a migration project for which a WiBe must be carried out. The commented and documented answers to these questions form a sound basis for justifying the migration project (answering the question: "Why is migration necessary?"). • Questions concerning the target status These questions can be used in order to verify the selected migration alternatives in advance. The focused migration alternative must be adequately commented and justified. The result is a document which provides the basis for justifying the migration alternative (answering the question: "Where to migrate to?"). • Boundary conditions This information helps to identify the framework and steer certain activities in advance (for example, process analysis in an independent project). Once the user has carried out the above-described activities and thereby verified the demand for migration and the migration alternative, economic efficiency can then be analysed. A gradual approach orientated towards the following chapters is recommended for this purpose. • General considerations of cost identification (chapter I.C 3.3) This section provides information concerning possible migration phases, manpower requirements and identification of software and hardware costs. This then forms the basis for the subsequent calculation of personnel and material costs of the migration process and the subsequent operation of the migrated scenario. • Analysis of the starting situation (chapter I.C 4) The actual status of the scenario to be migrated is necessary as a precondition for assessing the quantities and volumes required. This quantity and volume information subsequently helps to assess the new target status in terms of its costs and to localize potential savings or optimization potential on the other hand. • Economic efficiency in monetary terms (chapter I.C 5.2) This is where the real calculation of economic efficiency takes place. In the monetary field, indicators for costs and benefits are identified for introduction (i.e. the migration project itself) and operation. A positive indicator at this point is already a very strong point in favour of migration. • Extended economic efficiency (chapter IC 3.3) Extended economic efficiency evaluates the qualitative factors. This is carried out in the form of benefit analyses where a questionnaire similar to the one shown in chapter 1.4.1 must be answered. The result is the calculation of two quantified indicators which, given a correspondingly high value, support migration as an alternative to the monetary indicator (in view of the decisions made as a result of earlier considerations, negative values should no longer occur).
Page 128 D Subject: Recommendations The following recommendations for the migration of software (from the decision to operation) initially include several general and basic recommendations which result from the further developments on the software market which are addressed in the guide. Recommendations which were already made in earlier versions and which are still valid will be again repeated in this document. These include, for example, the procedure models recommended for migration projects and their demand-orientated use. In addition to this, the authors of this guide address the items which they consider to be important for the successful performance of migration projects.
1 General recommendations The general recommendations of the migration guide have not changed since its first version. Instead, the validity of the recommendations made at the beginning must be underlined even more today. The feasibility of a change from proprietary solutions to OSS-based solutions – be it in the form of selective or complete migration - is even much more pronounced than when the migration guide was first published. This is supported by even greater product diversity, especially with open source solutions, and more far-reaching adaptation of functionalities to proprietary solutions. Especially (but not exclusively) the adoption and ongoing updating of SAGA with internal standardization drives within the administration have continuously increased investment security for commercial suppliers of Linux and open source software. This is reflected by the bigger range of software offerings. Furthermore, the increasing departure from proprietary interfaces, formats and protocols, as well as the continuously increasing use of standards by suppliers of proprietary software show that the demands for more openness and the use of standards by the relevant stakeholders in the public administration and several IT enterprises are both successful and the right approach. These demands should also be adopted by the entire public administration and the business community as a precondition for improving interoperability and communication capabilities and in order to minimize the costs of IT use. Because there is no doubt that an increasing degree of standardization on the basis of really open standards will strengthen economic efficiency of software use through: • beginning or increasing competition of products and solutions, • reduced manufacturer dependence and • a generally broader service market. However, generally valid statements concerning the economic advantages of the different platform strategies (refer to section I.D 2.1) can only be rarely made because starting situations and product qualities still differ. However, the discussion in section I.A 3 shows that up to a certain point economic efficiency increases as the degree of integration of the products of a platform increases. There are several reasons for this:
Page 129 • Higher productivity in the case of products correctly adapted to each other (without system inconsistencies). • Increasing reusability of components and solutions which were developed on the basis of the same middleware technology. • Savings due to standardized purchasing and maintenance processes as well as service agreements, if any. With a view to the economic efficiency of the alternative goals – Windows-based platform vs. Linux-based platform – migration to a Linux-based platform can turn out, now more than ever before, to be the economically more sensible variant when compared to migration to a new Microsoft version. The omission or reduction of license costs, in particular, can lead to direct (monetary) savings, for example, in the following cases: • partial migration at the server end in conjunction with hardware and software consolidation, especially if Linux know-how and Linux systems are already available, or in the case of • partial migration of MS Office products at the client end. This is additionally supported by the greater nearness of open source software to standards and its intrinsic openness. This holds particularly true if the strategic dimension is used to assess savings; this dimension will be discussed in detail in conjunction with the subject of the economic efficiency of software migration projects. The basic recommendations can be summarized as follows: • Anchoring of economic efficiency as a fundamental goal of the overall IT strategy with adequate consideration given to innovation and organization factors. • Use of open standards which are equally usable by both the IT industry and the open source community alike as a basis for selection and integration of software products in order to avoid cases of extreme manufacturer dependence
• Integration of solutions based on open source software in the project-related evaluations of economic efficiency within the scope of the migration decision. (refer to chapter I.C) • The use of the Linux operating system as a basis for the IT platform is also possible for all fields of application and can be economically feasible.
• Consideration of the above-described basic recommendations in the decision- making process for migration projects (refer to section I.D 2.1). Although the basic recommendations cannot consider the requirements and boundary conditions of a concrete starting situation, no detailed recommendations will be given here which would take different scenarios into consideration. In view of the grown diversity of different starting scenarios, products and solutions, these recommendations are merely isolated and selective examples which may obscure the view of the enormously diverse options. Instead, concrete application recommendations will be given in modules II, "Module infrastructures" and III, "Module applications" concerning the products, technologies and migration paths discussed wherever this makes sense.
Page 130 Furthermore, the next two subjects, i.e. "Legal aspects of software migration" and "Discussion of the economic efficiency of software migration projects", contain subject- related information and recommendations.
2 Recommended procedures for migration projects The following sections address different procedure models for the implementation of migration and migration projects. Migration projects are usually complex and involve many aspects. This applies to both complete migration - i.e. migration of the entire IT infrastructure (client and server areas) - as well as partial migration - i.e. migration of a clearly defined part of the IT infrastructure, such as servers only, clients only or just a single application. The latter case is sometimes also referred to as selective migration. Besides their usually complex nature, migration projects have further properties which deserve special attention. Apart from this, a migration project is an IT project like any other and the appropriate tasks must be completed. The illustration below shows a typical multi-phase migration process with its sub-aspects. The illustration clearly shows that migration involves much more than just a change in the products and technologies used.
PHASE 1 Decision
PHASE 2 Project User Stock- Detailed planning information taking concept
PHASE 3 Implemen System Intro Tests tation integration duction
Introductory training Introductory training for administrators for users
PHASE 4 Operation Service Support Training
Fig. 22: Phases of a migration process
Phase 1: Decision-making The results of an evaluation of economic efficiency with a long-term perspective are crucial for a recommendation in favour of migration or a further development recommendation. Even if complete or partial migration is possible without any restrictions from a technical and legal perspective, economic considerations may suggest that migration does not make much sense under the given conditions. In view of the diverse correlations and interactions between the individual components and systems of an infrastructure and the application world, a long-term perspective is always required in the
Page 131 decision-making process (refer to chapter I.C 2, "Introduction to the economic efficiency assessments"). In this context, the analysis from the point of view of an introduction of open source software does not differ from the customary evaluation analyses in the field of IT, for example, in the context of hardware or software consolidation. The following platform strategies are usually pursued in both public administrations and business alike. • System and application platforms closely adapted to each other on the basis of open standards and specifications, if necessary, with the help of dedicated integration products. • System and application platforms closely adapted to each other on the basis of manufacturer-specific interfaces and specifications (not disclosed or disclosed to a limited extent only), if necessary, with the help of manufacturer-specific integration products. • (Historical) use of isolated solutions for selective specialist methods and applications. Since open source software is, due to its origins, often connected to the use of open standards, it constitutes another variant in this field. • System and application platforms adapted to each other on the basis of open standards and specifications using the open (reusable) source code. Whilst a decision in favour of the selective introduction of a widely used, open-source product, such as the Apache web server, can usually be made in a very pragmatic manner and quickly, the decision in favour of a wide-spread, general introduction of open source software and the replacement of proprietary islands requires a methodical approach because of its long-term implications. The fundamental milestones of such an approach are as follows: • Development of an overall IT strategy, taking the given financial, organizational, innovation-related and personnel objectives into consideration • Definition of the future Open Source platform strategy, taking the long-term calculations of economic efficiency into consideration with a view to the use of free and proprietary standard products • Identification of all the standards necessary to ensure internal and external reusability as well as interoperability • Selection of the products meeting the requirements • Definition of the project, including the pertinent time schedule, list of actions, as well as ensuring budget financing As the illustration below shows, methods and tools already in use at public administrations can be used for the different phases.
Page 132
Fig. 23: Decision-making process for implementing a migration project
Phase 2: Planning and concept development The decision-making phase ultimately determines the fundamental target orientation of the migration project. Its concrete design then follows in phase 2 as the concrete planning and concept development phase. Sound planning and preparation of the real migration project is the more important the more complex the migration project. This is all the more valid if a complex migration project is to be completed within a relatively short period of time. In such a case, special attention must be paid to the users who are burdened by this to a particularly large extent. The greater the number of users who are affected by a migration project and the stronger these effects are felt in the day-to-day use of the IT systems, the more important is it to actively involve and comprehensively inform all the relevant groups at an early point in time (refer also to section I.D 2.3, "Checklist of success factors"). These include users and IT staff and, in particular, also representatives of interests, such as staff representatives, security officers, data protection officers, etc. Although these must be usually involved in every IT project, it is helpful for migration projects, and specifically in cases in which the entire IT infrastructure is to be changed, to involve all the relevant stakeholders because they can largely contribute towards improving acceptance among users. At the point of transition from concept development to implementation, the questions concerning economic efficiency and, in this context, the question of "make or buy" must be answered once again. In this case too, the IT strategy has an important role to play. This strategy should include statements concerning the development of the agency's own IT staff as well as requirements which can significantly support a decision at this point. Such requirements and goals can, for example, include training of IT staff for certain platforms and defining or ruling out from the very beginning software development as a task of its own. Phases 3 and 4: Implementation and operation The following implementation and subsequent operation phases of migration projects are very much the same as those of any other IT project. 2.1 Procedure models Especially in cases of complete migration or migration of larger parts of the IT infrastructure, two different paths can be chosen for a migration project. One is the fast lane which leads from start to finish without any major detours or breaks. This is also called the "Big Bang" approach. The other path, in contrast, is a gradual journey where
Page 133 one becomes increasingly accustomed to the changing landscape. Both migration paths have their pros and cons. In the case of selective migration projects, the question as to which route is the best is usually not relevant because it makes little sense, for example, to migrate an application over a longer period of time and in several individual steps.
2.1.1 One-step migration ("Big Bang") One-step migration is characterized not by its speed but by the fact that it takes place within a shorter and, above all, defined period of time. One-step migration has a defined beginning (commencement date) and a defined end (end date). The end is marked by the commencement of full-scale productive operation. One-step migration places high or even very high demands on: • Project organization • Organization of the public agency concerned • Hardware • Finance • Administrators • Users The requirements for administrators and users, in particular, should not be underestimated. This is the more valid the more limited know-how is concerning the new IT landscape on the part of administrators and users. One-step migration, however, also offers the advantage that administrators do not have to handle two different IT orientations over a longer period of time. After a relatively short period of time (in line with the requirements of the given project), they can already fully focus on the new systems. Another important requirement is that the necessary funds must be available within a relatively short period of time. The scope and, above all, the complexity and diversity of the applications and systems to be migrated determine when funds must be made available and to what amount. This aspect will ultimately be a co-determining factor with regard to the feasibility of one-step migration. The high requirements for the organization of the public agency focus on the qualification of staff who must continue doing their daily job on the one hand. This means that disruption of operations at the public agency must be minimized. Ongoing IT operations must continue on the other hand. A change in the complete server landscape places particularly high demands on all the parties involved because migration of the individual server services cannot be randomly partitioned and because administrators must guarantee ongoing operations whilst at the same time being trained in the new systems. These requirements can be addressed by suitable change and rollout concepts. It is also possible to set up a parallel IT landscape, even though this means increased demands on hardware and additional costs. These demanding requirements inevitably raise the question as to whether one-step migration makes sense at all and/or to whom it can be recommended.
Page 134 Reasons for one-step migration are the following: • Migration is inevitable, for example, because support for the legacy systems has been phased out. • Administrators and users facing far-reaching change, but only once rather than every year anew. • Administrators do not have to handle the complexity of heterogeneous worlds over extended periods of time. Under which conditions and for whom does one-step migration make sense? A system landscape with a clear-cut configuration and not too many interdependencies is a good precondition for one-step migration in the first place. This is the case if only a few applications and services are used for task fulfilment. This is not necessarily limited to small administrations and organizations with a clear and simple structure. Public agencies and organizations, no matter what their size, which operate a few large, mostly server-based specialist applications that handle the greatest part of the tasks and jobs are good examples. However, these requirements also apply to small and medium public agencies with a few specialized applications, standard office documentation and the use of Office programs with a small number of complex documents and templates. Public agencies where administrators already have the necessary know-how for the future IT landscape also offer good preconditions for one-step migration. Be it because administrators there use these systems privately or because individual applications and services are already in place with the new equipment. In this context, a strategy laid down at an early point in time may have paved the way, preparing IT staff for the new tasks on time. If staff are additionally open to new developments and interested in the new tasks, this is another ideal precondition for one-step migration.
2.1.2 Gentle migration The reasons for gentle migration become clear when we look once again at the requirements and reasons for one-step migration. • Public agencies and administrations with tight budgets can distribute the necessary costs to the respective budget situation. • Lacking know-how can be developed gradually, so that costs can be saved. Since the migration process is carried out component by component, IT staff, once trained, can subsequently act as multipliers, so that a higher level of know- how is available at the time when the next component is to be migrated. • Existing barriers and reservations can be gradually removed. • Complex IT structures can be unravelled piece by piece. The illustration below shows an example of a possible gentle migration process.
Page 135
Fig. 24: Example of gentle and gradual migration
A component which should be easy to single out should be chosen as the first component to be migrated. This is the DBMS server in the example above. The task is not the migration of the database applications but the establishment of a parallel DBMS. Basic DBMS knowledge is assumed to be available and when the next component, i.e. the web server, is migrated, a DBMS will usually be required at the latest. Although the directory server is initially a stand-alone component, it may already be possible to use it in conjunction with the web server and it may be a precondition for the subsequent groupware migration phase. Migration of the file, network and print services follows. Finally the desktop is migrated after all the specialized and Office applications have been migrated in the background parallel to the component migrations. It should be remembered that this is one possible example. The sequence can also be totally different with other IT infrastructures and their given interdependencies. In the case of gentle migration, it is not possible to randomly exchange and move the components for the individual steps. What belongs together should be left together. Another important aspect is not to overstrain the time schedule and to fix a realistic deadline. On the other hand, the implementation time must reflect the complexity of updating and upgrading tasks and hence the administrators' job. As administrative requirements in a varied IT landscape are often higher than in the case of a homogenous landscape, the entire change process should not include more than 2 to 3 change phases with a generally realistic time horizon even in the case of gentle migration. Fig. 24 shows the three steps of the exemplary migration project. In the example of a migration project away from a Windows-based IT infrastructure to a Linux-based IT infrastructure, the migration project can initially advance relatively far at the server end. Especially with Samba, Terminalservices and the possibility to continue using Outlook as a groupware and messaging client, aids are available that enable the temporary heterogeneity of the IT landscape without having to copy with restrictions. At the very end, after all the specialized and Office applications have been migrated parallel to the migration process at the server end, migration of the desktop – i.e. migration at the client end – from Windows to Linux can be carried out. On condition that
Page 136 the migration of the specialized and Office applications permit this, one might even consider migrating MS Office to OpenOffice.org or StarOffice on a Windows client in an intermediate step. 2.2 Possible effects of the migration paths
2.2.1 Input With regard to the input required to implement a migration project, there are no interdependencies between input and the type of migration path. Be it continuing or replacing migration, be it the replacement of Windows-based infrastructures or vice versa, the input required for a migration project ultimately always depends on the respective requirements, the given starting situation and the strategic aims. This is also applicable to the costs and manpower requirements resulting from subsequent operations. Simplifying and incorrect assumptions, for example, that although OSS products do not involve any license costs, they do in fact lead to high costs due to more complex administration, an increased demand for training and insufficient support, are not valid. The requirements and costs for support, maintenance and updating of the software depend on the respective systems and their use, the frequency at which the configuration, structure and functionalities need to be modified and amended, the tools and know-how available, the design of the available license models, the question as to whether license costs must be paid and the related terms and conditions as well as amounts. These factors and many more determine the follow-up costs of a selected migration path. This shows that in principle all sensible and feasible variants must be examined with a view to their economic efficiency. The follow-up costs to be expected in the medium to long term must be considered in this context as precisely and fully as possible.
In this context, we recommend taking a look at the strategic aspects discussed in this guide (refer to I.A 1) and considering the aspects of manufacturer dependence and the use of open standards in this examination.
2.2.2 Subsequent migration needs A migration project currently implemented quite often forms the basis for the next project. It goes without saying that this is particularly valid for the migration paths which end at a particular product of a manufacturer. Since manufacturers are interested in selling follow-up versions of their product, support for a particular product is inevitably discontinued after a certain period of time. This need for migration, which is generally foreseeable, is additionally adversely affected by the fact that, due to the commercial nature of the manufacturer-specific products, the time spans between migration projects and the extent of the individual migration projects are almost completely beyond one's own control. Migration hence becomes necessary again when further development of a previously selected product is discontinued. This situation can also occur with open source software, for example, when developers lose interest and this results in the pertinent OSS developer community being dissolved. However, this experience also shows that successful OSS projects exist for a long period of time even though individual developers
Page 137 from the core team turn to other fields of interests. Replacements can be found in most cases. Furthermore, this can also be counter-acted by finding a suitable and reliable support partner and by examining the sustainability and reliability of the developer community in just the same manner as in the case of the procurement of proprietary software by examining the performance and reliability of the service provider and of the software manufacturer.
2.2.3 Consequences for subsequent migration projects If a migration decision is made on the basis of the fact that only one particular proprietary product fulfils all the requirements, it is clear that this restricts the possibilities for future migration projects. However, such a restriction can also occur in less direct ways. Most migration possibilities exist in an environment which solely relies on standardized functionality. However, many products deviate more or less from the underlying standards. Especially proprietary products sometimes use such deviations in the form of additional functionalities as unique selling propositions. Good examples of this can be found in the case of the different database management systems. If these additional product-specific functions are used intensively, this can lead to higher migration costs if replacing migration is aimed at. In a worst case scenario, this can lead to extreme product and manufacturer dependence. One should hence carefully check within the scope of a migration project which standard functionalities are needed and, furthermore, how these are supported by the different products and which dependencies and/or follow-up costs can occur in the future as a result of this. 2.3 Check-list of success factors In order to ensure that migration projects as IT projects in general and as innovation projects in particular can be concluded successfully, the factors critical for success must be identified and evaluated well in advance. A migration project is first and foremost a success for all those involved if the desired aims and results are achieved within the planned and agreed time and budget frames. Furthermore, the contribution of so-called soft factors towards success should not be underestimated. These factors include, for example, staff satisfaction, smooth communication and hence avoidance or reduction of failure, frustration and double work as well as the demand-conformant selection and, of course, acceptance of the new IT landscape by its users. In the following, important success factors of a technical, commercial and organizational nature are presented, along with important experience gained with migration projects.
2.3.1 Technical success factors • Detailed stock-taking, including a definition of functional requirements: The more detailed the description of the starting status, the lower the probability that important aspects are missed in the definition of the target status. • Migration projects must be seen in the overall context:
Page 138 Not just the migrated product is crucial, but also the rest of the system landscape. • Optimum project and service selection: The defined target status can serve as a relatively good basis for identifying the requirements for the products and services which are needed. The product and services offered by the various suppliers must be carefully examined in order to decide whether these really fulfil these requirements. Even if there are compelling technical or commercial reasons, migration to the latest product versions for which little or no experience is available should be avoided. • Documentation: During the course of a migration project, many decisions are made which must be documented in order to enable subsequent validation of these decisions – especially following changes in technical or commercial parameters. Documentation of the starting and target states (both planned and achieved) is also recommended. • Use of standard-compliant technologies: It is also advantageous to use standard-compliant technologies. • Consideration of the proprietary functionality used: The proprietary functionality used in the system landscape to be migrated poses a risk to the success of the migration project and must hence be considered accordingly in advance.
2.3.2 Economic success factors • Clear benefits of the project: A clear benefit of the migration project must be visible even before the project commences. • Structured project, time and resource planning: Migration projects can become very complex and extend over an longer period of time. Careful planning in order to make the project manageable during its course is necessary from the very beginning in order to prevent cost increases due to unnecessary delays and friction losses. • Establishing efficient project controlling: Besides a monitoring system for the budget and time schedule, efficient project controlling also enables an early response to deviations from the original plan. • Involvement and positioning of the management and decision-making level: Only the management level can ensure the availability of the required funds which include not just the pure investment and license costs, but also costs for training, external consultants and project support as well as internal personnel costs as well as the adjustment of such funds in line with the progress of the project.
Page 139 2.3.3 Organizational success factors • Identification of clear-cut aims for the migration project: It must be laid down why the migration project is to be carried out and what precisely the target status aimed at will look like. Each migration project is different and one must hence carefully check whether experience from earlier projects can be applied to new ones unless these projects concern the same products and the same versions thereof. • Involvement and positioning of the management and decision-making level: The decision-making level must be convinced of the need for migration and the chosen path. Furthermore, the role of the respective management and decision-making level should not be underrated when it comes to matters of project organization, communication, progress control and result verification. The project itself should, in fact, be triggered by this level and it should be supported by it during all of its phases. • Establishing a qualified project team: Ideally, the staff involved in the migration project should be largely released from their other duties during the term of the migration projects, so that they can fully focus on the success of the migration project and in order to minimize coordination efforts and avoid resource conflicts. • Defining responsibilities: The risk of migration projects can be significantly reduced by clearly separating responsibilities in the system landscape to be migrated. • Early information and involvement of target groups / staff: Early information and real involvement of those concerned is a vital precondition for a high degree of acceptance of the target status. The availability of internal knowledge concerning the target status of the migration project must be ensured, in particular, when it comes to aspects of subsequent operation and administration. • Well-timed, sustainable training: The training for the new products and technologies should be largely adapted to the training demand of each and every individual in order to enable the smooth transition to the target status and to avoid a decline in productivity during the initial time following migration. Without detailed product knowledge (including the versions involved), migration projects are unlikely to be successful.
Page 140 II. The infrastructures module
A Subject: database systems
The term "database" here refers to the structured capture and filing of data in electronic form. Depending on the type of database, data can exist in different forms or different formats. The products described in the following chapters are database systems in which databases are managed by database management systems. The latter additionally enable the editing of data and its retrieval from a database. Since the databases in question organize the data stored in the form of bidimensional tables (relations), these systems are also referred to as relational databases and database management systems. Further types of databases, such as object-orientated databases or XML databases, are not considered within the scope of this document because of their currently relatively limited degree of dissemination. The major functions of modern relational database management systems are offered by all the products discussed here and include, in particular, the following functions: • Views Views are virtual tables for recurring queries. They can be used in queries just like other tables and are calculated with every such use. • Triggers Triggers are programs which are executed as a function of defined actions (inserting, modifying, deleting) involving defined data and which can be used, for example, in order to ensure consistency. • User defined functions and stored procedures User defined functions are executable programs within the database with which functions can be defined which can be used in database queries as evaluatable expressions. Although stored procedures are very similar to user defined functions, they cannot be used in expressions, but are much more flexible with regard to their return values. • Transaction support By way of transaction support, database management system can ensure the atomar98, consistent, isolated and permanent execution of a logically coherent operation on the data which can also be made up of multiple operations. • Save points Save points enable the definition of points in transactions to which a return is possible. Any changes in the database status by actions after the corresponding save point are reversed in such a case.
98 An atomar operation is an operation which cannot be interrupted by another operation. A transaction is carried out either completely or not at all. A typical example in this context is the transfer of money from one account to another where the amount is first withdrawn from one account and subsequently credited to the other account. Page 141 Deviations from this basic functionality as well as special expansion possibilities are discussed in the product-specific sections below. A detailed description of security aspects of the individual database systems would go beyond the scope of this migration guide. The database systems presented here generally include security mechanisms which enable authentication, authorization and the granting of certain privileges for data access on the user level. Some database systems also offer further mechanisms to protect the data stored, for example, by way of encrypting data and communications between the client and server. Information in this respect can be found in the product-specific sections. However, the security of a database system which is actually possible depends to a significant extent on the concrete use environment, the actual configuration and the type of use. Detailed information and measures concerning security aspects in database systems can be found in the IT Baseline Protection Catalogues of the German Federal Office for Information Security (BSI)99.
1 Products/technologies 1.1 MySQL MySQL is developed and distributed and/or made available by the Swedish company MySQL AB. MySQL was originally designed as a quick and flexible replacement for mySQL, a database system from Hughes Technologies. The software basis dates back to the early 1980s. The current version is MySQL 5.1. The manufacturer estimates the number of active MySQL installations world-wide at more than 11 million100. The combination of Linux, Apache, MySQL and PHP, which is known under the acronym "LAMP", has been one of the most popular infrastructures for webshops and dynamic websites since the beginning of the commercial use of the Internet. MySQL runs on more than 20 platforms, including Linux, OS/X, HP-UX, AIX and Windows101. The two existing license models of MySQL are linked to the corresponding editions of the database system. The manufacturer calls this a dual license. • MySQL Community Edition This edition is made available as an open source database system under the GNU General Public License102 . • MySQL Enterprise This edition is distributed within the scope of a commercial license103 which includes, however, the database system itself as well as further services and support. Different service levels exist which include, for example, support, advice or release from liability in cases of intellectual property violation.
99 http://www.bsi.bund.de/gshb/deutsch/baust/b05007.htm ("Databases" module) and http://www.bsi.bund.de/gshb/deutsch/m/m02126.htm (Catalogue of measures for organization - development of a database security concept) 100 http://www.mysql.de/why-mysql/marketshare/ 101 http://dev.mysql.com/downloads/mysql/5.0.html#downloads 102 http://www.mysql.com/company/legal/licensing/opensource-license.html 103 http://www.mysql.com/company/legal/licensing/commercial-license.html Page 142 One central architectural feature of MySQL is the possibility to use different storage engines for work with different types of tables. Tables with and without transaction security can be implemented in this way. The latter are much faster and require less memory capacity. The following storage engines are available: • Misaim offers quick data retrieval and quick data storage and comes with full-text search capability, but manages non-transactional tables only. • MEMORY makes tables available in the RAM. • Anode and BDB make transaction-secure tables available. • EXAMPLE is meant solely for developers planning to develop storage engines, and hence does not offer the possibility to store data. • NDB Cluster is used for the implementation of tables which are partitioned over many computers. It is presently available for Linux, Solaris and Mac OS X only. • ARCHIVE enables the storage of large amounts of data without indices with very small memory consumption. • BLACKHOLE receives, but does not store, data. The engine can, for example, be used to test queries. • FEDERATED is designed to store data in a remote database. With MySQL 5.1, an architecture was introduced which permits pluggable storage engines. Users can hence create new storage engines adapted to their own needs and add these to a running MySQL server without having to re-compile the server itself. However, the storage engines available are usually sufficient. The possibility to adapt storage engines is hence more interesting for companies that have to implement very specific requirements.
The current version of MySQL also offers certain functions which go beyond the basic functions of modern database systems (refer to the introduction), such as: • Database replication In order to make the contents of a database available at different places, MySQL offers the possibility to declare one MySQL instance as the master and to instruct multiple other instances (i.e. the slaves) to replicate the contents of the master database. Database replication can also be used for live backup purposes because slave databases can be easily and automatically updated after offline phases.104 • MySQL Cluster A special storage engine is available for Linux, Maces X and Solaris by means of which clusters of MySQL databases can be implemented which are managed by a management node and which can be accessed via special MySQL nodes105.
104 http://www.onlamp.com/pub/a/onlamp/2005/06/16/MySQLian.html 105 http://dev.mysql.com/doc/refman/5.1/en/mysql-cluster.html Page 143 • Table partitioning MySQL enables the distribution of large tables to different partitions of a file system on the basis of user-defined partitioning functions. In the current MySQL version, the resultant distributed tables are still subject to certain functional restrictions106. Stored procedures are at present available under MySQL with a restricted functionality because their implementation has not yet been fully completed107. The following graphic tools are available for managing a database system: • MySQL Query Browser This tool can be used to create, execute and optimize database queries. • MySQL Workbench MySQL Workbench enables the graphic creation, editing and documenting of database schemas and their export in the form of SQL instructions. • MySQL Administrator This tool integrates the MySQL functions for database administration and maintenance under a graphic user interface. MySQL enables the encryption of individual character strings in the database via suitable functions. This enables attribute-wise encryption, for example, of passwords. Furthermore, MySQL can also be configured for network encryption using SSL. MySQL provides standard-based drivers for JDBC, ODBC and .NET (ADO.NET) as well as numerous interfaces, so that developers are relatively free to decide which programming language of their database applications they will select for MySQL (including, for example, Java, all .NET languages, Perl, PHP, Python, Eiffel). A C library is additionally available which enables direct embedding of MySQL into the corresponding applications. This means in summary: Besides platform independence, the adaptability to application requirements via exchangeable storage engines is one of the strengths of MySQL. As far as the typical field of application of MySQL is concerned, i.e. dynamic web applications, the clusters which can be implemented on cheap PC hardware are of special interest. 1.2 PostgreSQL PostgreSQL has its origins in the Postgres database system which was designed by Michael Stonebraker in 1986 at the University of Berkeley, California. Since 1996, the software has been available under the name PostgreSQL. PostgreSQL is a pure OSS project and is driven by a large international developer community108 . PostgreSQL has a large community and is by default included in many Linux distributions. It is hence difficult to estimate the number of users. On its website, the
106 Further details concerning the restrictions of table partitioning can be found at: http://dev.mysql.com/doc/refman/5.1/en/partitioning-limitations.html 107 Further details concerning the restrictions of stored procedures can be found at: http://dev.mysql.com/doc/refman/5.1/en/routine-restrictions.html 108 http://www.postgresql.org/developer/ Page 144 developer community reports one million downloads of version 8.0 (the current version being 8.2) within seven months.109 PostgreSQL is available for several operating systems, including AIX, Linux, FreeBSD, HP-UX, Mac OS X, NetBSD, OpenBSD, Solaris110, Tru64 UNIX and Windows111. The use of PostgreSQL is subject to the BSD license112. In view of the large community and the fact that PostgreSQL is widely known, many providers offer support for PostgreSQL subject to payment113. PostgreSQL includes an object-relational database management system. This means that, in addition to the possibilities of a relational database management system, it also enables the use of user-defined data types which are not necessarily atomar and which can also be generated using object-orientated concepts, such as inheritance. PostgreSQL in its current version also offers functions which go beyond the basic functions of modern database systems as described in the introductory section, such as: • Multiversion concurrency control With this mechanism, PostgreSQL enables the independent reading and writing of data by different users. When read access occurs, snapshots of the current condition of the data requested are made and only these snapshots are returned. Write access that takes place after the beginning of read access has no longer any influence on the data versions read. • Write ahead log PostgreSQL manages a so-called write ahead log which logs all the changes made in the database and thereby enables, for example, the condition of the database to be restored at a particular point in time (point in time recovery). Furthermore, this feature can also be used to implement a live backup. PostgreSQL has been expanded in several ways by different organizations or companies both in the form of open source projects114 and in the form of proprietary products115. With the PostGIS116 extension, for example, PostgresSQL can serve as a database for geographic information systems. Projects, such as pgpool117 and PGCluster118 offer replication functionalities for PostgreSQL database systems. Furthermore, proprietary database systems based on PostgreSQL are also available. In the current version of PostgreSQL, the size of the database is only limited by the possibilities of the hardware used. A single table can be as large as 32TB. The number of data records is unlimited, its maximum size being in the order of 1.6TB. Depending on
109 http://www.postgresql.org/about/press/faq (question 5) 110 Solaris 10 is by default delivered with PostgreSQL. Refer to: http://www.sun.com/software/products/postgresql/ 111 Possible are 2000, XP and 2003. Tests have been carried out so far with 32-bit versions only. Refer to: http://pginstaller.projects.postgresql.org/faq/FAQ_windows.html#1.1 112 http://www.postgresql.org/about/licence 113 http://www.postgresql.org/support/professional_support 114 http://www.postgresql.org/download/ 115 http://www.postgresql.org/download/commercial 116 http://postgis.refractions.net/ 117 http://pgpool.projects.postgresql.org/ 118 http://pgcluster.projects.postgresql.org/index.html Page 145 the data types used, the number of columns is limited to between 250 and 1600, with the possibility to store up to 1GB per field. Different tools are available for PostgreSQL as support for administration and configuration tasks: • PGAdmin PGAdmin is a comprehensive database administration tool with a graphic user interface. Beside the administration and configuration of databases, PGAdmin also supports database development, for example, via the integrated editor with SQL syntax highlighting. • phpPgAdmin This tool enables the web-based administration of PostgreSQL databases. PostgreSQL offers the possibility to encrypt the communication of data between the server and client using SSL. Furthermore, individual columns in tables can be encrypted. PostgreSQL can be configured in such a manner that client authentication is Kerberos- based119. Besides ODBC and JDBC drivers, there is a large number of interfaces for PostgreSQL which enable communication of the database with user-developed applications in many programming languages and environments. Besides Ada, C/C++, Java, Perl, Python and PHP, using the .NET programming languages is also possible. One can sum up that PostgreSQL has a very good reputation among open source databases. The scope of functions, standard conformance and simple expandability of the database are particularly appreciated. During the course of its long development history, PostgreSQL has reached a high level of maturity and is hence a database system which can also be used for very large data volumes and solutions with high availability. 1.3 Firebird Firebird appeared in mid-2000 as an independent project from the Interbase 6.0 database system which Borland had released into the world of open source. The further development of the database system currently available as version 2.0.1 is being pushed ahead by the Firebird Foundation with its approximately 300 members (individuals and companies)120. Firebird is available for both different 32-bit Windows versions and for Linux121. The source code of the Interbase database system which is the basis of Firebird was made available as open source under the InterBase Public License122 , with further developments of Firebird under the Initial Developer’s Public License123.
119 http://www.postgresql.org/docs/8.2/static/auth-methods.html#KERBEROS-AUTH 120 As per August 2007 121 http://www.firebirdsql.org/index.php?op=files&id=engine_201 122 http://www.firebirdsql.org/index.php?op=doc&id=ipl 123 http://www.firebirdsql.org/index.php?op=doc&id=idpl Page 146 Firebird can be operated in two architecture variants, i.e. • Classic Server and • Superserver. Classic Server generates for each database connection to a client a separate process with a cache of its own. This has consequences for several database parameters, such as the cache size. According to the manufacturer, resource consumption is lower than with Superserver in the case of a small number of connections. Superserver, by contrast, uses just a single process for all the connections and processes the queries within the framework of individual threads. According to the manufacturer, Superserver is more efficient when the number of parallel connections increases. However, further restrictions exist, for example, in terms of the maximum number of parallel connections, depending on the given boundary conditions. The decision in favour of Classic or Superserver must hence be based on the requirements of the specific project concerned. Since a change between the two architectures is also possible at a later point in time, the more suitable of the two architectures can be chosen according to the given requirements. Firebird also offers all the functions which were described in the introduction to this subject. Firebird additionally includes mechanisms for mirroring data at several locations. This means that the data of a database instance is exported to one or more other database instances during ongoing operation. Synchronous replication, i.e. a mechanism that ensures that a change in data can only be successfully completed if this data was also successfully replicated into the mirror databases, is not possible in this way. Bidirectional synchronization is not possible either. A live backup of the database is possible with the tools supplied. Graphic administration and configuration tools are offered for Firebird by third parties only. In this context, Firebird benefits from its Interbase past which quite often led to the availability of management tools for both Interbase and Firebird124. Firebird does not include its own mechanism for encrypting data125 ; it does, however, include several interfaces. In addition to connections for .NET, Java, C++, Perl, PHP and Python, these also include several Delphi components which can be explained by the Borland Interbase history126, as well as ODBC, JDBC and OLE DB drivers. In summary: As a relatively new player in the field of open source database systems, Firebird is not yet as well-known as other products, such as MySQL or PostgreSQL. The community and also the offer of support to be paid for are correspondingly smaller. Firebird is at present only suitable to a limited extent as a database system for professional use. Although Firebird offers quite a few of the functions of the other
124 http://www.ibphoenix.com/main.nfs?a=ibphoenix&page=ibp_admin_tools 125 http://www.firebirdsql.org/pdfmanual/Firebird-Security.pdf 126 Delphi is a programming language developed by Borland from Object Pascal which is quite widely used in the Windows environment for several reasons, including, for example, its seamless COM integration and good GUI development possibilities. Page 147 products described here, it also has certain restrictions, for example, the lack of replication and/or synchronization mechanisms. 1.4 MaxDB MaxDB was launched as a university research project at Technische Universität Berlin in the late 1970s. In the 1980s, the system was further developed and sold by Nixdorf under the name DDB/4. Under the name Adabas D, it then came via Siemens/Nixdorf to Software AG and was acquired by SAP in 1997. The database system was renamed SAP DB and in 2000 was made publicly available under the GNU Public License (GPL). However, SAP continued to develop the product further even after that time. In 2004, SAP DB was acquired by MySQL AB and renamed MaxDB. MaxDB continued to be offered by SAP as a certified platform for the R/3 system and its successors, and is used as the core technology in SAP's own products. In October 2007, SAP completely took over both the distribution and the support of MaxDB again. MaxDB is available for HP-UX, IBM AIX, Linux, Solaris and Windows 2000, XP as well as 2003 Server. According to the manufacturer, more than 6,000 customers127 use MaxDB as a database system. MaxDB is today marketed by SAP with a dual license model. It is available both under the MaxDB Community License128 and under another commercial license129 . Within the scope of the commercial license, SAP also offers support for MaxDB. According to the manufacturer, the MaxDB database management system includes mature backup and restore mechanisms and is designed for large user numbers and a high workload. MaxDB adds, for example, the following functions to the basic functionality of a database system: • Hot standby MaxDB enables the configuration of one master and several standby instances of a database. The latter reproduce the changes to the master instance at regular intervals. When the master instance fails, one of the standby instances of the cluster formed in this way automatically assumes the role of the master. • Live backup The data in the database can be saved without restricting the use of the database. • Snapshot functionality A given status of the database can be frozen via the snapshot function. Changes made after this point in time are made conditionally and can be either completely rejected or taken over by deleting the existing snapshot or creating a new one. A maximum database size of 32TB is possible with a page size of 8kB.
127 However, these also include large customers, such as Toyota, Intel, DaimlerChrysler, Braun-Gillette, Bayer, Colgate, Yamaha and Deutsche Post. 128 http://maxdb.sap.com/license/MaxDB_Community_License_2007.pdf 129 http://maxdb.sap.com/license/ Page 148 MaxDB offers several tools for administration and use, such as: • Installation Manager The Installation Manager offers a uniform graphic interface for installing MaxDB on all operating systems supported. • Database Manager The Database Manager can be used to create, check, monitor, archive and restore databases. Three different user interfaces are available for this tool, i.e. a command line interface, a graphic user interface (under Windows only) and a web-based interface for remote access. • SQL Studio SQL Studio enables interaction with a database with SQL instructions. It is available for Windows only, but it can access remote databases on other computers. • Database Analyser The Database Analyser is a tool for analysing database performance. It is used to identify configuration and synchronization problems as well as problems during the processing of database queries. • Synchronization Manager The Synchronization Manager can be used to synchronize data between a master database instance and several slave database instances. The Synchronization Manager can thus also be used to replicate databases. When used in an SAP system, MaxDB also enables SSL encryption of communication with the database. Besides interfaces for application programming with Java, Perl, PHP and Python as well as ODBC and JDBC drivers, an integrated WebDAV interface130 is also available for MaxDB via which users can access the database contents using web browsers. To sum up: The future further development of MaxDB is ensured by SAP's support. The use scenario as a certified database system for SAP/R3 already shows that this system is designed for use in large SAP environments. MaxDB is generally underestimated since it is perceived as being a niche product. However, its performance definitely qualifies the MaxDB database system also for use in other demanding areas. 1.5 Microsoft SQL Server 7.0/2000/2005 Microsoft SQL Server is a proprietary relational database system which is currently distributed in the 2005 version and available in different editions for different versions of the Windows operating system131 . The development of Microsoft SQL Server dates back to a cooperation project between Microsoft and Sybase132 at the end of the 1980s. In terms of market shares, Microsoft SQL Server ranks third behind Oracle and IBM, but in 2006 recorded a higher growth rate than its competitors133.
130 http://de.wikipedia.org/wiki/WebDAV 131 http://www.microsoft.com/germany/sql/uebersicht/systemanforderungen.mspx 132 The last Sybase remnants have meanwhile been removed (since version 7). 133 http://www.gartner.com/it/page.jsp?id=507466 Page 149 Three license models exist for the use of Microsoft SQL Server 2005 134: • Server plus device-based client access license (CAL) With this model, an access license must be purchased – in addition to a license for each server on which Microsoft SQL Server is running – for every device accessing it (PC, desktop PC, terminal, PDA, mobile phone, etc.). • Server plus user-based client access license (CAL) With this model, an access license must be purchased – in addition to a license for each server on which Microsoft SQL Server is running – for every user accessing it. • Processor license Requires a single license for every CPU in the operating system environment in which SQL Server is executed. The license includes unrestricted access for client devices. Microsoft offers four editions of SQL Server 2005 with different functionalities as follows: • Express This free edition is limited to one processor and a maximum main memory capacity of 1GB. Furthermore, the size of the database managed is also limited to a maximum of 4GB. • Workgroup This edition is limited to two processors and a maximum main memory capacity of 3GB. The database size is in principle unlimited with this and the following editions. • Standard This edition is limited to four processors. The useable main memory only depends on the possibilities of the operating system used. • Enterprise This edition is unlimited as regards the number of processors. The useable main memory only depends on the possibilities of the operating system used. Microsoft SQL Server 2005 is made up of several functional components as follows: • Database module The database module includes the real database engine for storing, processing and saving data. • Integration Services SQL Server 2005 Integration Services (SSIS) are used for data integration and transformation. Data can be extracted and transformed from different sources, such as XML data files, flatfiles or relational data sources.
134 Further information concerning the different license models can be found at: http://download.microsoft.com/download/c/7/2/c727d265-188c-45ae-9ca0- ff5fd19089e8/wp_sql_2005_lizenzierung_de.pdf Page 150 • Reporting Services SQL Server 2005 Reporting Services (SSRS) enable the creation of data reports. Tools are available for the creation and management of reports. • Analysis Services Analysis Services include central services for analysing business data as well as data mining functionalities. • Service Broker The Service Broker of SQL Server 2005 offers support for messaging and queue applications by enabling message-based and, if needed, even asynchronous communication between applications which use one shared or several distributed Microsoft SQL Servers. In addition to the functions mentioned in the introduction, Microsoft SQL Server 2005 additionally offers, for the example, the following functions: • User-defined data types Microsoft SQL Server enables the integration of user-defined, even complex data types into the type structure of the database management system. These data types can then be used in databases just like the integrated data types. • Failure safety due to clustering Microsoft SQL Server can be configured in Windows clusters135 which manage a shared memory area in such a manner that failure of a processor or other hardware without memory relevance can be compensated for. • Replication These technologies enable both the duplication of data in multiple databases as well as synchronization between the different databases, i.e. ensuring identical contents in the different copies. • Full-text search Full-text search enables full-text queries in purely character-based data within SQL Server tables. The SQL Server Management Studio is available for the administration of Microsoft SQL Server 2005 which includes, for example, the following tools and utility programs: • Business Intelligence Development Studio This is a development environment which enables the creation and debugging of data integration, data mining and reporting solutions. • SQL Server configuration manager The configuration enables the configuration of autostart options and extended options. • Microsoft SQL Server Agent The SQL Server Agent enables the preparation and planning of tasks to be automatically executed once off or periodically. Warning messages for the administrator can be generated when certain system conditions occur.
135 http://msdn2.microsoft.com/en-us/library/ms952401.aspx Page 151 • Microsoft SQL Server Profiler This tool enables the monitoring and analysis of server events. • Database module optimization advisor This is a tool designed to optimize database performance. As a special feature, Microsoft SQL Server similar to DB2 from IBM offers the possibility to implement a "shared-nothing" architecture. With this feature, the data is distributed to different database nodes with data warehouses. Each data warehouse has its own resources, such as processor, hard disks and main memories. Furthermore, each data warehouse contains its own data which means that each data warehouse contains only part of the total data. When a query is sent to any of the data warehouses, this data warehouse retrieves and combines the required data from the different data warehouses. A query can hence be sent to any of the nodes. Microsoft SQL Server 2005 comes with an integrated infrastructure for key management. This infrastructure defines a key hierarchy where the keys of a hierarchy level are used to encrypt the level below. The topmost hierarchy level is a password-based Windows operating system service136. Other levels are the respective SQL Server instance, the database to be encrypted and the data contained therein137. Communication between the client and server during the use of the Analysis Services is encrypted in the default setting. Client queries which take place without encryption or which expect non-encrypted answers can be explicitly rejected by a server which is configured accordingly. If an Active Directory exists, Kerberos-based authentication is additionally supported indirectly via the Windows-internal security service provider interface138. In order to enable integration of Microsoft SQL Server 2005 into the user's own application, connections to the .NET Framework are available in addition to ODBC and OLE DB drivers. Furthermore, a JDBC driver for using Microsoft SQL Server from within Java applications was recently made available. Microsoft SQL Server is very closely linked to other Microsoft products. It is, for example, a precondition for certain products (such as Windows SharePoint Services in larger installations). On the other hand, some of its functions (such as data encryption) are directly based on functions of the Microsoft Windows operating system. Although this high degree of integration enables the smooth integration of Microsoft SQL Server into a Windows-based application landscape, this also implies a decision in favour of further Microsoft products and may hinder future migration should this ever be desired.
136 This service implements the data protection API (DPAPI). Refer to: http://msdn2.microsoft.com/en-us/library/ms995355.aspx 137 For a detailed description, please refer to the presentation: http://download.microsoft.com/download/4/1/6/416bdb4a-67e9-4269-bcdc- 33dedb7f64fe/encryptionatmstwpppt.ppt. Further information can be found at: http://msdn2.microsoft.com/en- us/library/ms189586.aspx 138 Please note that the SSPI uses the weaker NTLM authentication if Kerberos authentication is not possible. Refer to: http://blogs.msdn.com/sql_protocols/archive/2005/10/12/479871.aspx Page 152 One can hence conclude that Microsoft SQL Server is a powerful database system with ample functionality. However, in contrast to the other products discussed here, its field of application is limited to the Windows operating system. Organizations using this product require the corresponding knowledge of the administration of Windows operating system environments and networks. 1.6 Oracle The development of the Oracle database systems started with the establishment of Software Development Laboratories (SDL) in 1977. The aim was to develop a database compatible with IBM's System R database. In 1983, the name of both the database system and the company was changed to Oracle. Oracle is today one of the leading database systems. According to Gartner, Oracle recorded a market share of approximately 47% in 2006.139 Oracle is currently distributed as version 11g and is available in the following editions for Linux, UNIX and Windows: • Express 10g This free edition is limited to one CPU and a maximum main memory capacity of 1GB. Furthermore, the maximum database size is also limited to 4GB. • Standard Edition One This edition can be used on servers with a maximum number of two processors. The useable main memory is only limited by the possibilities of the operating system used. The database size is in principle unlimited with this and the following editions. • Standard This edition can be used on servers with a maximum number of four processors. The useable main memory is only limited by the possibilities of the operating system used. • Enterprise Edition This edition is unlimited as regards the number of processors. The useable main memory only depends on the possibilities of the operating system used. The following license models are available for the commercial editions: • Named User Plus A license must be acquired for every user who accesses the database. Note that "non-human operated devices", such as temperature sensors which supply a database with up-to-date values, are also regarded as users. • Processor A license must be acquired for every processor on which the Oracle software runs. In the case of multi-core processors, the number of processor cores is generally accounted even though there are different factors for weighting the number of processor cores for the different processor types.140
139 http://www.gartner.com/it/page.jsp?id=507466 140 More details of the rather complex Oracle license model can be found at: http://www.oracle.com/corporate/pricing/sig.pdf Page 153 Oracle version 11g is designed as a grid database. The physical and logic structures of the database are separated here. The physical storage of data is managed independent of access to the logic structure. Many servers and memory devices here act as a self- managing grid. Compared to other database management systems, Oracle offers a very large range of functions. Some extension options for the Oracle database system are mentioned below. • Real Application Testing This extension enables the taking over and repetition of the current load of a productive system in a test environment in order to analyse the effects of system changes under realistic conditions. • Real Application Clusters (RAC) The distribution of a database to multiple servers offers the possibility to implement large systems. In order to expand the database, further servers can be added during ongoing operation. • Oracle Data Mining (ODM) This product enables the implementation of integrated intelligence applications on the basis of data mining functionalities. • Oracle Active Data Guard This product enables the swapping of CPU-intensive tasks, such as complex queries or backups, to standby databases. • Automatic Storage Management This product enables the automatic mirroring and balancing of data across the available storage devices in order to protect data and optimize performance. It is also possible to add or remove data storage devices. • Oracle XML DB141 This extension enables the structured storage of XML data in order to increase the efficiency of queries. Several tools are available for the configuration and administration of Oracle databases, including, for example, the following: • Oracle Enterprise Manager This tool is used for the general management and administration of databases. Different, so-called management packs cover different aspects in this context. • SQL Performance Analyser This tool can be used to analyse performance problems in databases. • SQL Tuning Advisor SQL Tuning Advisor can be used to resolve performance problems in databases. Oracle 11g offers for the Enterprise Edition the option of flexible assignment of access privileges via so-called labels on column and line levels. This enables very detailed control of the parts of a table which different users can access to different degrees142.
141 http://www.oracle.com/technology/tech/xml/xmldb/index.html 142 http://www.oracle.com/database/label-security.html Page 154 Further options are available for the Enterprise Edition which are designed to increase data security by encrypting the network, individual data, data types or complete table areas143. Oracle, just like other database systems too, can be accessed by custom-developed applications via suitable interfaces. Besides ODBC, OLE DB and JDBC drivers, several APIs are available so that database applications can be developed using, for example, C, C++, Java, Perl, PHP and all .NET programming languages. Furthermore, the "Oracle-Application-Express"144 development environment enables the development of web-based applications with direct database access. One can conclude that Oracle is often used for large data volumes with high load requirements. However, the large number of functionalities offered also means a high level of complexity. If the features of an Oracle database system are fully used, concept development and operation are also correspondingly complex. 1.7 IBM DB2 DB2 was presented for the first time by IBM in 1983 and is based on work within the framework of IBM's System-R project which was the first implementation of the concepts of relational databases presented in 1970145. IBM DB2 is available for numerous operating systems, including Linux, UNIX and Windows146. IBM DB2 is the traditional market leader in mainframe environments, but has also reached significant market shares in other areas147. The license models are based on the number of users permitted per server or processor, respectively. IBM DB2 is additionally offered in different editions: • DB2 Express-C This free edition is limited to two CPUs and a maximum main memory capacity of 4GB. Unlike the other editions, it already includes pureXML (see below), albeit with a slightly reduced range of functions.148 • DB2 Express This edition is limited to two CPUs and a main memory capacity of 4GB. In the case of user-based licenses, at least 5 licenses per server must be acquired. • DB2 Workgroup This edition is limited to four CPUs and a main memory capacity of 16GB. In the case of user-based licenses, at least 5 licenses per server must be acquired. • DB2 Enterprise This edition is unlimited in terms of the number of CPUs and main memory capacity. In the case of user-based licenses, at least 25 licenses per processor must be acquired
143 http://www.oracle.com/database/advanced-security.html 144 http://download.oracle.com/docs/cd/B28359_01/appdev.111/b32258/toc.htm 145 http://www-128.ibm.com/developerworks/db2/library/techarticle/0301jones/0301jones.html 146 http://www-306.ibm.com/software/data/db2/9/sysreqs.html 147 http://www.gartner.com/it/page.jsp?id=507466 148 http://www-306.ibm.com/software/data/db2/express/getstarted.html Page 155 IBM DB2 also offers a large range of functions. All editions except Express-C offer the usual functionalities of modern database management systems mentioned in the introduction to this section, as well as the possibility of database replication. Just like the Oracle case, the functionality of DB2 can be optionally expanded. Examples of some of these options are mentioned below. • Memory space optimization The memory space needed for tables is reduced by way of data compression. • Table partitioning Large tables can be distributed to several storage objects on the basis of the values in one or more columns. This means that the size of the table is no longer limited by the database management system, with the available memory space being the only limiting factor. • Database partitioning Large databases can be distributed to several servers without any adjustments becoming necessary on the user and application levels. • Management of geodetic data IBM DB2 can be supplemented by functions for processing geographic information. • pureXML This extension is included in the standard functionality of Express-C and can be optionally obtained for the other editions. It stores XML data in a special hierarchical structure which enables more efficient processing of XML data. Several tools are available for the administration and configuration of DB2 databases, including, for example, the following: • DB2 Performance Expert This tool can be used to analyse the performance of databases. Furthermore, performance problems can be identified and resolved. • DB2 Query Patroller This tool can be used to check and control the execution of queries. Queries can be scheduled for immediate or delayed execution or even rejected on the basis of different parameters. IBM refers to the possibility of implementing a "shared-nothing" architecture with DB2 as a special feature. With this feature, the data is distributed to different database nodes with data warehouses. Each data warehouse has its own resources, such as a processor, hard disks and main memories. Furthermore, each data warehouse contains its own data which means that each data warehouse contains only part of the total data. When a query is sent to any of the data warehouses, this data warehouse retrieves and combines the required data from the different data warehouses. A query can hence be sent to any of the nodes. According to the manufacturer, this architecture offers advantages in the case of high-performance, parallelized database solutions.
Page 156 Enterprise Edition optionally offers the possibility of flexible assignment of access rights on column and line levels via so-called labels. This enables very detailed control of the parts of a table which different users can access to different degrees149. IBM DB2, just like other database systems too, can be accessed by custom-developed applications via suitable interfaces. Several APIs150 are available, so that database applications can be developed using, for example, Microsoft Visual Studio .NET, IBM WebSphere Studio Application Developer, as well as Eclipse. Possible programming languages for this purpose are C, C++, COBOL, Fortran, Java, Perl, PHP, REXX and all .NET programming languages. ODBC, JDBC and OLE DB are additionally available. IBM DB2 is hence a powerful database system with a comprehensive functionality and different editions that meet different requirements. IBM DB2 is available for a large number of platforms.
2 Migration paths Relational database management systems (RDBMS) play a special role within the framework of a migration strategy in that they are always connected to at least one further application. Within an organization, the data ideally occurs in one database system only and in a normalized form (without redundancy). Furthermore, the query language (SQL) used by the applications on the database is ideally standardized, and every application should work smoothly with any RDBMS. In real life, many IT infrastructures include several RDBMs which partially manage the same data several times over and which are accessed by different applications with different SQL dialects and manufacturer-specific language extensions and via manufacturer-specific interfaces. The discussion in chapter II.A 1 shows that the individual database products differ from each other in many respects. Potential migration obstacles include, for example, differences in the following areas: • Extended functionalities which deviate from or go beyond the standard • Implemented data types • Implemented security functions • Functions offered for contingency prevention and high availability, such as clustering and replication • Supported operating systems on which the database products can run • Offered license models • Supported storage formats • Available administrative tools
149 http://www-306.ibm.com/software/data/db2/9/editions_features_advaccess.html 150 Numerous documents concerning DB2 can be found at: http://www- 1.ibm.com/support/docview.wss?rs=71&uid=swg27009552, including, in particular, the following file which provides a good overview of the possibility of application development for DB2: ftp://ftp.software.ibm.com/ps/products/db2/info/vr9/pdf/letter/en_US/db2axe90.pdf Page 157 • Available additional products • Available interfaces and drivers • Supported SQL dialects • Given system boundaries, such as the maximum size of fields, tables and databases • Maximum storage and processing speed Against this background, migration offers the opportunity to consolidate software and data structures. At the same time, not just data but normally the applications too have to be migrated which, in many cases, is not possible without intervening in the client software. Client software in this context means any application which accesses the database. The client software often runs on an application server. Even if communication with the database via ODBC or JDBC is standardized, and even if no triggers or stored procedures are used, at least the ODBC/JDBC driver will have to be replaced at the client end in the case of database migration. It is hence clear that a certain effort and costs will be needed in order to centralize and consolidate the data stock. On the other hand, this is a very attractive goal because considerable maintenance work and hence costs can be saved during ongoing operation. Manufacturer-independent tools are available for migrating database schemas, enabling migration between any type of database. However, these tools can by no means resolve all the problems of a database migration. Typical problems are the use of proprietary database technologies and migration of the program logic which also exists in the database. This is why relevant aspects should be considered when designing a database solution, also with a view to future migration. • The database solution should be orientated towards manufacturer-independent standards. The use of manufacturer-specific techniques with implications for the remaining IT infrastructure should be avoided. A database should, for example, be connected via ODBC or JDBC and ANSI SQL should be used for data queries. Stored procedures and manufacturer-specific extensions should be avoided wherever this is possible. • A database solution should focus on the core functionality of a database, i.e. the structured capture and storage of data in electronic form. The separation of business and data storage logic which is also demanded by SAGA should be especially ensured. This means that the program logic should be implemented in the middleware rather than in the database because migration projects could otherwise become very difficult and time-consuming. If the business logic or functionality is to be moved from the client to the server, 3-layer architectures are today a very good means for this. In the sense of platform-independent implementation, a suitable candidate for this is Java, both for the client and for the application server (Tomcat, etc.). If, in contrast to this, business logic is moved into the database, this business logic must then also be migrated later. Since the different database systems offer different, often proprietary solutions for the implementation of the business logic, this can lead to substantial migration costs.
Page 158 • SQL statements in the program code should be isolated and modularized. Even if changes in the SQL statements become necessary due to a change in the database system, such changes can then be implemented at central, isolated points within the applications. If a database is designed according to the above-described criteria, both replacing and continuing migration are usually possible irrespective of the source and target systems used. The requirements of the particular case, for example, with regard to performance or recovery functionalities, are particularly important in this context. This is why replacing or continuing migration rather than individual migration paths will be generally discussed in the following. Notwithstanding this, database migration is often a complex task so that a detailed examination is mandatory before any migration project in order to identify the specific problems that can be expected during a given migration project. Besides the database itself, the connection of the applications to the database must be taken into consideration for a migration project. Standardization of the database connection via ODBC or JDBC helps, but cannot resolve all problems. Differences in the SQL dialects of the databases involved, for example, can cause considerable migration work and costs. Furthermore, if the business logic was not strictly separated from the data storage logic, it is additionally necessary to port stored procedures or triggers. Furthermore, changes within the client application itself may become necessary. Besides the factors already mentioned (use of triggers and stored procedures), the programming interface used within the clients especially has an important role to play. If the database application was implemented directly via an interface of the manufacturer (such as embedded SQL), the migration effort will be far greater than in the case of an intermediate abstraction level, such as ADO.NET. Note that the source code of an application must be available for modification within the application. The time input and work for the necessary changes also depend on a clear-cut architecture of the application. SAGA151provides a good overview of application architectures. The manufacturer of an application should be involved in any case. Many suppliers of applications also consider the fixed link to a particular RDBMS as a market disadvantage, so that it may well be assumed that there is substantial and growing support for migration, especially towards an Open Source RDBMS. One can conclude that the success of a migration project depends on the specific characteristics of the individual database system and on the degree to which certain rules were adhered to in advance of the migration project itself: • Standardized database access, for example, via ODBC or JDBC • Use of manufacturer-independent standards • Avoidance of program logic in the database • Clear separation of data storage and business logic in the client applications
151 Refer to: http://www.kbst.bund.de Page 159 • Isolation and modularization of database access in the client applications • Involvement of the manufacturers of client applications • Consolidation of software and data structures 2.1 Replacing migration of proprietary and open database systems The technical discussion on the database migration issue shows that, besides the proprietary relational database management systems (RDBMS) from Microsoft, IBM, or Oracle, very powerful alternative solutions based on open source software (OSS) are available and justify replacing migration. Important representatives of such OSS are MySQL, PostgreSQL and Firebird. The OSS solutions mentioned offer different functionalities, and their suitability must be analysed from case to case against the background of the different requirements. It should be pointed out that all the OSS solutions mentioned here are platform- independent and that ready-to-install Windows versions are available on the Internet as downloads. This means that these database systems can also be used in cases of selective or operating-system-spanning migration. Databases have, amongst other things, paved the way for the use of Linux in business- critical fields of applications. Software AG launched AdabasD as early as 1997 as a proprietary (and at that time SAP-certified) RDBMS for Linux. Oracle and Informix followed suit in 1998, thereby boosting the credibility of Linux in the professional environment. The combination of Linux, Apache, MySQL and PHP, known under the acronym "LAMP", has been one of the most popular infrastructures for webshops and dynamic websites since the beginning of the commercial use of the Internet. PostgreSQL and Firebird are fully fledged RDBMS which offer transaction support, triggers and stored procedures and which are also available under open source licenses. There is no lack of high-quality options for the use of Linux and open source software in the field of database systems. If database migration is generally possible, a suitable RDBMS must be selected as the target system. A wide range of attractive migration targets are on offer both in the proprietary and in the open source area. It is not possible to make a general, simple and clear-cut decision in favour of one or the other system on the basis of its respective characteristic features. It is hence important to select target system candidates from case to case on the basis of the functionalities actually used and on the basis of the properties which are considered to be relevant. Another goal is to operate the smallest possible number of different database systems within an organization (ensuring uniformity). When data is imported from data types that do not exist in an identical form in the target system, it is usually possible to identify a suitable type with a larger value range. Especially in the case of large-volume data types, one must bear in mind that these cannot be searched for or indexed in some RDBMS whilst this is possible in others. Furthermore, when changing to an ODBC connection, one must consider that ODBC distinguishes between different function groups. This means, for example, than a level 1 ODBC driver does not offer the same functionality as a level 2 ODBC driver. Database manufacturers offer numerous tools for replacing migration. These tools usually enable the more or less automated migration of database objects, schemas and Page 160 the data itself. However, there is only a very limited possibility to automate the migration of the business logic, such as stored procedures. However, these tools can often significantly simplify work on a migration project because they strongly support many standard tasks, such as the conversion of data types. Some examples of migration tools are mentioned below as follows: • MySQL Migration Toolkit The MySQL Migration Toolkit enables the migration of Microsoft Access, Microsoft SQL Server or Oracle databases to MySQL. The graphic tool leads the user through the entire migration process on the basis of a step-by-step procedure. Wizards are available in order to automate migration steps. Manual intervention in the migration process is additionally possible. According to the manufacturer, it is possible to adapt the toolkit and/or individual modules of the toolkit, so that migration of other database systems to MySQL is also possible. Access to the database source to be migrated is standardized via JDBC. The operating system on which the source database is installed is hence irrelevant. • SQL Server Migration Assistant for Oracle (SSMA for Oracle) SSMA for Oracle enables the largely automated migration of an Oracle database to Microsoft SQL Server. Besides the migration of the database objects and the data, the migrated code and data are finally validated. According to the manufacturer, migration of stored procedures is also possible in this way. • Oracle Migration Workbench (OMWB) Oracle Migration Workbench supports the migration von Sybase, Informix and DB2 databases to Oracle. With the Oracle SQL Developer Migration Workbench, Oracle additionally offers a tool for the migration of Microsoft Access, Microsoft SQL Server and MySQL databases to Oracle. Oracle offers the Database Migration Verifier (DMV) for verifying the migration. Both the structure and the data can be verified with this tool. • IBM Migration Toolkit The IBM Migration Toolkit supports, amongst other things, the migration of Oracle, Microsoft SQL Server and MySQL to DB2 and Informix. Besides database schemas and data, it is also possible to migrate logic in the form of triggers or stored procedures. Application migration too is supported by a wizard for the migration of queries (for example, conversion of proprietary joins to standard joins). • Other migration tools Besides the migration tools from the individual manufacturers, there are many other tools which can facilitate a migration process. One example is the eva/3 Universal Database Converter which supports the migration of table structures and data between all the database systems described in this migration guide. Furthermore, so called ETL tools (Extraction-Transformation-Loading) such as the Pentaho Data Integration OSS solution also enable complex transformation operations from one database to another.
Page 161 One can generally state that the tools offered are a good means for handling standard tasks within the scope of a migration project. Furthermore, some tools also offer support when it comes to migrating business logic. However, experience shows that normally this task, due its complexity, can only be managed in part by these tools. Most work at this point must be performed manually and this is probably often the greatest problem in database migration projects. 2.2 Continuing migration of database systems It goes without saying that manufacturers are keen to see the latest versions of their database systems being used. Although all manufacturers usually offer suitable tools in order to support continuing migration, careful examination is nevertheless necessary in each case in order to find out to what extent problems must be expected due to individual specific technical characteristics. Since this very often concerns very specific technical details, it is not possible at this point to say which concrete problems can be expected in a given case. Just like in the case of replacing migration, the number of possible problems usually increases the higher the number of proprietary functionalities used and the more complex and extended the business logic within the database. In order to enable the change to newer versions even in the case of difficult migration projects, Microsoft, for example, offers the possibility to operate SQL Server 2005 in compatibility mode. This means that SQL Server 2005 then behaves like SQL Server 2000. However, such a solution should, at best, be an interim solution until "real" migration is carried out. Problems are also often due to the fact that several versions of a database system are skipped in a continuing migration project. When developing new database systems, the manufacturers only consider the latest versions as the migration source and hence do not offer any tools which support migration of older versions of the database system. Furthermore, one should not expect manufacturers to have the detailed knowledge required for such a migration operation. It may hence be necessary to perform this type of migration in several version steps which means that testing, in particular, becomes considerably more time-consuming and costly. Besides migration of the database system itself, migration whilst leaving the database system untouched can also be advantageous, for example, in cases where only the underlying operating system is to be replaced. The use of a hybrid form of proprietary and open source software is also conceivable in such a case. In this way, it is possible to operate a proprietary database system, such as Oracle, also under Linux, for example.
Page 162 B Subject: web servers The original purpose of web servers is to provide static information, in particular, websites so that these can be displayed via a web browser. The application options of script languages, such as Perl, extend this functionality by providing dynamic contents. Modern web servers, such as Apache or Microsoft IIS, offer numerous additional functionalities which increasingly upgrade the classical web server to become a fully fledged application server capable of executing complex applications. The two web servers discussed currently offer all the relevant features which a modern web server must have, and in many respects even more. Both web servers, for instance, come with mechanisms for authentication and encryption.
1 Products/technologies 1.1 Apache HTTP Server Apache HTTP Server is based on a further development of NCSA HTTPd in 1995. It is made available as free open source software by the Apache Software Foundation under the Apache License. Version 2.2 is currently available, but versions 2.0 and 1.3 still continue to be offered and maintained. Even though Apache HTTP has lost some market shares, a poll152 regularly conducted by Netcraft suggests that it is still the most frequently used web server. Its importance is also reflected by the fact that fixed system architectures were defined on the basis of Apache HTTP Server and further components. LAMP, for example, represents an architecture consisting of the Linux, Apache, MySQL and PHP components. The Apache HTTP Server consists of its kernel and a large number of modules which can be compiled and/or loaded as required for the specific applications. Thanks to its modular design, the Apache server can be easily upgraded and adapted to changing requirements. The standard software delivery already includes a large number of different Apache modules. These can then be supplemented by further modules (for example, user-developed modules). Apache modules are code segments which correspond to the Apache API specification and which can be loaded into the Apache HTTP Server. They are used for functionalities which go beyond the conventional service of a web server. It is, for example, possible to easily implement secure authentication or techniques, such as Server Side Includes (SSI). The only preconditions being that the module file must be available and a corresponding entry must be edited in the configuration file. The modules are then dynamically loaded by the web server as required. As an alternative solution, it is also possible to statically link modules to the Apache web server at the time of compiling. This is an efficient approach if the web server requires module functionalities very often. If the Apache is carefully configured and if only the modules actually needed are used, less memory space is required. At the same time, fewer modules usually also mean less exposure, so that the security of the system is improved. The exact scope of the
152 http://news.netcraft.com/archives/2007/09/03/september_2007_web_server_survey.html Page 163 modules contained in the distribution used is shown in the documentation for the respective version. The modular design enables web server functionalities to be upgraded and increases the flexibility of the system. At the same time, the efficiency and speed of the web server is increased if internal processes rather than external applications can be executed. Migration of Apache itself is today less important in migration projects. Practical experience instead suggests that special attention must be paid, in particular, to the modules. The numerous modules include, for example: • Authentication modules (such as mod_auth) • Security modules (such as mod_ssl) • Script and/or interpreter modules for programming languages, such as PHP, Java, Python, Tcl and Perl. The table below shows a small selection of the modules available. This list is not complete, but it is designed to give an impression of the diverse possibilities of the Apache web server.
Module Function
Standard and additional modules
mod_cgi Execution of CGI (Common Gateway Interface) scripts
mod_dav Integrated DAV support (HTTP Extensions for Distributed Authoring – WebDAV). Editing files and directories directly via HTTP on the web server. DAV means "Distributed Authoring and Versioning".
mod_fastcgi Integrated FastCGI support
mod_frontpage Integrated FrontPage support
mod_iserv Integrated Java servlet support
mod_php3 Integrated PHP 3 support
mod_php4 Integrated PHP 4 support
mod_perl Integrated Perl support
mod_alias Provides the alias and/or redirect statements
mod_autoindex Generates directory indexes
mod_include Required for Server-Sides Includes
mod_mime Ensures the generation of the corresponding MIME headers
mod_log_config For keeping one or more log files, with the possibility to adapt the contents to the corresponding requirements
mod_deflate Used to compress different file types prior to transfer to the browser. This is particularly useful in the case of limited bandwidth. The compression function must be supported by the browsers.
Page 164 Module Function
mod_proxy Adds the functionality of a proxy and/or proxy cache to the Apache web server.
mod_rewrite Enables the use of internal aliases and external redirects
mod_speling Corrects the users' typographic errors
mod_ssl Makes the SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols available
mod_usertrack HTTP cookies are used to log user behaviour.
mod_vhost_alias Interesting for the bulk configuration of virtual hosts, especially for service providers
Authentication modules
mod_access Access control on the basis of host names or IP addresses
mod_auth For the configuration of password-protected directories and/or documents. A very simple variant of the authentication modules which should only be used in the case of a very small number of users.
mod_auth_digest User authentication by MD5 Digest Authentication, with the passwords not transmitted as plain text.
mod_auth-dbm User authentication by Berkeley DB files, suitable for a larger number of users
mod_auth_ldap User authentication with LDAP
mod_auth_kerb User authentication with Kerberos, supports versions 4 and 5
mod_auth_notes User authentication by Lotus Notes Server
mod_auth_oracle User authentication with Oracle database; further modules are additionally available, for example, for MySQL and Postgres databases.
mod_auth_smb User authentication with SMB server (Samba, Windows NT)
Table 38: Apache modules
Not all modules for the web server are available for free. More and more companies are offering the Apache modules against payment of license fees. Examples are: • Allaire with the Macromedia JRun Java servlet engine and the Macromedia ColdFusion application server • Sun Microsystems with its Active Server Pages module. Administration of the web server is carried out using well-documented configuration files (text files). In order to activate a functionality, it is often sufficient to use a simple text editor in order to delete the comment character in a corresponding line of this text file.
Page 165 Proprietary and open source tools for the Apache GUI153 are available as alternatives for administrators who prefer a graphic user interface. The Apache web server can be supplemented by a program which enables the integration of a search functionality with a website. Different software units are available, such as the HTDig search system154. HTDig enables indexing of complete websites. The program uses a so-called robot in order to generate a search index which can be browsed by a suitable CGI script. The core functionalities of the software are outlined in the following points. • Generation of a search engine index (for one or more websites and/or for parts of a website) • Use of filters in order to limit the indexing function. (Possible filter criteria are file types and specific URLs). • Indexing of file formats which are not typical for web servers and binary file formats (PDF, DOC, etc.) by means of external additional programs. • Use of numerous query options and different search algorithms (words, word parts, synonyms, etc.). • Adaptation of the search page and the related hitlist using simple template files. • Support of special characters, such as umlauted vowels (ä, ö, ü). • Support of the standard for "Robot Exclusion" and "Basic-WWW-Authentication" by the robot used in order to consider protected contents during indexing. The HTDig distribution is made available under the GNU General Public License (GPL) and is hence freely available. Apache offers a whole series of modules which can be used to implement the most diverse types of user authentication, such as authentication via Kerberos 4 or 5. Further options are authentication via Samba or databases, such as Oracle, MySQL or Postgres. Encrypted data transmission using SSL and TLS (Transport Layer Security) is also possible. HTTP 1.1 compression additionally enables data compression during transmission. Encrypted password transmission can be implemented via MD5 Digest Authentication. Access control can be configured on the basis of host names or IP addresses. It is also possible to set up virtual hosts (multiple websites with one IP address). Thanks to the different modules and components, Apache can be supplemented by numerous different interfaces and technologies. Tomcat155,for example, enables the execution of JSPs and Java applications under Apache. In this way, interoperability of Apache can be achieved on a technical level with the most different technology stacks, be it script languages, Java, databases or directory services. Even modules which support ASP.Net applications are available. mod_mono, for example, is a module on the
153 http://gui.apache.org/ 154 http://www.htdig.org/ 155 http://tomcat.apache.org/ Page 166 basis of Mono156 – a software for the development and operation of .Net applications under different operating systems (such as Linux or Unix). With its large number of modules, Apache thus offers numerous functionalities which go beyond the scope of a classical web server and which belong more to an application server. Another example of the possible applications of Apache HTTP Server is the Microsoft FrontPage server extension which can also be used with Apache HTTP Server. One can conclude that the Apache web server is one of the leading web servers on the market. On the basis of LAMP (Linux, Apache, MySQL, PHP), large websites, such as Wikipedia, are operated with the Apache web server157. Apache is present not only in the open source environment, but also has a high market share in system environments with a commercial background. Thanks to its modular design and the wide range of expansion options, it can be adapted to the most diverse requirements. Project experience shows that it is also suitable for large system environments. 1.2 Microsoft Internet Information Services (IIS) Microsoft Internet Information Services (IIS) is a proprietary file and application server. Earlier IIS versions were distributed under the name Internet Information Server. IIS was initially offered by Microsoft for Windows NT. Today, it is usually integrated into the Windows operating system and supplied together with this. Besides the Apache web server, IIS belongs to products most frequently used in the web server area.158 The current version available is 6.0 on Windows Server 2003. Version 7.0 will probably be available at the beginning of 2008 as part of Windows Server 2008.
1.2.1 Internet Information Services 5.0 IIS forms an integral part of the server versions of Microsoft Windows as of the Windows 2000 Server version. Besides the standard protocols, such as HTTP, FTP, SMTP, POP3, the successor versions of Internet Information Server 4.0 support numerous new functionalities. The most important new features in the area of data provision are described below. • WebDAV: Support of the WebDAV standards for the joint editing of files and directories directly via HTTP on the web server. • Web directories: They serve users as conventional file directories on the web server and are directly related to the WebDAV functionality. • Frontpage support: Additional functionalities for the development and administration of web contents using Microsoft Frontpage. The administrator can use the graphic frontend in order to create and edit web contents on the web server.
156 http://www.mono-project.com/ 157 http://de.wikipedia.org/wiki/LAMP#_note-online-artikel 158 http://news.netcraft.com/archives/2007/09/03/september_2007_web_server_survey.html Page 167 • Support of multiple websites: Enables the hosting of multiple websites on one server and one IP address. • HTTP 1.1 compression: Enables HTTP compression during communication between the web server and the client system with compression capability. This feature can be particularly helpful in the case of limited bandwidth. • PICS Rating: "Platform for Internet Content Selection"159 rating is a technical standard for the use of a rating system for web contents of the W3 consortium. PICS enables contents to be rated and websites to be filtered according to certain features. This is achieved by adding a PICS code to the HTML header of a document which is not visible in the browser. In the area of web-based applications, IIS 5.0 offers the following new features: • XML integration: An XML parser in Windows 2000 is implemented as a COM component and offers a complete XML basis for applications. • Windows script components: Developers can use the scripting technology in order to develop reusable COM modules for web applications. • Determination of the browser properties: Besides the development of ASP applications, the exact browser properties of the client systems can be determined using ASP. • Process isolation: The administrator can isolate individual application processes from the kernel processes and other application processes. • ADSI 2.0: Enables access to the objects, properties and methods of the Active Directory service interface. The integration of the web server and of the Active Directory enables the assignment of different websites on one web server to particular user domains. In the management area, IIS 5.0 offers the following main functionalities: • Management Delegation: Enables the delegation of management tasks. • Process Throttling: Enables the limitation of CPU time for a network application or website. This feature can be used to ensure that CPU time is available to other websites or non-web applications too. IIS 5.0 enables user authentication via Kerberos. However, the old Windows logon via the Windows LAN Manager (NTLM) is still possible. Encrypted data transmission using SSL 3.0 and TLS (Transport Layer Security) is possible. Client and server certificates are supported.
159 http://www.w3.org/PICS/ Page 168 Digest Authentication enables encrypted password transmission for authentication. The logon information is transmitted as MD5 hash. The administrator can permit and/or prohibit access to contents for computers and domains via IP and domain restrictions.
1.2.2 Internet Information Services 6.0 Windows Server 2003 comes with Internet Information Services 6.0 (IIS 6.0). However, these services are for the first time not installed automatically with the standard installation of the operating system. The administrator must explicitly initialize the installation process and activate certain server functionalities. Through combination with the following technologies from the Windows 2003 Server product group, IIS extends the conventional possibilities of a web server and becomes an application server: • ASP.NET • ASP • COM+ • Microsoft Message Queuing (MSMQ) Several new features were implemented for this new role of Internet Information Services as part of an application server. These new features are outlined below: • Reliability and scalability: Changes were implemented within the processing architecture in order to improve reliability and scalability. This enables the automatic detection of errors and the restarting of processes when necessary. This minimizes the risk of earlier versions that failure of a single application leads to failure of all applications. Parallel to this, the web server can receive incoming requests in a queue. IIS 6.0 is capable of monitoring the status of work processes, applications and websites. • .NET integration: Another new feature is the integration of ASP.NET into IIS. Extended functionalities of the .NET Framework are offered to developers for the creation of applications. The Unicode standard can be used by developers and users in the interest of internationalization. The IIS 6.0 can be integrated into the authorization framework of Windows 2003 Server. Furthermore, the authorization manager can be used for delegation and authorization actions. Administration of the IIS 6.0 is now implemented on an XML meta basis, enabling administrators to directly edit the configuration. The use of Kerberos is possible if the client supports Kerberos and if an Active Directory is available. One can sum up that IIS was originally introduced as a pure web server, but today, especially thanks to integration with .Net, Internet Information Services has become a basic element of Microsoft's application server solution. During the course of development, Microsoft increasingly emphasized the importance of operation-critical issues, such as security and scalability, so that these areas are also significantly
Page 169 improved compared to earlier IIS versions. Concrete project experience shows that IIS 6.0 can be used as a stable alternative to other web servers even in larger system environments.
2 Migration paths Two possible challenges can be generally distinguished with regard to the migration of web servers: • Migration of static contents • Migration of dynamic contents The problems to be resolved in this context are basically the same for all web server products. The classical application scenario of a web server was originally the provision of static contents, such as static websites or pictures. The provision of other files, such as PDF documents, also belongs to this category. If a web server is solely used for applications of this kind, migration is relatively simple because all that is normally needed is to copy the static contents from the old web server to the new one. Additional activities are only necessary if further requirements must be considered, such as the protection of files against unauthorized access. The situation is different if a web server is used to provide dynamic contents. This means scripts (for example, in Perl or PHP) and applications on the basis of Java or .Net, for instance. Especially in the field of applications, the borders between web server and application server are today becoming increasingly blurred. However, one can generally say that the migration of dynamic websites or applications often involves a relatively high input. It may even become necessary to re-implement the complete applications. Experts largely agree that the platform (Windows or Linux) on which a web server is operated is of minor importance with a view to migration. This issue will hence not be discussed further. Moreover, the database which typically underlies the dynamic contents will not be discussed at this point either. Section II.A 1 contains a more detailed discussion on this subject. The migration paths of replacing migration (replacing the web server product used) and continuing migration (retaining the existing product line) will be primarily considered in the following. The general options will be shown, necessary steps explained and information provided concerning the question as to where problems can occur during migration and how these can be managed. More or less concrete situations and the above-described web server products will be used as examples in order to illustrate this. 2.1 Replacing migration of proprietary and open web servers Replacing migration of web servers is usually carried out within the framework of a general technology change. New requirements are often addressed in such a context, so that most cases mean new implementation rather than classical migration. As described earlier, migrating static data normally poses hardly any problems. However, web servers definitely differ in the way in which more far-reaching requirements can be implemented, for example, with a view to access protection,
Page 170 encryption, etc. In such a case, an analysis is always necessary on the basis of the specific requirements of the respective migration project in question. The (automatic) import of configuration data is usually not possible in the case of a change in (proprietary or open) product. The main task of a migration project is hence to first set up and configure the new web servers in such a manner that all the requirements are fulfilled. Experience shows that the migration of dynamic contents is clearly the greatest challenge. Different versions and minor differences in the implementation of the individual technologies in the web servers are what cause problems here. It can, for example, happen that the interpreter for the required script language for the web server to be replaced supports a newer version of the script language than the interpreter for the target server. Even if, for example, the required script language is available on different products, one should not automatically expect that the scripts can be migrated without any adaptation work. Due to the different orientation of different products, a situation is possible where not all technologies are available on the other product. Whilst Microsoft Internet Information Services (IIS), for example, strongly relies on .Net technologies, the focus of Apache HTTP Server is more on the script and Java environment. However, thanks to the available modules it is nevertheless possible to even operate .Net applications under Apache HTTP Server. One must, however, assume that these applications will have to be adapted or re-developed in part. In the opposite direction, it is not possible to use Java applications under IIS without modification. This usually requires prior conversion of the code. Considerable problems and a major need for adaptation of applications must be expected here too. Depending on the complexity of the application to be migrated, it may hence make sense to completely re-develop the application in the other technology when the web server is replaced. Another problem during a migration project could be that the products are perhaps integrated into the rest of the IT infrastructure. Especially in the case of Microsoft, practical applications are often implemented with dependencies on other Microsoft products, such as Active Directory or Share Point. Besides the migration of the web server, it is hence also necessary to plan the migration of these dependencies and/or of the underlying products. On the other hand, the fact that Apache HTTP Server, for example, is often supplemented by modules or other products, such as Tomcat, also leads to dependencies in many cases. It must hence be checked first and foremost whether the additional functionalities and technologies (such as Tomcat for the use of Java) provided by the additions are available on the new web server. In principle, a web server can be operated in a manner which minimizes these dependencies, so that no such problems occur during migration. In reality, however, it is then often not possible to fulfil all the necessary functional requirements. Certain dependencies are usually inevitable at the latest when additional requirements in the security area must be considered or when dynamic contents are added, for example, in the form of scripts or applications.
Page 171 2.2 Continuing the product line of web servers Irrespective of whether proprietary or open web servers are used, migrating the real web server is probably not a problem with continuing migration. The export of the static contents should not be a problem either. In this context, it is usually irrelevant whether the operating system is changed or not during the migration project, for example, migration from Apache to Windows to Apache to Linux. Migration of the operating system involves migration of the infrastructure services; this migration plays the important role where, for example, file storage systems with the different file systems which can be used. This can lead to problems concerning the design of the paths and the permitted length of the file names (refer to chapter II.E 2). Experience shows that migration of the Apache HTTP Server itself does not normally pose a problem. However, migration of individual modules can be difficult in certain cases. For example, migrating the PHP module from PHP 4 to PHP 5 can cause problems. This means that scripts developed under PHP4 sometimes fail to work properly under the new module and may hence require adjustment too. This can also apply to different versions of script interpreters which are used together with IIS. However, a general statement concerning the migration of Apache modules or extensions of IIS cannot be made on this basis. This must be examined from case to case for the concrete migration project in question. However, the examples also show that even in the case of continuing migration one should not automatically expect that the dynamic contents can be migrated without any problems. Microsoft offers a command-line-based tool for IIS migration which can be used to migrate both website contents and configuration data. This tool can sometimes simplify ISS migration significantly. However, the tool has its limits especially in the case of complex system environments so that complete migration (for example, migration of ODBC connections) is not possible. It must hence be examined in advance to what extent additional activities are necessary in order to complete the migration project. If this check shows that several different migration problems cannot be resolved by the tool, it can make more sense to carry out migration completely without the tool.
3 References 3.1 File system Web servers use the file system in order to store or manage their data there. If necessary, a database in the backend is also used for this purpose. On the other hand, web servers are also used to make data on file servers available on the Internet or intranet via web browsers using, for example, WebDAV. This constitutes a reference to file storage services, so that chapter II.E and, above all, the discussion on technological aspects with the following sections: • "Linux and Samba with SMB/CIFS and POSIX", II.E 1.1 • "Linux Server with NFS", II.E 1.2 • "Linux Server with OpenAFS", II.E 1.3 • "Windows NT 4.0/2000/2003 with NTFS", II.E 1.4 should be examined for aspects relevant for the migration of web servers.
Page 172 In the case of large websites, databases and content management systems on which the contents are kept and managed must be additionally checked. Information concerning the migration of databases can be found in the corresponding chapter. 3.2 Network services It goes without saying that a reference always exists between the web server and network services subjects. In this case too, whether and how the required network services can be provided and whether and how the requirements for secure communications can be fulfilled must be checked within the framework of migration projects. The technology discussion concerning "network services" (chapter II.D 1) should hence be examined in conjunction with the introduction or migration of a web server. 3.3 Authentication In many cases, access to the web server should not be completely uncontrolled. This means that authentication services are required. Rather than managing users several times, a concept should then be developed which enables the use of existing infrastructures, for example, for central user management. This also constitutes the reference to the subject of the authentication and directory service (chapter II.C) with the discussion on products and technologies in the following sections: • "Linux and Samba with Open LDAP and Kerberos (MIT/Heimdal)", II.C 1.1 • "Windows NT 4 Server as so-called Domain Controller (DC)", II.C 1.3 • "Windows 2000/2003 Server with Active Directory and Kerberos", II.C 1.4 3.4 Applications Especially in cases where web servers are not used as pure web servers (refer to section II.B 1), the reference to back-end integration (refer to section III.D) has an important role to play in migration projects. In the case of a change, it must be ensured that the requirements of the applications continue to be supported and/or that the applications are adapted, when necessary. Furthermore, maximum flexibility and independence should be aimed at in the interest of future changes. The information and guidance in the guide titled "Plattformunabhängigkeit von Fachanwendungen" [Platform independence from specialist applications] (refer to www.kbst.bund.de) deserve special mention at this point as additional support for migration projects.
Page 173 C Subject: authentication and directory services It is almost impossible to separate the "authentication" and "directory service" issues. A directory service can be used to make all kinds of information available throughout the entire network. A directory service typically consists of a database where this information can be stored and a network protocol that enables the information to be retrieved or edited. The most commonly used directory protocol is the Lightweight Directory Access Protocol (LDAP). LDAP version 3 is defined in its kernel in the RFC 2251. Today, an LDAP server is usually understood to be the combination of database and protocol implementation. Directory services are particularly suitable for fast read access to hierarchically structured data which is not regularly changed. Any kind of information can be stored and/or made available in the network via the service. The introduction of a directory service now makes it possible to store the user accounts and the pertinent privileges in the central directory service, with all the systems accessing this directory service. At the same time, address-book applications which are, for example, included in e-mail software, can access the directory and thereby provide the e-mail addresses of the members of the organization without the need to manually enter this data again. Directory services can also be used to store passwords (passwords are then typically an attribute of personal or user account objects). This also serves the purpose of once-off, central data storage and management. Passwords stored in the directory are created and changed at a single point and can then be used on all systems and by all applications which can use the directory for authentication. Furthermore, the passwords stored in the directory can also be used for authentication in the case of access to data in the directory itself. Directory services are used in many areas, in particular, in conjunction with authentication services, such as Windows with Active Directory, under Linux/Samba with OpenLDAP or in the Kolab groupware with OpenLDAP. Despite this common practice to use directory services for authentication services, this must be considered to be a questionable strategy. This concept does not permit a safe method for implementing a single sign-on function because every system and every application requires repeated authentication (albeit with the same password). Furthermore, most directory services were not written with a view to providing a secure authentication mechanism but as a means of central storage for frequently required information and for its quick distribution to clients. The use of Kerberos is recommended instead. Kerberos is a protocol for secure authentication within open networks which are, for example, based on the TCP/IP protocol. If Kerberos is used, user names and password are – in contrast to the standard procedure – not sent to every server whose services are used by a user. This is replaced here by once-off registration with a Key Distribution Center (KDC, sometimes also referred to as Kerberos domain controller). Following registration, the user receives a ticket which is issued for a defined term and which the user can then use in order to authenticate himself in relation to all other services. Following expiration of the term of validity of the ticket, the user must re-authenticate himself. The use of Kerberos means
Seite 174 that the password repository must exist on particularly trustworthy systems (i.e. the Kerberos servers) only. Other systems no longer need to access the password repository. Kerberos tickets can also be used to implement a single sign-on functionality by using tickets to access all the services made available in the network (on condition that the corresponding applications support Kerberos). In order to implement a fine-grained system of privileges which defines which objects and attributes can be read or changed by which users, most directory services implement a system of access control lists (ACLs) which can be compared to the ACLs on file system level. Against this background, the subjects mentioned in the heading will be jointly discussed in the following.
1 Products/technologies 1.1 Linux and Samba with OpenLDAP and Kerberos (MIT/Heimdal) Samba is a free software which makes it possible for Unix and Linux systems to use the SMB (Server-Message-Block) protocol and the CIFS (Common Internet File System). The SMB protocol and its extension, CIFS, are Windows protocols, for example, for file and print services. Samba was published for the first time in 1992. The core team for the development of Samba has approximately 20 members who are supported by several companies160. The current Samba version is 3.026a. According to the statement of the Samba team published at http://samba.sernet.de/161 , all versions from 3.2 and upwards are published under the GNU General Public License, version 3. The current version is hence probably still subject to GPLv2. OpenLDAP is the implementation of an LDAP server as open source software162. It is subject to the OpenLDAP Public License V2.8. Kerberos 5 is a protocol for secure authentication within open networks which are, for example, based on the TCP/IP protocol. Kerberos was developed at the MIT (Massachusetts Institute of Technology)163 and also enables the implementation of single sign-on. This means that once-off logon in the web is sufficient in order to use all the services and programs which a user is authorized to access. The specification is described in RFC 4120. The Heimdal implementation164 is a free, widely used implementation of the Kerberos protocol. Another important open source implementation is that of the MIT165. The following sections will discuss special architectural and functional features of the three products, i.e. OpenLDAP, Samba and Heimdal Kerberos, with a view to the implementation of an authentication service.
160 http://www.samba.org 161 As per 1 November 2007 162 http://www.openldap.org 163 http://www.kerberos.org/ 164 http://www.pdc.kth.se/heimdal/ 165 http://web.mit.edu/kerberos/www/ Seite 175 1.1.1 OpenLDAP The OpenLDAP software is made up of the following modules: • slapd – the real LDAP server • slurpd – the LDAP update replication daemon • libraries for the implementation of the LDAP protocol and • further tools. Furthermore, OpenLDAP uses the BerkleyDB166 by default as a database backend. The functions which are supported by OpenLDAP under Linux are summarized in the table below.
Function
Client without additional software
Possibility to implement a hierarchical structure of the directory
Expandability by adding own attributes and object classes
Unicode character set for directory data
Possibility to access the directory via standard protocol (LDAP)
Secure access per LDAP via SSL/ TLS
Support of the "starttls" protocol
Support for SASL Authentication of NT clients via Samba167
Authentication of W2K clients via Samba168
Authentication of Linux clients
Possibility to integrate Kerberos
Possibility to use an independent / higher-level Kerberos service
Administration of access privileges (ACLs) for attributes and objects
Delegation of administrative tasks
Master/slave replication Multi-master replication169
Table 39: Functions of OpenLDAP under Linux
166 http://www.oracle.com/technology/software/products/berkeley-db/index.html 167 If Samba is used for the authentication of the Windows clients in relation to OpenLDAP, the NT-LAN Manager Protocol is used between the Windows client and Samba server. 168 If Samba is used for the authentication of the Windows clients in relation to OpenLDAP, the NT-LAN Manager Protocol is used between the Windows client and Samba server. 169 The multi-master replication in OpenLDAP is considered to be experimental and is by default not activated. Seite 176 The following standard command line commands are available under Linux for handling the information stored in a directory: • ldapsearch • ldapadd • ldapdelete • ldapmodify • ldapmodrdn These command line commands are primarily used to initialize a directory, to import data, to browse directories and for the automated editing of a directory. Furthermore, numerous free graphic tools are available for directory-based user and group administration under Linux, such as the GQ170 browser. Browser-based tools for the administration of user, group and machine accounts and other objects (mailing lists, DNS entries, etc.) within directory services are equally important and much more flexible. The advantage of these solutions is that they can be used with a web browser independent of the server, with the possibility to use secure data transmission (SSL/TLS), just like other tools. However, these tools, such as Webmin171, are often more complex and designed for special tasks, such as system administration. Linux and OpenLDAP were found to be stable and sufficiently performant in very large environments with more than 70,000 users. OpenLDAP hence enables the implementation of large directories, such as central user data administration systems. A typical feature of a directory is the hierarchical structure of the information contained there, similar to a file system. This structure of the directory is defined by the LDAP schema where object classes (such as individual or organization) and their attributes are defined. The object classes defined indicate for which attributes mandatory values must be entered. The directory entries themselves are called objects. An object belongs to at least one class, but usually to more than one. The attribute values for the attributes are stored within the objects. The attributes thus contain the entire information of an information object mentioned in the directory entry. Attributes are distinguished in terms of attribute types which determine, for example, which values are valid for an attribute. The entries are arranged in a hierarchical tree structure, the directory information tree (DIT) which maps the entire namespace which is provided by a server. The distinguished name (DN) is the unambiguous name of the entry in the entire data stock. LDAP as a network protocol includes commands which are required for data management (add, delete, modify, modify DN) and retrieval (search), including the possibility to implement complex search filters. Commands for authentication and for binding the client to the server (bind) and unbinding the client from the server (unbind, abandon) are also specified. The binding operation is broken down into a bind request and a bind response. The bind request contains, besides the LDAP protocol version number, a distinguished name of an entry. This entry identifies the identity to be verified,
170 http://gq-project.org/ 171 http://de.wikipedia.org/wiki/Webmin Seite 177 such as the entry of an individual, as well as the authentication method including the pertinent data. Two methods are defined in this context. With the Simple Bind method, a password is sent in addition to the distinguished name and compared to the password stored. Encryption of the password to be transmitted is possible and specified with TLS. The SASL (Simple Authentication and Security Layer) Bind method encapsulates the authentication process in a dedicated layer. In this way, it is not necessary to define a separate authentication mechanism for each application protocol. The most commonly used SASL mechanism is GSSAPI (Generic Security Services Application Programming Interface). The two most important GSSAPI mechanisms, for their part, are Kerberos V5 and X.509. Depending on the SASL mechanism chosen, identity codes and identity proof other than the distinguished name are sent in the bind request with LDAP authentication. In this way, authentication with Kerberos 5 via SASL-GSSAPI can be implemented for OpenLDAP. In addition to its own authentication mechanisms, SASL also offers the definition of an optional encryption process. All communications between client and server can be TLS-encrypted so that the server and client can reciprocally authenticate each other as a measure to avoid, for example, "man-in-the-middle" attacks. RFC 2830172 describes the way in which TLS should be used to encrypt communication between the client and server. During login processes in operating systems, it is also possible to access central user data made available by an LDAP server. In the case of Unix systems, this is carried out using the NSS (Name Service Switch) and PAM (Pluggable Authentication Modules) features. In the case of Windows computers, LDAP-based user administration is possible using Samba. Samba not only provides files and printers via the network, but also authenticates Windows clients at a Windows domain. Samba includes an LDAP interface, so that the data of the user accounts can be used for the login process from the central LDAP user administration system173. Further functions of a directory service are described below. Central administration, for example, of host information in one directory enables significant simplification of numerous administrative tasks. These tasks include: • stock-taking of the existing hardware, • creation and administration of DNS name entries, • creation and administration of DHCP configurations,
172 http://www.faqs.org/rfcs/rfc2830.html 173 Gietz, P.: "Chancen und Risiken LDAP-basierter zentraler Authentifizierungssysteme" [Risks and opportunities of LDAP-based central authentication systems], http://www.daasi.de/pub/Chancen%20und%20Risiken%20durch%20LDAP- Authentifizierung.pdf Seite 178 • storage of the machine accounts together with the above-mentioned information (for Windows clients) and • storage of any further host-specific information in a directory, such as information profiles for the automatic installation of a client. It is not necessary to distribute such information to other computers manually or by other processes because this information can now be distributed to the other systems by LDAP replication. A distributed directory server structure enables distribution by way of replication of centrally captured information to the different servers to which the other systems must be connected. Linux offers numerous programs which can be used to export host information directly from an LDAP directory. • A patch which enables the DHCP configuration to be exported from an LDAP directory is available for the standard DHCP server (ISC DHCPD). (Refer to: http://home.ntelos.net/~masneyb/dhcp-3.0.5-ldap-patch) • A patch that replaces zone files with LDAP is also available for BIND 9 (refer to: http://bind9-ldap.bayour.com/) • Samba can import information concerning machine accounts directly from the LDAP directory. Furthermore, a whole range of proprietary and free software products is available, permitting transparent generation of the BIND and DHCP configuration from the LDAP directory. Besides the use of directory services for the central storage of user, group and host information, the benefits of applications increase with access by as many other applications as possible. A complete list of LDAP-compatible applications cannot be given at this point. It is, however, important to note that more and more applications feature LDAP support, not least Microsoft's Outlook and Outlook Express e-mail programs or the OpenOffice.org package. These applications can work with both OpenLDAP and Active Directory as the directory service.
1.1.2 Samba Samba is a client/server system which consists of a large number of individual modules which perform basic tasks right through to configuration and documentation functions. Since it is also possible to exchange the modules, the configuration process can also be performed via a web interface, for example. The core module of Samba is Smbd which provides file and print services for the SMB/CIFS clients. Samba can be used to import information for machine accounts directly from the LDAP directory.
1.1.2.1 Authentication with Linux / OpenLDAP and Samba Samba can offer to Windows clients functions which are comparable with those of a Windows NT-based primary domain controller (i.e. including, but not limited to, file, print and authentication services). Samba as a database for user accounts can use OpenLDAP as a directory service. In this respect, the combination of Samba and OpenLDAP constitutes a kind of hybrid form of Windows NT domains and Active Directory. From the point of view of the Windows clients, it is a Windows NT domain (the
Seite 179 Samba 4 version which is due to be launched in 2008 at the earliest will present itself like an Active Directory domain controller in relation to the Windows clients). With regard to the administration of user, group and host information, it is, however, a fully directory- based solution with all the resultant advantages. A Samba/OpenLDAP-based solution avoids particularly the familiar scaling problem with Windows NT which often requires an infrastructure to be split up into different domains. If Linux / OpenLDAP are used as the directory service for Windows clients in conjunction with Samba, authentication of the Windows clients is carried out using the NTLM protocol. This is why the same encoded passwords must be stored in the directory which are stored in the SAM database under Windows NT/2000/2003. With this qualitative restriction (no Kerberos authentication for Windows 2000/ XP clients), it is thus possible to implement a full-scale authentication functionality for Windows clients on the basis of Linux, OpenLDAP and Samba. In this context, the fact that UNIX and Linux by default use another password encoding algorithm than Windows NT/ 2000 initially appears to be a problem. In the case of an OpenLDAP/Samba-based solution, UNIX and Windows passwords must hence be saved parallel in the LDAP directory and synchronized with each other. From a technical point of view, this is less of a problem because Samba can be configured in such a manner that it also changes the UNIX password when the password of the Windows client is changed. In the opposite direction, the PAM (Pluggable Authentication Module) mechanism can be used to configure UNIX programs in such a manner that they also change the Windows password when the UNIX password is changed. Given appropriate configuration, password synchronization is thus not a problem. Samba 3.0x supports the familiar trust relationships of Windows NT. These can be set up both between Windows and Samba domains and between two domains which are both based on Samba.
1.1.2.2 Restrictions related to the use of OpenLDAP and Samba As already mentioned, Samba corresponds – from the point of view of the Windows clients – to a Windows NT-based server. This means that the features for the administration of Windows clients which were newly introduced with the Active Directory are not available. Above all, Group Policy Objects (GPOs) and software distribution via Active Directory174 are not supported. In practical applications it is often completely adequate to replace these features with other techniques. Samba supports the so-called system policies which can be used to define registry settings for users, user groups and client computers. System policies also enable a large part of the settings available with GPOs (restrictions of the function of the Windows user interface, selection of executable programs, etc.). The "editreg" tool is integrated into Samba as a tool which enables dynamic editing of system policies. Furthermore, local policies can be used in a Samba-based environment which can in principle be used to make the same settings as with GPOs. Since local policies can be
174 Software distribution is not a subject of this section and is hence not discussed further in this context. Seite 180 easily saved in the file system, they can be easily synchronized from a prototype to a large number of clients.
1.1.2.3 Combination of OpenLDAP and Active Directory In cases in which the features of Active Directory are indispensable, it is possible to replicate user and group data from OpenLDAP to the Active Directory. Thereafter, users and groups must be updated in the OpenLDAP directory only, but are also available in the Active Directory, so that the related properties (such as GPOs) can be used, with the single point of administration being retained. In this context, Windows can be configured in such a manner that a common (Linux-based) Kerberos server can be used for both parts of the environment. This is, however, subject to the restriction that it is then no longer possible for Windows 95/98/NT-based systems to authenticate themselves in relation to Active Directory / Kerberos. In the case of such a combination, authentication of these clients in relation to Samba / OpenLDAP is hence recommended.
1.1.3 Heimdal-Kerberos /MIT Kerberos 5 This section begins with some words concerning the underlying principle of action of Kerberos: Three parties are involved in a communication secured by Kerberos, i.e.: • a client which requests a service • a server which receives the request • the Kerberos server which stores the authorizations and enables secured communications. The Kerberos authenticates both the client to the server and the server to the client. Kerberos support must be installed both on the requesting client and on the server which receives the request. Under Kerberos, a client – usually a user or a service – sends a ticket request to the Key Distribution Center (KDC). The KDC then generates a Ticket Granting Ticket (TGT) for the client and encrypts this with the client's password and/or smartcard and returns it to the client. The client uses the password and/or smartcard in order to decrypt the TGT and retains the decrypted TGT which ensures the identity of the client. This TGT, which is valid for a limited period of time, enables the client to obtain additional tickets which enable the client to use certain services. The process of obtaining an additional ticket proceeds without any further activity on the part of the user. The client sends the ticket to the service which checks whether it is to grant access to the client. In this way, Kerberos enables authenticated communications which can also be optionally encrypted via a session key. The Kerberos tickets can be optionally stored in a file or in the RAM of the client. The reference implementation of the Kerberos protocol is the MIT implementation. The current version 1.6.3 supports versions 4 and 5 of the protocol. The standard Kerberos encryption methods, such as DES and 3DES, as well as RC4, the method used by Active Directory Kerberos, and AES are supported. The checksum methods available are MD5, SHA-1, HMAC and CRC32. MIT Kerberos is available for Linux, Windows and Mac.
Seite 181 Heimdal-Kerberos is a newer, free implementation of the Kerberos protocol for Unix, Linux and Mac which is currently available as version 1.01175. It is very similar to the MIT implementation. Kerberos versions 4 and 5, for example, are also supported as well as the same encryption methods as with MIT Kerberos. On the basis of these mechanisms, so-called strong authentication can also be implemented with Kerberos. Strong authentication usually requires, not just knowledge concerning the user name and password, but also physical ownership of an object, such as a token, which generates system-dependent numbers which must be entered for authentication. The required security level depends on the concrete application. Since the Kerberos server can become a single point of failure which then prevents any further logon by users, it is possible to use additional Kerberos servers as backup machines. Furthermore, several servers can be used for load balancing.
1.1.4 Operating system environments of Samba and OpenLDAP Following the description of the three products with a view to special architectural and functional characteristics in the previous sections, the following sections will address possible operating system environments of Samba and OpenLDAP in more detail. Samba servers version 3 and higher can be used as member servers in an Active Directory. Without using Microsoft servers, it is not possible to offer the Active Directory functions via a Samba server. With Samba in conjunction with another directory service, such as OpenLDAP, it is possible to implement functions like those offered by Active Directory in a network. SMB/CIFS clients are also available for different Windows and Unix variants. OpenLDAP runs under different Unix and Windows variants as well as Mac OS X. Different backends and overlays are available in order to implement extended functions, such as additional operations. It is, for example, possible to convert SQL queries to LDAP-compliant information. To sum up: The combination of Samba and OpenLDAP is an established directory service alternative in heterogeneous networks. Migration to the Samba / OpenLDAP combination can take place in a manner relatively transparent for users and clients, so that their work is not affected by the migration process without any major changes for users and clients. Kerberos is a modern and widely used protocol. It offers secure and uniform authentication in a non-secured TCP/IP network of secure host computers. According to DFN-CERT, Kerberos, in particular, prevents attacks by passive "sniffing'', but also "spoofing'', "dictionary attacks'' "replay'' and other types of attack are hindered.176
175 As per 1 November 2007 176 http://www.dfn-cert.de/infoserv/dib/dib-2002-02-Kerberos5/doc-single.html. Seite 182 1.2 Fedora directory server (OSS solution with multi-master capability) The Fedora directory server is developed by the Fedora project which is also known from a free Linux distribution.177 The Fedora directory server originated in 2005 from the Netscape directory server. It is offered as version 1.0.4, with version 1.1 already in the test phase. Important changes compared to the earlier version include synchronization of windows users (Active Directory user and group synchronization, synchronization via Samba) as well as improved control of privileges, the possibility of replications in WANs (wide area networks), the possibility of incremental replication, as well as simplified changing of passwords and the possibility to trigger the replication of file directories. Furthermore, biometric data and smartcards can be integrated. It is, in particular, possible to use multiple master servers. A substantial part of the Fedora directory server is offered as free software (GPL Exception) within the framework of several community projects which usually cooperate closely with the Fedora project. Extensions are also available, such as a management console or modules for the Apache server with are available under other open source licenses.178 The following components are installed during the installation of the Fedora directory server: • The server frontend to manage communication with the clients via LDAP which can be encrypted by SSL/TLS • Plug-ins for server services, such as access control and replication; further plug- ins can be found at: http://directory.fedoraproject.org/wiki/Plugins • A directory tree with the server-related information • A database plug-in to manage permanently stored information, for example, for retrieving server information The Fedora directory server is an LDAP-based directory service. Access must hence take place via LDAP. It is available for the following operating systems: • Fedora Core 3-6 (x86 and x86_64) • Red Hat Enterprise Linux version 3 (x86) and 4 (x86 und x86_64) • Solaris 2.8 and 2.9 (32 and 64 bit) (SPARC)
• HP/UX 11(pa-risc and ia64) • Further Linux distributions (for example, Debian, gentoo, ubuntu) Although other operating systems are not officially supported, the server can also run on other operating systems.179
177 http://fedoraproject.org; Fedora and Red Hat are rooted in the same software basis and are largely identical. Since 2003, commercial products, usually software which is subject to a maintenance agreement, are distributed under the name Red Hat to commercial customers. 178 More details can be found at: http://directory.fedoraproject.org/wiki/Licensing. 179 http://directory.fedoraproject.org/wiki/FAQ Seite 183 Four-way replication of the master database ensures that consistent data is made available throughout an organization for its applications. The underlying concept is called multi-master replication. In contrast to the master/slave approach, changes in directory contents can be carried out on multiple servers in order to avoid bottlenecks. Four-way replication means in this case that four master databases exist. This also ensures a high degree of system scalability which also supports large databases (>1GB). Four-way replication of master data minimizes the downtime of the directory service during maintenance and repair work. The Fedora directory server centrally provides, above all, information concerning applications, application settings, user profiles, group data, guidelines/directives and access control information (ACL: access control list) in a network-based directory independent of the operating system. Authentication is possible via SASL, GSSAPI and Kerberos V 5.180 Dedicated access privileges can be determined down to attribute level. Just like with all directory servers, this concept simplifies user management, eliminates data redundancy and automates data maintenance by generating a central memory for an identity management infrastructure. Furthermore, it also improves security by storing guidelines/directives and access information and enabling personalization. It is largely compatible with both Sun ONE Directory Server and the Netscape directory server variants. It is, for example, possible to replicate data between the servers. Interoperability does not exist in relation to OpenLDAP and eDirectory from Novell except for LDAP where LDAPv2 and LDAPv3 are supported. In summary: The Fedora directory server can be considered to be an alternative to OpenLDAP (in conjunction with authentication). One aspect which deserves special mention is the multi-master capability of Fedora which means that data in the directory can be changed on multiple servers. This ensures a high level of availability, for example, in the case of a server failure, and helps to avoid bottlenecks in the case of a large number of changes. The Fedora directory server was designed as an integrated secure solution also for the HP/UX-11 operating system environment on HP Integrity and P 9000 servers as well as Solaris systems. The use of the product focuses on large installations and is characterized by a wide range of functions and very good scalability. The Fedora directory server also fulfils very demanding security requirements. 1.3 Windows NT 4 server as a so-called domain controller (DC) With Windows NT4, Microsoft launched a powerful operating system for computer networks in 1996. The use of a new file system (NTFS; NT File System), in particular, enabled the differentiated granting of privileges. Together with the domain concept, which was already introduced with version 3.1 and which constituted a security area with central resource management, it became possible to determine which user was allowed to logon with which password and which files and services the user was allowed to access and in which form. The client/server architecture with a large number of graphic support tools enabled the quick, differentiated implementation and expansion of computer networks. NT became a huge commercial success, not least thanks to its close links with other Microsoft server products.
180 http://directory.fedoraproject.org/wiki/SASL_GSSAPI_Kerberos_Design Seite 184 Microsoft Windows NT was launched in 1993 as version 3.1. It was not until 2000 when Windows 2000 was launched as the successor that the NT acronym was abandoned. Meanwhile, Microsoft has discontinued supporting NT. This means that the system is no longer updated or maintained by the manufacturer so that new security gaps, for example, are no longer closed. In the medium term, this means that the secure operation of an NT system will require costly, customized adaptation work. However, despite the security concerns, a large number of NT-based networks are still in use today. Although new NT licenses are no longer distributed, the terms and conditions of the licenses are still in effect in the form in which they were valid at the time of the purchase. However, different license models with different cost models continue to cause confusion and uncertainty as regards the legal situation of the licenses. The structure unit "domain" is the core technology of the logon services under Windows NT. The domain is an administrative unit which combines the computer and user accounts via a shared database in a common security context. This database is called SAM (Security Accounts Manager). During runtime, it is kept in the registry of special server systems called the domain controllers (DC). Besides user and computer objects, groups are also administered in the SAM. Each of these three object types can be unambiguously identified by a so-called SID (security identifier) which may not occur more than once, not even in different domains. A SAM account name which can normally consist of a maximum of 15 alphanumeric characters exists for every SID (being a relatively long number key). The SAM account name is the name which users use for identification. A domain requires at least one domain controller, the so-called PDC (Primary Domain Controller). The PDC keeps the SAM of the domain so that the contents of the SAM can only be changed there. So-called BDCs (Backup Domain Controllers) are used for reasons of load balancing and redundancy. The BDCs keep a copy of the SAM which is regularly updated by changes in the PDC. Multiple domains can be connected to each other via trust relationships. In this way, users or groups of other domains can be authorized to access resources (such as file services) of one's own domain. A trust relationship between NT domains is not necessarily bidirectional. Furthermore, trust relationships are not transitive either: if A trusts B and if B trusts domain C, A does not implicitly trust C. This means that every trust relationship must be explicitly created. The following circumstances have led to the establishment of multiple domains in IT environments: • In many cases, parallel insular solutions developed within an infrastructure which had to be merged at a later stage using trust relationships because of shared work processes. This is also applicable if two infrastructures are merged. • The domain boundaries are the boundaries of security. Administrators of domain A are not necessarily administrators of domain B which is trusted or which trusts domain A. Political considerations can also play a role in this area. • The complexity of the delegation of tasks was compensated by multiple domains.
Seite 185 • The number of objects (computers, users, groups) in the SAM is limited because during runtime the SAM is kept in the registry of the domain controllers, the size of which is also limited. The only remedy was to distribute the objects to multiple domains. • The single-master principle of the PDC restricts the scaling of a domain in strongly distributed, decentralized environments because all changes in the SAM can be implemented in the PDC only. This has led to different domain models which were also proposed by Microsoft itself: • Single domain • Master domain (several domains all trust one master domain, with resource domains typically trusting the account domain) • Multiple master domain (multiple resource domains all trust (several) account domains • Complete trust domain (all the domains trust each other) In the broadest sense, Windows NT domains are also directory services because user objects are contained in a domain. Microsoft calls this the NTDS (Windows NT Directory Service). The number of attributes of a user object in an NT domain is relatively small, and is focused on technically relevant attributes and properties. The attributes are thus not comparable to the directory service based on X.500. The user properties include, for example: • User name (SAM account name) • Account information (such as account deactivated, password will never expire, expiration of account, account type) • Group memberships • Environment parameters (logon script, home directory, path of the server-based profile) • Valid logon times, valid client computers • RAS (Remote Access Service)/ dialup parameters: permitted, with/without callback Furthermore, attributes are stored which are managed by the operating system, such as: • SID, • LastLoginTime, • and many more. There is no possibility foreseen for amending this list by user-defined attributes. With the introduction of "Windows NT 4 Server Terminal Edition" and Citrix Metaframe, Microsoft itself implemented additional properties for the user object (additional home and profile paths and further Citrix parameters). A hierarchical structure of the NTDS is not possible. Assignment of privileges at attribute level is not possible. The flexibility to assign privileges to user objects is strongly limited.
Seite 186 The possibility to delegate administrative tasks within an NT domain is limited to the following: • to the use of built-in groups (domain administrators, account, server, backup, print and reproduction operators) and • to the installation of additional domains. These restrictions were probably the reason why delegation and existing role concepts were implemented as web-based applications. A Windows NT domain can be based on the TCP/IP, NetBEUI, SPX/IPX transport protocols. The NetBIOS interface is necessary in each of these cases. In the TCP/ IP networks, the resolution of NetBIOS names (computer names, user names as well as further name types, such as work group) is mandatory as a precondition for faultless communication. A user wishing to change his domain code word, for example, must identify the PDC and/or know its IP address. The resolution of NetBIOS names is possible in different ways in Windows networks: • By broadcast • By querying a WINS server (Windows Internet Name Service) • By evaluating the LMHOSTS file The most elegant solution to this problem is the use of WINS (Windows Internet Name Service) servers. WINS servers are the only means that enable name resolution across the borders of IP sub-networks, the generation of dynamic contents and the minimization of broadcasts. The WINS service is often implemented on the domain controllers. Windows NT 4 comes with four graphic on-board tools, such as the user manager or server manager, for the administration of user objects, groups and computers. Furthermore, the "NT Resource Kit" includes tools which can be executed primarily on the command line and which can be used to create scripts for automatic administration. Furthermore, administration of a domain is also possible via the web interface. This requires the use of Microsoft's Internet Information Server (IIS). Under Windows NT, the SAM itself is encrypted. The passwords of the users (and of the computers) are saved in the SAM of the domain controllers. The password is stored as a hash value rather than as plain text. The hash values of the passwords are generated by different methods which have been further developed: • LM (LAN manager) • NTLM
• NTLMv2 Authentication within an NT domain landscape is based on the NTLM (NT LAN Manager) mechanism. Consider the following scenario. A resource domain trusts an account domain. A functioning WINS environment is in place. A user starts a Windows NT workstation which is a member of the resource domains, and logs on at the account domain. When the Windows NT machine is started, it requests via WINS a list of the domain controllers (DCs) of the resource domain. At first, a netlogon request is sent by broadcasting. If this is not answered by a DC of the resource domains, the netlogon request is sent to the DCs of the requested list. The logon information is validated via a
Seite 187 so-called "secure channel" with the DC which replies first. Then, the NT machine requests a list of the trusted domains from the DC of the resource domains. After the user has selected the account domain from the logon mask and entered his code and password, the logon process of the user account takes place. The NT client sends the logon information for the so-called "pass-through validation" process to the DC of the resource domain with which the machine has a secure channel. The DC of the resource domain sends this request to a DC of the account domain (at first locally, and after this, in directional mode via the secure channel). The logon information, once validated, is returned via the DC of the resource domain to the NT client. The NT client then opens a direct connection to the DC of the account domain in order to load the logon script, system guidelines or the user profile there. On NT systems other than domain controllers, the logon information of the users who logged on last is temporarily stored in order to enable logon even if no domain controller can be reached (typically: notebooks). This information is also stored in a hash value. The domain concept of Windows NT enables a limited sign-on procedure within the Microsoft product family. The user signs on once at his Windows NT workstation and, on condition that the resources and/or server systems are members of his own or a trusting domain, can then access services, such as: • File and print services • Exchange • SQL and • Intranet (Web, Internet Information Server) Third-party manufacturers of software can implement their products in such a manner that the single sign-on remains in effect. They must, however, normally provide their applications on Windows NT 4 servers which are members of a domain. Directives can be issued in Windows NT domains concerning • the handling of passwords (term of validity, minimum length, repeated entry of incorrect passwords) and • the privileges (user rights) to be granted to users or groups (changing system time, local logon, etc.). Furthermore, a function can be activated which monitors access performed and/or access attempts. In this way, it is, for example, possible to monitor the following activities: • logon and logoff operations • the use of user privileges • the user and group administration and • changes in security guidelines. However, the implementation of evaluation functions is a very complex task with Windows NT4. Microsoft offers additional tools, such as MOM, for this purpose. However, the monitoring of NT4 machines was very difficult or even impossible with MOM.
Seite 188 Since support has been discontinued, the NT systems are no longer considered to be secure. Computers on the basis of Windows NT, Windows 2000 / 2003, Windows XP and Windows Vista can be originary members of a domain with the possibility to integrate other operating systems too. Linux-based clients, for example, can be integrated via Samba. Third-party manufacturers have designed additional tools in response to the lacking user-friendliness of the on-board tools for the administration of NT networks. These tools chiefly use the APIs of Windows NT. Microsoft itself added the Microsoft Management Console (MMC) which was finally integrated into Windows 2000. Microsoft has introduced ADSI (Active Directory Service Interface) as a COM-based interface which can also be used for the administration of Windows NT domains. In summary, one can conclude that NT systems are considered to be no longer (sufficiently) secure, so that replacement is recommended. Although many NT systems still fulfil the applicable functional requirements, the disadvantages which result, especially with a view to security aspects, outweigh this fact. Although the wide-spread use of NT 4 means that it still easy to find up-to-date virus scanners, up-to-date drivers for new hardware and even new applications for NT4, Microsoft has repeatedly announced that support for NT 4 will be phased out. 1.4 Windows 2000/ 2003 server with Active Directory and Kerberos The name of the directory service of Microsoft Windows Server 2000 and 2003 is "Active Directory". It was introduced with Windows 2000 as the successor to NT 4. The directory service is the central resource, user and group administration component in Windows networks. It uses LDAP181 and Kerberos 5182 and hence open standards. With the version of NTFS, the possibility of EFS (Encrypting File System) data encryption was offered in addition to improved compression. Key management is accomplished via Active Directory. In Windows 2000, Microsoft is pursuing a modular design. The bottom layer, HAL (Hardware Abstraction Layer), is the layer for the real operating system kernel which forms the basis for other sub-systems, such as Win32 or POSIX. The successor to Windows 2000 Server is Windows Server 2003 which includes improvements especially in the security sector. Changes in Active Directory concern, for example, the trust relationships. Since its introduction with Windows 2000 Server, Active Directory has been supplemented by numerous new functions some of which were published via Windows Server 2003 as the new server operating system and via service packs. Microsoft's server operating systems and hence its directory and authentication services are faced with strong open source competition. According to an IDC study, systems based on open source operating systems already account for almost one third of Hewlett-Packard's sales.183
181 http://www.microsoft.com/windowsserver2003/techinfo/overview/ldapcomp.mspx 182 http://www.microsoft.com/windowsserver2003/technologies/security/kerberos/default.mspx 183 Refer to Gengler, B.: "Linux-Server verdienen richtig Geld – Analysten sehen eine sich beschleunigende Nachfrage nach dem Opensource-Betriebssystem" [Linux servers really earn money – analysts see accelerated demand for the open source operating system], Seite 189 Active Directory is included in the Windows Server 2000/2003 license. Distribution of Windows 2000 was discontinued in 2005. Security updates will be delivered until 2010 and will be offered and/or demanded both for the real Windows server 2003 in different editions (standard, enterprise and datacenter, each with 32-bit and 64-bit architecture) and at the client end for the number of users (User Client Access Licence) or the number of devices (Device Client Access Licence). Furthermore, special licenses are offered for virtualized servers. At the hardware end, Windows 2000 Server in the datacenter version supports up to 8 CPUs and can address a maximum RAM of 64GB. Windows Server 2003 supports up to 32 processors and can also address a maximum RAM of 64GB. With regard to Windows NT logon services, the Active Directory (AD) can be called its corresponding successor service starting with Windows 2000. The core technology of the logon services in the Active Directory is still the structural unit of the domain in the same manner as with Windows NT. The domain continues to be the unit which combines the computer and user accounts via a shared database in a common security context. The domain boundary is the boundary of the security context and of the replication of the user database. Computers with the following operating systems can be part of the domain: • Windows NT 4.0 • Windows 2000 • Windows 2003 • Windows XP • Windows Vista The NetBIOS namespace continues to exist. If systems like Windows NT and 9x are to be supported, it is additionally necessary to ensure a faultless NetBIOS name resolution (by WINS, for example). Whether the use of a NetBIOS name solution becomes necessary depends not just on the operating system alone, but primarily on the entire system. It is, for example, conceivable for Windows XP to run on the client which no longer requires a NetBIOS whilst applications running on Windows XP still require this name resolution. Besides the implementation of an Active Directory, the use of the Kerberos authentication mechanism as well as several new features concerning (domain) structuring constitute the cornerstones of the architecture change. The use of the Kerberos authentication mechanism in the new Windows server systems will be addressed first in the following. This will be followed by a largely exhaustive overview of the technology of Active Directory and a discussion of the new structuring features. Authentication under Windows 2000/2003 is carried out using the Kerberos authentication mechanism with continuing support of NTLM. Client systems, such as
http://www.computerzeitung.de/loader?path=/articles/2007012/31018914_ha_CZ.html&art= /articles/2007012/31018914_ha_CZ.html&thes=&pid=ee54f3c7-0de1-40f5-bb23- 2cfdf022aee5 Seite 190 Windows 2000 or XP use the Kerberos protocol by default for authentication at the AD domain. The administrator can distinguish here whether Kerberos only is permitted or whether NTLM is still to be offered for older or for non-Microsoft operating systems. Windows 2003 DCs communicate exclusively via the Kerberos protocol.
1.4.1 Kerberos Active Directory supports several secure protocols and authentication mechanisms used to prove identity during logon, such as Kerberos V5, X.509 v3 certificates, smartcards, Public Key Infrastructures (PKI) and LDAP (Lightweight Directory Access Protocol) with SSL (Secure Sockets Layer).184 In Windows 2000/2003, Kerberos version 5 was implemented with add-ons for authentication via public keys. The implementation follows specifications in RFCs 1510 and 1964. The Kerberos Key Distribution Center (KDC) is integrated in every DC of the Active Directory and uses the user database of the AD. The Kerberos protocol requires the system times of the computers involved to be subject to minor deviations only because the authentication of the computer is controlled via a so-called ticket which has a term of validity that is limited to 5 minutes. In order to ensure this, an automatic hierarchical time reconciliation function was implemented in Windows 2003 for the computers which are members of the AD. Kerberos is more flexible, efficient and secure than NTLM authentication. In the case of NTLM, an application server must always contact the domain controller in order to authenticate a client. Only then is access to the respective resources granted. In the case of the Kerberos protocol, the application server can check the logon information which the clients presents to it (ticket). Under NTLM, servers can check the identity of the clients, whilst with Kerberos, the client can also check the identity of the server (mutual authentication). Windows services must impersonate the client in order to access resources. NTLM and Kerberos can provide the service with the information needed to impersonate the client locally. Authentication between domains takes place via trust relationships. A trust relationship is a relationship between at least two domains via which the users of a domain can be authenticated by a domain controller which is located in another domain. Trust relationships can be transitive or non-transitive but must always exist so that users in one domain can access released resources of another domain. NTLM is unable to handle distributed applications with the frontend and backend being located on different computers, whilst Kerberos offers a proxy mechanism (delegated authentication). Kerberos can implement, transitive, bidirectional trust relationships between domains. The Kerberos protocol is made up of three sub-protocols. The sub-protocol via which the Key Distribution Center (KDC) grants to the client a logon session key and a TGT (Ticket-Granting Ticket) is called the Authentication Service Exchange (AS Exchange). The sub-protocol which the KDC uses in order to grant a service session key and a ticket for the service is called the Ticket-Granting Service (TGS Exchange). The sub-protocol
184 http://www.microsoft.com/technet/prodtechnol/windowsserver2003/de/library/ServerHelp/ 62355c36-a646-4bed-b462-dc8f23227447.mspx?mfr=true Seite 191 via which the client sends the ticket for access to a service is called the Client/Server service (CS Exchange).
1.4.2 Active Directory Active Directory is a directory service which is oriented towards the X.500 standard and which can be administered via LDAP (Lightweight Directory Access Protocol). The directory service uses a database type which was originally developed for Microsoft Exchange (Extensible Storage Engine). It replaces the architecture of the SAM database. However, SAM continues to be kept ready for possible NT-based BDCs as long as the Active Directory is not switched to so-called "native mode". Active Directory stores information concerning network objects and makes such information available to users and administrators via simple search functions. The objects in Active Directory usually contain released resources, such as servers, drives, printers as well as accounts for network users and computers. Active Directory uses a structured data memory which serves as a basis for the logic, hierarchical arrangement of directory information. Active Directory includes a set of rules, called the schema, which defines object and attribute classes contained in the directory, restrictions and limitations for instances of these objects, as well as their name forms. The schema can in principle be extended. It is also possible to extend existing classes by adding new attributes. Furthermore, the Active Directory includes a global catalogue with information concerning all the objects contained in the directory. The catalogue enables users and administrators to search for directory information irrespective of the domain of the directory which contains the data. A query and indexing mechanism enables the publication of objects and their properties and enables network users or applications to search for these. Breaking down the Active Directory and/or database is accomplished via the structure unit of the domain. This means that breaking down within the domain in the sense of a distributed database is not possible. The replication of the Active Directory and/or database is carried out between the domain controllers (DCs) by a replication service. This is carried out on the basis of so- called unique sequence numbers (USNs) which are administered even at attribute level. Replication is thus possible at attribute level. When the property of an object changes, this means that the change in property rather than the complete object is replicated. All the domain controllers have a complete copy of the entire directory information for their domain. Every domain controller in the Active Directory provides an LDAP service. LDAP version 3 is supported. By means of an LDAP client, the Active Directory can be browsed or administered. The object in question can be read and written via the distinguished name. Stating the LDAP server is optional with some LDAP clients on condition that they master the so-called "serverless binding". Any LDAP client implementation, such as OpenLDAP and/or a programming interface, can in principle be used such as:
Seite 192 • ADSI (Active Directory Services Interface ) • LDIF (LDAP Data Interchange Format) • and many more. The use of these interfaces involves certain problems because • certain attributes or objects are administered independently by the Active Directory (such as the SID or GUID attributes) and cannot be changed, • certain attributes consist of binary values or hash values the decryption and encryption algorithms of which are not known (for example, the userParameters attribute) and which can be modified via separate interfaces outside LDAP only (for example, Windows Terminal Server API) and • the use of the graphic user interface triggers additional processes besides the mere writing of the LDAP attributes (when a home directory is determined, this is, for example, created on the file server with the related privileges). The server version of Windows 2000/2003 comes with numerous graphic tools for administering the information saved by default in the Active Directory, such as user and group accounts or DNS configuration. The Microsoft Management Console (MMC) is one of the tools used for this purpose. Furthermore, the tools for the command line familiar with Windows NT are available for creating, deleting and editing users and groups. However, these tools can be used to edit only part of the account information saved in the Active Directory. Furthermore, ldifde is a command line-based program which enables the generation of directory entries from an LDIF (LDAP Data Interchange Format) file. The administration tools supplied with Windows 2000/2003 Server are primarily designed for use by experienced Windows administrators. They are hardly suitable for delegating administrative tasks, such as creating or changing user accounts, to less qualified staff. ADSI (Active Directory Service Interface) is a COM-based interface which enables automation of a large number of different tasks.
1.4.3 New features concerning structuring As already mentioned, the structural unit of the domain as the boundary of the security zone continues to exist even in an Active Directory. In the Active Directory, the domain can be regarded as part of an overall structure (forest) and the pertinent tree structures (tree) with a hierarchical structure in a DNS namespace. The individual domains are connected to each other via so-called bidirectional, transitive Kerberos trusts (trust relationships) which no longer have to be set up individually. (The trust relationships via NTLM known from Windows NT can continue to be used). With one logon process, accounts having the required rights can access the resources of any domains in the overall structure. If an Active Directory is referred to, this always means the forest rather than individual trees or domains. The illustration below shows a Windows NT domain structure in which two account domains and five resource domains are connected to each other via trust relationships.
Seite 193
Fig. 25: Example of an NT domain structure
Microsoft presents Active Directory domains as triangles, Windows NT domains as ellipses. This convention is adopted for the purposes of this guide. This gives the following picture: In an Active Directory, the overall structure shown below would thus be conceivable, also consisting of seven domains. The forest consists of two trees in which the domains have a hierarchical structure and in which the domains are connected to each other via Kerberos both in a transitive manner (A trusts B and B trusts C, so that A also trusts C) and in a bidirectional manner (A trusts B, so that B also trusts A).
Fig. 26: Example of Windows 2000
The Active Directory is made available by domain controllers (DCs). The distinction between PDC and BDC is not continued any further. This reflects the new architectural feature, i.e. the fact that Windows 2000/2003 domain controllers are subject to a multi- master principle of replication which means that all the changes within the Active Directory can be carried out on any DC. In the case of the multi-master principle, not all the roles within the domains are distributed to all the DCs. Domain controllers with a special role exist for this purpose. These are the so-called FSMO (Flexible Single Master Operation) owners.
Seite 194 These FSMOs are: • PDC emulator • Infrastructure master • RID master • Schema master • Domain naming master The following functions: • schema master (responsible for the schema of the directory) and • domain naming master (responsible in the case of changes in the namespace) are unique roles within an overall structure (forest). The following functions: • PDC emulator • Infrastructure master (responsible for updates of SIDs and distinguished names across domain boundaries) and • RID master (responsible for the granting of RID pools to other DCs) are unique in every domain. The PDC emulator is responsible for important functions, such as: • password updating for down-level clients (NT 4) and partners of the Windows NT backup domain controllers • Source of the network time (PDC of the master domain only) • Domain master browser service (NetBIOS) A forest can be additionally structured by sites. The site structure should reflect the physical network structure and correspond to the bandwidths available between the locations (for example, Hamburg, Berlin, Bonn, etc.). The primary purpose of this structural organization is to control the replication process between the domain controllers. It is therefore possible to adapt the replication times to the existing physical network structure, when necessary. A DNS infrastructure is indispensable for the implementation of an Active Directory, requiring not just the selection of a namespace but also the use of suitable DNS servers . This does, of course, imply an existing TCP/ IP network environment. Windows 2003 can include a public key infrastructure (PKI) as an integral part. Certification services can be set up via Windows Server 2003 and distributed to Windows XP clients. The PKI is a network service which generates certificates and which can be used for the verification thereof at any time. Certificates are validated via central directory (repository) services in which this information is stored by the certificate services so that clients query this central infrastructure. Certificates are generally used for authentication, encryption and signing.
Seite 195 Applications of a PKI include the following: • Secure authentication for Windows registration or VPN access • Encryption of files or e-mails • Signing of files or e-mails • Secure communication in the network (SSL, IPSec) The Certification Authority (CA) can be integrated into the Active Directory or installed separately. If the integrated variant is selected, this then supports and enables the following security technologies: • EFS (Encrypted File System) • IPsec • Smartcard • Encryption and digital signatures (mail) • and many more in the internal network. The distribution and/or activation of the PKI is supported by group guidelines. However, this does not mean that a separate administration concept for keys then becomes superfluous. Active Directory uses PKI and certification via security functions, such as authentication and controlled access to directory objects. Integrated authentication for user logon and authorization as central functions of the local security authority (LSA) provides a secure directory environment. The user has to log on only once in order to obtain access to released resources in the network. After Active Directory has confirmed the user's identity, the local security authority generates an access token on the authenticating domain controller. This access token determines this user's level of access to network resources. Windows 2003 Active Directory is mandatory for Exchange 2003 because Exchange 2003 extends the Active Directory schema and saves its own configuration in. The following Microsoft products use the Active Directory in order to save their configuration: • HIS Server (Host Integration Server) • ISA Server (Internet Security and Acceleration) in Enterprise Mode With Windows PowerShell, a programming method similar to the Unix shell was introduced in 2006 in Windows Server 2003 which also enables access to the Active Directory. It supports both simple commands and complex scripts which can be written in the PowerShell Scripting Language. Cmdlets form the core of the PowerShell. Cmdlets are small functional units which are implemented as .NET classes. PowerShell is a flexible tool which enables access to WMI (Windows Management Instrumentation) classes, COM (Component Object Model) objects and the .NET Framework. ADSI (Active Directory Service Interface) is a COM-based interface which enables automation of a large number of different tasks. With Active-Directory-Client, many new functions can also be used with older Windows operating systems, in particular, NT 4 thus ensuring a certain degree of downward
Seite 196 compatibility. These include, for example, Active Directory Service Interface, Active Directory Windows address book and certain search functions. To sum up: Active Directory is a powerful, LDAP-based directory service which supports Kerberos 5. Besides efficiency query possibilities, it also offers differentiated replication options and can also be used in large networks. Although it offers possibilities to integrated non-Microsoft operating systems, the entire functionality is only available with Windows-based computers.
2 Migration paths The migration of the central authentication services is primarily determined by migration of the user and group accounts and, in conjunction with Windows, always also by migration of the machine accounts from an existing IT infrastructure to the new planned IT infrastructure for the authentication service. Cases in which an authentication service is migrated alone, i.e. without the other basic services of an IT infrastructure, are rare. With regard to the IT infrastructure, the integration of directories has increasingly come to be the central element in recent years. The single sign-on (SSO) infrastructure on the basis of the Kerberos 5 protocol is becoming increasingly important in authentication infrastructures of this type. Under these aspects, the following sections will discuss the paths below for migrating the authentication service: • Migration from Windows NT DC to Linux with OpenLDAP, Samba and Kerberos • Migration from Windows 2000 with Active Directory to Linux OpenLDAP, Samba and Kerberos • Migration from Linux and OpenLDAP, Samba and Kerberos to Windows 2003 with Active Directory • Migration from Windows NT as DC to Windows 2003 with Active Directory In order to minimize errors and failures during the migration process, a test migration should be carried out on the basis of exemplary systems in order to prepare the project. This should enable the analysis and suitable documentation of problems and errors which can be caused by specific organizational and technological conditions during the manual migration operations. 2.1 Migration from Windows NT DC to Linux with OpenLDAP, Samba and Kerberos As already found in the technology discussions in chapter II.C 1.1, a Linux system in conjunction with Samba is an equivalent alternative to the Windows NT server. The addition to the LDAP directory "OpenLDAP" already creates significant added value compared to the authentication infrastructure based on Windows NT 4.0 Server because this enables, for example, significantly better and more comprehensive mapping of one's own organization and mapping of, for example, access rights to this organization. The migration guide will continue to discuss this path because many public agencies still operate IT infrastructures which are based on Windows NT 4.0 Server.
Seite 197 2.1.1 Functional comparison Windows NT uses the "domain" term as an administration and structure unit. In the domain controllers, machine and user accounts and their pertinent attributes are stored in the Security Accounts Manager (SAM). This is carried out in the form of restricted administration services (registries). The defined structure of the attributes and limited scalability ensure that usability is limited. The use of Linux in conjunction with Samba and OpenLDAP enables the implementation of the functionality of domain controllers with open source software. Samba includes an LDAP interface and can hence use OpenLDAP as a database for user and machine accounts. This enables the implementation of a real directory-service-based solution for the administration of user, group and host information. Samba supports the concept of PDCs (Primary Domain Controller) and BDCs (Backup Domain Controller) from the perspective of the Windows clients. It is also possible to implement a WINS service with Samba. Samba itself does not support replication of the SAM database between PDC and BDC at the server end. This is, however, achieved by replicating the LDAP directories. Authentication in Samba is carried out using the NTLM protocol (analogous to Windows NT). If Linux clients are to be integrated into the new infrastructure, authentication on these can be implemented in several ways, for example, using the "pam_ldap"185 module via the LDAPv3 protocol directly against the LDAP directory, or using a Samba client against the Samba DC. Kerberos authentication of Windows clients in the way which is possible against Windows 2000 Server is not possible against Samba. However, a Kerberos-based SSO can be implemented in an environment with Linux, Samba and OpenLDAP using, for example, the MIT or Heimdal implementation of the Kerberos 5 protocol (refer to chapter II.C 1) so that authentication is also possible with Windows clients against this environment. The modular design of the Samba software offers several ways of administration of the Samba Domain Controller (DC). Besides the command line configuration option, a web- based tool called SWAT (Samba Web Administration Tool) is available for Samba for administration. The use of the Webmin software is another recommended option. Webmin is a free, web-based software which offers interfaces for configuring and monitoring a large number of Unix-based services. Webmin modules are available, for instance, for the administration of Samba, OpenLDAP and Kerberos. Apart from this, administration of user accounts and servers is possible using the usual Windows tools.
2.1.2 Migration path Migration of a Windows NT 4.0 Server DC to a Linux system with Samba and OpenLDAP is generally possible and can be carried out in a manner transparent for users. The following sections describe the most important steps and discuss a number implementation aspects.
185 http://www.kernel.org/pub/linux/libs/pam/ Seite 198 The new domain controllers should be set up first. For this purpose, the Samba, OpenLDAP components must be implemented in addition to the chosen Linux distribution. If an SSO solution is to be implemented, either the MIT or the Heimdal implementation of the Kerberos 5 protocol must be installed. The availability of the Smbldap tools is helpful for the future administration of users, groups and computers in the LDAP directory. Samba also uses these tools if user accounts are managed using Windows tools.
2.1.2.1 Definition and implementation of the directory tree The implementation of a directory service on the basis of OpenLDAP is determined mainly by the definition and implementation of the directory tree. It is particularly important in this context that a clear-cut concept exists for the general overall structure of the directory tree. The advantage of a Linux-OSS-based environment is the fact that it can be defined relatively freely according to the given requirements. In as far as authentication against Samba is concerned, it is of particular importance that the corresponding schema which belongs to Samba is integrated. The necessary information concerning the structure and make-up of the user, group and machine objects is made available in the "samba.schema" file which is included in the Samba package.
2.1.2.2 Samba configuration With regard to the configuration of Samba, it should be noted that the /etc/smb.conf configuration file determines that OpenLDAP must be used as the backend. Furthermore, the necessary settings which must be made during the concrete migration phase are also carried out here. These are carried out in the manner described below.
2.1.2.3 Migration of the SAM database Migration of the SAM database – i.e. migration of the user, group and machine accounts with the credentials (code and password) from the existing Windows DC to the new DC – is the central migration step. This should be carried out in a largely secured environment. It should hence be ensured that, if possible, no major changes in the SAM are carried out during this phase. The following details show why this is important: • Following successful setup of the future Samba PDC, this must first be configured as the backup domain controller (BDC) (/etc/smb.conf: "domain master = no") and as such integrated into the existing Windows NT domain (net rpc join -U administrator –S %domain). • Next, the "net rpc vampire –S %domain" command can be used in order to transfer the contents of the SAM database to the OpenLDAP directory. • After this transfer, further changes in the Windows NT PDC (for example, a password change by a user) are no longer taken over by the Samba BDC, so that this change should be carried out at once. • Following this, the Samba BDC is re-configured to the Samba PDC.
Seite 199 2.1.3 Introduction of Kerberos Since Windows NT 4.0 Server supports neither SSO nor the Kerberos 5 protocol, this is not a migration. The introduction of an SSO solution or of an authentication system on the basis of the Kerberos 5 protocol corresponds to a new construction of the required IT infrastructure. The corresponding possibilities are described in the technology discussion in chapter II.C 1.1.
2.1.4 Conclusion / recommendation Migration from Windows NT 4.0 Server DC to a Linux-based system using Samba, OpenLDAP can be carried out in a transparent manner using the tools and methods described. In functional terms, the new system offers all the features of Windows NT DC and, with the introduction of an LDAPv3-based directory services, significant added value as well as enhancements with a view to scalability and performance. Migration can hence be recommended. The possibility to implement secure authentication and an SSO on the basis of the Kerberos 5 protocol offers further added value. 2.2 Migration from Windows 2000 with Active Directory to Linux OpenLDAP, Samba and Kerberos Although it is generally possible to replace Windows 2000 with Active Directory with a Linux-based system, certain parts subsequently work in a slightly different manner. The current, stable Samba version cannot completely replicate a Windows 2000 Server / Active Directory architecture. The differences with regard to authentication will be explained in the following sections of the migration guide. Windows 2000 Server was chosen as the starting situation because migration of Windows Server 2003 is today considered more an exceptional option. Public agencies which are in the process of changing to Windows 2003 Server or which recently migrated their system to Windows 2003 are unlikely to perform another migration project for both economic and investment protection reasons.
2.2.1 Functional comparison The Active Directory stores information concerning users, groups, machines, releases, services and devices as objects. The authentication of users and machines is implemented via Kerberos. A Microsoft- specific implementation of the Kerberos 5 protocol with proprietary extensions is used for this purpose. A Linux system in conjunction with Samba 3.x, OpenLDAP 2.4.x and an open implementation of the Kerberos 5 protocol (Heimdal or MIT) can be used to map the major functions of the Windows 2000 Server / Active Directory combination with regard to the authentication functionality. The lock-in scenarios are the critical point for a migration decision. The question must hence be answered as to whether there are services and applications which use the proprietary interfaces of the Active Directory and with which effort and within which time these dependencies can be overcome. The first services and applications which regularly have a role to play in this context are Exchange 2003, MS SQL Server and, to an increasing extent in the future, SharePoint Server.
Seite 200 If it is not possible to overcome these lock-in scenarios in a commercially sensible manner, a positive decision in favour of the migration path discussed here is likely to become rather difficult. As far as this is foreseeable today, this will also be the case for the newer versions of the Windows Server systems. Whether Samba version 4, which is currently under development, will be able to remedy this situation is not yet foreseeable and hence should not be discussed here any further.
2.2.2 Migration path The migration of a Windows 2000 Server authentication structure with Active Directory and Kerberos is discussed in the following sections. As already mentioned earlier, the crucial step is the migration of the user, group and machine accounts and of the related credentials. In contrast to the older migration path from Windows NT 4.0 Server to Linux in conjunction with Samba and OpenLDAP, it must be additionally checked in this case to what extent the migration of the Kerberos authentication infrastructure under Windows 2000 Server is possible and/or how migration can be carried out. In the same manner as in the case of a starting situation based on Windows NT 4.0 Server, the appropriate domain controllers must at first be set up with Linux, Samba and OpenLDAP (refer to chapter II.C 21.2). A detailed analysis of the make-up of the future directory structure is equally necessary. The fact that AD is to be replaced is certainly not unimportant in this context.
2.2.2.1 Migration of the user and machine accounts Following successful implementation of the DCs and of the LDAPv3-based directory service, the required user, group and machine information can be retrieved from the AD via LDAP. It must be considered in this context that differences exist, in particular, with a view to the names of the attributes in the AD and in the OpenLDAP directory. Corresponding mapping is required for exact assignment of these names. The basic problem in importing this information is the fact that it is not directly possible to import the credentials from the AD because these are stored in encrypted form due to the Kerberos implementation. This problem can be overcome in two ways. One of these two options is, however, a rather theoretical possibility because it requires longer preparation and must be considered to be relatively complex. With this method, a dynamic link library (DLL) on an AD server is used to intercept the credentials whenever these are changed by a user and to subsequently send them to the OpenLDAP directory. If a user does not perform any change while this action is being performed, the credentials for this user would have to be reset at a default value during transmission of the information from the AD. In the case of the second option, the credentials are reset for all the users in order to simplify the entire process. Although this means that the migration is no longer transparent for the users, this is definitely justified with a view to the simplification of the process and the time required for the migration process. Following successful importing of the information from the AD, the Samba DCs can replace the Windows DCs accordingly. The Samba DCs then work just like Windows NT 4.0 DCs.
Seite 201 Finally, it should be noted that Samba version 3.x does not support the group policy objects under Windows 2000. However, the essential part of these GPOs can be implemented via system policies and local policies.
2.2.2.2 Migration of the Kerberos-based authentication infrastructure Migration of the Kerberos-based authentication infrastructure under Windows 2000 Server with AD is not possible. The most important obstacle is the fact that it is not possible to import the corresponding keys from the AD. If a Kerberos-based authentication infrastructure is also to be used in the new environment, a corresponding new infrastructure must be set up. Chapter II.C 1.1 contains further information on this subject. Note that a transmission of group guidelines is not possible with the free Heimdal and MIT implementations in the manner in which this is possible with Windows 2000 with Kerberos tickets. Microsoft has implemented a proprietary extension of the Kerberos 5 protocol for this purpose.
2.2.3 Conclusion / recommendation With regard to the authentication aspect, a decision in favour of or against the migration path discussed here will primarily depend on the question as to whether and, if so, which lock-in scenarios exist and whether and, if so, how efficiently these can be overcome. Functional differences are likely to be of only secondary importance for a decision because these differences are only small with a view to authentication. However, it cannot be ruled out that this situation may be different in the case of a complete migration project. 2.3 Migration from Linux and OpenLDAP, Samba and Kerberos to Windows 2003 with Active Directory This section discusses the ways and procedures for migrating a Linux-based system in conjunction with Samba, OpenLDAP and a free Kerberos implementation to a Windows 2003 System with Active Directory. In contrast to the migration paths discussed earlier, which were aimed at replacing a Windows-based authentication service and at enabling the continued use of Windows clients, the migration approach discussed in the following aims to ensure the continued use of Linux clients in the target environment. This means that the Microsoft Services For Unix (SFU)186 must be made available in the new Windows 2003 DCs to be set up in order to provide the functions of POSIX authentication too and to thereby enable the connection of Linux clients.
2.3.1.1 Migration of the user and machine accounts The user, group and machine information is migrated in just the same manner as in the opposite direction, i.e. via the LDAPv3 interface of AD. In the same way as in the case of migration in the opposite direction, attribute mapping is required in order to ensure correct mapping of the matching attributes.
186 http://www.microsoft.com/germany/windowsserver2003/technologien/sfu/default.mspx Seite 202 In this case too, a problem exists with the import of the credentials because these are also stored in encrypted form. The recommended solution is to reset the credentials. This is the simpler and less time-consuming procedure.
2.3.1.2 Migration of the Kerberos-based authentication infrastructure Migration of the Kerberos-based authentication infrastructure is not possible in this case either, and for the same reasons. The configuration of the Kerberos-based authentication infrastructure must be newly set up. Although this is automatically installed during the server installation process, it still needs to be configured accordingly afterwards.
2.3.2 Known problems Automation of the migration steps is not possible with the exception of the replication of the LDAP directory. This means that a long and flexible time frame should be foreseen for the migration process. MS, unlike the OSS community, does not yet offer any support for this migration path.
2.3.3 Conclusion / recommendation Since Microsoft, in contrast to the open source community, does not yet provide any suitable tools for the migration from a Linux-based IT infrastructure to a Windows-based IT infrastructure, a migration path to a Windows 2003 Server-based IT infrastructure is relatively complex and requires many manual migration steps. Migration is, however, generally possible. 2.4 Migration from Windows NT as DC to Windows 2003 with Active Directory Migration from Windows NT as DC to Windows 2003 Server means a fundamental technological change in authentication and directory services.
2.4.1 Functional comparison Whilst Windows NT was based on NetBIOS, WINS, NTLM, SMB and a limited directory, Windows 2003 uses LDAP, Kerberos, DNS and CIFS as more efficient and scalable technologies. More far-reaching changes in the domain structure and in the authentication mechanisms lead to requirements for potential re-design during the migration process. Different options for performing the migration process are generally available. These options include an upgrade of the old system187, new installation or domain upgrade188. The only option which can be really recommended is new installation with suitable hardware and domain restructuring. This means that the migration process in principle also involves a general adaptation of the domain structures.
187 It must be ensured in this case that the existing hardware fulfils the requirements of the new system. 188 The structures of the NT domain are converted to the Active Directory. Seite 203 2.4.2 Migration path
2.4.2.1 Basic steps In order to ensure maximum transparency and minimum invasion of the migration process, we recommend updating to Windows 2003 as a first step and subsequently restructuring the domains. • Saving the ACTUAL status The PDC is replicated to a BDC. This BDC is removed from the network and serves as backup. • Migration of the PDC The PDC is migrated to Windows 2003. Depending on the given scenario, this is carried out in the form of an operating system update or by way of new installation. On conclusion of the migration process, the domain works in hybrid mode (parallel operation of NT-based and 2003-based systems). • Migration of the BDC (optional) In the next step, the BDCs can be changed to Windows 2003 either in the form of an update or by way of new installation. This step is optional because the Windows 2003 PDC can also be replicated to NT4 BDCs in hybrid mode. • Switching to uniform or 2003 mode If the BDCs too were migrated to 2003, the domain can be switched from hybrid mode to uniform mode or to 2003 mode. • Optimizing the domain structures (optional) Following successful migration, the domain structures can be optimized and consolidated.
2.4.2.2 Update from Windows NT to 2003 The update from Windows NT to 2003 is carried out from the operating system CD. During the update process, the DNS and the DHCP service must be installed via the user-defined installation of the network services. Following the successful operating system update, the "dcpromo" program is executed via the command line. This triggers conversion of the Windows NT domain to the Active Directory by means of a wizard.
2.4.2.3 Consolidation of the domain structure The Active Directory Migration Tools (ADMT) can be used to restructure the domain(s) following migration of the NT domain to Active Directory. It is often possible in this context to simplify the domain structure by reducing the number of domains used. The administration of users, groups and group guidelines is simplified and the unidirectional trust relationships of the NT domains can be automatically converted to the bidirectional trust relationships of Windows 2003.
Seite 204 2.4.2.4 Aspects to be considered • Service Pack 5 Service Pack 5 must be installed on the Windows NT computers as a precondition for migration to Windows 2003. • Change in computer name Since it is not possible to change the computer names of domain controllers, problems can occur during the migration process. This is particularly the case if Windows 2003 is installed on a completely new system. In this case, we recommend implementing the new system, integrating it into the network with a temporary name, and copying the data of the old NT system. Following this, the name can be changed and the computer can be added to the domain as the domain controller.
2.4.3 Conclusion / recommendation Migration to Windows 2003 is an option when it comes to replacing the obsolete NT system and rethinking and replacing historically grown structures.
3 References 3.1 General considerations Many other infrastructure services and applications have, from their perspective, a reference to the authentication service and hence also to the directory service if both are considered by this guide to be one entity. This means that it is usually not possible to discuss and/or migrate an authentication service alone. When an authentication service is to be migrated, the reference to all the services and applications must be established which access and use the authentication service in the existing environment. This can, in principle, concern almost all technically orientated subjects which are discussed in the migration guide. The Office applications topic may be an exception. Since migration of the authentication service also often involves a change in operating system (continuing or replacing migration), the other existing infrastructure services and applications must also be considered, simply in order to make sure that their use does not pose any problems under the new operating system. The corresponding sections of the migration guide should be referred to in such a case. 3.2 Directory service A separate "directory service" subject is not foreseen in the migration guide for the time being. It should hence be noted here that the general considerations as described in the introductory chapter to the migration paths to databases (refer to chapter II.A 2) can in part be applied to the migration of directory services too. This is particularly valid if one considers that the backend of most directory services contains databases. The following two principles should be considered in each case: • A directory service solution should be orientated towards manufacturer- independent standards. The use of manufacturer-specific techniques and functions should be avoided.
Seite 205 • A directory service solution should focus on the core functionality of a directory service, i.e. the storage and provision of data. Access to the data and data processing should be carried out, independent of the product used, either via user-defined applications or using suitable LDAP browsers. • Existing standard patterns should be used to the maximum extent possible when it comes to defining the structure of the directory trees. Taking these minimum requirements into consideration, migration from an X.500 directory to an LDAP directory should then also be possible. A more detailed discussion would require the inclusion of a dedicated "directory service" migration subject as a topic separate from the authentication service. As soon as demand for this is identified, this will then be addressed in the migration guide,
Seite 206 D Subject: network services The infrastructure-forming services for TCP/ IP-based networks (DNS, DHCP, NTP, routing, VPN, filtering) can be implemented in Open Source Software throughout. The comprehensive availability of these network services as OSS is due to the development history of the Internet. The outstanding feature of this world-wide data web is the fact that all the computers connected to it speak the same language. This language consists of a whole family of protocols that are summarized under the term TCP/ IP. One vital requirement is that the "language understanding" is universally the same in order to ensure smooth communication between the most varied systems world-wide. In order to achieve this conformance, most of the Internet protocol standards officially adopted by the Internet Engineering Task Force (IETF) are supported by open source reference implementations. On the basis of these references, all manufacturers can independently develop fully interoperable software. The Internet protocols are manufacturer- independent and constitute open standards both in terms of their definitions and in terms of their open source implementations. This special feature of the Internet protocols was a decisive reason why TCP/ IP prevailed over the proprietary network protocols existing in the market at the same time. Even if interoperability requirements are fairly limited in local networks because of the limited number of systems involved, maintaining open standards is of essential importance. As a consequence, the manufacturer-specific network services for local networks, such as the Microsoft Windows Internet Name Service (WINS) and the Network Basic Input Output System (NetBIOS), are becoming increasingly unimportant. These services are discussed below because they are still used and are only being replaced gradually. However, this discussion will focus on the two most important network services, i.e. the service for the assignment of IP addresses, which are based on the Dynamic Host Configuration Protocol (DHCP), and the Domain Name Service (DNS).
1 Products/technologies Most of the services described below are based on TCP/IPv4. IPv6 will be considered from case to case only. 1.1 NetBIOS, WINS, DNS and DHCP under Windows NT/2000/2003 Besides the open network protocols, proprietary protocols which are still sometimes used today will be described in the following. The following network protocols/services will be discussed: • NetBIOS
• WINS • DNS • DHCP
Seite 207 1.1.1 NetBIOS/NetBEUI NetBIOS was developed in 1983 by Sytec, Inc., on the basis of an underlying order from IBM for the IBM network for the networking of small work groups. NetBIOS is an interface for communication between applications in Windows-based networks. NetBIOS uses the NetBEUI network protocol as the default transport protocol. In order to enable the use of NetBIOS via TCP, the NetBIOS over TCP/IP (NBT) standard was defined with the RFCs 1001 and 1002. NetBIOS/NetBEUI is specified for small networks without a router. The use of the protocol with routers is not possible due to its architecture. The protocol mainly uses undirected data packages, so-called broadcasts, for communication. This can lead to a high level of data traffic within a network. Due to the wide-spread use of the Internet and the underlying TCP/IP protocol, NetBIOS has now lost its relevance. Many suppliers have discontinued the development of this protocol and are now mapping the functions of the protocol via TCP/IP ab. Since Windows 2000, Microsoft has also been using TCP/IP rather than NetBIOS/NetBEUI in its operating system, so that the latter protocol will not be discussed in more detail here.
1.1.2 Windows Internet Name Service (WINS) WINS was developed by Microsoft in order to implement a name solution for NetBIOS via TCP/IP in Microsoft networks. Microsoft defines WINS as follows189: WINS (Windows Internet Name Service) is the Windows implementation of a NetBIOS name server(NBNS) which provides a distributed database for the registration and retrieval of dynamic assignments of NetBIOS names to IPv4 addresses used in the network. WINS offers NetBIOS name resolution in routed TCP/IP networks with multiple sub-networks. Before two hosts using NetBIOS via TCP/IP (NetBT) can communicate with each other, the target NetBIOS name must be resolved into an IPv4 address. TCP/IP cannot establish communication via a NetBIOS computer name. The use of a WINS proxy is possible. A WINS proxy itself does not have a database. It only receives queries from clients and passes these on to a full-scale WINS server. All the Windows operating systems so far launched (Windows 9x to Windows XP and all server operating systems) can represent a WINS client. The WINS client can be configured on the basis of its so-called node type in order to determine whether and, if so, how it has to resolve NetBIOS names. Microsoft recommends offering the WINS service when it comes to setting up new networks because it cannot be ruled out that existing, old applications (for example, 16- bit applications) are still using this service. This should, however, be checked in advance. However, this is often difficult to do because there is no standard procedure for identifying all the applications which require WINS. Future plans for using applications within a network should hence avoid the use of applications which use the WINS service.
189 http://www.microsoft.com/germany/technet/datenbank/articles/600987.mspx Seite 208 1.1.3 Domain Name System (DNS) DNS is the Internet standard which enables, amongst other things, the resolution of computer names into an IP address and vice versa (reverse lookup) within a hierarchical namespace. In 1983, Paul Mockapetris designed the DNS service and described it in RFCs 882 and 883. Meanwhile, these RFCs have been replaced by RFC 1034 and RFC 1035 and supplemented by numerous further standards. DNS can be installed on the Microsoft server operating systems. The RFCs shown in the list below describe the DNS service in the form in which it is implemented by Microsoft for Windows server operating systems190:
RFC Title
1034 Domain Names – Concepts and Facilities 1035 Domain Names – Implementation and Specification 1123 Requirements for Internet Hosts – Application and Support 1886 DNS Extensions to Support IP Version 6 1995 Incremental Zone Transfer in DNS
1996 A Mechanism for Prompt Notification of Zone Changes (DNS NOTIFY) 2136 Dynamic Updates in the Domain Name System (DNS UPDATE) 2181 Clarifications to the DNS Specification
2308 Negative Caching of DNS Queries (DNS NCACHE) 2535 Domain Name System Security Extensions (DNSSEC) 2671 Extension Mechanisms for DNS (EDNS0) 2782 A DNS RR for Specifying the Location of Services (DNS SRV)
Table 40: RFCs in which DNS is specified
The use of the DNS service within a defined network infrastructure requires the implementation and/or use of a corresponding server. In order to establish communications with computers in other networks, external DNS servers can be used by the corresponding providers. DNS servers normally occur in pairs (primary and secondary DNS server). This increases the failure safety of the service on the one hand and enables the updating of DNS entries without interrupting operation on the other. As already mentioned, DNS enables the resolution of a computer name into an IP address and vice versa into a hierarchical namespace. The hierarchy of the namespace is reflected by the "." (dot) separator in the notation of the names. The so-called "fully qualified" domain name (FQDN) consists of two parts as follows: the first part before the first dot identifies the host name, the second part the DNS domain. Example:
190 http://www.microsoft.com/technet/prodtechnol/windowsserver2003/de/library/ ServerHelp/60601f25-a8b3-4316-851f-8e0cc99673ec.mspx?mfr=true Seite 209 computer1.organisation1.com describes the computer with the name computer1 in the organisation1.com domain. It is not absolutely necessary for the FQDN to consist of three parts. However, two parts must be stated as a minimum. The part after the last dot shown in this example usually describes the higher-level area or the country in which the computer and/or the domain are located. Valid characters in FQDN are the characters a to z, A to Z and the minus sign, with no distinction between upper case and lower case.191 Since DNS is an Internet standard, free selection of the domain name is not possible. The domains must be registered with the relevant national or international administration bodies. If, however, the DNS namespace is visible within the own organization (enterprise) only, it is also possible to use non-registered names. This is, however, not advisable. It should always be ensured that a namespace is used which remains compatible with the Internet. It is recommended to this effect to have a desired namespace (domain) reserved at an early stage. This prevents future changes and avoids migration costs. DNS includes mechanisms that enable partitioning of the underlying data base, i.e. to adapt it to distributed environments. The name resolution can be delegated for special domains on the one hand, and replication (zone transfer) and administration can be controlled by creating zones on the other. One special feature of the DNS implementation under Windows NT 4 and higher is the possibility to exit the DNS service and to additionally use a WINS server for name resolution. DNS supports not just the entries for computer names, but also further resource records. The following table shows an overview of the DNS resource record types supported in Windows.
Record Brief description Type
A Address entry (the classic entry for a host to be resolved into an IP address)
CNAME Alias (or canonical name)
MX Entry for mailrouting via SMTP (Simple Message Transfer Protocol)
NS Entry for a DNS server (name server) of a DNS domain
PTR Reversed address entry (pointer resource record) which makes it possible to derive a host name from an IP address
RP Entry for the responsible person of a special DNS domain
SOA A SOA (Start Of Authority) record marks the beginning of a zone. The name (@, the origin) represents the name of the zone.
TXT Entry for text information
191 In certain domains, such as .de .at .ch, extended character sets can be used with defined special characters, such as umlauted vowels (ä, ö ü) or ß. Seite 210 Record Brief description Type
WINS Entry for the IP address for WINS server to be additionally used for forward resolution
WINS_R Entry for reverse lookup via WINS server
SRV Entry for well-known service
Table 41: Overview of the DNS resource record types supported
All the Windows operating systems so far launched (Windows 9x to Windows XP and all server operating systems) can represent a DNS client. Systems with Windows 2000 or higher also support dynamic DNS (DDNS) as a client. According to Microsoft192 , the DNS service under Windows 2003 is interoperable with the BIND (Berkeley Internet Name Domain)193versions listed below, the open source implementation of a DNS service which is available for many operating systems, including, for example, UNIX, FreeBSD, OpenBSD, Linux and Windows: • BIND 4.9.7 • BIND 8.1.2 • BIND 8.2 • BIND 9.1.0 Connecting BIND 9 to external data sources for the administration of zone information is possible via a comprehensive BackEnd Database Interface on the one hand, but a simplified interface, the "Simple Database Backend" (SDB) is additionally available which can be used, for example, to implement read-only access to LDAP or SQL databases. However, the links are not included in the BIND software package. LDAP connection is, for example, possible using both SDB implementations and pre-defined object classes that permit the implementation of this connection. BIND 9, in particular, also supports dynamic updating of service records and can thus perform the corresponding services for Windows Server. BIND is hence an alternative to the DNS implemented in Windows. Due to its wide- spread use, it is unlikely that functional problems will occur when it is used in heterogeneous environments.
1.1.4 Dynamic Host Configuration Protocol (DHCP) DHCP was developed by the Dynamic Host Configuration Working Group of the Internet Engineering Task Force and is defined in RFC 2131. DHCP is used for the automatic, dynamic and temporary or static and permanent assignment of an IP address to computers within a network. This is accomplished by the
192 http://www.microsoft.com/technet/prodtechnol/windowsserver2003/de/library/ServerHelp/ 73c0ae36-8058-43d1-8809-046eb03b73fb.mspx?mfr=true 193 http://www.isc.org/index.pl?/sw/bind/ Seite 211 computer sending a request to the DHCP server during the start phase via a DHCP client, with the DHCP server subsequently providing an IP address out of a pool of IP addresses for a defined term. Although a DHCP server under Windows Server 2003 offers all the options shown in the list of options below (refer to Table 42), DHCP clients under Windows XP and Windows Server 2003 only request the options ticked off in the "Used under Windows" column during the DHCP configuration process.
No. Option name Explanation Used by Windows 0 Pad 255 End
1 Subnet mask Indicates the subnet mask linked to the leased IP address, The subnet mask is configured in 3 one area and does not have to be configured separately as an option.
2 Time offset
3 Router Indicates the IP address of the standard gateway of a host. 3
4 Time server 5 Name servers
6 DNS servers Indicates the IP addresses of DNS servers. 3
7 Log servers
8 Cookie servers 9 LPR servers 10 Impress servers
11 Resource Location servers 12 Host name 13 Boot file size
14 Merit dump file
15 Domain name Indicates the connection-specific DNS domain suffix which is to be used by the DHCP client. 3
16 Swap server 17 Root path 18 Extensions path
19 IP layer forwarding 20 Nonlocal source routing 21 Policy filter masks
Seite 212 No. Option name Explanation Used by Windows 22 Max DG reassembly size 23 Default time-to-live 24 Path MTU aging timeout 25 Path MTU plateau table 26 MTU option 27 All subnets are local 28 Broadcast address 29 Perform mask discovery 30 Mask supplier
31 Perform router Indicates whether the DHCP client uses ICMP discovery router search (Internet Control Message 3 Protocol) as the host as defined in RFC 1256.
32 Router solicitation address
33 Static route Indicates a set of IP network targets with classes, along with their pertinent IP addresses, 3 which DHCP clients include in their IP routing tables.
34 Trailer encapsulation 35 ARP cache timeout 36 Ethernet encapsulation 37 Default time-to-live 38 Keepalive interval 39 Keepalive garbage 40 NIS domain name 41 NIS servers 42 NTP servers
43 Vendor-specific Indicates whether manufacturer-specific options information are requested. 3
44 WINS/ NBNS Indicates the IP addresses of WINS servers. 3 servers 45 NetBIOS over TCP/ IP NBDD
Seite 213 No. Option name Explanation Used by Windows 46 WINS/ NBT node Indicates the type of namespace resolution with type NetBIOS (Network Basic Input/Output System) 3 used by the client via TCP/IP.
47 NetBIOS scope ID Indicates the NetBIOS area code. NetBT hosts (NetBIOS via TCP/IP) do not communicate with 3 any NetBT hosts other than those which use the same area code.
48 X Window system font 49 X Window system display
51 Lease time Validity term of the assignment
58 Renewal (T1) time Renewal interval 1 value
59 Rebinding (T2) time Renewal interval value
64 NIS + Domain Name
65 NIS + Servers
66 Boot Server Host Name
67 Bootfile Name
68 Mobile IP Home Agents
249 Static routes Indicates a set of routes without classes which without classes the DHCP client includes in its IP routing table. 3
Table 42: Overview of DHCP options
Just like the other network services, the DHCP service under Microsoft is compatible with the standard implementations under UNIX and can hence be used in heterogeneous environments. The function according to which network clients configure themselves automatically is included in TCP/IPv6 in the definition of the TCP/IP protocol. This is why there is no longer any HDCP under TCP/IPv6. In networks where addressing already takes place according to the new version 6 of the Internet protocol (IPv6), Microsoft Server uses parallel IP stacks for IPv4 and IPv6 (dual- stack strategy). At the time this guide was prepared, this option was not offered for Windows clients. It is hence possible that both computers with IPv6 and computers with IPv4 can communicate with the server.
Seite 214 However, most providers do not yet offer native IPv6 connections via the Internet. This makes it generally difficulty to connect two IPv6 networks to each other via the Internet. So-called "tunnel brokers" are available world-wide in order to by-pass this restriction. These tunnel brokers enable "tunnelling" of all IPv6 connections through an IPv4 connection. These brokers are usually made available free of charge. To sum up: Network protocols form the basis for communication of devices within a network. In the past, the practical use of the implementations of these protocols from Microsoft was sometimes limited (for example, crashes of TCP/IP implementation 1.0). Meanwhile, the implementations of all protocols with Microsoft are suitable for practical use. TCP/IP has come to be established as the standard. It may, however, sometimes be necessary for historical reasons to use protocols in Microsoft environments which do not originate from the TCP/IP world but which can be integrated into it (such as WINS). 1.2 WINS, DNS and DHCP under Linux with Samba The implications of the network services for the clients are the same in the case of a Windows network and an OSS network. The following discussion will hence be limited to the differences with a view to the services described in chapter 4.2.1.1. These differences are mainly of an architectural nature. The origin of the protocol will be briefly mentioned in the corresponding section in as far as this origin deviates from those already described.
1.2.1 Windows Internet Name Service (WINS) Following OSS migration, the name resolution for Windows services and computers is carried out by the nmbd Samba daemon. This means that the broadcast-based browser services commonly used with Windows can be rendered both as a client and as a local or domain-wide master browser on the one hand. On the other hand, however, the nmbd can also act as a WINS server and in this capacity can coordinate the browser across the boundaries of network segments which are normally connected by routers that do not permit any broadcasts to pass through. SAMBA can also be configured in such a manner that the SAMBA server accesses an existing WINS server and then distributes the names provided there in the network. In this case, however, SAMBA cannot be used as a secondary WINS server beside a Microsoft WINS server or another SAMBA server.
1.2.2 DNS (Domain Name Service) The reference implementation for a domain name service is BIND (Berkeley Internet Name Domain) which is being developed further and updated by the Internet Software Consortium (ISC) in a manufacturer-independent manner. The latest version is Bind 9.4.1-P1 which supports, for example, DNS (DDNS), DNSSEC and IPv6. BIND is an open source software package which is subject to the BSD license and available for
numerous operating systems, such as UNIX,2 NetBSD,2 FreeBSD,2 OpenBSD,2 Linux,2 Mac2
OS X and Windows2 NT/2000/2003. Many Linux distributions include BIND by default.
Seite 215 1.2.3 Dynamic Host Configuration Protocol (DHCP) The reference implementation of the DHCP is also being developed further and updated by the ISC. The protocol and software have the following functions and offer the following options: • Automatic assignment of IP addresses according to IPv4 and computer names to clients. DHCP permits both the assignment of static IP addresses (on the basis of the MAC address) as well as the dynamic assignment of a free address from a defined address range. • Automatic transmission of information concerning the network infrastructure. DHCP can, for example, be used for central administration and distribution to all the clients of the domain name and the name server, the default route and the network mask. • Furthermore, a large number of defined optional fields as well as freely definable information concerning the host configuration can be delivered via the dhcpd. This also includes all the options which can be used by Windows clients and which were introduced in the previous chapter. • Furthermore, the dhcpd can also function as a bootpd and in this capacity send any information necessary for booting to a client via the network. The ISC dhcpd enables both the administration of individual clients and collective configuration for classes and sub-networks with regard to any information to be delivered. Furthermore, the conditional assignment of host configuration data by IF statements is possible in the configuration of the ISC dhcpd. The dhcpd can be operated in a failover configuration in order to achieve high availability. The dynamically administered IP areas are then coordinated between the servers which mutually replace each other. This configuration can also be used for load balancing purposes. The ISC dhcpd is configured in conventional UNIX style by an ASCII configuration file. A patch is available enabling the configuration of the ISC DHCP server to be dynamically imported from an LDAP repository. The implementation follows the IETF draft LDAP scheme for DHCP. IPv6 is supported in almost all Linux distributions. An IP dual stack is implemented here, just like in many other hardware and software components. Parallel support of IPv6 and IPv4 is usually made available automatically with every standard installation. Depending on the particular distribution concerned, IPv6 support is either directly activated or it can be optionally activated. With the dual stack implemented, a computer can communicate both with an IPv6 and with an IPv4 computer. Communication between the computers within homogenous IPv6 or IPv4 networks is in principle not a problem. If, however, two IPv6 networks are to be connected via an IPv4 network, this usually requires tunnelling of IPv6 communication through IPv4. This is relevant whenever the Internet is used as the connecting element. In this case, native IPv6 support is rather weak. However, so- called "tunnel brokers" are available which offer the possibility – usually at no additional cost - to tunnel IPv6 communications through IPv4. One can hence summarize that open source implementations are fully suitable for setting up and operating networks. Their reliability has served as a model for all the other Seite 216 implementations and this can also be seen in their many years of successful use in conjunction with the Internet. Security mechanisms were seldom foreseen in many of the protocols described here for historical and architectural reasons. Individual protocols therefore always made attacks possible in the past, but these gaps have always been closed very quickly by amendments to the protocols or by other protocols, respectively.
2 Migration paths Even if interoperability requirements are fairly limited in local networks because of the limited number of systems involved, maintaining open standards is of essential importance. Especially in the case of manufacturer-specific modifications of and/or amendments to standards, there is always a risk of a "vendor lock-in". This means that the links with this manufacturer are strengthened and may even lead to dependence on the one hand, whilst the power of definition with regard to the further development and interoperability of third-party systems is passed to the manufacturer, at least as far as amendments are concerned, on the other. Against this background, one should always check whether the improvements promised in conjunction with a manufacturer-specific amendment to a standard also enable a long- term perspective. Although the tried-and-tested reference implementations which have existed for many years do not necessarily include each and every feature, they warrant sustainable interoperability with all network-enabled systems. Migration of individual network services isolated from the migration of other elements, such as filing and authentication services, from a Windows landscape to a Unix landscape or vice versa, is usually pointless. Exceptions can, at best, be justified by specific boundary conditions (such as infrastructure requirements / technical specifications). Typical examples of this are the DNS and the DHCP service. However, other dependencies must also be taken into consideration. A WINS service, for example, is mandatory for Exchange 2003. This means that the establishment of a SAMBA server is mandatory in order to offer the WINS service if the network services are migrated and if Exchange 2003 is used. The migration of network services can normally be carried out as a gentle migration process. The new infrastructure is set up and both infrastructures are operated parallel for a certain period of time before the "old" infrastructure is switched off. It is important to make sure in this context that the devices involved in network communications, such as switches, routers, etc., may also have to be re-configured. Migration of network services can be classified as technically non-critical from today's point of view. The network services both in an OSS environment and in today's Windows environments are mature and in use world-wide. The network cases are often only changed when a change in IT architecture is carried out. All the network services discussed here can be operated on all customary network infrastructure components and offered in a network. Since the functional differences are particularly important in a migration project, these differences are discussed within the framework of the migration paths.
Seite 217 2.1 Migration of Windows NT/2000 network services to Windows 2003 The following sections will briefly outline the new features of the above-mentioned network services which result from the introduction of Windows 2000. Migration within a Windows infrastructure is today relatively simple with regard to the network services. This is usually carried out by updating existing software (for example, via service packs and patches) or by newly installing the corresponding servers. However, the use of service packs or patches involves the risk of software versions of the network services being loaded which may not be compatible with all the applications used. This is especially the case if large service packs are loaded which are not exclusively designed to update the network services. These service packs (just like new installations) should hence be examined with a view to compatibility with the IT infrastructure and the applications used.
2.1.1 WINS With regard to WINS, Windows 2000/2003 does not offer any new architectural features. Windows 2000/2003 just comes with an improved management functionality for the WINS database.
2.1.2 DNS The DNS service underwent the most far-reaching changes as a result of the launch of Windows 2000/2003. The main reason for this being that the Windows 2000/2003 Active Directory uses DNS for the primary name resolution and/or does not work without DNS. An Active Directory uses DNS for various purposes, including, but not limited to, finding of the services with regard to logon and browsing (LDAP Service, Global Catalog Service and Kerberos KDC). As a precondition for entering services, the DNS must support so- called SRV records according to RFC 2052. Since the previous DNS worked statically (entries had to be made manually), a dynamic registration function was implemented in Windows 2000/2003, also with a view to the planned omission of WINS in the future. Computers can enter their A and SRV records dynamically. The implementation follows the RFC 2136 (Dynamic Update) in this context. Computers with Windows 2000 and higher can register themselves dynamically (implementation in the DHCP client). Windows NT and Windows 9x are unable to do this. They require the assistance of a Windows 2000 DHCP service. Dynamic registration implies a change in the architecture of the previous DNS implementation where one DNS server (the primary one) can write the zone contents. Microsoft implements a multi-master principle by integrating DNS into the Active Directory. The DNS entries are thus objects of the database of the Active Directory and are replicated in this way. Dynamic registration without Active Directory integration does not exist. Dynamic registration can be subjected to security mechanisms in order to ensure that no computers other than those which can authenticate themselves (such as Windows 2000 of the pertinent domain) can register themselves. Windows 2000/2003 supports the so-called "Secure Update" according to GSS API according to RFC 2078; RFCs 2535 (Domain Name System Security Extensions) or 2137 (Secure Domain Name System Dynamic Update) are not implemented.
Seite 218 2.1.3 DHCP With regard to DHCP, Windows 2000/2003 offers some new features worth mentioning. Under Windows 2000/2003, the current RFCs 2131 (Dynamic Host Configuration Protocol, previously RFC 1541) and 2132 (DHCP Options and BOOTP Vendor Extensions) are supported. Besides improved management, Multicast Scopes, user- specific and manufacturer-specific DHCP options as well as dynamic BOOTP are supported. Another new feature is the integration of DHCP and DNS within a Windows 2000/2003 network. Clients with Windows NT 4 or older do not support dynamic registration of their DNS names within the dynamic DNS of Windows 2000/2003. If these clients obtain their IP configuration from a Windows 2000/2003 DHCP server, the DHCP server can carry out the registration in the DNS. 2.2 Migration from Windows DNS (BIND 8) to Linux BIND 9 Migration of the Windows DNS to Linux with BIND 9 is possible without any problems, both with a starting situation of DNS under Windows NT and under Windows 2000/2003. The procedure is in principle the same in either case, the only difference being the way in which the new DNS server is filled with data and the BIND 9 database set up. This procedure is in principle as follows: • Set-up / configuration of a new server. • Configuration (adaptation of IP addresses of the DNS severs) of DHCP servers (possibly clients in the case of fixed IP addresses). Re-using the configuration of the server is not possible in any case due to major syntax differences. • Transfer of the data (zone entries) from the existing server to the new server. • Setting the new server into operation, including DNS service and shut-down of the old DNS server: All Windows devices can use BIND 9 for name resolution. The use of a Linux server (or any other Unix server) with BIND 9 as the DBS server is hence not a problem from the perspective of a Windows device. With regard to the transfer of the zone entries from one server to another, different approaches can be adopted, depending on the starting situation: • DNS under Windows NT 4.0
Since no dynamic DNS is supported in this case194, the only options available are either to perform a zone transfer or to manually transfer the zone entries. In the latter case, measures must be taken to ensure that the syntax requirements of the new environment are adhered to. In the case of a zone transfer, the syntax differences should not cause any problems despite the fact that BIND 9 is not as "error-tolerant" as its predecessors with regard to syntax and logic errors195 because BIND 9 itself creates its zone entries on the basis of the zone entries on the Windows DNS server and normally uses the correct syntax during this process.
194 http://support.microsoft.com/kb/251370/de?spid=1131&sid=936 195 http://www.oreillynet.com/pub/a/oreilly/networking/news/dnsandbind_0401.html Seite 219 • DNS under Windows 2000/2003
With this starting situation, it is possible to use the function of the dynamic DNS, which is also supported by BIND 9, in addition to the procedures discussed above. During this process, the new BIND 9 DNS server is automatically filled by the function of the dynamic DNS during parallel operation. 2.3 Migration from Windows DHCP to Linux DHCP Migration of the DHCP service from Windows to Linux can be carried out without interrupting operation in the organizational unit because the Linux DHCP server can be set up parallel to the Windows DHCP server. Parallel use of both servers during the migration process is possible, but not recommended. Should this be necessary, it must be ensured that the IP areas in which the old DCHP server dynamically assigns IP addresses are set as reserved areas in the new server. After the old server has been shut down, these areas can then be released on condition that a positive check was carried out in order to ensure that the client no longer uses any IP address from this area. This check can be carried out in advance using either suitable tools or the "ping" command. Migration of the DHCP service generally always involves the risk of the new DHCP server assigning IP addresses in an area which was used by the old DHCP server. This can lead to double IP addresses in the network. As described, this risk can be avoided by an appropriate configuration of the DHPC server. Furthermore, tools are also available which support this kind of migration by checking, for example, prior to assigning an IP whether the IP address already exists in the network. However, it must be ensured that different settings of the Windows DHCP server are transferred to the Linux DHCP server before this is set into operation. This can, if necessary, be carried out via a script or manually. The following settings are important: • IP addresses assigned as fixed addresses and marked as reserved in the DHCP (these are typically printers, servers, network components, etc.) • Blocked IP areas (for example, for IP segments which are subject to another administration, but which form part of the infrastructure of an organizational unit) • Duration of the max-lease-time • Duration of the default-lease-time The duration of the lease time, in particular, should be uniform during the migration process. Lease time is the time during which the DHCP client does not request a new IP address from the server. Depending on the clients (laptops or desktops) used, the lease time typically totals 1 to 5 days. We recommend reducing the lease time of the clients to 1 hour in advance of migration. This should be carried out according to the maximum value set for the max-lease-time. If, for example, a value of 5 days was set, this means that this change should be carried out at least 6 days before the planned migration of the DHCP servers. This ensures that devices which are, for example, permanently switched on (such as printers) will request a new IP address within a maximum of one hour after the shut-down of the old DHCP server. If, for example, the old server is switched off in the evening it can be assumed that all the devices which were in use during the night will have obtained their IP address from the new DHCP server the next morning. This
Seite 220 change can then be reversed after all the clients have received their IP addresses from the new server. 2.4 WINS/NetBIOS (Windows) to Samba with WINS/NMDB Following OSS migration, the name resolution for Windows services and computers is carried out by the nmbd of the Samba package. This means that the broadcast-based browser services commonly used with Windows can be used both as a client and as a local or domain-wide master browser on the one hand. On the other hand, however, the nmbd can also act as a WINS and in this capacity coordinate the browser across the boundaries of network segments which are normally connected by routers that do not permit any broadcasts to pass through. The WINS service is automatically installed and configured in the case of a SAMBA server and is immediately available as soon as the Samba server has been set into operation. A SAMBA PDC takes on the role of a master browser in this case. Special adaptation or configuration operations are usually not required, but can be carried out as required in the given case.
3 References No special references exist for the "network services" topic with a view to migration. In the case of migration of a network service, it should be clear which other infrastructure services and applications require this network service and which particular functionalities they need. This is, however, not a special aspect for this "references" section and should instead form part of the requirements analysis of any migration project. Refer also to chapter I.D 2.
Seite 221 E Subject: filing system File systems, such as XFS, EXT4, FAT or NTFS, are required for physical storage of data on hard disk systems of servers. In addition to physical storage, further functions are needed for a filing system. These functions include, for example, the granting of access privileges on file and directory level, the administration of quotas, journaling functionalities as well as functions for the encryption of file systems, when needed.
1 Products/technologies Note: The term "Windows Server" as used in this chapter always refers to all versions of Windows servers from Windows NT4.0 Server up to the current version, i.e. Windows Server 2003 R2. Whenever this definition is not applicable, the exact Windows Server version is given. 1.1 Linux and Samba with SMB/CIFS and POSIX Samba was first published in 1992 in order to enable the exchange of data between SunOS and Ultrix. Samba version 2.0 was published in 1999. This version also ran under Linux and it was used for benchmark tests in relation to Windows NT 4.0 Server. The addition of the SMB protocol which enables Windows clients to access data was implemented by Microsoft, SCO, IBM and Apple. The current version series of Samba is version series 3 which is currently still undergoing further development. Samba version 4 is also being developed at the same time. Although Samba 4.0 alpha 1 is currently available, this version has not yet been released for productive use. The currently last Samba version 3.0.26a was published on 11 September 2007. The changes compared to the predecessor version can be viewed at: http://de.samba.org/samba/. According to the statement by the Samba team published at http://samba.sernet.de/196 , all versions from 3.2 and higher are published under the GNU General Public License, version 3. The current version is hence probably still subject to GPLv2. Samba is in many respects a replicate of the Windows Server service for file storage, print services and authentication. To users, Samba presents itself in very much the same way as a Windows server. For administrators, on the other hand, Samba is a UNIX server. W2K / Windows 2003 as the successor product to Windows NT 4.0 Server means hardly any more changes for users as regards the Windows server than a Samba server. For administrators, however, the introduction of an Active Directory with the DNS, LDAP and Kerberos components means far-reaching changes. The Samba server fulfils the file storage requirements just like a Windows server. The users of Windows clients can also obtain their user profiles and log-on scripts as well as their home or group directories from a Samba server. The executable programs (.exe) can also be stored on a Samba server (and started from there). This also applies to Access database files or other files with lock mechanisms designed for multi-user access.
196 As per 1 November 2007 Seite 222 In contrast to a Windows server, Samba exclusively uses TCP/ IP as the only network protocol. Other Open Source servers (Mars and Netatalk) are available for the services based on the SPX/IPX (Novell) and Appletalk (Apple) protocols which enable work on a common database in a heterogeneous network environment. An SMB implementation based on the old NetBEUI is not offered by Samba. NetBIOS via IPX is not supported either. The usual client-end tools under Windows for editing/managing the files in the file system continue to be available. It is, above all, possible to use the Explorer and the File Manager as well as the cacls.exe command line programs which are supplied with Windows to set the access control lists and xcacls.exe for the same purpose under Windows 2000/2003 Server and so forth. The User Manager can also remain in use with Samba 3.0. Although the use of the Server Manager is in principle possible, it is less suitable because this also means abandoning the transparent server configuration by means of the smb.conf configuration file. The connections to the releases can be established automatically without any changes by logon-scripts or interactively by browsing the network environment. The privilege system of Samba and Linux makes it possible to give privileged processes (such as a virus scanner on the server) local access to all files in the users' home directories, whilst access via the corresponding network drive is restricted to the user alone. The Samba server can be used for file storage and authentication even in environments with Windows terminal servers. However, Samba does not support the security account manager (SAM) object extensions specific to terminal servers. Samba treats file locking (locking both of complete files and of sub-areas thereof) in exactly the same way as the NT server. This means that Samba enables both the cooperative use of files and the use of file-based databases in the same manner as a Windows server. Disk quotas (as well as quotas of other system resources) are offered by the Linux operation system and are thus also available for the file storage system offered by the Samba server. Various open source tools are available under Linux for data backup and versioning / archiving purposes. Furthermore, Linux servers can be easily integrated into the backup concepts of most commercially available products197. High availability, which is achieved under Windows by clustering with the Enterprise Edition, can also be achieved with Samba once again on the basis of Distributed Block Devices (DRBD), shared SCSI or Storage Area Network (SAN) with IP failover. The functional restrictions concerning the predecessor versions of Samba 3.x have been significantly reduced by now. Samba version 3.0 will permit the establishment of trust relationships between master and resource domains and the implementation of the
197 However, a thorough evaluation of the products must be carried out in advance because there are also products which have problems with backups of ACLs. This problem occurs, for example, when using NetBackup (Veritas) for backups of XFS ACLs. However, Ext3 ACLs are supported in this product. Seite 223 Windows NT domain concept. Version 3.0 also enables the use of the Windows User Manager for user administration. It is, for example, possible to create new users in this way. Replication between the Windows domain controller and the Samba domain controller is still not yet possible, so that pure Windows or pure Samba domain controllers only can be used within a domain. If the integration of Windows server services in a Samba domain is necessary, these can be integrated as member servers. SAM replication in a pure Samba domain controller environment is possible without any problems by combining Samba and OpenLDAP. The combination of Samba and OpenLDAP198 is vital for the SAM replication functionality. OpenLDAP is used by Samba to manage groups and users and also offers the necessary replication mechanisms.
1.1.1 Access control: mapping the privilege profiles from Windows to POSIX Access Control Lists (ACL) The way a Samba server handles the rights to access directories and files largely corresponds to the familiar principles of Windows Server. Under Samba too, individual directories in the file system of the server are made available as shares in the network. The details of access control are determined on the basis of the privileges defined in the file system at the server end for a user who is individually authenticated at the Samba server. Authorization is thus interaction between the Samba server and the operating system and/or the file system. Shares (releases) and their server-end characteristics – such as directory path, granting of anonymous access and general write protection – are usually handled and shown under Samba in a configuration file which is unambiguous for every server instance. Editing of this configuration file is also possible via a web frontend. We recommend carrying out corresponding authentication / authorization with an encrypted HTTPS protocol in advance. The rights to access directories and files are handled with all operating systems in the functional operating system component of the file system. Whereas no owner concept for files existed in the FAT file system under DOS and older Windows versions, owners and user groups for files have been distinguished under UNIX from the very outset and under Windows since the introduction of the NTFS file system. The file system uses so-called access control lists in order to determine which users can handle which directories and files in which manner. Under UNIX, the access rights for reading, writing and executing are defined as a minimum for the owner, an owner group and all other system users. Additional restrictions or the granting of rights to other users or user groups can be implemented with certain UNIX/Linux file systems via extended attributes and POSIX Access Control Lists. Samba as the file server keeps its data in a UNIX file system and accesses the data using the effective rights of the user authenticated for access. Although the Samba server can theoretically impose additional access restrictions, the server can never ignore the restrictions laid down in the file system. Both when transmitting the existing
198 Other LDAP directory services can also be used. Seite 224 access rights from the server to the client and when manifesting changes initiated at the client end, the Samba server applies the canon of privileges of the file system in which it stores and manages the user data. This is why migration requires the Windows privileges model to be transferred to the UNIX world. This mapping process and the special features and restrictions to be taken into consideration are described in the following. The authors of this guide assume in this context that a file system with support for POSIX-ACL is used under Linux. At present, these are the XFS, JFS file systems and, with the corresponding mount options, reiserfs, EXT2 and EXT3.
1.1.2 Mapping the NTFS-ACL to the privileges system of Linux When the Windows ACL is transferred to the POSIX ACL of Linux, the system of privileges is reduced to such an extent that the picture largely corresponds to the simple presentation in the security settings. The only privileges which POSIX ACLs recognize are rights to read, write and execute. The POSIX ACLs do not provide different types for distinguishing between write data, append data, write attributes and write extended attributes. When the Windows system of privileges is mapped via Samba to UNIX, it is thus only possible to map complete aggregations of the Windows privileges to the UNIX file system. This also means, in the opposite direction, that the Samba server cannot report any other privilege aggregations to the Windows client.
POSIX privileges Read Write Execute
Browse folder / execute file
List folders / read data X
Read attributes X (X)199
Read extended attributes X
W Create files / write data X I Create folders / append X N data D Write attributes X O W Write extended attributes X S Delete subfolders / files
Delete
Read privileges X X X
Change privileges
Take ownership
Table 43: POSIX privileges and Windows aggregations
199 Although this is displayed, it may not be set because otherwise the complete "Read attributes" functionality would be activated. Seite 225 At the user end, the Windows dialogues can be used to generate the corresponding combinations of POSIX privileges by combing the appropriate NTFS privileges. Note that the setting of one additional NTFS privilege from the Windows list leads to the setting of all privileges of the POSIX aggregate to which the NTFS privilege set in this way also belongs. If, for example, the Write attributes privilege is set in the Privilege entry dialogue for a file for which read access only was previously permitted, the Samba server hence automatically adds the privileges for Write extended attributes, Write data and Append data. After the dialogue was exited by clicking OK, the new, significantly extended scope of privileges is then immediately displayed when the dialogue window is opened again. The advantage is that this behaviour on the part of the Samba server does not permit misinterpretation of the simple presentation of privileges. In the simplified presentation of security settings, the picture is consistent. The Read and Write privileges can be set jointly and severally as well as in combination with Read/execute. The latter group privilege cannot be set alone. The NTFS privileges Delete subfolders/files, Change privileges and Take ownership privileges cannot be implemented under POSIX ACLs and thus do not lead to any result on the Samba server when they are set (shown against a grey background in Table 43). However, in the case of Full access, i.e. complete read, write and execute privileges, they are also marked as set.
POSIX privileges Read Write Read and Read and Read, execute write write and execute Full access X
Edit X W I Read / execute X X N D List folder X X O contents (for (for folders (for folders W folders only) only) only) S Read X X X X
Write X
Table 44: POSIX and Windows privileges
1.1.3 Mapping the inheritance function The POSIX-ACL implementation uses passive inheritance only. Active inheritance of the NTFS type is not possible. Samba does, however, offer the option to activate the inheritance of ACLs on individual shares. In this case, however, the default ACLs only are inherited rather than the "normal" file ACLs and the inheritance applies to newly created files only. However, this hardly causes any problems because the existing privileges model is usually evaluated during a migration and because equally often this subsequently leads to restructuring and a welcomed simplification. If, however, the existing privileges model is to be transferred despite this, "restricted" inheritance can
Seite 226 mean that the administrator will have to manually replace the corresponding attributes following migration.
1.1.4 Mapping the attribute system The attributes which do not exist under Unix can be implemented in different ways. The Write protect flag is not really needed here because it is already included in the normal privilege system. It is hence displayed automatically for files and directories without a write privilege. The Archive, Hidden and System flags can be represented by the Execute bit of the UNIX file system which is not used, so that these flags exist. The Compressed and Encrypted attributes cannot be mapped. They can, however, be made available via special services under UNIX.
1.1.5 Mapping the audit functions The auditing system forms an integral part of Windows. It can be represented under UNIX by other mechanisms. For the Samba server, the auditing functionality can be implemented via a VFS module. Access to files and directories is then logged by the Samba server. At file system level, auditing in this form has not yet been integrated into the Linux kernel even though several implementation attempts have been made and despite the fact that the preconditions have been fulfilled in the existing structures for extended attributes in Linux file systems. In practice, however, this functionality appears to be of so little importance that all attempts made so far were not actively pursued any further due to a lack of interest. However, security extensions, such as SE-Linux, definitely enable at least partial auditing even for file system access which is carried out at the level below Samba.
1.1.6 Summary of the most important consequences of using Samba with POSIX ACLs The following applies to writing as an abstract privilege: • There is no distinction between "write data" and "append data" • In the case of folders, there is no distinction either between creating folders and creating files • There is no distinction between the writing of folders and/or files and attributes The following applies to reading as an abstract privilege: • There is no distinction between the reading of folders and/or files and attributes • Reading of privileges is always permitted in principle. Neither audit nor active inheritance are implemented in general. Inheritance is subject to the restrictions described in the foregoing.
1.1.7 User groups and access privileges The assignment of access privileges to groups plays a paramount role, especially in conjunction with releases which are commonly used by work groups. NT distinguishes between (server-) local and global groups. Local groups can be regarded as alias definitions that refer to one or more global groups. This means that local groups can contain several global groups. Nesting of groups is not possible under Samba (as under
Seite 227 UNIX/Linux in general). Samba only permits all UNIX groups to be presented 1:1 as global groups for Windows clients and member servers. These global groups can, of course, form part of local groups in Windows member servers. This means that the U-G-L-R and U-G-R models described in section 0 continue to be available on these servers. The introduction of a concept of local groups for Linux servers too is currently not foreseen, so that only the U-G-R model is typically used here. An equivalent functionality can be implemented in an LDAP-based group management system with a corresponding business logic.
1.1.8 Assessment of the implications for users When the Windows ACLs are mapped to the POSIX ACLs, the fine granularity with which privileges can be modified under Windows is lost. In practice, however, only the significantly simpler group privileges of the simple security settings are used in the majority of cases. The further graded privileges are used in isolated cases only. The distinction between attribute and file privileges, in particular, is very rarely used. The Append data privilege will also be of use in very few cases only. If an Extended 2/3 file system under Linux is used, this privilege can also be set for selected files as an extended attribute in the command line. The consistent mapping of the simpler privileges model from the POSIX ACLs increases the reliability of the picture of the simple security settings for the average user and for administrators without losing significant parts of the functionality. Certain functions, such as active inheritance and auditing of the file system, can, as described above, be mapped only in part and may also require additional software for mapping. The security of the filing system under Samba is only conditionally dependent upon the function which Samba offers. The reason being that Samba can be combined with different Unix distributions. An "insecure" setting of these Unix distributions obviously also affects the filing system. Samba under Linux enables access to file systems with hard disk encryption. One can sum up that Samba under Linux enables the implementation of a central filing system for heterogeneous system landscapes. However, the different implementations of access rights to files under Window and Linux with Samba must be taken into consideration in this context. In conjunction with the appropriate directory services, user administration and distribution of access rights do not pose any problems even in large networks. To what extent the change or the development in one or another direction is considered and regarded to be easier or more favourable will depend not least on the individuals involved. Migration to Samba, Linux and Open Source opens up new degrees of freedom. Such a step towards emancipation from the standards and best practices of a manufacturer means to the individual administrator not just more freedom, but also more self-reliance.
Seite 228 1.2 Linux-Server with NFS NFS (Network File Service) is a network protocol which was developed by SUN Microsystems in order to release directories and files in the UNIX environment. Since SUN discontinued the further development of the protocol, IETF took over responsibility for its further development. NFS is described in RFC 1094, RFC 1813 and RFC 3530. RFC 1094 was published by Sun Microsystems in March 1989. The following versions have so far been published: • NFS 2 • NFS 3 • NFS 4 Although NFS means file system (FS), it is more of a protocol. NFS assumes that it can make use of an existing file system. These can, for example, be file systems like ReiserFS, EXT4 (the successor version to EXT3) or XFS. In this way, it is also possible to use NFS in order to implement distributed file systems. Theoretically, these file systems can then also be heterogeneous. Version 3 of NFS is still statusless which is, however, not desirable with a view to security. The use of NFS without additional protective measures can hence be recommended in isolated networks only. Clients always need an NFS client in order to access these releases. This client is implemented with all Unix clients. An NFS Client for Microsoft operating systems is available via Microsoft Windows Services for UNIX (SFU) 3.5 extension pack. This pack can be used under Windows2000, Windows XP and Windows2003 R2. NFS enables access to a file system for both Windows and Unix clients. Furthermore, NFS also includes the possibility of offering distributed file systems in a network. This means that it is not necessary for the user to know which physical hard disks contain, for example, a directory. The user accesses the data in the directory and the system sends the data to the application computer after the NFS has logically combined the data. In order to be able to access an NFS drive, the user must establish a connection to this drive. This process of establishing a connection is called "mounting". If a drive or directory is mounted, the user can access any data contained there. However, NFS offers very poor access control to the released directories because NFS uses the Unix "mode bits" for access control. Although it is possible under Linux with NFS to control access to the individual files using the ACLs implemented, this does not enable control of the release. Since version NFSV4, the protocol is no longer statusless. This simplifies the programming of network protection significantly because the protocol "memorizes" the status of a previous transaction. In this way, it is possible, for example, to determine whether certain, non-authorized access is repeatedly attempted which will then be blocked after a defined number of attempts. Under Windows and OS/2, the functionality of NFS is implemented via the so-called Server Message Block Protocol (SMB). This protocol enables user authentication. NFS V3 authenticates the client computer only. This was changed with version NFS V4 so that user authentication is also possible under NFS4.
Seite 229 Linux servers with NFSV3 should be used in isolated networks only, i.e. in networks without any connection to public networks. NFS4, however, also enables the use of the protocol in open networks. In order to enable access control to the directories released, the use of a Linux server with NFS in conjunction with SAMBA or LDAP, respectively, is recommended. The security mechanisms of the servers eliminate the weakness in the NFS. As a result, the NFS protocols enables the offering of data releases and distributed file systems in a heterogeneous landscape. However, the existing security-relevant weaknesses of the protocol must be taken into consideration. In the case of isolated systems, such as test environments, the use of NFS can make sense in order to keep administrative requirements within reasonable limits. The tried-and-tested Network File System (NFS) is recommended for the file services in a purely Linux-based system landscape. NFS is traditionally used as a network-based file system in UNIX networks. NFS is the standard protocol if directories are to be shared by different UNIX systems. Users can access the required directory areas via central or distributed servers. The exported directory trees are automatically linked on the user's corresponding client. The XFS and EXT4 file systems are recommended for the physical storage of data on the disk systems of the real servers. Both systems support journaling functionalities, quotas and the assignment of access privileges at file and directory level. 1.3 Linux Server with OpenAFS OpenAFS has its roots in the AFS (Andrew File System) which was developed at Carnegie Mellon University and continued by IBM. Since AFS was not very widely used at the beginning, IBM decided to develop and release a version for the open source community. Although there is presently no legal entity which holds the rights in the source code of AFS, it is becoming increasingly common. OpenAFS is available for all usual Unix distributions as well as for Windows and Apple MAC OS X. The known weaknesses from the protocol definition in the case of NFSv3 were eliminated during the development of AFS. From the very beginning of the development of AFS, great importance was attached to avoiding the repeated implementation of this or similar shortcomings. The current version is 1.5.25200. OpenAFS does not differ from NFS in terms of its architecture. This means that OpenAFS is also designed according to the client/server principle and can be used to implement distributed data filing systems. The holistic concept of OpenAFS includes not only the simple release of data, but also Kerberos-based authentication, as well as data backup and synchronization of the time between clients and servers which is required for cryptographic components. The AFS network protocol does not extend to the format of data volumes in which the data is filed. This means that the file structure of the AFS namespace cannot be viewed via the operating system and the simultaneous release of data via SMB or NFS for certain data is not possible.
200 Since 20 September 2007; refer to: http://www.openafs.org/. Seite 230 Access to an OpenAFS release always takes place via a corresponding OpenAFS client which must be installed on the corresponding workstation / client. OpenAFS offers the possibility of differentiated user administration. This means that not only rights to release the directories can be assigned, but also rights for the execution of commands for file processing or editing. This means that read privileges can be granted to one user and modification privileges to another user on a directory. This access is managed via ACLs and ignores the privileges set under Unix via "mode bits". The privileges can also be combined to user groups. In retrospect, one can sum up that OpenAFS closes the security gaps of NFS and that preference should be given to the use of OpenAFS in open networks rather than the use of the NFS protocol. Although the source code is presently not assigned to a legal entity, a so-called Council of Elders is there to watch over the code. Representatives of several universities as well as industry representatives are members of this council. Depending on the extent of a Linux migration at the client end, NFS and AFS may also be interesting alternatives. NFS and AFS are widely used in UNIX networks, but special software has to be installed on all clients in order to integrate Windows clients. An NFS client is, for example, included in Microsoft Windows Services for UNIX (SFU 3.0). An AFS client is free of charge and available as an open source from OpenAFS.org. The use of NFS or AFS in an environment with Windows clients always requires far-reaching conceptual changes compared to filing with Windows NT. 1.4 Windows NT 4.0/2000/2003 with NTFS The NTFS (New Technology File System) system was developed by Microsoft in order to overcome certain architectural shortcomings in the FAT system. Meanwhile, the NTFS system has come to almost completely replace FAT and its successors in the Microsoft world. FAT may still be used on some older clients. The latest version of NTFS should always be installed on newly installed clients. Microsoft has so far distributed the NTFS file system in the following versions: • NTFS 1.x with Windows NT 3.x • NTFS 2.x with Windows NT 4 • NTFS 3.0 with Windows 2000 (NT 5) • NTFS 3.1 is the current version under Windows XP and 2003. Microsoft did not introduce a new NTFS version with Windows Vista. Although names, such as NTFS 4 and NTFS 5, are also often found, these are not official version numbers. These names refer to the respective version of the operating systems NT4 (Windows NT 4.0 Server / Workstation) or NT5 (Windows 2000 Server / Workstation), respectively, with which the respective version of NTFS was supplied. In order to maintain the comparability with version 2.1 of this migration guide, the names NTF4 and NTF5 will be used in this chapter too. NTFS forms part of the respective operating systems and is hence subject to the applicable terms and conditions of the relevant license. NTFS treats all the data stored as a file called MFT (Master File Table). The information as to which data blocks of the hard disk belong to which file is stored here. Access
Seite 231 information and the file attributes are also stored here (furthermore, the contents of a file are also considered to be an attribute). The following discussion addresses the successor to Windows NT4.0 Server, Windows 2000 Server and Windows Server 2003 R2 under the aspect of the "file service" topic The NTFS 4 file system will be described first which forms the basis for today's filing and file management system under Windows. The new features introduced with NTFS 5 will be subsequently discussed.
1.4.1 Properties The properties of NTFS 4 include, for example, the following. Every folder and every file has a so-called Access Control List (ACL) which is stored at the file or folder. The ACL contains so-called Access Control Entries (ACEs) which contain the SID of the group or user account and the authorization. Access is thus controlled via the ACL and it is possible to implement a generally granular access control system. The ACL must be broken down further into the SACL (System Access Control List) and the DACL (Discretionary Access Control List): The DACL contains the SIDs of the groups and users authorized to access the object or not. The SACL determines the way in which the security subsystem monitors access to the object. NTFS 4 does, in principle, not support inheritance; only when a new file is created, the privileges of the folder are copied into the ACL of the file. When the privileges of the folder change, inheritance to the ACL of the files included in the folder must be ordered explicitly. One special feature must be considered: A file which is stored in the UNC path \\server\freigabe\ordner\subordner can be read by a user although the "ordner" folder prohibits reading, if the "subordner" folder permits reading. There is no limit to the length of path names. File names with up to 255 characters are supported. Apart from a few exceptions (such as *,\), all characters of the Unicode character set (16-bit) can be theoretically used. A short name which corresponds to the 8.3 convention and which is automatically generated by the operating system is stored for each folder and for each file. Although upper case and lower case characters are distinguished during storage, this is normally not the case during access to the file. Every folder and every file has attributes in the form of flags (write-protect, archive, system, hidden and compressed) as well as information concerning the times of first-time creation, last change and last access. The degree of compression is strongly dependent on the contents. NTFS supports the technology of multiple streams. The frequency of use is relatively low. Alternative data streams are sometimes also used by malicious programs because many virus scanners do not scan these streams, so that the malicious programs are not discovered. Multiple streams must be supported by the application in question, and/or must be programmed there. Multiple streams enable, for example, storage of the Folk resource of Macintosh files. Since Service Pack 4 for Windows NT 4.0 Server, quotas are supported within NTFS. Assignment and control of quotas are based on the owner property and cover the complete volume (logic drive of the file server). Due to these technical restrictions, the use of quotas must be regarded as the exception rather than the rule in existing environments.
Seite 232 The maximum file size under NTFS 4 is limited to 2TB (terabytes) and the capacity of the logic drive. The maximum capacity of the logic drive totals 2TB (theoretically 16 exabytes). The real net data amount depends on the cluster size used during formatting. The number of files is limited to 232-1. NTFS enables auditing of successful and attempted access. In this way, it is possible, for example, to diagnose repeated, undesired file delete operations. NTFS-formatted data volumes are defragmented during ongoing operations. Automatic correction (self-healing) under Windows NT 4.0 does not take place. If this is required, products from third-party manufacturers must be used.
1.4.2 The NTFS privileges system Windows recognizes a total of 13 privileges that can be assigned or cancelled for an object in the file system (file or directory) for every user or group: These are: • Browse folder / execute file • List folders / read file • Read attributes • Read extended attributes • Create files / write data • Create folders / append data • Write attributes • Write extended attributes • Delete subfolders and files • Delete • Read privileges • Change privileges • Transfer ownership privileges. Changes in access privileges are made via the Security settings tab of the Properties dialogue. In order to conceal the complexity of the system of 13 closely related individual privileges from average users, this tab offers a selection of pre-defined items, so-called Group privileges as sensible combinations of the individual privileges. Five such group privileges exist for files and six for directories. These group privileges can be enabled or disabled as a group. The 13 individual privileges are completely shown in the Privilege entry dialogue which is accessed via the Extended/Display/Edit buttons. In this context, the view of the group privileges offered in the security settings is extremely problematic because the presentation can very quickly suggest the absence of privileges which in fact do exist. In the case of full access, for example, where the privilege to write the extended attributes is the only privilege which is not granted, the simple presentation of the security settings shows the picture of a privilege profile which enables reading and executing only. The following table shows which combinations of Seite 233 privileges lead to which presentation as group privileges. Please remember that the checkbox for a group privilege is no longer ticked off if just a single privilege in these aggregations is not set.
Windows group privileges Full Edit Read & List Read Write access execute folder con- tents Browse folder / X X X X execute file List folders / read X X X X X data Read attributes X X X X X
Read extended X X X X X attributes Create files / write X X X data Create folders / X X X append data Write attributes X X X
Write extended X X X attributes Delete subfolders / X files Delete X X Read privileges X X X X X X
Change privileges X
Table 45: Properties of the Windows group privileges
Due to the inconsistencies described in the foregoing, only the extended view in the Privilege entry dialogue will be considered in the following.
1.4.3 Attribute system In addition to the privileges, several so-called attributes and extended attributes are managed for file and directory objects.
Name Bit Meaning Archive A The file was changed since the attribute was last reset.
Write protect R The file is write-protected.
Hidden H The file is not displayed.
System S The file is reserved for the system.
Compressed C The file/folder is stored in the medium in compressed form.
Encrypted E The file/folder is stored in the medium in encrypted form.
Table 46: Windows attributes
Seite 234 1.4.4 Audit Windows includes far-reaching audit options at file and directory level. It is, for example, possible to have all privileges audited individually for every user or group. The resultant information is stored in the security log of the domain controller and/or of the related Windows 2000 computer if the audit guideline is enabled in the system guideline.
1.4.5 Access control Access control via the network to files or folders in Windows NT environments is accomplished by two mechanisms as follows: • Folder unlock (share) • NTFS privileges In order to be able to access a file via the network, one of the higher-level folders must be released. This release is also given an ACL which is stored in the registry. The privileges for this release operation are restricted to the following levels: • Read • Edit • Full access These privileges are absolute. This means that NTFS privileges located below are effectively curtailed by the release privileges. Example: The read privilege at the release level prevents writing even in cases where the NTFS privileges would permit this. Special attention in Windows NT environments should be paid to the privileges (guidelines for user rights) because these privileges can be important for the file services, for example, by "taking ownership of files and objects" and "saving files and folders".
1.4.6 Users and group concept Every folder and every file is assigned to an owner which can be both a group and a user account. The creating user usually becomes the owner. If the user is a member of the administrator group, this group becomes the owner. Systematic access control in the Windows NT environment prefers the assignment of privileges to groups. The assignment of privileges to individual user accounts should be left to the user-specific file systems. The following different group types exist in a Windows NT environment: • Global groups • Local groups on member servers • Local groups on domain controllers Local groups on domain controllers differ from those on member servers in that local groups exist on all the domain controllers of the domain with the same SID.
Seite 235 Local groups on member servers may be nested (group nesting) with the following groups: • with the global groups of the own domain or • with the global groups of the domains which their own domain trusts. Global groups only have user accounts as members.
Two different "classical" access control principles exist in a Windows NT domain landscape: • U-G-L-R method: The user is a member of a global group. This global group, for its part, is a member of a local group of a file server. This local group is the only one for which NTFS privileges are set at a file resource. • U-G-R method: The user is a member of a global group. This global group is the only one for which NTFS privileges are set at a file resource.
Fig. 27: U-G-L-R method
Seite 236
Fig. 28: U-G-R method:
An unambiguous assignment of resource and local group (or global group, respectively) is a precondition for both methods to work without safety risks. This means that the group is used for this resource on an exclusive basis. If the file services are implemented by a cluster, the U-G-L-R method has the disadvantage that the local groups on the node servers cannot have the identical SIDs. This can be remedied by configuring the nodes as domain controllers or by using the U-G-R method.
1.4.7 Expanded functionality Windows 2000 Server and Windows Server 2003 R2 come with a number of new features with regard to file services. These include, for example, the following: • NTFS 5 file system • HSM-API • Inheritance • Encryption (EFS) • SMB over Native IP • Dynamic data volume management • Defragmentation • Group nesting • Remote storage • Indexing service
Seite 237 • Distributed link tracking • DFS • Offline folder • Folder redirection.
1.4.8 NTFS 5 file system The NTFS 5 generally offers the following improvements: It is possible for the first time to manage access privileges by inheritance. This means that privileges which are set on higher-level folders come into effect in lower-level folders and files without the need to write through (burn-in). The disadvantages of writing through (workload problem, deleting of special privileges in sub-folders) are hence eliminated. NTFS 5 comes with a change journal in which the changes are logged. NTFS 5-formatted data volumes include a hidden folder called "System Volume Information" which can only be accessed by the operating system and in which the additional functions are managed. NTFS 5 supports data encryption. The Encrypting File System (EFS) enables users to protect data against reading by third parties (including administrators). A PKI (Public Key Infrastructure) is necessary for this purpose in enterprise networks. Although the integration of quotas in the file system is still possible, it continues to be subject to the restrictions of NTFS 4.
1.4.9 Protocols Windows 2000 Server and Windows Server 2003 R2 continue to support the above- mentioned protocols. Since Windows 2000 Server / Workstation it has been possible to deactivate communication via NetBIOS. For the file services, this means that the "Direct Hosting of SMB Over TCP/ IP" takes place via port 445.
1.4.10 Data volume management Windows 2000 / 2003 (all versions) also offer the possibility to integrate physical hard disks into the system without the need to assign drive letters. These dynamic data volumes can be linked and made available as folders in traditional data volumes201. Windows 2000 / 2003 (all versions) provide for the first time a tool for defragmenting data volumes which should, however, not be necessary if the NTFS 5 file system is used.
1.4.11 Changes concerning access control (group administration) Two different group types have existed since Windows 2000 Server, i.e.:
201 A detailed description of the data volume management functionality and its various possibilities can be found at: http://www.microsoft.com/de/de/default.aspx. If the search string "Datenträgerverwaltung" ["data volume management"] is entered there, the corresponding chapter of the Microsoft TechNet is directly opened. Seite 238 • Security groups: Security groups are contained in DACLs (Discretionary Access Control Lists) which define privileges for resources and objects. A security group can also be used as an e-mail group. An e-mail message which is sent to the group is automatically distributed to all the group members. • Distribution groups: No security functions are activated for distribution groups. They cannot be listed in DACLs. Distribution groups require the support of e-mail applications, such as Microsoft Exchange, in order to send an e-mail to a group of users. If a group is not required for security reasons, you can create a distribution group rather than a security group. Although it is possible to add contacts to both a security group and to a distribution group, it is not possible to assign privileges and authorizations to such contacts. It is possible to send e-mail messages to the contacts contained in a group.
1.4.12 Converting security and distribution groups A group can be converted from a security group to a distribution group and vice versa. This can be carried out at any time as long as the domain is executed in uniform mode. Conversion of groups is not possible with a domain in hybrid mode.
1.4.13 Nesting groups Nesting means that groups can become members of other groups. Nested groups enable uniform group administration because the number of member accounts is increased for which the respective administrative tasks are performed. Furthermore, replication data traffic is reduced which results from replication of changed group memberships. The nesting options depend on whether the domain is executed in uniform or hybrid mode. Membership is determined as follows for groups in domains in uniform mode or for distribution groups in domains in hybrid mode: • Groups with the "universal" range can contain the following members: accounts, computer accounts, other groups with the "universal" range and groups with the "global" range of any domain. • Groups with the "global" range can contain the following members: accounts of the same domain and other groups with the "global" range from the same domain. • Groups with the "local domain" range can contain the following members: accounts, groups with the "universal" range and groups with the "global" range of any domain. Other groups with the "local domain" range can also belong to these groups within the same domain.
Seite 239 Security groups in a domain in hybrid mode are limited to the following types of members: • Groups with the "global" range can contain accounts only. • Members of groups with the "local domain" range can be other groups with the "global" range as well as accounts. Since the "universal" group range is supported exclusively in Windows 2000 domains in uniform mode, it is not possible to create any security groups with the "universal" range in domains in hybrid mode.
1.4.14 Remote Storage Remote Storage is a new service which has been offered since Windows 2000 Server and which enables the swapping to tape drives of files which have not been used for a long time in the sense of an HSM (Hierarchical Storage Management) functionality.
1.4.15 Indexing Service The Indexing Service can be optionally activated for file folders in order to index the files stored there. The index enables a quick search for defined contents. The indexing service enables indexing of the following document types in different languages: • HTML • Text (plain text) • Microsoft Office 95 or higher • MIME (Multipurpose Internet Mail Extension)
1.4.16 Distributed Link Tracking Windows 2003 R2 file servers enable the programming of applications that support the linking and embedding of objects in such a manner that, following relocation of the linked objects, information concerning the current place of storage can be retrieved from the file system.
1.4.17 Distributed File System The Distributed File System (DFS) was already available under Windows NT 4 through additional installations on the server and client. Under Windows 2000 / 2003, these functions were integrated as standard functions and additionally amended both at the client and at the server end. DFS permits releases of folders, which are distributed to several servers, to be presented to the client as sub-folders of a single release. This saves drive letters with a view to the network drives to be assigned to the user. Furthermore, it is not necessary for users to know where their data is physically located. In Windows 2000 / 2003, DFS was amended by integrating the FRS (File Replication Service), so that the linked releases and their contents are replicated to further releases and other file servers. If a server and hence its release fail, the client can refer to the replicates without having to establish new network connections. In Windows 2000 / 2003, information can be saved and replicated via the DFS tree in the Active Directory. This means that the client has access to the required connection information almost all the time.
Seite 240 1.4.18 Connecting The user can be supported in his or her search for releases by publishing the releases in the Active Directory.
1.4.19 Offline Folder and Folder Redirection "Offline Folder" and "Folder Redirection" are primarily functionalities of the client (such as Windows 2000 / Professional, Windows XP, Vista) rather than properties of the file services of Windows 2000 Server and/or Windows Server 2003 R2. They are, however, mentioned here because they are in principle relevant with regard to data storage and because they must cooperate with the file server. Offline folders are, so-to-speak, the successors to the "briefcase" in earlier Windows versions. Users of a notebook, for example, can work on folders and files which are normally stored on file servers without being connected to the network. As soon as the connection to the file server is restored, this data is then replicated. Due to this replication process, the file properties at both ends (client and server) are very important for enabling faultless replication. With the folder redirection functionality, Windows 2000 / 2003 (all the versions) addresses the fact that the size of user profiles on workstation computers can increase tremendously during operation. This can occur, for example, when the user saves data under "Own files" which would be better stored on file servers. Since Windows 2000 (all versions), the "twisting" of the system folders of the user profile ("Own files", "Application data") to a network path has been possible. These folders then appear to the user in a transparent manner as local folders. Due to the relocation of the folders to the file server, measures must be taken to ensure that access privileges remain in effect.
1.4.20 Security NTFS supports data encryption. In order to access data on an NTFS data partition, this must be read by a device which supports the NTFS system. Access control management is carried out by the user administration functionality of the operating system.
1.4.21 Conclusions NTFS offers all the preconditions necessary to ensure secure and user-related filing. Only the restriction of the length of file names, including path information, to 255 characters can cause problems in special cases because this is not transparent to users who do not receive an alert message during data storage indicating that this limit has been violated. However, suitable organizational steps can be taken in order to consider this fact.
2 Migration paths Before discussing the different migration paths, the functions of the individual filing systems described in chapter II.E 1 will be compared. The functional overview of the alternative network file systems also refers indirectly to properties of the underlying server file system (for example, maximum file size or file privileges). With regard to Linux-based servers, this comparison is based on the XFS and EXT3 file systems.
Seite 241 Function WinNT NTFS 5 Samba 3.0 NFS 4 AFS 1.5.25 Windows client without additional X X X software
Length of file names (characters) 256 256 256 256 256
Character set for file names Unicode Unicode Unicode ISO-Latin ISO-Latin
Presentation of upper case / lower X X X X X case
Distinction between upper case / adjustable X X lower case
Disk quotas X X X X
Encryption EFS file-wise at client end
Compression X X 202 203
Maximum file size204 2 TB 2 TB 2 TB 9 EB205 2 GB
Maximum path length Unlimited Unlimited Unlimited Unlimited Unlimited
Change journal X (A form of auditing is available as a Samba VFS plugin vfs_full_ audit) Propagation of releases in the X Active Directory
Distributed file system DFS DFS Standard Standard
File replication service FRS rsync rsync rsync
Journaling X X X X DACL NTFS POSIX POSIX AFS SACL NTFS Samba module
Typical authorization via NT/ LM AD / NT/LM NIS/ LDAP Kerberos PDC Kerberos LDAP, if AD version 4 member then Kerberos
Table 47: Comparison of file servers
202 Available as an extension (patch), for example, for Ext2/3 file systems 203 Available as an extension (patch), for example, for Ext2/3 file systems 204 TB Terabyte 1012, PB Petabyte 1015, EB Exabyte 1018 205 NFSv3 with XFS file system, depending on the architecture up to 9EB, for i386 maximum of 16TB Seite 242 Migration of the filing system is usually carried out by copying data from the old system to the new one. The above-described differences between the individual systems must be taken into consideration in this context. Another aspect to be considered with all migration paths is the risk of losing important file information, such as the date of creation of a file (the date of creation being the date the file was created for the first time). It is hence necessary to clarify in advance of a migration project whether and, if so, which file properties must remain unchanged during migration, for example, for legal reasons. The following properties, for example, must remain unchanged: • Date of file creation • Path of first-time creation • Name of first-time creation • User name of first-time creator • File size • Take-over of change tracking This can mean greater complexity because simple copying of data is not possible in this case. In order to perform a migration project, the rsync command should be used rather than simply copying the data (for example, using a browser). In future, Samba 4 will also enable the use of this command to transmit, for example, the file creation attribute. Although this simplified procedure is at present not yet possible, the rsync command is being continuously developed further206. The discussion on the migration of the file storage system is based on the assumption that no user data is stored locally on the clients. In the case of client migration, a new system with identical functionality is installed without importing data from the old client. If a large number of identically equipped clients must be migrated, diskless operation on a pure network file system is an option worth considering. This special case of central file storage within a network offers significant advantages especially at administration level: Changes in the client configuration are carried out once only on the server, and are automatically in effect on all the clients using this server. The selection of the server service underlying a "diskless client" is basically subject to the same considerations which also apply to the selection of the server system for central file storage in general. The migration of the filing system can always be used as an opportunity to check the functionality and up-to-dateness of the filing structure, the privileges system and the data. It may be helpful under certain conditions to archive or to delete data during such a migration project.
206 http://rsync.samba.org/ Seite 243 2.1 Migration from Windows Server NT 4 with NTFS 4 to Linux with Samba (SMB/CIFS) and POSIX In the case of direct replacement of a Windows NT server as a file storage system with the Windows clients remaining in place, Samba is the system of choice in the open source area. As explained in section II.E 1.1, a Samba server just like an NT server fulfils the filing requirements and, in conjunction with POSIX (refer also to section II.E 1.1), the same privileges structures can be implemented as under Windows NT. This is also valid for the extended privileges under Windows even though these are seldom used in practical applications. If the issue of mapping and implementation is addressed here, the question also arises as to whether the discussions related to Samba and POSIX should not be included in this section. The authors of the migration guide adopted the present structure for two reasons. On the one hand, the properties, functions and possibilities of the products and technologies are described in conjunction with the product and technology discussions. Furthermore, these properties, functions and possibilities are required in the case of Samba in conjunction with POSIX not only for the migration of an NT-based environment into a hybrid Windows/Linux environment, but are also generally required if such an environment is to be implemented. The aspects of pure migration will now be discussed here. However, this then once again only means that the files must be transferred from one storage environment to the new storage environment. Before this data transfer is carried out, each migration project which aims at migrating the file storage system should, first and foremost, examine the existing privileges structures of the filing system with a view to the question as to whether these structures are still up to date and capable of fulfilling the applicable requirements. As already mentioned in the introduction to the migration paths for the filing system, migration should also be seen as an opportunity to clean up and/or as a new beginning. This means that such an analysis can eventually lead to two different results, i.e. 1. The privileges structure is in need of change. 2. The privileges structure is not in need of change and is to be used for the new filing system. In the former case, the new filing system should be set up first before the new privileges structure is implemented. The files of the filing system to be replaced can then be imported selectively by copying. Tools, such as the "robocopy"207 Windows program, are available for this purpose. In the second case, the old filing system can be completely imported to the newly set up file server also using, for example, robocopy. 2.2 From Windows Server 2000/2003 to Linux Server (keeping Active Directory) In the case of migration from Windows Server 2000/2003 to Linux whilst keeping Active Directory, the discussion in the previous chapters is equally valid for the migration of
207 robocopy forms part of the Windows Server 2003 resource kit tools. Seite 244 data. Applications of such a migration include, for example, the migration of data from Windows file servers to NAS (Network Attached Storage) or SAN (Storage Area Network) systems. Although these systems present themselves to the outside world as Windows file servers, they are internally often managed by Unix/Linux systems. Since the Active Directory is retained, the network file system continues to be managed under windows, but is mapped and/or stored via Samba under Linux. This combination of administration under Windows and data storage under Linux can lead to undesired effects in certain cases. Some examples of such adverse effects are given below. • Length of file names Practical experience shows that Windows systems have problems interpreting file names, including path names, of a length of more than 256 characters even though the manufacturer claims that the path names under NTFS can have any length. This can be due to program parts of DLLs and/or program parts from third-party manufacturers where a fixed path length may have been programmed. We hence recommend not using more than 240 characters for the file names, including path names. In contrast to this, Linux permits even longer file names. When a user now uses, for example, the NT Explorer in order to move a file, this can have the consequence that the total length of the file name, including the path name, becomes longer than 256 characters. Since the file system is managed under Linux, Linux stores this file accordingly. The user does not receive any feedback indicating that the file name is longer than 256 characters. When, for example, during a data backup under Windows, an attempt is made to access this file at a point in later time, Windows is then unable to find this file. The administrator must then move or copy the file in such a manner that the file name, including path name, becomes shorter than 256 characters. • Different views for administrators File attributes are set under Windows via the Explorer and displayed accordingly. Under Linux, these settings are implemented according to the procedure described in chapter II.E 1.1. When the administrator examines the attributes of files under Windows and under Linux, he or she will find the corresponding differences. An examination of the settings, i.e. the examination as to whether Windows attributes were correctly mapped to Linux attributes, requires an interpretation effort by the administration. • Inheritance of attributes When attributes and access rights are inherited, cases of unintended inheritance can occur under certain conditions. This is especially the case if attributes and/or access privileges are to be inherited over several subdirectories. Especially in cases where access privileges are inherited, correct inheritance even into subdirectories on lower levels should always be examined. 2.3 From Linux NFS/OpenAFS to Windows 2003 NTFS 5 In the case of migration from Linux NFS/OpenAFS to NTFS 5, mapping of attributes and access privileges does not pose a problem for the NTFS 5 system. Since the NTFS 5 system offers more complex possibilities for creating access privileges and file attributes, all the attributes and access privileges can be taken over on a 1:1 basis in the first place. (Refer also to the comparison tables in chapter II.E 1.1). Existing structures can be Seite 245 expanded or new structures set up, for example, access via nested user groups, after the real data migration process under Windows. The issue of the long file names, including path names, described in chapter II.E 1.1 is even more important in the case of migration from Linux NFS/OpenAFS to NTFS 5 because in this case the file is actually physically stored in the NTFS 5 system. This means that the path name can be cut off when the file is copied. In the worst case, this can mean that it is no longer possible to open the file. The recommendation that the file name, including the path name, should not exceed a length of 240 characters should also be taken into consideration during migration. If necessary, the path names must be shortened. Another problem is the potentially different coding of characters in the file storage system. Linux systems can store file names using character codes which are different from UTF8. This is not possible under Windows. Windows always processes file names in UTF-8. This can lead to undesired changes during migration which should be prevented by prior file name conversion at the Linux end using, for example, convmv or iconv. Furthermore, measures must be taken to ensure that the respective file size does not exceed 2TB. The connection to the user administration functionality and to the assignment of access privileges for users and user groups is also always closely related to the file storage system. The import of users and user groups, for example, from an LDAP directory, must be clarified and, if necessary, carried out even before the files and access privileges are imported (refer to the section on authentication and directory services). The implementation of distributed file storage systems is quite usual under NFS and OpenAFS. In a migration project, this can mean that data from different systems must be consolidated within the network infrastructure. Measures must then be taken to ensure that no data is lost during the migration process. It may happen that a computer which is part of such a distributed infrastructure is switched off during the migration process. This means that the data must always be checked for completeness after the migration process and those responsible should never rely on automatic reports. Although Windows also offers the possibility to implement distributed file storage systems, these are always based on an NTFS system. In the case of a complete migration from NFS /OpenAFS to NTFS 5, all the data must be transferred to NTFS 5 systems irrespective of whether the file system under NTFS is a distributed or central filing system. 2.4 From Windows Server NT4 to Windows Server2000/2003 Data migration from NT4 servers to Windows2000/2003 server is simple if the corresponding servers are contained within the same infrastructure and if the NTFS systems on the servers are identical versions. Both the source system and the target system should be the same NTFS version. If this is not the case, the versions of the NTFS systems should be upgraded to the same level in advance. This is also valid if the Windows file system is a FAT system. In such a case, the latest version of the NTFS system should always be adopted. Once these requirements are fulfilled, migration will usually not require any activities other than the copying of data. If the servers are located in different infrastructures, i.e. with the NT4 server, for example, in a Windows domain structure and the Windows 2003 server in an Active Directory structure, the migration process can become more complex because a 1:1 transfer of the access privileges is not possible. This case leads to two migration scenarios:
Seite 246 • Integration of the NT server into an existing Active Directory infrastructure With this scenario, the NT server is integrated into the existing infrastructure of the Active Directory before the file storage system is migrated. Since the access privileges can be adapted according to the target system during this process, the migration process can be subsequently carried out. • No integration of the NT server into the Active Directory infrastructure Even if the NT server is not to be integrated into an Active Directory structure, it is still possible to import the data without any problems, but unintended changes in access privileges must be prevented during data transfer.
3 References 3.1 Authentication service
File storage always involves the management of access privileges. Measures must be taken to ensure that every user as well as all the applications and services are only granted access where it is foreseen for them. Interesting options exist in this context in conjunction with Samba and OpenLDAP or another LDAP directory service within heterogeneous environments (Linux-based and Windows-based environments). This is why chapter II.C should always be taken into consideration when considering the migration of file storage services. At first, the technology discussions with the sections titled • "Linux and Samba with OpenLDAP and Kerberos (MIT/Heimdal)", II.C 1.1 • "Fedora Directory Server (OSS solution with multi-master capability)", II.C 1.2 • "Windows NT 4 Server as a so-called Domain Controller (DC)", II.C 1.3 • "Windows 2000/ 2003 Server with Active Directory and Kerberos", II.C 1.4 should be considered, depending on the given source and target environments. If migration of the authentication service is also necessary, the corresponding sections concerning the migration paths in chapter II.C 2 should be referred to.
Seite 247 F Subject: print services The "print" topic is a much-neglected topic in the IT world. This is equally valid for all operating system environments, be it the world of Windows or UNIX/Linux. However, print problems often cause the most serious friction losses. A substantial part of administration time and money is spent on resolving routine print problems. Furthermore, printing is often a mission-critical application where failure can cause financial losses and require creativity on the part of those responsible in order to resolve problems. A certain "chaos in infrastructure" is quite common as far as print services are concerned. "Grown structures" have led to all kinds of inconsistencies at many points: A mess of page description languages (PostScript, PCL, PreScribe, ESC/P, PDF) is almost always the rule. The often "unpeaceful" coexistence of different print and network protocols (such as LPR/ LPD, HP JetDirect, SMB/ MS-RPC) causes many problems. Migration of print services to a new platform will not always be able to reproduce a precise 1:1 image of the existing situation. It should, however, be regarded as an opportunity to eliminate existing shortcomings. The following sections will discuss the print services under Linux and Windows in more detail.
1 Products/technologies 1.1 General observations The following sections will initially introduce important aspects which are equally important for all the products and technologies discussed later. These includes the subjects of printer and page description languages, print protocols and the functionalities which a professional print environment can be expected to provide.
1.1.1 Important and sensible functionalities and requirements concerning print environments The following list is designed to provide an idea of the requirements which a printer environment must fulfil and which are all closely related to the required management and monitoring tools.
1.1.1.1 Accounting Cost control through detailed logging and reporting options is a function which is important especially with a view to economically sensible use, above all, in large organizations.
1.1.1.2 Quotas The "quotas" function, i.e. the definition of quantitative upper limits for copies, can be sensible and can help to ensure the economic efficiency of print services, and it can be used in order to control and/or limit costs.
Seite 248 1.1.1.3 Job history This function offers an overview of all print processes. Meaningful data concerning total quantities (budget planning), distribution by models and locations (optimization of resource distribution) as well as peak loads (sensible capital investment) is available at the end of the year.
1.1.1.4 Reliability A minimum level of failure safety is usually an important requirement with a view to user satisfaction. Alternative options should be easy to integrate – the availability of print services should be ensured even in the absence of IT experts.
1.1.1.5 Redirecting of print jobs It should be easily possible to address an alternative printer without the need for the client to send the print job again. (Important: if the alternative printer is another type, it should nevertheless be able to process the print file in question).
1.1.1.6 Reprint Environments with central duplication services often require reprinting of print jobs already completed. A reprint function is helpful when it comes to implementing the "printing on demand" functionality and increasing the number of copies at a later time, or in order to compensate for technical problems (such as paper jam / power failure) and operator errors (such as the use of the wrong colour paper).
1.1.1.7 Print "on hold" Delayed printing or printing "at night" (automatically controlled batch jobs) is helpful when it comes to improving the availability for higher-priority print jobs and to reducing waiting times for users. This function is particularly important for central print service offers in large organizations.
1.1.1.8 Encryption "Eavesdropping" of confidential data should not be possible (not even by intercepting print files). This applies not just to transmission across organization boundaries, but also within organizations because not every staff member is to be granted access to all the data.
1.1.1.9 Authentication Certain printers and limited, "costly" print functions (for example, 1200dpi in full-image mode on photographic paper) should be restricted to defined user groups only. This can be supported by the authentication function.
1.1.1.10 Administration without special software and for overview Ideally, the print infrastructure should support configuration and control, for example, the quick examination of queues, via web browsers in a consistent manner in order to ensure quick and uniform access, flexibility and independence. Depending on the printers used, this possibility can be implemented, but applies predominantly to most PostScript printers in professional environments. The scope of Seite 249 functions of the browser-based administration interfaces depends on the functions which support the individual printer types. No further tools are required for this purpose. This is a very flexible and portable printer management method. Additional command line access guarantees administrators access "from anywhere". In terms of monitoring functions, several PostScript printers offer, for example, the possibility to configure fault e-mails, also with the possibility to append the messages as XML files, so that automated further processing is possible, for example, by way of evaluation via a script with the further possibility to automatically trigger further measures (for example, notifying the facility manager). However, these solutions are not out-of-the box; instead, they must be defined and implemented beforehand. Furthermore, many PostScript printers for professional applications also offer the possibility to use the SNMP. The general aim should be to use the smallest possible number of platform-independent, flexible tools within the scope of an overall solution. This reduces the risk of operator error as well as training time and costs. Prior to purchasing printers, the requirements in terms of management capabilities must be thoroughly explored and defined in order to buy suitable printers on this basis.
1.1.1.11 Integration into heterogeneous worlds A print software should be multi-protocol enabled because there is no generally used standard in place. Multi-protocol capability must be ensured both towards the clients (which should be free to choose any protocol for sending their print files) and towards the target printer and/or second-level print servers (which are often too "old-fashioned" and this requires certain conventions). Furthermore, full support of the future IPP standard must be in place.
1.1.2 Support of established208 standards for print data transmission The above-mentioned functional requirements must be fulfilled by the proposed technical solutions. One particularly important aim is to achieve openness by consolidation on existing, generally accepted open standards. These standards include the print protocols on the one hand and the printer and page description languages on the other.
1.1.2.1 Print protocols Support of conventional or proprietary protocols (and devices based thereon) which will remain necessary during a transitional period should be ensured even in future. The most important protocols will be introduced below. LPR/LPD The LPR/LPD Protocol was described by L. McLaughlin III in the name of the Network Printing Working Group in August 1990 in RFC 1179. Previously, the print service was often rendered as a central part of a computer centre. It was not very common for network printers (for example, as floor printer or department printers) or local printers to be widely used within an organizational unit. The development and use of the LPR/LPD
208 Both open and non-open standard. Seite 250 protocol enabled system administrators to print documents at times of low utilization. The user was able to trigger a print job in this way without having to look after the real printout. The copies printed in the computer centre were either distributed or collected by the user from the computer centre. Although the importance of central printing in a computer centre has today declined, the use of the protocol still makes sense due to its possibilities, for example, providing administrators with a transparent overview of all the print jobs within an organization. The name of the protocol, LPR/LPD, is made up of the following abbreviations: • LPR is the abbreviation of Line Printer Redirector and is the command under Unix to send a file to be printed to a printer. • LPD means Line Printer Daemon. This daemon receives commands via a TCP connection in order to control a printer which is connected locally. However, LPR/LPD as the traditional protocol for print data transmission (from the client to the print server, from server to server and from the server to the target (network) printer as well as from the client directly to the printer) has many shortcomings: It is non- encrypted, non-authorized, not very reliable and not bidirectional (for example, no feedback from the printer). Furthermore, it is not a "real" standard, so that different implementations are possible which sometimes cause problems due to incompatibility. IPP The Internet Printing Protocol is the Internet standard for printing both in local area networks (LAN) and in wide-area networks (WAN, Internet). The protocol covers all conceivable communication paths (from the client to the server, from server to server, from the server to the target printer and the direct path from the client to the target printer). The latest and only binding specification is IPP-1.1. The IPP was designed by a 209 working group (the PWG 2 ) with members representing printer, operating system and software manufacturers from Europe, the US and Japan, and was standardized by the IETF. The IPP is already installed in all modern network printers. However, as long as the "old" LPR/LPD models continue to be used (and they will continue to be used for years to come), the change will be limited to those cases where it immediately makes sense. The use of IPP enables the use of both encryption and authentication functions, for example, in conjunction with the use of CUPS as described in chapter II.A 1.2. IPP is supported by most network-enabled printers. Socket/ Sprocket Sprocket (often better known as "HP JetDirect") is a performant transmission protocol for print files. It is more powerful and reliable than LPR/ LPD: It includes a certain measure of bidirectional communication and is faster. However, it offers neither print data encryption nor user authentication. In practical application, status feedback is only sent from the server to the printer or, in the case of the direct path, from the client to the printer. The Sprocket protocol is now also supported by manufacturers other than HP.
209 http://www.pwg.org/ipp/ Seite 251 SMB/ CIFS Windows clients use this protocol in order to send print data to print servers (or other Windows computers on condition that these offer "released" printers). The path from the next Windows computer to the target (network) printer must then often be handled via another protocol, unless such target printer is connected locally via a parallel, USB, FireWire or serial interface. MS-RPC Windows clients under NT4 and higher can use this protocol in order to send print data to a Windows print server (NT4 and higher). Likewise, automatic driver installation on the clients is possible using RPC methods if the print server provides the necessary files. (The "uploading" of the drivers from a client computer to the print server by an administrator is also based on RPC). Since Samba masters SMB/CIFS, this protocol can also be used by CUPS.
1.1.2.2 The PostScript Printer Description language PostScript Printer Descriptions (PPD) are files in which the specific parameters (picture resolution values, paper dimensions and trays, fonts, etc.) of a particular PostScript printer model can be described. These PPD files are not printer drivers and are usually provided by the printer manufacturers. They can be used to control the specific properties of a printer described in the file when using a uniform driver for all the PostScript printers. The specification of the PPD printer description language was originally defined by Adobe and is today supported by almost every modern print system which is capable of controlling PostScript printers.
1.1.2.3 Page description languages (PostScript) The PostScript (PS) page description language is a programming language with a long development history. PostScript is being developed by Adobe since it was established in 210 1982 2 as a result of the experience with its quasi-predecessors, i.e. Design System 211 (1976) and JaM (1978). 2 PostScript enables a standardized and device-independent way of arranging graphs, fonts, geometric objects and grid images within a document. The description takes place in the PostScript format within so-called PostScript files which are sent to the respective PostScript printer or other PostScript-enabled output devices, such as plotters. PostScript-enabled output devices are, above all, characterized by their ability to interpret these files, i.e. the PostScript format, and to convert these to grid images. These devices are fitted with a corresponding interpreter for this purpose. These interpreters are also available as pure software implementations, 212 with the Ghostscript 2 open source software being one of the probably most well-known products.
210 Some sources also mention 1983 or 1984 as the year in which development started. 211 http://www.mathematik.uni-ulm.de/help/pstut/01_inh.html 212 http://www.cs.wisc.edu/~ghost Seite 252 1.2 Common Unix Printing System (CUPS) The Common Unix Printing System (CUPS) was developed by Easy Software Products. It was developed as a successor to older print systems, such as LPD. On 11 July 2007, Apple announced its acquisition of the rights in CUPS. Apple has integrated CUPS since MAC OS 10.2 (Tiger). The current MAC OS version is 10.5 (Leopard). At present213, CUPS is available as version 1.3.6. Version 1.4 is under development. CUPS is a modular print system based on a client/server architecture for Unix-type operating systems. It consists of a print spooler, a scheduler and a filter system which converts the print data into a format which the printer can understand, as well as a backend system which sends this data to the printer. CUPS thereby enables a computer to act as a print server. The crucial advantage of CUPS is that it is a standardized and modularized print system. Furthermore, CUPS is open source software and is available under both the GNU General Public License and the GNU Lesser General Public License (version 2). The current version of CUPS also offers support of the IPv6 standard and the release of printers via LDAP in version 3. The following list outlines potential architecture options in conjunction with the use of CUPS, with increased failure safety being a crucial requirement for many application scenarios.
1.2.1 Server Every CUPS computer that communicates directly with a printer can offer the print functions as a service to other computers and thus works as a CUPS server. This requires the corresponding PPDs and filters for the print-conformant processing of the print files.
1.2.2 Client Every computer which sends print files to a server is a CUPS client. A client does not require any local filters or PPDs. However, if the print options which are available during printing are to be defined on the client, the server automatically sends the PPDs to the client.
1.2.3 Zero administration for native CUPS clients CUPS servers send information concerning the printers installed in the network to the clients. The clients thus know which printers can be used in the network. This information is published by UPD broadcasting. An alternative approach is for the client to poll the servers in order to obtain this information. Targeted polling is also possible with servers which are separated by routers. Servers located in different networks can be configured as BrowseRelay, they can retrieve the data concerning the available printers and send this information to the clients of their own broadcast domain.
213 10 March 2008 Seite 253 1.2.4 Clustering for failure safety and failover Two or more CUPS servers can be configured in such a manner that fail-safe print services can be implemented. This aim can be achieved by configuring the servers with the same printers and printer names. Implicit classes are automatically generated on the CUPS servers. These classes consist of the printers with the same name. The server that is first ready then accepts the client's print job and sends it to the printer. This configuration can also be implemented by forming classes manually. These classes may even consist of printers with different names.
1.2.5 Printing and printer control The functionality of CUPS is designed as a cross-platform functionality due to the implementation of IPP. IPP is used as a protocol between CUPS servers, clients and state-of-the-art printers with direct IPP support as a communication and data transmission medium. With the use of IPP, the communication between the client and the server systems can proceed in encrypted form under CUPS. SSL 3 or TLS can be used for data transmission. This can be particularly important in enterprises and public agencies where confidential documents are printed. These measures encrypt real communication. CUPS is not yet capable of validating certificates or checking certification revocation lists. After a successful "man in the middle" attack and the presentation of any certificate, TLS no longer offers any protection. However, the ability to check certificates can be easily retrofitted. CUPS modules – so-called "backends" – can be used for communication with conventional printers or print servers. These modules enable communication on the basis of other protocols. Fig. 29 illustrates the use of the protocols at the various interfaces.
Seite 254
Fig. 29: Printing under CUPS214
CUPS uses the PostScript Printer Descriptions (PPD) described in section II.F 1.1.2.2 to control both PostScript-enabled printers and other printers. CUPS is capable of using these descriptions even for printers without a PostScript interpreter of their own in order to enable the corresponding configuration settings via the web frontend or via the configuration masks of the clients. In the case of printers without PostScript capability, the CUPS server then converts the data supplied by the client via suitable filters into the applicable manufacturer-specific and device-specific page description language. Numerous filters of this kind for converting PostScript are made available under Linux, for example, with Ghostscript and other filters. CUPS itself integrates an adapted version of Ghostscript. User-specific and application-specific adaptation of the PPD files is possible for use in CUPS. Information concerning own CUPS extensions for Adobe's PPD can be found on the Internet215.
1.2.5.1 Direct printing from the desktop PC system Direct printing from a client on a printer is not foreseen under CUPS due to its architecture. It is, however, possible to use a CUPS server and a client at the same time on a Unix-based (for example, Linux or Mac OS X) desktop PC. This then enables the printing of files from the client on a directly connected printer.
214 http://www.linuxprinting.org/kpfeifle/LinuxKongress2002/Tutorial/ 215 http://www.cups.org/documentation.php/spec-ppd.html Seite 255 1.2.5.2 Printing via the print server
216 The print job of a client is sent to a schedulerF which uses a filter in order to convert the data to be printed into the PostScript format. This data is then sent to a backend which either prints the data on the corresponding printer (and which converts the PostScript data for this purpose if the printer is not a PostScript printer) or sends it to another CUPS server. As long as CUPS is used without Samba, Windows-based clients have only limited possibilities to print via CUPS on their own because they are unable to access the printer release. Since optimum integration of CUPS in Samba is possible via a corresponding CUPS software library (refer also to section II.A 1.3), a Samba print server can redirect its incoming print jobs (from Windows-based clients) per IPP to a CUPS print server. The entire process is completely transparent for the users. If Windows 2000 (Workstation and Server) or higher Windows versions are used, printing is possible via CUPS without Samba if the IPP protocol is used. As mentioned earlier, most network-enabled printers support IPP. In order to be able to use the full functionality of CUPS, it may be necessary to load a hotfix from Microsoft217.
1.2.6 Technical implementation of the driver function The following section addresses the communication with printers which do not support PostScript. In the case of printers which support PostScript, the data in the PostScript format is directly sent to the printer which subsequently processes the data for printing using its integrated interpreter. The conversion of the print file to printer-compliant bitmaps can be implemented in two different ways for printers other than PostScript printers: • The driver functions are executed completely at the client end. This means that the client prepares the print file in a manner ready for printing. The print server has pure spooling functions for "raw" print files. Drivers can be offered to the client for downloading and automatic installation. • The print data is processed on the print server. In this case, the clients send the print data in postscript format to the print server. The clients require a corresponding postscript driver which the server can offer for automatic installation. The server sends the processed print data to the selected printer. Print processing for a non-postscript printer is carried out by special software (refer to section II.F 1.1.2.3). The second model, i.e. processing of the print data on the print server, offers several advantages compared to the first model: • Furthermore, it also supports the most customary non-postscript printers (depending on support by Ghostscript or other driver packages).
216 A management program which controls the execution times of multiple (print) processes. 217 http://support.microsoft.com/kb/884897/de Seite 256 • Automatic accounting Print time, number of copies, target printer, print ID, user name, and sender IP are automatically logged for every page. This information is available for subsequent evaluation (cost control, statistics). • Quota option Print quotas (according to number of pages and/or volume of print data) can be assigned to users for every printer. • Reprint function Jobs can be saved for a certain period of time and made available if reprinting becomes necessary (without the client having to search, open and send the file again). • Redirect function Print files can at any time be redirected to another target printer even if the original printer was a PostScript model and if the new printer is a non-PostScript device. Print options can be adapted to the particular model of the new target device. • Driver consolidation In the case of non-PostScript printers, all the clients ultimately use the same core PostScript driver which is only modified by an ASCII file, the "PPD". However, the following restrictions must also be taken into consideration: • Increased resource demand Central print data processing on the server requires more RAM, CPU and HD capacity. However, this additional capacity demand can be determined in advance if the expected print volume is known. In the case of printers which can use PostScript data, the PostScript file is created once and subsequently passed on. • Minor restrictions may exist in the case of older printer models Although the majority of customary printer models are supported, a few older printers, especially in the home application area, are not supported. The "Linuxpriniting.org" database218 contains a list of manufacturers and models supported. If necessary, a driver for Mac OS 9 or Mac OS X can be downloaded from the manufacturer and the PPD can be subsequently extracted for PostScript-enabled printers.
1.2.7 Filters CUPS internally uses a modular filter system. It is based on open interfaces and can be extended at any time. Any script languages (Shell, Perl, Python) or programming languages (C, C++, Java, etc.) can be used in this context. Wrapper scripts enable proprietary binary programs to be linked in a simple manner.
218 http://www.linuxprinting.org/show_driver.cgi?driver=hpijs Seite 257 1.2.8 Backends New backends can be easily "docked", be it for environment-specific adaptation to specific requirements (such as automatic replication of certain print jobs in a remote department, for example, in order to archive business letters), or be it because technological innovation (Wireless LAN, Bluetooth, FireWire) makes this approach an attractive option.
1.2.9 Access control The CUPS print server controls access to the network printers which are operated by print servers in as far as these are not controlled via a directory service. CUPS also supports authentication on the basis of the Kerberos protocol219.
1.2.10 Tools CUPS comes with a "built-in" web interface which can be accessed via the following URL: "http://CUPS-DRUCKSERVER:631/". It gives all users informative access to the functions of the print server. Depending on the given configuration, users can monitor the status of print jobs and stop or re-start print jobs or re-print old jobs, etc. New printers (queues) can be created, deleted, re-configured, started, stopped, closed or opened and print jobs can be cancelled, set aside or re-started. The options for using the web interface can be restricted and/or expanded by configuring the CUPS server accordingly. The web interface is subject to the same access checks as the general CUPS resources. Every object of the print server (access to own jobs or individual printers, access to all printers or all jobs, etc.) can be provided with differentiated access privileges: for example, "User Müller has administration rights on condition that he accesses from computer A or B", or "All users can delete their own print jobs, but not other users' print jobs". Printer monitoring is possible, depending on the protocols supported by the printer and the printer drivers installed on the CUPS server. This means that the CUPS system identifies and reports, for example, the following alert and warning messages of the printers: • Paper tray filling level signal • Toner / ink cartridge filling level signal • Printer error messages (for example, jam) • Printer status (for example, online, offline) The causes for the above-mentioned warnings and alerts can usually only be remedied directly at the printer. In addition to and independent of this, the "built-in" tools of professional printers are available which are discussed in section II.F 1.1.1.10.
219 http://www.cups.org/documentation.php/kerberos.html Seite 258 1.2.11 Interfaces When a system supports TCP/IP, CUPS is an almost universal interface for print services with all customary printers and client systems. This enables the implementation of heterogeneous and very flexible printer networks which also offer a certain degree of future safety as long as the TCP/IP protocol is used. Printers which do not support TCP/IP cannot be directly accessed with CUPS. However, this can be achieved using suitable printer boxes, if necessary. Browsing for printers is also possible if CUPS is used. This communication uses the UDP protocol (port631). Measures must be taken to ensure that communication with the CUPS server proceeds either via the IP address or the fully qualified domain name of the server. In a pure CUPS environment, Windows clients cannot communicate via printer releases.
1.2.12 Conclusions Under Linux, CUPS is the de-facto standard of all major distributions (SUSE, Debian, RedHat, etc.). CUPS is the system of choice, both in homogenous Linux system landscapes and in heterogeneous system landscapes with Windows-based client systems. The functionality of CUPS is designed as a cross-platform functionality due to the implementation of IPP (Internet Printing Protocol). However, CUPS also supports all other relevant print protocols, such as LPR/LPD, Socket/AppSocket, SMB/CIFS and MS- RPC (in conjunction with Samba). Furthermore, CUPS offers different options for ensuring data integrity even during printing. These options include SSL-encrypted transmission in conjunction with the use of IPP and user authentication in conjunction with Samba or Kerberos. This offers significant advantages, even with a view to printer access accounting. Before a migration project is started, the support situation of the printer models used should always be analysed. This is particularly important if print processing is to take place completely on the print servers because support may not be ensured in a few, isolated cases. 1.3 Common Unix Printing System (CUPS) with Samba Due to the fact that the CUPS functions are implemented in a software library, CUPS can be very easily integrated. This means that other programs can use its functions by linking to this library. Samba makes use of this capability. By default, Samba is linked to libcups. It enables a Samba print server to redirect its incoming print jobs via IPP to CUPS print servers. These CUPS print servers can be installed on another host dedicated to the print service or on the same host as Samba. The IPP is used here in a manner that is transparent to the administrator or user and does not require any further configuration.
1.3.1 Interaction options between SAMBA and CUPS
1.3.1.1 Driver download and installation by clients with "Point & Print" The CUPS/ Samba combination supports the automated driver download to Windows clients by the "Point and Print" functionality. For this purpose, Samba must be configured in such a manner that it simulates an NT print server. The configuration is described in
Seite 259 detail in the Samba HOWTO Collection and can be easily implemented. Uploading of drivers from a client machine by an administrator is also supported. The printer drivers are then located on the Samba server. They are automatically installed in the background on the Windows client system when the user searches for or identifies the printer for the first time in the network environment and selects the printer (by clicking the right mouse key) in the "Connect..." context menu.
1.3.1.2 Automatic driver installation via logon scripts The use of "logon scripts" makes life even easier for users and administrators within a domain. All that is necessary in this logon script is the following line:
"rundll32 printui.dll,PrintUIEntry /in /n"\\SAMBASERVERNAME\druckerfreigabename"
This mechanism automatically installs the correct printer for the user who logs on (other options in this respect are installation of several printers, setting a standard printer, deleting of obsolete print queues, etc.). The above-mentioned option enables user- friendly administration of printer drivers and reduces the administrators' workload. Environments with different features can be assigned to different user groups via different logon scripts.
1.3.2 Security and authentication Communication between the client and the server system can be encrypted in this case too if IPP is used. Windows clients usually authenticate themselves at Samba rather than at CUPS. This authentication is used automatically in the case of printing via Samba. Samba then administers the privileges. All that is necessary in this case is to ensure that the Samba server is authorized to use the CUPS print server. It must be noted in this context that encryption throughout the entire communication path from the client to the printer is not ensured without the use of IPP. This is not acceptable in areas with high security requirements. The use of the SMB/RPC protocol is hence not recommended in these areas because encryption is not ensured.
1.3.3 Publication of CUPS printers in LDAP and Active Directory Samba can enter its services in an LDAP directory or in an Active Directory. This, of course, also benefits CUPS printers and CUPS print servers. Further integration stages into an AD environment (or into an LDAP environment which largely simulates an AD environment) are possible.
1.3.4 Conclusions The combination of CUPS and SAMBA provides a powerful print server architecture for Windows clients. The use of so-called PPD files (PostScript Printer Description files), which can also be used by Windows, makes it possible for all the print clients to generate identical prints irrespective of their setting. Even different printer drivers on the clients do not matter because under CUPS the printout is processed and prepared on the server only so that the same printer driver is always used. This is not possible under Windows because part of the print processing
Seite 260 functionality is always carried out on the Windows client and hence depends on the printer driver installed on the client. Although CUPS without Samba can also communicate with Windows clients, the clients are unable to use the SMB protocol and the printer releases are not visible in the Windows Explorer. 1.4 Windows Print Services The generally valid LPR/LPD protocol, which is described in chapter II.F 1.1.2.1 and which is known from the Unix and mainframe area, entered the Windows world with Windows NT and its successor versions. It is used on Windows print servers as the default protocol for communications between the server and the printer. The properties of the LPR/LPD protocols are also applicable when used under Windows and do not differ from the implementations of the protocol in the Unix world. Communication between a Windows computer and a printer is implemented via a so- called LPR port which is set up under Windows and addressed via the LPD protocol. Communications proceed exclusively via TCP/IP. The LPD/LPR protocol can then be used by a client to directly address print servers as well as printers if these are connected to the network or directly to the client. Other protocols, such as JetDirect/Appsocket, can also be used to access printers. Since Windows 2000, printing has also been possible via IPP (refer to section II.F 1.1.2.1) if the printer in question supports the protocol. This also means that printing via CUPS servers is also possible in a so-to-speak "quite natural way". At present, however, Microsoft only offers an implementation of IPP version 1.0 which the IETF never "recommended as a standard“ but which only represented an intermediate stage of the discussion, whilst failing, for example, to define the important aspect of print data encryption and user authentication. A CUPS server must hence omit authentication if it is to be used directly from the Windows client. The connection between a Windows client and a print server is usually established per SMB (Server Message Block) or RPC (Remote Procedure Call) under Windows. RPC connections are preferred in this context because they support the functions of the Point & Print method (refer to section II.F 1.4.3). SMB in contrast, is used to connect clients with older Windows operating systems (Windows 98 and earlier)220. Communication between clients and print server can be based on different transport protocols, such as: • TCP/IP • NetBEUI • SPX/IPX Windows Server 2000/2003 provides the following additional functionalities of the Windows print services:
220 Refer also to "Microsoft Windows 2003, Printer Connectivity Technical Overview", Microsoft Corporation, Published: March 2003, http://www.microsoft.com/windowsserver2003/techinfo/overview/connectivity.mspx Seite 261 • Standard TCP/IP Port Monitor (SPM) SPM is compatible with SNMP and, compared to LPR, SPM enables the retrieval of detailed status information. SPM can use both the RAW printer server protocol and LPR. RAW is the default protocol for most print devices. • Internet printing As mentioned earlier, it has been possible since Windows Server 2000 to publish printers on the web and to enable the installation and to print via IPP221: • Publication in the Active Directory (AD) AD enables the printer release to be published on Windows servers (NT/2000/2003) in such a manner that the user no longer needs to know on which server the printer release is located. • Hybrid environments Drivers for Windows NT clients can be stored on Windows 2000/2003 servers. It may, however, happen that the transfer of the device-specific settings fails if manufacturer-specific drivers are used (must be used). The reason for this is the shifting of the printer drivers from kernel mode under NT to user mode under Windows 2000/2003.
1.4.1 Printing directly from the desktop PC system Direct printing (refer to Fig. 30, arrow 1) takes place via LPR/ LPD. This requires the TCP/ IP print server to be installed on the workstation computer under Windows222. A so- called LPR port is configured on the workstation computer as the connection for this. The IP address or a corresponding fully qualified host name of the target printer must be entered to this effect. Furthermore, a printer model and thus the appropriate printer driver must be selected. The selected printer driver is installed on the client during this process. This method is often used if users change between many locations of an organization and if no administration of network resources is used, for example, via a directory service. As a precondition for this method, the corresponding printer must be connected to the network either via a network card and IP address or via a print server. If a print server is used, the IP address or the fully qualified name of the server is entered at the client. Communication between the print server and the printer typically proceeds via a parallel, serial or USB port. If a printer is connected directly to a client or via a printbox, the client can perform the function of a print server which then sends the print jobs directly to the printer. Connection to a local print server is hence no longer necessary.
221 Refer also to "Microsoft Windows 2003, Printer Connectivity Technical Overview", Microsoft Corporation, Published: March 2003, http://www.microsoft.com/windowsserver2003/techinfo/overview/connectivity.mspx 222 Windows 9x systems require a software from third-party manufacturers for this purpose. Seite 262 1.4.2 Printing via the print server The term print server as used in this section means a Windows Server (NT and following) on which the printer drivers are installed. This server receives print jobs and distributes these to the appropriate printers. The printer can communicate with the server via the network or as a local printer it can also be directly connected to the server. Printing from the workstation computer via a print server requires two data streams: • the transmission of data from the client system to the print server (see Fig. 30, arrow 2a) • the transmission of data from the server to the printer (see Fig. 30, arrow 2b) The transmission of data from the server to the print device is usually based on LPR/ LPD (refer to section II.F 1.4.1). The transmission of data between the workstation computer and print server can take place in different ways. Two fundamental requirements must be fulfilled at the server end in order to enable a client to address a particular printer via the server: 8. The printer must be set up on the print server (LPR port, or local connection, printer driver). 9. The printer must be enabled. Enabling in Windows networks is accomplished, for example, when the printer can be found by the search function of the Windows Explorer or the search function of the Active Directory. Communication between the Windows client and the print server (printer release) is possible in three different ways: • The NET USE command can be used in order to redirect an existing local LPT
port to the printer release (example: net use LPT3 \\servername\2 druckerfreigabename). This method requires the user to install a printer (printer driver) on the LPT port and to configure the printer as a local printer. This is necessary if printing from within DOS applications is necessary. The print data is transmitted in RAW format. This means that the print device can directly use the data received. This method is often used by Windows 9x systems if these are unable to access the network printers via other functionalities (for example, Novell Netware). • A new LPR port can be set up which contains the print server and the name of the printer release as the target address. The print data is also transmitted in RAW format. • The so-called "Point & Print" method can be used in order to set up a network printer on the workstation computer. The advantage of this method is that manual configuration or printer driver installation by the user is not necessary. The print data is transmitted in EMF format (Enhanced Meta Format). This format cannot be used by the print device and must hence be processed on the Windows print server. The section below describes the "Point & Print" method in more detail.
Seite 263
Fig. 30: General: printing under Windows
The methods presented in the foregoing are always based on the assumption that the clients are Windows-based. It is generally also possible for Linux-based or other Unix- based clients to access printers which are made available via a Windows print server. This can be accomplished in different ways. On the one hand, it is possible to access the Windows printers via an installed SMB client (Samba client). Most desktop systems (such as KDE, Gnome) and/or the Linux distributions (such as RedHat) also offer appropriate user/administrator interfaces for this purpose via which the printers can be selected. The use of Windows print services for Unix (support of LPD) on a print server also enables the sending of print jobs to Windows via LPD-enabled software on the Linux clients. If a CUPS server is installed on the Linux client, this ultimately offers the choice between the previously chosen options (LPD and SMB) and, subject to certain restrictions, also the use of IPP (refer also to Fig. 1) if the print server is based on Windows Server 2000 or higher. The use of CUPS then also offers other management functions, such as deleting print jobs. The disadvantage of this, however, is that a CUPS server can adversely affect the performance of the client under certain conditions. If the printer to be controlled is a professional printer with network capability, this can be directly controlled via CUPS rather than having to take the detour via the Windows print server.
1.4.3 The "Point & Print" method Microsoft uses the RPC (Remote Procedure Call) protocol for communication between the print client and server and implements the so-called Point & Print technology for this purpose. This enables the transfer of the printer drivers from the server to the client on the one hand as well as the transfer of the device-specific settings (paper trays, standard paper formats) to the client on the other. Furthermore, this shifts part of the rendering process to the server, thereby relieving the client during print processing. This has a particularly positive effect if terminal servers are used. However, the shifting of the rendering process to the server does also adversely affect its performance. It must be noted that this method means that part of the print process is executed on the client and another part on the server. This means that the "sub-driver" versions must be identical on the server and on the client because problems could otherwise occur which
Seite 264 could even bring the entire network to a standstill. When a client finds that the driver on the server is newer than the local one, the driver is then automatically updated on the client too. If, however, the driver installed on the server is older than the driver on the client, this can lead to error messages or to a system crash when an attempt to print or to open the "properties" dialogue is made on the client. This condition can, for example, arise when the drivers on the clients connect to the server if the driver on the server is updated first and the drivers of the clients only thereafter. This problem occurs when the driver on the server is then set at an older version for whatever reason, for example, a hidden error. The same problem also occurs if a new driver version was manually installed on a client. It may be possible to resolve this problem using suitable software distribution mechanisms.
1.4.4 Additional proprietary printer ports In order to close some of the gaps of the LPR/LPD protocol, reputable printer manufacturers have implemented additional ports for Windows systems as of Windows NT. These are, for instance: • Hewlett Packard Network Port print monitor (Hpmon.dll), • Macintosh print monitor (Sfmmon.dll), • Digital Network Port print monitor (Decpsmon.dll), • LexMark Mark Vision print monitor (Lexmon.dll) und • NetWare Print Monitor (Nwmon.dll). In contrast to LPD/LPR, these ports usually enable bidirectional communications with the printers or printerboxes and hence also the possibility to service the printer from the desktop PC or server, respectively. This is carried out by programs which are executed by a server or desktop PC and which enable the elimination of printer problems for which local service is not required. Service functions of this type include, for example, the following: • Cleaning of print nozzles of ink jet printers • Cleaning the paper path • Aligning print heads • Resetting error messages • Exporting consumption data, such as the number of pages printed • Updating the system software in the printer Furthermore, unlike the LPR port, these ports can also use other transport protocols, such as: • DLC (Data Link Control), • IPX (Internetwork Packet eXchange) and • AppleTalk.
Seite 265 However, these proprietary software products, which are made available by the manufacturers, do not eliminate the problem of lacking encryption when printing under Windows.
1.4.5 Tools The administration tools of print servers under Windows are restricted to the administration of print releases and printer drivers. However, it is additionally possible to use the independent and flexible possibilities discussed in section II.F 1.1.1.10 on condition that the printers used support these possibilities. What's more, many printer manufacturers or suppliers of system management software offer proprietary software solutions for device management. The list below contains some examples of software from printer manufacturers and other management and monitoring possibilities: • MarkVision from LexMark • JetAdmin from HP. Although administration of HP laser printers via telnet is possible, this option should be used in emergency cases only due to a lack of encryption. • Many manufacturers also offer a web interface via http or https for administration purposes. • SMTP for sending fault messages to a central management console is also supported by the majority of manufacturers. Similar to network drives, automatic connection to printers is desired when the user logs on. In the case of Windows 9x clients, this can be achieved via VB-Script or certain tools, such as con2prt.exe. Setting privileges on printer releases per logon script or user profiles is not possible. Script programs (Perl) are conceivable with regard to the granting of privileges for printer releases. Under Windows NT4 WS or higher, the print releases can be made available either via logon script or via (server-based) user profiles when Windows starts.
1.4.6 Access control The print servers control access to the network printers which are made available by the print servers (releases) in as far as these are not controlled via a directory service. The privileges for this release operation are restricted to the following levels: • Printing • Printer administration • Document administration
Seite 266 Authentication of Windows clients and/or users is possible under Windows Server 2003 R2. The SMB/CIFS protocol must be deactivated for this purpose223 This, however, makes the administration of the print servers by administrators more difficult because the access options via the network to the print server are then no longer fully available. Microsoft does not by default foresee any encryption mechanisms for print services. However, the .NET environment offers encryption mechanisms which can also be used for encryption in the area of network printers. This requires the implementation of a .NET environment which means that this must be installed accordingly on the Microsoft servers and clients224
1.4.7 Interfaces The logic and physical interfaces must be considered when it comes to connecting printers. The logic interfaces are the printer drivers. Physical interfaces are used to connect printers to other devices. These are, on the one hand, interfaces for direct connections between the printer and the PC, such as a serial or parallel interface or USB, as well as interfaces for connection to a network, such as Ethernet or WLAN, on the other. The methods for printing which Microsoft Windows offers are well-matched within a homogenous Microsoft landscape. If Microsoft print servers are used in a heterogeneous landscape for the administration of central print services, additional systems, such as a Samba server, will be required.
1.4.8 Conclusions The print methods implemented under Windows work reliably with all customary printers. All major printer manufacturers provide tools and printer drivers for Windows which enable administration of the printers. However, Windows does not have a generally valid administration tool, so that the number of printer administration programs increases as the number of different printers and/or printer manufacturer increases and this also means increased administration time and costs. In contrast to this, professional printers (mostly PostScript printers) are available which support management and monitoring via standard browsers (HTTPS) and other standard protocols, such as SMTP or SNMP, and thereby enable simple and cost-efficient administration of complex networks. With regard to the "Point & Print" method described in section II.F 1.4.3, it should be noted that this approach appears to be problematic in conjunction with the use of PostScript printers which is normal practice in professional environments. The complexity of the "Point & Print method does not generate any added value; instead, it deprives the clients of the full functionality of the printer if the server runs with Samba. By "distributing" the driver functions, Microsoft manages to keep the full functionality attached to its own platform. If "Point & Print" is used in conjunction with Samba, the additional functions are restricted, depending on the printer manufacturer, either significantly (for example, HP) or to a minimum degree only (for example, Konica-
223 http://www.microsoft.com/germany/technet/sicherheit/prodtech/windowsserver2003/ w2003hg/s3sgch08.mspx 224 http://www.microsoft.com/germany/msdn/library/security/ SymmetrischeUndAsymmetrischeVerschluesselung.mspx?mfr=true Seite 267 Minolta). This should be taken into consideration when selecting the printers. The effects which occur can be compared to those described in the following knowledgebase article: http://support.microsoft.com/kb/884897/de.
2 Migration paths At first, some generally valid aspects should be mentioned which should be taken into consideration when migrating print services and which are generally valid. A print environment can usually be migrated without any major adverse effects on operation because the new print environment can be set up and set into operation parallel to the existing print environment. This new setup is usually limited to the implementation of the print server. Clients and printers can normally be taken over. It can, however, happen that no printer drivers are available for the new print environment, especially in the case of older printers. In such a case, it is either necessary to use generally valid printer drivers which can mean that the continued use of certain printer- specific functions may no longer be possible, or older printers may have to be replaced. Furthermore, it may be necessary to set up the printer queues on the clients again. This can be carried out as an automated process using login scripts or user profiles. With a view to the adaptation of the queues on Linux clients which may become necessary, a clear distinction must in any case be made between Linux and Windows: Linux does not normally require any adaptation. With Windows, this is carried out via logon scripts during the next logon. Ultimately, migration of print services to a new platform will not always be able to reproduce a precise 1:1 image of the existing situation. Migration should, however, be regarded as an opportunity to eliminate existing shortcomings. Migration from one system landscape to another is much easier if the printers in use have the following properties: • PostScript-enabled • Administration via standard browsers per HTTPS • Sending of fault/error messages via e-mail, preferably in a format that enables automatic processing (such as XML) • The drivers for Windows must be set up in such a manner that all the options are also available via Samba (for example, in the case of Konica/Minolta, not in the case of HP). • They should support IPP with SSL/TLS encryption 2.1 Migration from Windows Print Services to CUPS in conjunction with Samba under Linux One reason to migrate the Windows print services to CUPS can be that older devices which are needed because of their specific print properties are no longer supported by newer Windows operating systems or to an insufficient degree only because the manufacturers have stopped making printer drivers available. In this case, CUPS and PostScript files can be used to print even on those printers which do not support PostScript because the CUPS server converts this PostScript file accordingly.
Seite 268 Furthermore, the so-called PPD files can be used in the manner described in chapter II.F 1.1.2.2. These are offered by almost all manufacturers. Since CUPS is based on TCP/IP, migration to CUPS can also support the establishment of a homogenous IT infrastructure which is purely based on TCP/IP. For this purpose, it should, however, be ensured that no devices use the WINS protocol to communicate with print servers. It may be helpful in such cases to replace or, if possible, to reconfigure such devices. This cannot be avoided in certain cases, for example, with Windows 95 and 98. Consideration should be given in such cases to whether it makes sense and whether it is possible to replace such devices or to change the operating system. If the use of the WINS service cannot be avoided due to other dependencies, migration of the print services from Windows to CUPS requires the establishment and use of a Samba server which can then ensure communication with the CUPS server. If, however, WINS is not required, the connection can be made directly via TCP/IP in which case the IP address is required in conjunction with the setting up of a corresponding port on Windows computers. In order to enable resolution of the printer names, the use of Samba is then necessary again for the Windows computers. The introduction of CUPS itself requires the implementation of at least one computer in the network which acts as the CUPS server. Depending on the size of the print environment, this device should be an independent server, i.e. it should not perform any other functions. In addition to this, it is also possible to implement a fail-safe solution with several servers, depending on the given availability requirements. 2.2 Migration from CUPS in conjunction with Samba under Linux to Windows Print Services The facts described in the introduction are also valid when it comes to migrating a print environment from CUPS to Windows. However, a migration path as discussed here requires that special attention be paid to the fact that all the devices integrated into the new print landscape are also able to communicate with the Microsoft print servers. This applies to both the printers and the clients in the network. Migration can cause problems especially in the case of older printers which are no longer supported by the manufacturer. This is, for example, the case if no driver for Windows is available for the device in question. 2.4 Migration from Windows NT4/2000 Print Services to Windows 2003 Print Services Microsoft offers the PrintMig migration tool for migration from NT4 to Server2000 / Server 2003. This tool also supports porting of all print queues, printer names and drivers, if any. It must be ensured in this context that a future-safe concept is developed which rules out the use of NT4 drivers in the new environment. The current version of the migration tool is PrintMig version 3.1.
3 References 3.1 System management and monitoring The most important reference exists to the system management and system monitoring complex (chapter II.G: "Subject: system monitoring and management services"). In this case, it is, primarily, the on-board tools which are made available with the operating
Seite 269 systems (refer to the introduction to the technology discussion for chapter II.G "Subject: system audit and management services"). Furthermore, it is the large integrated solutions from suppliers, such as HP and IBM, which also offer suitable solutions for monitoring and managing the printer infrastructure (refer to chapters II.G.1.3 "HP OpenView" and II.G.1.4 "IBM Tivoli"). The possibilities and functions of Nagios also have an important role to play as an open source tool for system monitoring functions (refer to chapter II.G.1.1.1 "System monitoring with Nagios"). 3.2 Authentication and directory services An equally important reference exists to the authentication and directory services with regard to the "security" issue. In this case, it is, first and foremost, the possibilities in conjunction with Samba in hybrid environments (refer to chapter II.C.1.1 "Linux and Samba with OpenLDAP and Kerberos (MIT/Heimdal)") and Kerberos (refer to chapters II.C 1.1 and, in particular, II.C.1.1.3 "Heimdal-Kerberos /MIT Kerberos 5" as well as II.C.1.4.1 "Kerberos") both under Windows and under Linux and whenever single sign-on solutions are to be implemented. 3.3 Network services The reference to the network services (refer to section II.D "Subject: network services") results from the security requirements concerning communication with printers via the network. In this case, it is, first and foremost, the different ways of encrypting communication lines.
Seite 270 G Subject: system monitoring and management services
1 Products/technologies System monitoring and system management utilities offer functions which simplify the administration, maintenance/updating and trouble-shooting of devices. The term "device" as used herein means any device which is connected to a network. System management chiefly includes the following functions: • Provision of application software (software distribution) • Provision of operating systems and operating system patches • Monitoring of systems, including their status (even agentless) • Creation of reports • Remote control of systems Most Unix operating systems include as on-board tools a number of simple tools which can, if properly used, serve to handle very complex tasks. The majority of the tools described in the following are available as on-board tools also under Windows or other, freely available tools exist, such as the SSH implementation "PuTTY" or other tools which are presented on the following website (http://www.openssh.org/de/windows.html). • cron sss Cron is a so-called daemon which is controlled via the crontab command. This daemon can be used to have the system automatically execute recurring tasks. These tasks can be batch jobs, executable programs, executable script files, and so forth. Crontab is not only the command to control the cron daemon, it also identifies the list of tasks which are to be started by the cron daemon. This list contains both the tasks and the time of execution. The cron daemon checks this list every 60 seconds in order to find out whether there is a task to be executed and, if so, executes the task accordingly. The cron daemon is implemented differently in the different Linux distributions. Differences exist primarily in the possibilities for assigning parameters to the tasks. Most Linux distributions currently include Vixie-cron. • at The at command, similar to the cron daemon, is used for the time control of tasks. The at command is used to time-stamp a task which is executed exactly once. The system then executes this task at this point in time according to the time stamp. Each task must be introduced to the system with a new at command. Another two commands for the time control of tasks are defined in the environment of the at command. The atq command shows all the tasks created with the at command and sorts these tasks according to the users who created them. The atrm command removes the tasks on the basis of their unambiguous numbers assigned by the system.
Seite 271 • Ssh ssh (secure shell) represents both the name of the protocol and the implementation of a secure shell client. In the case of Linux, this is implemented as an integral part of Linux. ssh is used to establish a secure connection between two computers or users, respectively. A console at a Linux computer, for example, is also considered to be a user and all the commands sent from this console are sent to the ssh client which forwards the command accordingly to the system. An ssh connection enables the administration, management and monitoring of any Linux computer if the required authorizations exist. Since SSH1 continues to be susceptible to "man-in-the-middle" attacks, SSH2 should always be used. The SSH2 shell is then also generally available to other Unix-based operating systems. • SNMP The Simple Network Management Protocol (SNMP) protocol was developed by the IETF in order to be able to monitor and control active network components (such as servers, switches, printers, computers, etc.). The protocol controls communication between the devices monitored and a monitoring station. SNMP was designed in such a manner that any network-enabled device in which the TCP/IP protocol is activated can be monitored. The current version is SNMPv3. This is described in RFCs 3410 and following and, unlike its predecessors, also offers security mechanisms, i.e. encryption and improved authentication. A detailed description can be found on the website of the Federal Office for Information Security (BSI)225 . Many system manufacturers have implemented the transmission of so-called "snmp traps" in order to support the system monitoring function. These traps are normally also documented and can hence be evaluated via the system monitoring function. MRTG/ RRD specializes in the monitoring and analysis of network traffic. MRTG uses SNMP in order to capture and store traffic data from the most different network components. Evaluation and graphic rendering can be carried out either internally by MRTG or externally by RRD. More than 350 templates are available for MRTG in order to directly connect the most varied SNMP-enabled network components and services. NeTraMet, which also uses SNMP, is another tool for traffic analysis and visualization. Scotty is another tool for visualizing and managing local networks. Scotty also works with SNMP and also enables the editing of SNMP-accessible parameters on remote network components. • Ping The ping command is a standard feature of all Unix distributions and under Windows. This command sends a data packet to a target address. This can be an
225 http://www.bsi.de/gshb/deutsch/m/m02144.htm Seite 272 IP address or a DNS name. If the target device is switched on and connected to the network, this system returns a data packet to the sender which records this fact. The time of the data transfer is also measured here. The ping command can hence be used as a simple way of identifying the connection status of a device connected to a network and, to a certain degree, of performing network performance measurements. Ping is often used for agentless monitoring of systems. • syslog syslog is a de-facto standard for the transmission of log messages. This term is used in several variants both as a name of the syslog network protocol and for the applications or libraries which send or receive syslog messages. syslog is a simple client/server protocol where the client sends small data packets to the server. Syslog is typically used for computer system management and security monitoring purposes. 1.1 System management with OSS – Nagios, etc., Linux In OSS, there is no such highly integrated system management software comparable with HPOpenView or Tivoli Configuration Manager which covers all the aspects of system management via a large package of modules. There are, however, numerous tools which can clearly compete with comparable modules of integrated systems and which are well suited for performing the corresponding system management functions. These tools, so-called on-board tools, can be combined with each other, so that a powerful and, above all, affordable system management functionality can be set up even in the OSS world. Individual Linux distributions offer different system management functions. Debian, for example, already comes with its software distribution even though only Debian-based computers can be integrated into this distribution.
1.1.1 System monitoring with Nagios Although Nagios was developed for use under Linux, it can also be used under almost all other Unix distributions. The latest Nagios version is 2.9226. Version 3.0 is currently available as beta version 3.0b1. Nagios was formerly known as NetSaint. Nagios and the Nagios logo are registered trademarks of Ethan Galstad. Ethan Galstad is the leading developer for Nagios. Detailed information as well as latest developments can be found on the Nagios homepage227. Nagios is published under the "GNU General Public License Version 2" by the "Free Software Foundation". Nagios is currently used by approx. 2,000 registered users who monitor approx. 350,000 clients with this system228.
Nagios is a computer and service monitor which was developed to detect faults and errors (unexpected events during operation) and problems (frequently occurring faults
226 As per 1 November 2007 227 http://www.nagios.org/ 228 http://www.nagios.org/userprofiles/quickstats.php Seite 273 where no fault/error elimination procedure is known). Furthermore, Nagios also monitors printers and active network components. The monitoring daemon performs requests and checks of computers and services at defined time intervals which return a status feedback to Nagios via external plugins. When a fault or error is detected, the daemon can send a message to defined recipients, such as an administrator account, via different paths (e-mail, instant message, SMS, etc.). Up-to-date status messages, log files and reports can be retrieved via a web interface. Nagios can also be configured in such a manner that the system can make an attempt, for example, by re-starting a service, to automatically remedy an error or fault which has occurred. Nagios is also specialized in the visualization of network topology and in the monitoring of services on servers with other operating systems. Nagios responds, for example, to errors or events on the basis of definable threshold values. Nagios uses plug-ins for active and passive monitoring of the most varied services and system parameters. It is, for example, possible to monitor typical network services, such as web, mail, LDAP, different RDBMs or Samba. Other plug-ins enable the monitoring of system parameters, such as CPU workload, hard disk space, as well as hardware sensor data (temperature, power supply and fan speed). Simple interfaces and templates enable the quick development of user-defined plug-ins. Nagios offers numerous functions and properties for monitoring the IT infrastructure, the IT services and for the administration of Nagios itself. The most important functions are listed below. • Monitoring of network services (SMTP, POP3, HTTP, NNTP, PING, etc.) • Monitoring of computer components (processor load, hard disk and memory load, running processes, logfiles, etc.) via smnp • Monitoring of physical parameters, such as temperature • Storage of contact information for reporting faults/errors and their elimination (via e-mail, pager or via other user-defined routes) • Notification of different, defined user groups in the case of an escalation • Possibility to define automated event managers which can respond to an event, such as a server re-start when a server service is reported to be at fault • Nagios supports the implementation of multiple Nagios consoles having identical monitoring functions. Enhanced failure safety and load distribution can be implemented in this way. • Command line interface for quick changes in monitoring parameters and event managers • Retaining status messages when the program re-starts • Storage of scheduled downtime, for example, for maintenance and service work • Possibility to report faults and errors even per web interface • WEB interface to display the current network status, message and fault history, log files, etc. • Simple user administration
Seite 274 Examples of the user interface and an installation manual can be found on the Nagios website229. Installation, setup time and costs for a standard installations can be considered to be relatively moderate230. Although Nagios was developed for Linux, it can also be used to monitor heterogeneous networks using, for example, a mix of Linux, Unix and Windows systems. Nagios offers a simple plug-in architecture which enables users to develop their own plug-ins and to integrate these into Nagios.
1.1.2 Open source software distribution systems
1.1.2.1 Opsi Opsi is a product from the Mainz-based company uib231 and is subject to GPL and hence freely available. Opsi supports the software distribution on Windows 2000, Windows XP and Linux systems. opsi has been used and developed further for more than 9 years. Opsi version 3.1 was released on 6 September 2007. The opsi functionalities include software distribution with • standard software packages, • software updates, • Microsoft service packs, • Microsoft security patches and • stock-taking.
1.1.2.2 m23 m23232 is a software distribution system for Debian Gnu Linux systems which, just like Opsi, is subject to GPL. Although m23 is not suitable for heterogeneous system environments, this is not necessarily a disadvantage in a homogenous Debian environment. Like most other software distribution systems, m23 is a client/server-based systems that includes, for example, the following functionalities: • initial installation, including partitioning and hardware detection, • distribution of system and application software, • restoring clients, • software updates and • stock-taking (hardware detection).
229 http://www.nagios.org/about/screenshots.php, http://nagios.sourceforge.net/docs/3_0/quickstart.html 230 The installation manual can be found on the Internet at the following URL: http://nagios.sourceforge.net/docs/3_0/quickstart.html. 231 http://www.uib.de/www/home/index.html 232 http://m23.sourceforge.net/PostNuke-0.726/html/index.php Seite 275 m23 thereby offers the key functionalities which are also made available by most proprietary systems.
1.1.3 Conclusions To sum up, one can say that the free software products which are available in the OSS world can be used to implement a complex and well-functioning system management environment. The combination of different products leads to far-reaching manufacturer independence and enables migration from one software to another as a cost-neutral process in terms of license costs. The combination of individual functions from the area of commercial software with OSS software certainly also appears to make sense. Many organizations, for example, use HP OpenView as the network management system. Its use can be continued in order to set up a parallel software distribution using an OSS tool. Nagios as a monitoring tool and opsi as a tool for software distribution have proven in practical use that they are, above all, very suitable even for large IT infrastructure environments. The other OSS tools and, in particular, the on-board tools mentioned in the introduction are in principle suitable for small and medium-sized public agencies. OSS offers, above all, a high degree of flexibility and can be easily adapted to specific requirements. This usually leads to a high level of acceptance for the solution and increased motivation among employees to address system management issues. 1.2 Microsoft Systems Management Server (SMS) 2.0/2003 and Microsoft Operations Manager (MOM) The following two management tools will be discussed now: • Systems Management Server (SMS) for software distribution • Microsoft Operations Manager (MOM) for system monitoring and management The Systems Management Server (SMS) was launched more or less at the same time as Windows NT 4. SMS version 1.2 can be regarded as the last version of this generation. Version 2.0 came out in 1999. The current version is SMS 2003 R2. This version will be discussed in more detail in the following. SMS was just recently released in the Microsoft System Center Configuration Manager (SCCM) 2007 version. Microsoft Operations Manager 2005 was recently released in the System Centre Operations Manager (SCOM) 2007 version. Since no empirical values are so far available for SCCM 2007 and SCOM 2007, these versions will not be discussed in more detail in this document. SMS and MOM are commercial products from Microsoft. The server software is licensed. Furthermore, a client license is required for each client which needs a component of the SMS or MOM. The situation can be summarized in detail as follows:
Product Licensing Microsoft Systems Management For each license acquired, one copy of the server Server 2003 software can be installed and used on a single server.
Microsoft Systems Management Enables one device (a single server, a single Server 2003 Device CML personal computer, a workstation, a terminal, a hand- Seite 276 Product Licensing (Configuration Management held computer, pager, telephone, personal digital License)1 assistant or any other electronic device) to be managed by Microsoft Systems Management Server 2003.
Microsoft Systems Management Enables the installation of one copy of the Microsoft Server 2003 with SQL Server 2000 Systems Management Server 2003 software on a technology single server, and enables the installation and use of one copy of the server software of Microsoft SQL Server 2000 on a single server. The SQL Server software may only be used to support its Systems Management Server Primary Site Server and/or Operations Manager as part of its system management software.
Table 48: Licensing of the Microsoft system management components
SMS and MOM are independent software products from Microsoft. They are integrated into the Microsoft landscape and require additional components (for example, SQL Server and MS Server) in order to be functional. SMS and MOM cannot be purchased as independent applications for other operating systems, such as Linux. SMS 2003 R2 can be used in large-scale environments with more than 250,000 clients, with a single server being able to manage up to 25,000 clients. SMS and MOM fully perform the basic functions of system management systems as described in the introduction. The functions are not distributed as independent modules, i.e. the functions are integrated into the SMS and MOM software. The SMS / MOM client can be installed on the following operating systems: • Microsoft Windows 98 • Windows NT® Workstation 4.0 • Windows NT Server 4.0 • Windows NT Server 4.0 Enterprise Edition with Service Pack 6 or higher • Windows 2000 Professional • Windows 2000 Server • Windows 2000 Advanced Server
• Windows 2000 Datacenter Server • Windows XP Professional • Windows XP Embedded with Service Pack 1 or higher • Windows Server 2003 Standard Edition • Windows Server 2003 Enterprise Edition • Windows Server 2003 Datacenter Edition
Seite 277 The add-on named Vintela Management Extensions (VMX) described in the migration guide, V2.1, which can also be used to support Linux, Unix and Mac systems (OS X) is no longer offered in this form. An add-on named Quest233 Management Xtensions for SMS 2003 from Quest Software which is subject to licensing is available for SMS 2003 and offers the above-mentioned support. The add-on supports by default the following functions: • Software patch distribution • Software distribution • Stock-taking (hardware and software) • Software measurements • Detecting systems • Remote tools • Reporting SMS in conjunction with Quest Management Xtensions for SMS 2003 is hence also definitely suitable for use in heterogeneous system landscapes. As a precondition for operation in a MOM 2005 environment, the following components must be installed on one or more servers: • Microsoft Operations Manager 2005 – management server • Microsoft Operations Manager 2005 – database • Microsoft Operations Manager 2005 – administrator console and operator console • Microsoft Operations Manager 2005 – reporting server The minimum hardware requirements and further recommendations concerning the installation of this environment are published on the Microsoft homepage.234 MOM 2005 can be used to monitor numerous systems. The configurations which can be supported are published on the Microsoft website235 "Unterstützte Konfigurationen für Microsoft Operations Manager 2005" [Supported configurations for Microsoft Operations Manager 2005]236: Further management packs are available from Microsoft and third-party manufacturers in order to expand the monitoring functionality to many other systems (not just operating systems, but, for example, also to storage systems or active network components). A list of more than 200 management packs from Microsoft and third-party manufacturers, including descriptions of the management packs and manufacturer source information, is available from Microsoft.237
233 http://www.quest.com/ 234 http://www.microsoft.com/germany/mom/uebersicht/systemanforderungen.mspx 235 http://www.microsoft.com/germany/technet/datenbank/articles/600585.mspx#EEC 236 http://www.microsoft.com/germany/technet/datenbank/articles/600585.mspx#EEC 237 http://www.microsoft.com/technet/prodtechnol/mom/catalog/catalog.aspx?vs=2005 Seite 278 Some of these are listed below: • Exchange 5.5/2000/2003 • SQL Server 2000 / 2005 • Windows DHCP Server Service 200 / 2003I • Commerce Server 2007 • Windows Print Server 2000 / 2003 • Windows Terminal Services 2000 / 2003 • Proxy Server 2.0 • Windows DNS Server Service 2000 / 2003 • Windows Internet Information Server 2000/ 2003 • Windows Active Directory 2000 / 2003 • SMP for Linux Server • Virtual Agent for: Mandrake Linux, Open BSD, Red Hat Linux, Sun Solaris, SUSE Linux
• SMP – Cisco for: Switches, Routers and Concentrators Just like for SMS 2003 R2, a licensed add-on is available for MOM 2005 with the name Quest Management Xtensions for MOM from Quest Software which extends the functions of the MOM for monitoring the AIX, Solaris, HP-UX, RED HAT and SUSE operating systems. The add-on supports the following functions: • Reporting • Event and performance management • Application monitoring As described, SMS and MOM offer a host of possibilities for integrating interfaces from third-party suppliers. Furthermore, the products are fully integrated into the Microsoft world and function with all Microsoft products. Once can hence sum up that the combination of SMS and MOM is a very good solution for the administration of computer resources in a homogenous Microsoft landscape thanks to integration into the MS landscape. Furthermore, it is also possible to integrate devices, such as PDAs, into SMS or MOL and to supply these with software or to monitor them. This is usually easy to implement. 1.3 HP OpenView HP offers a product family under the name of OpenView which offers a functionality that goes far beyond the functions of the system management (system). HP OpenView has
Seite 279 its origins in the HP OpenView Node Manager238. This program was previously only used for the monitoring and administration of networks. HP OpenView is a commercial product which can be obtained from HP and its distribution partners. OpenView is offered in two versions. One version being the Management Server, the other one being a Java implementation of the Java console called Management Server. The Management Server can be installed on the following operating systems: • HP-UX (PA-RISC, Itanium) • Solaris (SPARC) Both installations require the use of an Oracle database. According to the manufacturer, the Java console can be installed on the operating systems mentioned below. In each of these cases, installation of a Java runtime environment is necessary. • HP-UX • Sun Solaris • Microsoft Windows • Red Hat Linux HP OpenView also includes modules for storage and process management. The HP OpenView modules can be used individually and combined accordingly. This means that HP OpenView can fulfil all requirements for system management software.
OpenView supports, for example, the following client operating systems: • HP-UX, Sun Solaris • Microsoft Windows • IBM AIX • Tru64 UNIX • Red Hat Linux • SuSE Linux • Turbo Linux • Debian Linux
• Novell Netware • OpenVMS • HTTPS-based agents • HP NonStop Servers
238 https://h10078.www1.hp.com/cda/hpms/display/main/hpms_content.jsp?zn=bto&cp=1-11- 15-119^1155_4000_100_ Seite 280 • IBM OS/390 • z/OS • IBM OS/400 HP OpenView offers modules and add-ons for system management functions for all customary systems. Due to the history of HP OpenView as a widely used network management tool, many organizations have come to use HP OpenView also as a system management system. HP OpenView hence offers a tried-and-tested system management environment which is well suited for system management functions in heterogeneous landscapes. 1.4 IBM Tivoli system management Tivoli239 was developed by the like-named company as a system management and storage management system. In the 1990s, IBM acquired Tivoli which is now a wholly owned subsidiary of IBM. IBM has significantly expanded the Tivoli product range. The Tivoli product family now comprises more than 70 different modules, which also include storage solutions and process management modules. This chapter discusses only those functions which are necessary to provide the functionalities described in the introduction to this chapter. Comprehensive online documentation is available for IBM Tivoli. Tivoli is a commercial product. License fees are payable for each module used and for each client. Tivoli is not a monolithic program. It consists of many individual modules which can be combined according to their functions. With its more than 70 modules, it offers all the necessary system management functions. The specific module combinations which are required for the individual fields of application should be identified in cooperation with the manufacturer. This is applicable, above all, to the introduction of a corresponding system. All the Tivoli modules support the monitoring and administration of the following operating systems: • AIX • HP-UX • Linux • SUN Solaris • Windows NT
• Windows 2000 • Windows 2003 Tivoli offers modules and add-ons for system management functions for all customary systems.
239 http://www-306.ibm.com/software/de/tivoli/ Seite 281 One can hence summarize that Tivoli is a tried-and-tested system management program package which has been successfully used for many years in heterogeneous landscapes. Due to its license terms and conditions, however, it may be difficult to determine the costs because in the case of a large number of modules separate licenses may have to be acquired for each client and each module.
2 Migration paths Migration of system management software can mean a very extensive and complex project, depending on the scope of the functions used and the size of the network infrastructure. Migration can be very time-consuming and require meticulous planning especially in cases where applications for software distribution, remote control, etc. are used in addition to mere monitoring functions. It is, for example, often very difficult to migrate from one software distribution system to another without having to once again create the individual software distribution packages. Migration of the applications for monitoring functions is least critical. In the case of the software groups described in the "Technology" chapter, these are: • Nagios • IBM Tivoli Monitoring • HP OpenView Node Manager • Microsoft SMS Migration of system management software should always be examined with a view to general economic efficiency and commercial viability too. In concrete terms, this means that the positive or negative effects on operating costs following migration must always be considered in addition to the pure migration costs. It goes without saying that the question to be answered is of a fundamental nature, i.e. as to whether and why migration should be carried out from one proprietary solution to another, for example, from IBM to HP or from HP to Microsoft. The pros and cons of such a migration project must be clearly identified in advance. In contrast to this, migration to OSS software is certainly always interesting from a purely financial perspective. 2.1 Migration from Tivoli system management to HP Open View Migration from Tivoli system management to HP OpenView means migration from one proprietary system to another. HP also offers support for this type of migration. However, due to the complexity of the two product families, it is important to precisely identify the scope of support which is actually required. HP, for example, offers a migration tool which supports migration from IBM Tivoli Service Desk to HP OpenView Service Desk. Both programs do not support system management, but merely support service desk functionalities. They nevertheless belong to the same system management product family. Migration from IBM Tivoli to HP OpenView usually means the new setup of an HP OpenView system followed by deactivation of the IBM Tivoli system. The several reasons for this are listed below: • Short interruption of the system management functionality during migration • Opportunity to re-design the monitoring functions and rules • Examination of the new monitoring landscape by comparison with existing data
Seite 282 • Possibility to deactivate the old monitoring system when the new system is fully functional and accepted • Possibility to successively replace the IBM Tivoli clients with HP OpenView clients. This approach does, however, involve the financial risk of license costs, software maintenance/update costs and support costs having to be paid for both systems throughout the entire migration time which may be even longer than originally planned. 2.2 Migration of proprietary system monitoring software to Nagios Although this chapter only focuses on the above-mentioned migration of system monitoring software, some general remarks concerning the migration of system management software to OSS will be made at the beginning. With regard to system management, most OSS operating systems follow the UNIX path, in line with their origin. The OSS systems as multi-user and network systems come with a wide range of functions for central system management and, in some areas, are the model rather than the substituting alternative to a Windows solution. Migration also means conceptual changes for administrators and the process organization which enable significant progress, especially with regard to security. The high degree of security and reliability generally associated with Linux systems is not least the result of system management. A migration project means far-reaching changes for those in charge of system management. Both the analytical features as well as the options for adjusting and correcting the OSS systems give system administrators much more freedom than can be found in a closed Windows system. This freedom can be used to emancipate oneself from manufacturers and external service providers whilst at the same time boosting the qualification of one's own staff. The transparency of the open OSS systems contributes towards a fundamental and far-reaching understanding of the function and dependencies of the different components in a state-of-the-art IT infrastructure. In the case of the migration of system monitoring software to Nagios, the possibility should be used to set up the Nagios system first and to subsequently deactivate the proprietary system, all the more so because this limits the financial risk to the provision of a hardware platform which must be made available as a parallel system during the migration period. 2.3 Migration from SMS 2.0 to SMS 2003 System Management Server 2003 (SMS) is the successor version to System Management Server 2.0. SMS 2003 offers largely the same functionalities as SMS 2.0, which, however, have been improved on almost all levels. Microsoft offers comprehensive migration support on its websites240. Migration can be carried out in several ways, including, for example, the use of "on- board tools", by copying and by generating reports and, on the other hand, using the
240 http://www.microsoft.com/germany/aktionen/partnerfinden/solutionfinder/ default.mspx?solutionid=9ae215677c5d4379ab02f86a817c0523 Seite 283 SMS Migration Tool (CCSMT) which is made available by Microsoft. This tool is offered by Computacenter within the framework of Microsoft's Solution Finder Program241. Migration from SMS2.0 to SMS 2003 is certainly not a very complex process. However, a significant amount of time is necessary which should not be underestimated when planning this process.
3 References 3.1 Network services System monitoring and management services are complex tools which must communicate with the applications and protocols monitored by these services. This interaction usually takes place via dedicated protocols which are forwarded in networks. Depending on the technology involved, this leads to references to the network services complex (chapter II.C 3.1). The network services described there can take fundamental responsibility for the identification of computers in networks in many LANs and are hence also important for system monitoring services. 3.2 Web server System monitoring services occasionally store the monitoring data generated in HTML or XML format in bulk storage devices (for example, MRTG). This data is often published by a web server at a certain password-protected web address. Since applications of this kind also perform security-relevant monitoring functions, the monitoring data is sometimes sent to external devices or computers in order to protect this data against manipulation in the case of a hacker attack. Depending on the given application and installation, this means references to the "web server" complex (refer to section II.A).
241 http://www.microsoft.com/germany/mittelstand/partner/ partnerfinder.mspx?solutionid=9ae215677c5d4379ab02f86a817c0523 Seite 284 III. Module: applications
A Subject: messaging and groupware Software which enables cooperation in a group across local and time barriers is called groupware. Groupware systems combine a number of functionalities and services in one system. Typically, these functions are: • E-mail exchange • Address book • Calendar with time scheduling functionalities for personal appointments and within groups (group calendar) • Note and task management • Public/group folders Some of the groupware systems discussed in this document also offer additional functionalities, such as resource administration or forums. Several of these systems will be discussed in the following sections.
1 Products/technologies 1.1 OpenGroupware.org OpenGroupware.org (OGo)242 is one of the oldest groupware solutions on the market and – just like other open source software solutions – originated from a once-proprietary product, i.e. "Skyrix" from Skyrix Software AG243 . In summer 2003, SKYRIX Software AG244 released the product of the same name under GNU GPL/LGPL license terms. Since then, the software has been further developed as a community project under the name OpenGroupware.org. Besides Opengroupware.org with its own web-based user interface, Skyrix additionally offers ZideLook Connector which can be used to connect Outlook clients. Furthermore, the OpenGroupware server can be accessed by so-called "native clients", such as Microsoft Outlook, Mozilla Calendar or Apple iCal.app. "instantOGo" is a complete Linux distribution with an operating system, groupware components and utility programs. ZideLook Connector as well as instantOGo245 are offered by Skyrix as commercial products, just like commercial support and maintenance/update services for OpenGroupware.org.
242 http://www.opengroupware.org 243 http://www.skyrix.de 244 Skyrix is a small company based in Magdeburg, Germany (approx. 15 employees). 245 Further information can be found at: http://instantogo.com. Seite 285 OpenGroupware.org is used most frequently in the service industry and at public administrations. The number of installations is not known because the software can be downloaded for free and installed without registration. OpenGroupware.org is currently available as version 1.0.0 from January 2007 whilst ZideLook, the Outlook connector from Skyrix, is available as version 2.1 from June 2007 and InstantOGo as version 2.0 from May 2007.
The illustration below shows the general architecture of the groupware system in its interaction with other OSS components.
Fig. 31: OpenGroupware architecture246
OpenGroupware.org is a server application which is served by users via web browsers. Interfaces are additionally available for the majority of the most commonly used groupware clients (see above). Packages are currently available for installation on x86-Linux distributions of Debian, SUSE, RedHat and Mandrake, as well as for FreeBSD. Besides the core application, which was written in Objective-C, OpenGroupware.org relies on tried-and-tested standard components, such as PostgreSQL, Apache or Cyrus IMAP. The server offers the following functions. • Group time scheduling • Contacts (individuals, companies)
246 Source: http://www.opengroupware.org/en/devs/docs/OGoArchitecture.html Seite 286 • Resource management • Task management • Project containers for the administration of documents (including version management), notes and tasks • E-mail (with an additional mail server, such as Cyrus IMAP) • Comprehensive rights management for contacts, appointments, tasks and projects • Palm synchronization • CTI API for integrating telecommunication systems The backend features a modular architecture and, above all, the availability of a comprehensive XML RPC API. This API enables the execution of almost all functionalities which can be used via the web-based user interface or other clients. The use of the software loadbalancers247 enables, for example, horizontal scaling in order to support large numbers of users working parallel. This software distributes the individual OGo processes, depending on the load situation, to different nodes in the cluster. This process can also be used to ensure fail-safe operations. The web interface is the primary user interface of the OpenGroupware.org server. Users can adapt the views of the web interface to their particular needs. The interface includes both central components for organizing group and individual appointments, resources and contacts, as well as project containers for tasks, notes and documents which are available to the team members in line with the access privileges assigned to them. Any folder structures desired can be generated in each project container where version- controlled documents are stored by a check-in/check-out process and, with OGo 1.0 and higher, additionally made available via WebDAV. The integrated WebMailClient enables access to IMAP4 mailboxes; in this context, filters, absence notes and mail quotas at the server end can be managed via the web browser if these functions are supported by the IMAP server248. Outlook users require a proprietary, commercial connector which is offered by SKYRIX Software AG under the "ZideLook" product name. The solution consists of a "MAPI Storage Provider" plugin for Outlook and an additional server module for OpenGroupware.org. Rather than synchronizing the data between the server and client, the "live" data of the groupware server is accessed directly. The ZideLook plugin translates the MAPI calls of Outlook into calls according to the standardized WebDAV protocol and sends these to the ZideStore server which delivers the OGo groupware data in XML format. However, no replication mechanism is so far available, so that mobile forms of use are limited. ZideLook enables access to the private calendar, the private task list, group calendars and group task lists, as well as to public (global) and private contacts. Furthermore, Outlook versions 2000, XP and 2003 are officially supported.
247 The load balancer is available within the framework of the maintenance agreement. 248 The use of the Cyrus IMAP server, for instance, is recommended. Seite 287 PalmOS-based PDAs and smartphones can be connected directly at the server end via the NetworkHotSync Daemon which is included in OGo. Users can make any settings in order to import contacts, appointments and tasks via the web interface. Besides synchronization via the classic USB docking station, mobile data transmission using mobile phones is also possible via IrDA/Bluetooth and WLAN. The connection via the MS Outlook client is at present the only option for users of PocketPC, WindowsCE devices or smartphones. Depending on the given application scenario, administration takes place via the web interface or directly via the command line on the servers. In this way, the administration of users, teams, resources for time scheduling or the administration of categories for contact management can be easily carried out via the browser even by users without Linux skills. User templates can be used in order to inherit previously defined user profiles to users who are to be newly established. An alternative approach when integrating large numbers of users is to use an LDAP-based directory service which can be integrated via the XML RPC API. Furthermore, this interface enables script-controlled access to almost all functionalities of the OGo application server and thereby offers a way to automate complex initialization processes. The design of the web interface is fully described in templates. Such template sets can be created in any number and are then available to users as required. This is also a very simple way for administrators to carry out adaptations to existing corporate design specifications. This simple possibility is also used to localize the web interface which is today already available in 13 languages. OpenGroupware.org supports SSL encryption of the data transfer between the server and the particular client system used. The use of a suitable SSL tunnel is recommended for connecting Outlook and PalOS devices. This also holds true for communication between the individual servers if individual components – such as the IMAP, LDAP or SQL servers – are to be operated on separate servers in the interest of load distribution and if these servers are connected to each other via a network that is considered to be insecure. OpenGroupware.org does not currently support S/MIME or PGP mail encryption in the web-based mail client. A corresponding upgrade is planned. Although OpenGroupware.org does not include its own spam or virus protection functionality, any compatible spam and anti-virus programs which are compatible with the given MTA can be used. Besides the web interface and ZideLook as the proprietary Outlook connector, an XML RPC interface is available with a large range of possibilities. Tools are also available for this purpose, but these have only been used in project business up to now. Since OGo integrates a standard mail server, such as Cyrus-IMAP and Postfix-SMTP, all customary protocols are supported. OpenLDAP is integrated via XML-RPC, so that an LDAP interface for connecting Active Directory and LDAP directories is also available. The MAPI interface enables ZideLook to access appointments, contacts and tasks. Since the MAPI messages are decoded from Outlook and stored in the SQL backend, they are also available to other clients and to the web interface.
Seite 288 Data is exchanged via the clients, with all the formats integrated in the clients being supported, such as the Outlook formats (version 2000 and higher). To sum up: OpenGroupware.org offers groupware functions with a powerful web interface which goes beyond the functionality of Outlook. Connection possibilities are offered to customary clients, such as Outlook under Windows and Evolution under Linux. Synchronization with mobile devices is difficult unless this is made with Outlook as a client. The XML RPC interface and direct access to the SQL database enable the exchange of data with other systems; customary protocols, such as SSL, LDAP, MAPI, IMAP, SMTP, are supported. 1.2 OpenXchange Open-Xchange Server 5 supports teamwork with basic services, such as e-mail, time schedule and contact management. Furthermore, Open-Xchange provides integrated modules for the exchange of documents, for task and project management, for the establishment of a knowledge database and for the establishment of a forum. Open-Xchange OXtender is used to connect offline clients, such as Microsoft Outlook, and to synchronize smartphones and palm pocket PCs. In August 2004, the originally proprietary Comfire groupware component was made available under the name Open-Xchange as free software under GPL249 and developed further according to the OpenSource model. Open-Xchange is developed in Germany at the Olpe and Nürnberg [Nuremberg] locations and is additionally present in the US in Tarrytown, New York. A world-wide partner network250 offers integrated Open-Xchange solutions as well as competent assistance when it comes to planning, implementing and supporting complex integration projects. According to Open-Xchange, more than 2000 registered installations of Open-Xchange Server 5 were recorded in the German-speaking countries. Customers251 of Open- Xchange are enterprises, educational institutions and public authorities, some of them with several thousand end users per organization. Since February 2007, Webhoster 1&1252 has been offering MailXchange as a web-based groupware service on the basis of Open-Xchange. This solution is designed for target groups, such as freelance professionals and small enterprises. Open-Xchange Server 0.8.0 was completed in April 2005. Several versions253 and service packs have been released since. Open-Xchange Server version 0.8.6 was published in March 2007 and in June 2007, Open-Xchange made service pack 3 available to its users. Open-Xchange Server 0.8.x runs under the free GNU General Public License, version 2 of the Free Software Foundation. Open-Xchange additionally
249 http://www.open-xchange.com/header/community_area.html 250 http://www.open-xchange.com/DE/header/partner/partner_suchen.html 251 http://www.open-xchange.com/DE/header/unternehmen/news_presse/referenzen.html 252 http://www.1und1.de/ 253 http://www.open-xchange.com/wiki/index.php?title=Versioning_and_Numbering Seite 289 offers a free GPL version of OXtender for connecting MS Outlook to Open-Xchange Server 0.8.x. Open-Xchange Community Edition is a free GPL version of Open-Xchange which additionally declares the Creative Commons Attribution-NonCommercial- ShareAlike 2.5254 . When compared to Open-Xchange Server 0.8.x, this Open-Xchange edition offers an optimized server architecture and an AJAX-based web client, however, not yet with the forum, projects and bulletin board functions. Furthermore, it is not possible to connect offline clients via OXtender. Installation and configuration information can be found in the Wiki255 of Open-Xchange. The Open-Xchange forum is available for more far-reaching support.
The Open-Xchange Server 5, Open-Xchange Express Edition and Open-Xchange Hosting Edition products are additionally offered. In addition to the functionality of the free GPL version, the proprietary Open-Xchange Server 5 offers tools for installation and administration as well as documentation and access to the services of the Open- Xchange Maintenance Portal for one year. The maintenance portal provides on an ongoing basis more far-reaching functionalities in the form of regular updates as well as documentation for end users and administrators. Open-Xchange additionally offers its customers installation support per e-mail with and without guaranteed response times. The Open-Xchange Express Edition256 product is a complete solution which includes not only the operating system (optimized Ubuntu), but also e-mail server (Cyrus IMAP & Postfix), collaboration server, web server (Apache), database (MySQL), document management, installation tool, administrator module, backup, autimatic update service, virus protection (ClamAv) and anti-spam (SpamAssassin) functionalities. For Internet service providers and web hosting providers, Open-Xchange offers the Open-Xchange Hosting Edition as a set of tools for system monitoring and optimized load distribution, speed, clustering and scalability. Open-Xchange Server 5 supports the two Linux operating systems, i.e. Red Hat Enter- prise Linux 4 and SUSE Linux Enterprise Server 9. Since Novell offers free downloads of a suitable version of its Enterprise Linux operating system, the matching version of the Open-Xchange server is also offered at this point. The latest price list257 also showing rates for public agencies can be viewed on the Open-Xchange enterprise websites. The Open-Xchange Server 5 architecture is entirely based on open standards and protocols. The complete solution consists of different, modular software units that interact to implement the mail and groupware functionalities. The Java-based Open- Xchange Application Server is the basis of the groupware solution.
254 http://www.open-xchange.com/header/community_area/faqs_ox_community_project.html 255 http://www.open-xchange.com/main_entry/community_area/wiki.html 256 http://www.open-xchange.com/fileadmin/downloads/oxee/Tech_Fact_Sheet_DE.pdf 257 http://www.open-xchange.com/fileadmin/downloads/pricelist.pdf Seite 290
Fig. 32: Open-Xchange architecture258
Thanks to its modular and open architecture, Open-Xchange Server can be integrated into existing IT environments and thereby enables the extension of existing systems. The server functionality can be adapted to different needs via standardized interfaces. The so-called OXtender can be used to integrate additional functions and programs from third-party suppliers as required. Examples of this are OXtender for MS Outlook, Palm OS, Samba Services and SynchML. One particularly advantageous feature is its scalability thanks to the possibility to distribute components to different server systems. It is additionally possible to replicate components to several servers. The following discussion will be limited to those software packages which are directly related to the groupware functionality. The complete solution consists of different, modular software units that interact to implement the mail and groupware functions. The Java-based Open-Xchange Application Server is the basis of the groupware solution.
Components Tasks Postfix Mail Transfer Agent (MTA)
Cyrus IMAP Implements the IMAP functionality
OpenLDAP Central directory service for user administration
Postgres SQL Database for handling the groupware data
Apache – Tomcat Implementation of the web frontend (mail, groupware)
Table 49: Possible components of the Open-Xchange solution
The server components offer a wide range of mail and groupware functionalities. Various functions are available to users as follows:
258 Source: OPENXCHANGE Server™ 5.0, Architecture, Integration and Interfaces, High Level Overview V 0.92, Stephan Martin, Senior System Architect http://www.proite.de/fileadmin/user_upload/produkt-bilder/ox/Open-Xchange-OX- Architecture.pdf (Stand 27.10.2007) Seite 291 • Receiving and sending e-mails • Calendar • Address management • Task management • Note functions • Document management (version management and folder structure) • Project management • Configurable knowledge database with full-text search • Group-based discussion forum The mail and groupware functionalities must be distinguished with a view to the support of different client systems. The mail functionalities can be accessed by any POP3 and IMAP-enabled clients. Furthermore, users can access their e-mails via a specially integrated webmail solution. Full browser-based access via a web portal is possible to the above-mentioned mail and groupware functions. The LDAP-based address books, the possibility to assign privileges, and search functionalities are available to users in all the function modules. If the appointment function is used, the server automatically analyses the resources available during the period in question. The web-based offers give users access to a wide range of group functionalities. Furthermore, client applications from third-party suppliers can communicate with the groupware server if they support the appropriate protocols, such as IMAP, LDAP and WebDAV, or iCal format. OpenSSL can be used for encrypted data transmission. OpenSSL implements data encryption between applications and components. The secure transmission of IMAP and POP3 is possible via SSL tunnel and of SMTP via TLS. Open-Xchange Express Edition is a full-scale solution which offers integrated anti-virus and spam protection. Open-XChange Server is based on open standards, such as XML-RPC, WebDAV (XML), LDAP, Tirgger, iCal and HTTP/S259. The HTTP API, WebDAV API, Oxmapi and Open-Xchange Hyperion CLT programming interfaces are available for accessing and expanding the Open-Xchange server260: • HTTP API261 is used by the new AJAX-based web client. Data exchange is carried out in JavaScript Object Notation (JSON) via HTTP GET, POST und PUT requests. • WebDAV API262 is used by external client applications in order to modify objects on the Open-Xchange server. It is based on the WebDAV standard with add-ons for the Open-Xchange server.
259 http://www.osedge.com/?q=node/22 260 http://www.open-xchange.com/wiki/index.php?title=Interfaces 261 http://typo3.open-xchange.com/wiki/index.php?title=HTTP_API Seite 292 • Oxmapi263 is a Windows library for communication of Windows applications with the server. • Open-Xchange Hyperion CLT264 are shell scripts which enable administration of the server. In summary, this means that the Open-Xchange groupware solution offers a modular groupware system where the individual modules are largely based on tried-and-tested open source components. The Java-based application server is integrated as the groupware component which, in its interaction with the other components, offers users a vast range of groupware functionalities. The individual server components can be distributed to different systems, so that scalability of Open-Xchange is ensured. Open standards and the provision of several interfaces enables the expansion of the Open- Xchange server by third-party suppliers as well as integration into existing IT landscapes. The user can access the related groupware information either in a web-based manner or via so-called fat clients (Kontact, etc.). The Open-Xchange Express Edition is a comprehensive full-scale solution which includes, besides an AJAX-based web client, also the MS Outlook connection as well as an administrator module. 1.3 eGroupWare The independent eGroupWare265 project emerged in 2003 on the basis of a spin-off from the phpGroupware system which is subject to GPL. The purpose of the spin-off was to render the development process more transparent and, in particular, to open it up for a broad community. This approach is also reflected by the statutes of the entire project which were drafted in 2005. The rules set up there describe, for example, the complete procedure of identifying and publishing changes in the development of the software. The voluntary statements and answers266 from companies and organizations which are published on the website of the eGroupWare project provide the following picture: The list shows at least 45 organizations and companies which use eGroupWare. The number of users totals approx. 8,000, with the majority of organizations and companies reporting the number of users to be fewer than 50. The statements and answers also show that the groupware solution is used on an international scale. European countries account for the clear majority, but some users are also reported from north, south and central America as well as China and south east Asia. The current version number of the software as of mid-2007 is 1.4. Compared to its predecessor (1.2), this version features, for example, the following relevant changes: • New implementation of the address book (groups, organization view, LDAP support) • New tracking component (tracker software) • New backend for IMAP, improvements of the mail component
262 http://www.open-xchange.com/wiki/index.php?title=Oxwebdavapi 263 http://www.open-xchange.com/wiki/index.php?title=Oxmapi 264 http://www.open-xchange.com/wiki/index.php?title=Open-Xchange_Hyperion_CLT 265 Further information about eGroupware can be found at: http://www.egroupware.org/ 266 http://www.egroupware.org/references Seite 293 According to the project website, the next version (1.6) will be released in the 1st half of 2008. The software is subject to the GNU General Public License (GPL2267). The community offers free support in the form of a manual, a mailing list or IRC chat. The Germany-based companies Outdoor Unlimited Training GmbH (Kaiserslautern), Metaways Infosystems GmbH (Tremsbüttel) and CWTech Freie Netzwerk Systeme (Haiger) offer support against payment. As a representative of a web-based groupware solution, the main interface with eGroupWare is a standard web browser (Internet Explorer, Firefox). The generation of the dynamically created contents is based on the PHP script language. The contents are made available via a web server (Apache, IIS or Roxen), whilst it is possible to use a MySQL database for data management and storage. However, other suitable database systems are PostgreSQL, Oracle and Sybase, whilst an LDAP directory is used for address management (refer to Fig. 8).
Fig. 33: eGroupWare architecture268
Any mail servers supporting the SMTP and POP3/ IMAP protocols can be used for the e- mail functionality. eGroupWare is a modular system independent of a particular operating system. Numerous modules are available for integration. Besides modules used to implement classic groupware functionalities (e-mail, calendar, address book, etc.), many other modules are available. The modules can be configured.
267 http://opensource.org/licenses/gpl-license.php 268 Source: http://www.egroupware.org/?category_id=90 Seite 294 Module Function Address book Contact manager
FelaMiMail E-mail client supporting, for example, filter rules, absence profiles and releases of e-mail folders
Calendar Calendar which also supports time scheduling for groups, resources and contacts
InfoLog To-do lists, notes and telephone notes, CRM
Project manager Integrated project management
SiteMgr Web site editing system with access control
File management File management, based on files, sql-db or webdav
Hourly record Time recording
Tracking system Trouble ticket system
Wiki Integrated wiki
Knowledge Forum database
Workflow engines Workflow organization
Polls Creating and evaluating polls
Chats Synchronous communication
Table 50: Selection of eGroupWare modules
The web interface of eGroupWare is based on a template system with three different types available for the layout descriptions (XML, eTemplates, HTML). This flexibility enables adaptation of the existing standard system to the respective application environments, for example, adaptation to the CD. The groupware system enables the secure transmission of contents and the secure authentication of users. The individual components of the groupware system, such as web servers (for example Apache, IIS and Roxen), support the HTTPS protocol. Furthermore, IMAP servers, such as Cyrus IMAP, Courier IMAP, etc., also support encryption mechanisms (TLS, SSL) for authentication and data exchange purposes. The system itself also offers a dedicated user system which controls browser-based access to the personal work space. The following interfaces are additionally offered for integrating different PIM (Personal Information Manager) clients: • XML-RPC-API offers remote access to functions of the groupware system • SOAP enables the implementation of server-orientated applications
Seite 295 • SyncML is a descriptive language that can be used to exchange data between different clients • GroupDAV encompasses the simplified version of the WebDAV protocol and can be used, for example, to exchange calendars, to-do lists and contact lists • IMAP is a protocol for retrieving e-mails, etc. • iCalendar is a customary format for describing calendar data. According to the project website269 , synchronization of calendar, address book and InfoLog data with different PIM clients is possible. The following client applications are at present supported: • Kontact • Evolution • Outlook • Mozilla Sunbird • Apple iCal • PDA (via Synthesis and Funambol). According to the documentation of the eGroupWare project website, synchronization , for example, of MS Outlook with eGroupWare is possible using the XML RPC API interfaces (via plugin270 only), SyncML and iCalendar. To sum up: eGroupWare is a modular system which by default offers groupware functionalities, such as e-mail, calendar and address books, as well as additional modules covering further functionalities, such as to-do lists, hourly records, polls, etc. Access to the complete functionality of the groupware system is only possible in online mode and from authorized networks. However, the use of this web-browser-focused groupware solution offers many advantages: • Access via web browsers is possible, as well as secured access via HTTPS from outside • Installation of a special client is not necessary • Operating system independence offers advantages especially in heterogeneous client landscapes • Software is updated on the server only
269 Synchronization overview: - http://www.egroupware.org/sync 270 eGWOsync - http://www.egroupware.org/wiki?wikipage=synchronisation%20outlook Seite 296 1.4 Zarafa The Dutch company ConecTUX develops and distributes the Zarafa271 groupware product. Development started five years ago. The Zarafa subsidiary (Zarafa Deutschland GmbH) for the German-speaking countries is based in Hanover. The Zarafa groupware product is currently used by more than 1,000 enterprises272. 1,200 servers were sold in the past twelve months. The largest installation in terms of the number of users serves around 1,500 users who use the complete groupware functionality, including Outlook. Zarafa is distributed in Germany, Austria, Switzerland, the Benelux countries as well as the UK and France. The Scandinavian market is to be added soon.273 The current version of the Zarafa groupware product is version 5.10 which was released in mid-2007. Version 5.0 was released at the end of 2006. Its predecessor was version 2006 which had been released in mid-2006. Zarafa is available for two different Linux versions, i.e. EasyLinux and OpenLinux. The price of all the Zarafa versions available is the same. The basic license covers five users and can be expanded in steps of five users. Discounts are granted for licenses for 100 users and more. Price and license details can be found on the corresponding website274. A free test versions can be downloaded from the web and used for 30 days. An online demo is also available on the web275. Zarafa is available for various Linux distributions, such as Debian, Fedora, RedHat, SuSE, OpenSUSE or Ubuntu276. Zarafa has a client/server architecture. The server is an internal development which was implemented in C++ and which runs under all customary Linux distributions. WebAccess is an internally developed client for web-based access to the groupware functions.
271 http://www.zarafaserver.de/ 272 http://www.zarafaserver.de/ 273 Company data 274 http://www.zarafaserver.de/prices.html 275 http://www.zarafaserver.de/ 276 http://download.zarafa.com/zarafa/en/zarafa_technical.pdf Seite 297
Fig. 34: Technical interactions in Zarafa277
Zarafa is based on open source components and open standards, i.e. gSOAP, MAPI, PHP, MySQL and Apache. The overall functionality of Zarafa is achieved by interaction between several components, whilst the basic functionality is available without the optional components. Fig. 34 illustrates technical interaction in Zarafa. The Zarafa server stores all the data in an SQL database and manages the connections of the clients in the same manner as Outlook or WebAccess. The clients are connected via SOAP and a check is carried out as to whether access to the data requested is permitted. For Outlook connections, at least one connection is always opened in order to send notifications of events. The server settings can be made in a configuration file. It is, for example, possible to determine how authentication with the database server is to be carried out and how detailed system messages are to be logged (message logs). The server requires a minimum RAM of 512MB or more for higher loads. A modern CPU is recommended at the very least. The required software is made of glibc 2.3.x, MySQL 4.1 and a web server with PHP support. The table below shows the Zarafa components:
Components Tasks Zarafa Server Connects clients via SOAP and stores data in an SQL database
Zarafa Client Use of Outlook via MAPI connector; the connection to the server is implemented via SOAP
Zarafa Dagent & Sending and receiving e-mails to and from the "external world" Spooler
277 Source: http://www.zarafaserver.de/technical-explanation.html (as per 27 October 2007) Seite 298 Components Tasks Zarafa Admin Administrator tool for the administration of users, user information and groups
Zarafa Gateway Optional component for POP3 and IMAP
Zarafa Monitor Monitors user memory and quota violations
Zarafa Caldav Optional component for iCal support
Zarafa Backup Creation of backups
Zarafa Migrate Migration tool for migrating existing Exchange and pst environments
Apache / PHP Web server for the web frontend
PHP MAPI add-on A plug-in which enables access to MAPI functions for PHP developers
Table 51: Zarafa components
A separate, line-orientated administrator tool (Shell) is available for the administration of users, user information and groups. An LDAP-based graphic user editor is available for the RedHat and Centos distributions; see the illustration below.
Fig. 35: LDAP based graphic user editor
The Outlook 2000, 2003 or XP clients are required under Windows 2000/XP. They connect to the server via the network. Since SOAP is used, the connections for web server and proxy are transparent. The following basic functions which Outlook offers are required without the need for an MS Exchange server:
Seite 299 • Shared use of e-mail and calendar • WebAccess: access to outlook data via web interface • Use of Outlook from outside the company network • Joint administration of business contacts • Distribution lists • Personal and jointly used to-do lists • Synchronization for hand-held devices (PDA) and laptops • Configuration of access rights via WebAccess. Furthermore, iCal support for calendar synchronization is also available (Sunbird, Mac OSX iCal). With Z-Push278 , Zarafa has released an implementation of the Active-Sync protocol as open source software under GPL. The software is thereby claimed to offer functions comparable to those of the proprietary solutions from Blackberry with BES and Microsoft with Exchange. It seems that an SSL variant is not yet available so that the developers do not recommend use outside the local network. Data can be transmitted from clients to the server via an encrypted SSL connection and HTTPS. This requires a corresponding configuration at the server end. Access rights prevent unauthorized access to data. All the applications which connect to the Zarafa server use the MAPI layer which is implemented in the MAPI provider (refer to the "Architecture" section). This fact suggests that all the MAPI-enabled applications are interoperable with Zarafa. In addition to this, the PHP MAPI extension constitutes a very comprehensive set of commands and interfaces from Microsoft's MAPI world under PHP. This interface requires PHP developers to have basic knowledge of MAPI too. In summary, one can conclude that Zarafa is an alternative to Microsoft Exchange, i.e. a solution which offers communication between Outlook and a server. The server runs under all customary Linux distributions. Zarafa offers, within the framework of MAPI, functional Outlook support and a corresponding web client (WebAccess). A PHP MAPI extension provides developers with important functions. 1.5 Kolab In 2002, the German Federal Office for Information Security (BSI) commissioned a consortium of companies with the development of a free groupware solution for use at BSI. This was the basis for the development of the Kolab project279 which completed the second generation of the software at the end of 2004. The Kolab project recommends a maximum number of several thousand users for a simple, fully integrated server. The project website does not contain any direct references concerning the dissemination of Kolab. However, research shows, for
278 http://z-push.sourceforge.net/ (as of 27 October 2007) 279 http://www.kolab.org/ Seite 300 example, that Brandenburgischer Landesbetrieb BLB280 uses the Kolab groupware system for more than 600 computer workplaces. Kolab was designed in 2002, and the stable version 1 of the system was published in July 2003. Following a general overhaul, Kolab 2.0 was introduced in June 2005 including, for example, the new feature of the Kolab XML format. The current version 2.1 has been available since mid-2007. Version 2.2 is scheduled for publication at the beginning of 2008. Thanks to the existing OSS license (GPL), the Kolab groupware solution can be used without payment of license fees. Commercial user support services are additionally offered. Support, planning and service for the Kolab system must be paid for and can be obtained from the Kolab consortium281 . Furthermore, the free (GPL) license enables anybody to amend, improve and change Kolab. The central component is the Kolab server which, for its part, accesses several other free components. The tables below show the individual components.
Components Tasks Cyrus IMAP IMAP / POP3 mail server
Cyrus SASL2 Authentication
OpenLDAP2 Directory service, for example, for user administration
Postfix Mail transfer agent
Apache / PHP Web server for the web frontend
Horde Web client (integrated with Kolab 2.2 and higher) Framework282
Table 52: Central Kolab server components
Component Task Amavisd-New Control of spam filter and virus scanner
ClamAV, for Virus scanner example
SpamAssassin, for Spam filter example
Table 53: Optional Kolab server components
280 http://www.kbst.bund.de/cln_028/nn_837410/SharedDocs/Projekte/OSS/ kolab__einsatz__im__land__brandenburg.html 281 http://www.kolab-konsortium.de/ 282 http://www.horde.org/ Seite 301 The software package of the Kolab server is offered as a so-called OpenPKG283 package and hence runs without any problems on different UNIX-based operating systems, such as Solaris, BSD as well as Linux. Several integrated server currently exist which offer Kolab as a server component for e- mail, groupware and PIM functions. ClarkConnect284 , for example, combines the Kolab server with several other functions and services (including, for example, firewall, VPN, backup solutions) to form a complete intranet server which is distributed as an independent system (including Linux operating system). Other integrated solutions based on Kolab are, for example: Univention Groupware Server (UGS)285, Intranator Business Server286, Pardalays287. The Kolab solution is based on a client/sever approach which enables asynchronous use of the groupware functionalities by users. These offer, for example, the possibility to use e-mails, appointments, contacts and personal tasks with the corresponding client software offline, i.e. without a connection to the Kolab server. The changes are reconciled by subsequent data synchronization with the server. Kolab is a platform-independent groupware solution which can be used with both Linux clients and Windows clients alike. The functionalities are comparable with the Outlook / Exchange combination offered by Microsoft. A plug-in upgrades the Outlook client system to a full-scale Kolab client so that the Outlook client system then offers the same functionality as the Linux client Kontact.
The high degree of scalability of the Kolab solution is essentially based on the following properties: • The possibility to operate the individual Kolab server components (refer to Tables 4 and 5) on individual servers: A network of servers hence forms a single, clustered Kolab server. • The cluster capabilities of Cyrus IMAP, OpenLDAP and Postfix: A network of servers forms a single, clustered Kolab server component. • Multi-location capability: Several Kolab servers form a network. Each individual Kolab server is responsible for a defined sub-set of all groupware users in the network. Originally, however, the multi-location capability of a Kolab server network was not developed in order to increase scalability, but in order to be able to operate a Kolab server network as a system distributed to multiple remote locations. Simple data backup and the data restoring option are further crucial elements for productive use. The architecture of the entire Kolab system simplifies backup and recovery possibilities significantly: The mailboxes are implemented as normal directories in the file system of the Kolab server and can hence be handled using customary file- system-based backup tools. Besides complete mailboxes, the same backup tools can
283 http://www.openpkg.org/ 284 http://www.clarkconnect.com/ 285 http://www.univention.com/ugs.html 286 http://www.intra2net.com/de/produkte/business_server.php 287 http://www.pardus.de/products.html Seite 302 also be used to save and back up individual e-mails, appointments, etc. because these are filed as individual, normal files. The new features of Kolab 2 include, for example: • multi-location capability • explicit assignment of access rights • joint processing possibility for directories • full multi-account capability • automatic recording of appointments • simpler integration of external directory services (LDAP) • administration of multiple mail domains (2.1 and higher) • Horde Framework as a standard web client (optionally as of 2.1, permanently integrated as of 2.2)
Kolab's mail and groupware functionalities can be accessed under both Windows and Linux. The reference client software under Linux is Kontact, whilst under Windows, Outlook 2000 was used for Kolab 1 with a Kolab plugin as a reference client and Outlook 2003 with Kolab 2. Furthermore, other client applications, such as Mozilla Thunderbird, are increasingly being updated to full-scale Kolab clients. The Toltec Connector from Radley Network Technologies CC288 , which has been available on the market since October 2003, was found to be a suitable connector for Kolab installations. The proprietary Toltec Connector is a commercial product and must be installed in addition to Outlook. The connector enables an Outlook client289 to store its data on a Kolab server. Although further connectors are available on the market290 these will not be separately considered in the evaluation. Toltec also offers an LDAP address book for Outlook which can, for example, access the respective OpenLDAP server of Kolab. The Kontact client is available to users of Linux-based workstations for access to the groupware functionalities. This Linux client is an improved and extended version of KDEs Kontact which provides the possibilities of KMail, KOrganizer, KAdressbook and further components of the KDE PIM project under a uniform graphic interface. The client fits very well into the KDE user interface and enables intuitive operation by users. Kontact supports, for example, the POP3 and disconnected IMAP4 protocols. Filtering of incoming e-mails (spam, viruses, etc.) at the client end is supported. Furthermore, work on a browser-based client application has been intensified since March 2007 which is based on the Horde Framework291 and which is to be used as the standard Kolab web client in future (with version 2.2 and higher).
288 http://www.toltec.co.za/ 289 According to the manufacturer, Outlook 2000, XP, 2003 and 2007 290 KONSEC Konnektor (http://www.konsec.com/), Bynari Insight Connector (http://www.bynari.net/) 291 http://www.horde.org/ Seite 303 Besides the Kolab web client, a web-based administration interface is also available which supports the following actions: • User and global address book administration • Administration of the public folders • Administration of the resource and group accounts • Administration of certain server services • Absence notifications and forwarding functions The web-based administration interface primarily provides functions for access to recurring tasks (for example, creating users). More far-reaching adjustments must be implemented directly at the server components concerned. The Kolab architecture pursues a two-tier approach in this field which, on the one hand, combines individual functions to form an activity, whilst at the same time additionally offering the performance of every single system on the other. Furthermore, the individual user can always implement certain modifications directly via the web-based administration interface. Users can, for example, modify their personal data and add e-mail addresses (so-called mail aliases). The following list shows the most important functionalities of the groupware solution. • Receiving and sending e-mails • Contact administration • Assignment of rights concerning IMAP folders (IMAP ACLs) • Shared editing of released folders, for example, with e-mails, appointments, contacts, tasks, etc. • Global address books • Group calendar and appointments • Group folders ("shared folders") • Resource administration (booking of rooms, beamers, vehicles, etc.) • Personal notes and tasks (which also permit shared use) • Free/busy lists • Extended free/busy lists (XFB) • Forwarding to other mailboxes • Absence notifications • Function mailboxes with several users with different access rights • Read confirmation • PDA synchronization via PIM client • Full offline capability of the clients thanks to Kolab design
Seite 304 The Kolab format is an open exchange format for the groupware system which enables the description of different so-called Kolab objects (notes, addresses, etc.) and their storage in the Kolab IMAP server. The above-mentioned connectors use this format for communication with the server. Developers paid special attention to the integration of security standards. Communication between the client systems and the server can be fully encrypted (SSL/ TLS). Encrypted communication can be implemented, for example, with the • IMAPS • SMTP via TLS and • HTTPS protocols. The Linux client supports end-to-end security as well as electronic signatures on the basis of international standards (S/MIME, X.509v3); the Federal Office for Information Security (BIS) has successfully tested the Ägypten implementation292 with regard to its interoperability293 . Three special user groups with special privileges are foreseen for administration purposes. The different groups are the following: • Administrators • Maintainers • Users Administration - in line with the different privileges - can take place via the web-based administration interface. Simple administrative tasks can be carried out using the web frontend. Complex activities require adjustment of the corresponding configuration file on the Kolab server. One can hence summarize that Kolab is a platform-independent groupware solution which is comparable with the Outlook/Exchange combination from Microsoft. The structure of the Kolab architecture is based on mature individual components, such as Cyrus-IMAP or Apache Webserver, which suggests a high degree of scalability of the overall system. Besides standard protocols, such as HTTP, LDAP, IMAP, an open exchange format is also available for the exchange between the client and server which enables the connection of various PIM client applications (if necessary, using a connector) to the Kolab groupware system. 1.6 Scalix Scalix is a groupware and messaging platform which was originally developed by the Scalix Corporation in California. In July 2007, the Canadian company XANDROS acquired Scalix. XANDROS is one of the largest enterprises for Linux-based e-mail, calendar and messaging software
292 Ägypten: http://www.gnupg.org/aegypten/index.de.html 293 Sphinx interoperability tests: http://www.bsi.bund.de/fachthem/verwpki/interoptests/testberichte.htm Seite 305 The system is currently used by more than 670 companies in more than 55 countries294. The current Scalix version is version 11.0.4 from 3 May 2007. The release notes for the current version are available on the web295. Scalix is available in three editions, i.e. • Enterprise Edition • Small Business Edition • Community Edition The Enterprise Edition is licensed for each user with a minimum volume of 25 users. The Small Business Edition covers by default 50 users and can be expanded in increments of 25. The Community Edition can be used by a maximum of 25 users for suitability testing. The differences between the functions of the individual editions are compared in a table below. Scalix is also available within the framework of integrated server solutions. With "Scalix for UCS", Univention offers the Scalix groupware system as a component for the Univention Corporate Server Linux full-scale solution which can be installed on an optional basis. The "open-sbs" Small Business Server which is based on open source components is a software-based, out-of-the-box server solution. It is specifically designed for small enterprises and offices with a few workplaces and addresses network administrators of such users or their IT service providers. open-sbs and its combination with Scalix constitutes an affordable alternative to a Microsoft Exchange server which additionally offers more functionality. open-sbs offers, for example, an integrated firewall, virus protection, learning spam protection, VPN, remote access and automated security updates. Installation is an automated process with the server implemented and ready to start within a few minutes. Scalix uses an in-house-developed server kernel which consists of the message store, directory and routing elements. The message store is based on a standard Linux file system structure, scaled into the terabyte range, and can be implemented on the basis of any Linux file system on both raids or logic volumes. With this approach, every system is stored once only no matter how large the number of recipients. This means that large attachments, which are sent to several users, require memory capacity only once. The directory service is also an in-house development which is accessed from outside via an LDAP interface. Although the router is based on the X.400 standard, it processes other address formats too. The Internet gateway enables conversion of messages to the MIME and TNEF formats, the latter being particularly important for cross-connection to MS Exchange because it enables the exchange of messages with all special features.
294 http://www.scalix.com/about/ 295 http://downloads.scalix.com/.community/11.0.4/RELEASE_NOTES.html Seite 306
Fig. 36: Scalix platform
A running Scalix instance without logged-on users requires around 30MB RAM capacity. The basic hardware requirements are moderate; a 2-CPU Intel system with 2GB RAM is normally sufficient for 5000 users. Linux is the exclusive operating system platform, with the RedHat and SUSE distributions supported on i386 and zSeries platforms. • Red Hat Enterprise Linux ES • SUSE Linux Enterprise Server • Fedora Core • SUSE Linux Scalix supports the Microsoft Outlook client (2000, XP, 2003) in German and English on the Windows platform. An online MAPI working in "workgroup" mode serves as the MAPI connection; there is no local data storage on the client. However, the functionality of offline working can be set up. Rules and absence notifications are set up on the client and executed at the server end. Meeting planning with a free/busy function, automatic booking for resources, access to external mailboxes by delegation as well as the assignment of rights to private and public folders are handled in analogy to Microsoft Exchange; forms which are server-based only are not supported. Outlook's "Look & Feel" in its interaction with Exchange is largely maintained. Furthermore, Scalix offers a web client of its own which includes drop-down menus, drag-and-drop functionality and a presentation which resembles a real Windows application. "Scalix Web Access" (SWA) uses JavaScript and dynamic HTML (DHTML) only. Technologies like Java applets or ActiveX elements are not used, so that the web client can also be used in secure network environments and in conjunction with firewalls. The browsers supported are Internet Explorer and Mozilla and/or Firefox on the Windows, Linux and Apple Mac OS/X client platforms. Standard POP/IMAP clients, such as Mozilla Thunderbird, Outlook Express or Ximian Evolution can also be connected, whilst the address book is addressed via LDAP in this case. Scalix Enterprise Edition supports all leading suppliers of wireless devices via optional solutions from third-party suppliers. The NotifyLink software from Notify Technology
Seite 307 Corporation enables users to access all the Scalix e-mail and PIM functions (calendar, contacts, tasks and notes) with wireless technologies, such as Palm OS, Windows Mobile devices and Blackberries296.
Fig. 37: Scalix client systems297
PDAs and hand-helds can at present be connected via the Outlook client. A server- based connection for the Blackberry platform was developed in co-operation with external manufacturers. The illustration below gives an overview of the functions of the three editions available.
Product functions Community Small Business Enterprise Edition Edition Edition
Different instances 9
Multiple servers 9
Active directory expansions 9
Coexistence with Exchange 9 9
Restore folder 9 9
Wireless e-mail w/PIM (optionally via Notify) 9 9
Scalix Migration Tool (optional) 9 9
Software subscription (optional) 9 9
Scalix mobile web client 9 9 9
Unlimited number of users, for free 9 9 9
Installation & administration of the user interface 9 9 9
Scalix collaboration platform 9 9 9
Fig. 38: Scalix versions – overview of functions298
296 http://www.scalix.com/documents/Scalix_DS_Enterprise_v3.pdf 297 http://www.scalix.com/enterprise/products/architecture.php Seite 308 Role-based administration enables to secure delegation of administrative tasks to other users with pre-defined administration privileges. This is carried out via the Scalix Management Console which offers a user interface for system and user administration. It combines the possibilities of an intuitive, graphic user interface with the user-friendliness of a web browser which is available at any time and everywhere. The AJAX-based management console enables mail administrators to manage server processes, message queues and default setting, as well as monitoring of the message store and of the configuration of mailboxes and of password directives. Functions for monitoring the system status and creating activity and error logs are also integrated. Besides the user interface, all the administrative tasks are available via a command line interface, when necessary. 250 command line scripts are offered for this purpose. Communication between the clients and the server can be fully encrypted (SSL/ TLS). The IMAPS, LDAPS and POP3S protocols are available for encrypting communications. The Scalix mail server can be integrated with any LDAP-based directory, such as Microsoft Active Directory, Novell eDirectory, RedHat/Fedora Directory Server, OpenLDAP and others. Integration with other systems is possible via management services - SOAP-based APIs which other functions can use in order to access functions in the Scalix product.
Fig. 39: Scalix integration
To sum up: Thanks to the possibility offered by the Enterprise Edition of operating the system on multiple servers, Scalix excels through a high degree of scalability (more than 10,000 users per server). The "clients of choice" concept enables the simultaneous connection of different types of desktop PCs. The SOAP-based APIs offer the additional possibility of integrating the product with existing infrastructures. The possible coexistence with Exchange thanks to the conversion possibilities of the Internet gateway is another advantage.
298 http://de.scalix.com/enterprise/editions/compare.php Seite 309 1.7 Microsoft Exchange Server 2007 Microsoft Exchange Server 2007 has undergone a series of development steps in the past. The first version, Exchange Server 4.0, was released in 1996 as the successor to Microsoft Mail (Version 3.5). Exchange Server 5.0 (1997), Exchange Server 5.5 (1998), Exchange Server 2000 and Exchange Server 2003 were subsequently released. Exchange Server 2003 is the predecessor to the current version, i.e. Exchange Server 2007. Microsoft Exchange Server records a market share of approx. 34 %299 in its market segment. An Exchange Server can be licensed and set up independently either directly via Microsoft or it can be licensed and made available as a service via a third-party supplier. Microsoft distributes Exchange according to the Server / Client Access License (CAL) model which means that a separate server license is required for every operating system with an Exchange Server installed. Furthermore, a separate CAL is required for every user of the Exchange Server. Server licenses for Exchange Server 2007 are available in two different variants: • Standard Edition This edition supports an Exchange cluster with up to five nodes. • Enterprise Edition This edition supports up to 50 nodes. The CAL is also available in two versions, i.e. • Standard CAL This includes the standard functions, i.e. e-mail, calendar, contact management, task management, journal management, notes, Outlook Web Access and Exchange ActiveSync. • Enterprise CAL Besides the standard features, this license covers certain additional services, such as Unified Messaging for sending and receiving voice messages or fax messages. As an alternative option, it is also possible to purchase Exchange in the form of the Windows Small Business Server (SBS) package. This package includes all the Microsoft technologies necessary for operation of Exchange 2007. In retrospect, version 2000 marked a fundamental change in the architecture of Exchange Server. Since the Exchange Server 2000 version, Active Directory has been an integral part of every installation. At the same time, version 2000 also enabled the optional implementation of pure front-end Exchange servers which perform various tasks in order to reduce the workload on the mailbox servers. In Exchange Server 2007, this splitting-up of the server into different tasks has now been extended to a total of five modular server roles. Microsoft expects that this splitting-up
299 The Radicati Group, Inc.'s latest study, "Microsoft Exchange Server and Outlook Analysis, 2007-2011" Seite 310 will lead to improvements in the fields of installation, management, security and scalability of an Exchange server installation. In Exchange Server 2007, a role concept was introduced with five different roles the interaction between which is illustrated in Fig. 40. With the exception of the Edge Transport role, all the other roles can be installed on the same server. Edge Transport Server acts as a kind of gate-keeper to monitor external data communications and, for security reasons, must be installed outside the local network. Each Exchange server in a cluster of Exchange servers is given one or more of the following roles during the installation process. • Client Access role: It is responsible for analysing Internet traffic and forwarding this to the concrete mailbox server. • Mailbox role: Servers with this role manage the mailboxes of the users. Mailboxes are stored in databases which can be replicated or clustered at any time. • Hub Transport role: This role is responsible for the internal routing of all the messages which are sent by Edge or Unified Messaging servers within the same mailbox server. • Unified Messaging role: This role enables integration of PBX300 and hence the sending of fax and voice messages to Exchange mailboxes. • Edge Transport role: Servers with this role must be set up outside the intranet. They are responsible for monitoring and filtering external data traffic.
Fig. 40: Interaction of the server roles301
Exchange supports the standardized SMTP, POP3, IMAP and NNTP protocols. The Mail Application Programming Interface (MAPI) is a comprehensive interface for clients in
300 Private Branch Exchanger 301 Source: An Overview of Microsoft Exchange Server 2007, Microsoft White Paper, http://www.microsoft.com/exchange/evaluation/ex2007intro.mspx, last access: 4 September 2007 Seite 311 order to communicate with Exchange Server 2007. Only clients which support the MAPI interface are able to make use of the full functionality of Exchange. Since this interface is not fully disclosed, the only fully compatible clients are Microsoft products. Thanks to the integration of HTTP, documents in public folders can be accessed via the Internet. However, more complex document management functions require the connection of a Sharepoint installation. The use of Microsoft Internet Information Server (IIS) and of Exchange Server 2007 enable Outlook Web Access (OWA) users to access functionalities which would otherwise only be possible with the Outlook client. Users can, for example, view private and public folders, send and receive mails, and manage their tasks. However, use of the full functionality depends on interaction with the Microsoft Internet Explorer. From the user's perspective, Exchange provides the following functionalities: • Receipt and sending of e-mail, voice and fax messages • Task management • Calendar • Address lists (general address books and personal contacts) • Journal management • Notes Access is possible in the following ways; • E-mail clients (for example, Outlook, Thunderbird, Netscape, etc.) • Web access via OWA • Mobile access via Active Sync. Exchange Server 2007 uses the SMTP protocol to send messages within an organization. The exchange of messages between the servers is by default encrypted by Transport Layer Security (TLS). Encrypted Remote Procedure Calls (RPC) are also used by default for Outlook connections. Communication with other clients is encrypted by Secure Sockets Layer (SSL). Kerberos is used as the authentication mechanism. Edge Server performs an important function as a protection against viruses, phishing and spam mails. It can check messages for spam or viruses even before such messages enter the organization's network302. For this purpose, Microsoft uses its own ForeFront303 Security for Exchange Server (ForeFront) product which can also be installed and used on hub transport servers. ForeFront foresees simultaneous use of up to five scan engines. Scan engines are available from several manufacturers, however, subject to an additional license. Virus defence products include, for example, the CA InoculateIT, CA Vet, Norman and Sophos304 scan engines.
302 http://technet.microsoft.com/en-us/library/aa996551.aspx (as per 1 November 2007) 303 http://www.microsoft.com/technet/forefront/serversecurity/exchange/scanning/e25af7f6- 8f6a-420a-8a8a-2360eec4c75a.mspx?mfr=true (as per 1 November 2007) 304 http://www.microsoft.com/antigen/prodinfo/antigen-faq.mspx (as per 1 November 2007) Seite 312 A Software Developer Kit is available for user-specific solutions on the basis of Exchange Server 2007. Microsoft offers an Exchange namespace for the .NET Framework which enables the use of Exchange functions in a .NET programming language. The SDKs also enables the connection of external software to Microsoft Exchange. Furthermore, Exchange Server 2007 offers several standard web services which can be used to activate the functionalities of Exchange from within any application. Exchange and Outlook can by default interact with other Microsoft products. Examples are: • Windows Sharepoint Services (WSS 3.0) are a free component of Windows Server 2003, offering document management functionalities on the basis of IIS server. Integration with Sharepoint enables checking in and checking out of documents in sharepoint libraries with version management. • With its Microsoft Office Sharepoint Server (MOSS), Microsoft offers a solution for the implementation of complex company portals. Information of the Exchange server can be made available to users on personalized websites. • Since the Exchange Server 2000 version, the instant messaging component has become a separate product. Realtime cooperation functionality is now integrated by separate installation of Office Live Communication Server. In summary, this means: Exchange Server 2007 is one of the market leaders in its sector. It includes important functions and with Outlook a powerful client. Via OWA, Exchange presents to users, even without a client being installed, their personal data in a user-friendly manner via an interface similar to Outlook which can be accessed and displayed via a web browser. In conjunction with the possibility of access from mobile devices, Microsoft is thus very close to its target of "anywhere access". However, the continuation of closed, proprietary Microsoft protocols prevents smooth integration of Exchange with products from outside the Microsoft world. On the contrary, the exclusive and close links with other Microsoft products often leads to dependence on other software products from Microsoft. The use of Exchange, for example, requires the acquisition of a Windows Server operating system as a mandatory prerequisite. 1.8 Lotus Notes Lotus Notes is a document-orientated, distributed database system with very close e- mail integration. It has been developed since 1984 by Iris Associates, later a subsidiary of the Lotus Development Corporation and IBM, respectively. The product which was originally called Lotus Notes was renamed to Lotus Domino at the server end with version 4.5. Only the client software for end users (however, not the software for developers and administrators) still bears the Lotus Notes name. The names "Notes database" and "Domino database" can be found for the databases. In conjunction with the Notes database and/or the newly published Quickr product, it presents a cooperation environment within the meaning of the teaming/workgroup software category. However, since the Notes client is a groupware/messaging product in the narrower sense, it is mentioned at this point. In about mid-2007, IBM published Notes version 8 which is based on Eclipse Technology.
Seite 313 The functionality of the Notes client includes the following groupware applications: • Mail • Calendar • Contacts • To-do lists • Instant messaging/presence (Sametime) Office applications (presentations, spreadsheets and documents) are additionally available. The client was completely revised in the new version and is available both as a rich client and as a web client. Besides the revised interface, the new version offers two special features which will be briefly discussed in the following. One special feature of the new version is its activity orientation. For this purpose, the client offers an activity sidebar which can be used to set up activities. Other objects of the Notes environment (mails, appointments, to-dos, documents, etc.) can then be assigned to these activities. This system is designed to simplify personal information management.
Fig. 41: Notes architecture
When it comes to the topic of integration with other applications, IBM uses the open standard of the Eclipse Application Development Framework as well as a component- based, service-orientated architecture. This enables the development of so-called composite applications which enable the integration of external application data into the Notes client. Fig. 41 above from the Beta Reviewer’s Guide illustrates the interaction between the Notes client and the WebSphere portal and the Domino server. With the new version 8, IBM gave a new face to the Notes groupware which has been on the market for quite a number of years. In this context, activity orientation was introduced
Seite 314 as a special feature. The trend to support mashups305 which is linked to Web 2.0 is supported with the composite applications concept. Notes demonstrates its full strength in conjunction with Domino because cooperation processes and workflows can be supported and automated in addition to the messaging functionality.
2 Migration paths The migration paths discussed in the following chapter are limited to selected systems and consider different aspects of a migration project. The migration paths discussed are assigned to show ways of migrating between different systems (for example, proprietary and open source systems), different versions of a single system, and between systems with different user interfaces and/or concepts. Each of the following sections describes ways of exchanging data between different groupware systems as well as the tools which are necessary for this purpose. Each migration path focuses on the identification of possible interfaces which enable the efficient transfer of essential information units, such as • e-mails • address data • calendar information between systems. The migration paths discussed involve both direct server-to-server migration and indirect migration using a client, such as Outlook or Kontact. Indirect migration primarily uses the existing client application for the reconciliation of data and is especially necessary whenever information units, such as those mentioned above (for example, e-mail or contacts), were saved locally in the respective application. The question as to when direct or indirect migration should be chosen depends on the number of users and the availability of additional software. If indirect migration can be easily carried out for the individual user, the option of direct migration which means involvement of an expert should be carefully set off against the option of indirect migration which involves every user. Furthermore, one should also consider in a migration project whether certain data will remain at the client end or whether such data is to be migrated to the new groupware. 2.1 Migration from MS Exchange 5.5/2003 to Kolab 2 This chapter describes the migration from Microsoft-Exchange 5.5/2003 to Kolab2. In view of the sometimes significant differences between Exchange versions 5.5 and 2003, general handling differences will be mentioned in the following. Indirect migration via a client is possible with this migration path. Connectors (refer to chapter III.A 1.5) which establish a connection to the Kolab server enable the direct migration of e-mail, contact and calendar data from within the client application, such as Outlook, from Exchange 5.5/2003 to Kolab 2. This also includes the optional migration of local data and additionally enables migration from client to client (for example, from
305 The integration of external dynamic elements into a website. Seite 315 Outlook to Kontact). Furthermore, the open-source-based and platform-independent "kdepimpi"306 application can be used for the transfer from one system to another.
2.1.1 Migration of address and directory data In the case of Windows Exchange Server 2003, the address and directory data is managed in the Active Directory of the Windows Server operating system. Active directory has a structure similar to LDAP. Microsoft offers various tools for exporting data from the Active Directory and integrating such data into the Kolab LDAP server. The LDIFDE command line tool is helpful in this context. It exports the data from the Active Directory server into the LDAP Data Interchange Format (LDIF) which, for its part, can be imported by the LDAP server. The Exchange Migration Wizard offers an alternative way of extracting the data from Exchange. The Exchange Migration Wizard has been available since Exchange 2000 as a separate tool and enables the saving of data of an old Exchange installation in a folder structure. Exchange version 5.5 enables direct activation of the LDAP service, so that address and directory data can be exported per LDAP307. On the basis of the LDIF format, the address and directory data can be imported into the OpenLDAP system component of the Kolab server. The open format of the LDIF specification additionally enables editing of the data prior to migration to the target system. Thanks to the understandable structure of the format, both manual and automatic modification of the data are possible. Migration to the Kolab LDAP server can be implemented using different applications and user interfaces. Besides the standard tools of the OpenLDAP server, desktop applications are available, such as Java-based JXPlorer308 , as well as web-based solutions, such as "phpLDAPadmin"309, which enable importing and exporting of the LDIF format as well as administration of the Open LDAP server. It should be noted here that in most cases web-based solutions require operation of a web server which must be specifically set up for this purpose. The structure of an LDAP directory can be adapted to the specific requirements of the case in question, and can be adapted to the particular needs of an organization by means of schemas. Due to the flexible structure of an LDAP directory, an analysis of migration should be performed in advance in order to identify the attributes and properties of the directory which must be adapted in order to maintain the semantic conditions of the directory. Standard formats (such as the vCard format) which can be exchanged between different applications are also available for address data when it comes to migrating contact data which is stored directly in the client data. Furthermore, the above-mentioned possibility to use connectors should be mentioned here.
2.1.2 E-mail migration Synchronization of the e-mail data can be carried out both at the client and at the server end. Especially in cases where the POP3 protocol was previously used, the own e-mail
306 http://sourceforge.net/project/showfiles.php?group_id=104103 307 http://www.selfadsi.de/att55mbx.htm 308 http://www.jxplorer.org/ 309 http://phpldapadmin.sourceforge.net/ Seite 316 program (for example, Outlook) can be conveniently used in order to migrate all the messages to the IMAP server. The "imapsync"310 command line program is a suitable tool for synchronization via IMAP at the server end. This program is capable of synchronizing two different IMAP accounts with each other. However, solutions for synchronization at the server end, such as imapsync, require the respective user data to be made available for the migration measure. Furthermore, it can also happen that the mail status (for example, read, not read) is not always saved together with the messages. The above-mentioned migration wizard can also be used to extract the e-mail boxes. Another alternative is to use of the ExMerge tool from Microsoft in conjunction with the Readpst311 tool. ExMerge can be used to save complete mailboxes at the server end in PST files. Readpst converts the mailboxes to mbox format. The IMAP component of Kolab can then use this format in order to transfer the data into the individual mailboxes. Besides the concepts for migration between MS-Exchange and Kolab2 described here, the company Toltec offers a migration tool312 which is capable of migrating e-mail, calendar, contact and other data between MS-Exchange and Kolab2.
2.1.3 Migration of calendars The web interface of the Kolab server (Horde/Kronolith) offers an export/import function which enables the direct transfer of calendar information into the system. The commonly used iCalendar export format can be used for this purpose which is offered by many client applications (for example, Outlook). In conjunction with the above connectors mentioned earlier (refer to chapter III.A 1.5), Outlook also offers the possibility to exchange calendar data manually between two servers and to avoid explicit importing and exporting operations in this way.
2.1.4 Conclusions In summary: The "imapsync" command line program can be integrated relatively easily into scripts developed by the user so that a high degree of automation is possible. The situation is similar in the case of address and directory data. In this case, a graphic web client can be used in order to migrate the data centrally into the respective exchange format. The reference for both systems is the Outlook client for the migration approach described here. It should, however, be noted that, without the use of additional software, the use of Outlook is limited to the receipt of e-mail data via the IMAP protocol. Full exploitation of the function of the Kolab server which is made available requires the use of the connectors mentioned in chapter III.A 1.5. Furthermore, the use of own forms is no longer possible within the Outlook client. With regard to the additional software, no general statement is possible within the scope of this migration guide; this aspect must be examined from case to case. 2.2 Migration from Kolab 2 to MS Exchange 2007 This section describes migration from Kolab2 to Exchange 2007. In analogy to the indirect migration path described earlier, connectors (refer to chapter III.A 1.5) can be
310 http://www.linux-france.org/prj/imapsync/README 311 http://alioth.debian.org/projects/libpst/ 312 http://www.toltec.co.za/migration.html Seite 317 used in this case too in order to migrate e-mail, contact and calendar data relatively easily from Kolab 2 to MS Exchange 2007.
2.2.1 Migration of address and directory data In a manner comparable with migration from MS-Exchange 5.5/2003 to Kolab 2, migration to MS-Exchange 2007 can also be based on LDIP format. The standard tools of the OpenLDAP server and, in particular, the above-mentioned "JXplorer" and/or "phpLDAPadmin" desktop and/or web applications (see above), can be used to export the address and directory data. The structure of the LDAP directory of the Kolab server must be adapted to the schema of the Exchange server by way of transforming the directory contexts. Furthermore, address data saved locally can be exported via a connector or using the vCard format at the client end. The LDIFDE tool can be used to write this data into the Active Directory of the Windows server so that this data can then be used by Exchange 2007.
2.2.2 E-mail migration Migration of the e-mail data can be carried out both at the client and at the server end. Besides the possibility of indirect migration using a client (for example, Outlook or Kontact), synchronization is also possible at the server end via IMAP. The "imapsync"313 command line program (refer to section III.A 2.1.2) is also suitable for this purpose in that it is capable of synchronizing two different IMAP accounts with each other. This type of synchronization requires the MS Exchange server to guarantee that access to the e–mail accounts is possible via the IMAP protocol. Another approach involves the conversion of the mailboxes of the Kolab server which are available in MBOX format to in PST (Personal Storage Table) files which can then be made available via ExMerge or the Exchange Migration Wizard in Exchange 2007. Various free or commercial tools314 are available for this step; however, some of these require prior conversion to intermediate EML (Outlook Express Electronic Mail) format. This method is particularly interesting if a large number of mailboxes must be migrated.
2.2.3 Migration of calendars The web interface of the Kolab server (Horde/Kronolith) enables the direct transfer of user-specific and group-specific calendars via an export function using the iCalendar format into other applications. The use of connectors (for example, the Toltec connector) can also be used to transfer the calendar data, for example, via Outlook from Kolab to MS-Exchange 2007.
2.2.4 Conclusions One can sum up that the time and cost requirements of a migration project depend heavily on the type of data to be migrated. The "imapsync" command line program, for example, can be integrated relatively easily into custom-developed scripts which enable a higher degree of automation. The effort required to synchronize address and directory
313 http://www.linux-france.org/prj/imapsync/README 314 http://www.aid4mail.com/ Seite 318 data depends on the degree of adaptation of the LDAP directory and the related transformation. Several client applications are available which enable the central transfer of the data into the respective system, thus simplifying the process before and after transformation. Manual work will also be necessary when it comes to migrating the calendar data. The extent of this work depends on the number of calendars which are managed in the Kolab server. As an alternative concept, client-based and/or user-based migration scenarios (for example, via Outlook and integrated connector) can help to reduce the required effort. 2.3 Migration from MS Exchange 5.5 to MS Exchange 2007 Since the Exchange 5.5, Exchange 2000, Exchange 2003 and Exchange 2007 versions were each developed on the basis of their respective predecessor versions, transition is also possible in addition to migration. Transition means upgrading an existing Exchange organization to a newer version. Migration means changing from an existing to a new Exchange organization without using the previous configuration data of the existing Exchange installation. This scenario is often found when two installations are merged which previously acted separate from each other. Direct transition or migration from Exchange 5.5 to Exchange 2007 is generally not possible. The usual approach is to first migrate to Exchange 2003 and to subsequently perform a transition from Exchange 2003 to Exchange 2007. Further information about this topic can be found in the Microsoft TechNet315 .
2.3.1 The transition procedure A transition from Exchange 2003 to Exchange 2007 is not possible by way of a mere update on the basis of the existing installation. Instead, parallel installation of Exchange 2007 is first always necessary within the same organization. This always means a temporary coexistence of the old and new Exchange installations in the case of a transition project. Once Exchange 2007 is installed within the same organization, the data of the old Exchange version can be copied to the new Exchange 2007 installation. The tools used in this context are primarily the Exchange Management Console and the Exchange System Manager. Numerous manuals316 are available which describe this process in detail.
2.3.2 The migration procedure The migration process to a new Exchange 2007 system includes the installation of a completely new Exchange 2007 organization. Thereafter, all the contents (mailboxes, calendars, public folders, users, etc.) of the old system must be migrated to Exchange 2007. Microsoft offers the Exchange Migration Wizard317 as a free tool which enables automation of the mailbox migration process. Microsoft additionally offers the LDIFDE and CSVDE tools for migrating the contents of the Active Directory.
315 http://technet.microsoft.com/en-us/library/aa997461.aspx 316 http://www.msexchange.org/tutorials/Transitioning-Exchange-2000-2003-Exchange-Server- 2007-Part1.html 317 http://support.microsoft.com/kb/328871 Seite 319 As alternatives to these relatively simple tools which Microsoft itself offers, several third party suppliers offer a number of complex tools which simplify and automate this process even further.
2.3.3 Conclusions To sum up, this means: Since migration of an old Exchange version to the new Exchange 2007 means migration within the same product family, migration of the existing data is largely possible without losses. Although Microsoft offers comprehensive guidance as to how such a migration is to be carried out in detail under different starting conditions318, direct migration from Exchange 5.5 to Exchange 2007 is not possible. Two successive migration processes must be carried out in this case. This process hence means double work and costs, comparable with migration from Exchange 2003 to Exchange 2007. The table below summarizes the possible migration and transition paths.
Transition to an Old system Exchange 2007 Migration to Exchange 2007 organization
Supported, but migration from Exchange 5.5 to Exchange 2003 or Exchange 2000 is required Exchange Server 5.5 Not supported first. This must then be followed by a transition from Exchange 2003 or Exchange 2000 to Exchange 2007.
Exchange 2003 Supported Supported
Exchange 2000 Supported Supported
Table 54: Possible migration and transition paths
2.4 Migration from eGroupware to Lotus Notes 8 Migration paths from eGroupware to Lotus Notes 8/Lotus Domino 6 are presented in the following. Besides possibilities for exporting and importing the data, the integration of external directory services and mail servers will also be discussed.
2.4.1 Exporting data from eGroupware At the user end, eGroupware only supports the export of calendar data in iCal format. At the server end, there are no export tools currently available because, according to the company Outdoor Unlimited Training GmbH319 , customers had not yet demanded this. However, due to the open architecture and the use of standards, a lot of data is managed outside eGroupware and can hence be used in other system solutions, such as Lotus Notes 8/Lotus Domino.
318 http://technet.microsoft.com/en-us/library/bb124008.aspx 319 http://www.outdoor-training.de/ Seite 320 2.4.2 Data management in external directory services Integration of external directory services in eGroupware is possible for data management purposes. This at first concerns the user administration functionality. Storage and administration of user data as well as user authentication can be fully carried out via LDAP. For external file administration, storage is possible either in the file system or on a web server with WebDAV support. With the integration of GroupDAV320 , eGroupware enables the external provision and exchange of calendars, to-do lists, contact lists and notes.
2.4.3 Data export via XML RPC eGroupware offers an XML RPC API321 for external access to functions and data of the address book, calendar, to-do lists, contact lists as well as notes. In this way, an application can be implemented which exports the data via HTTP in XML format and prepares this data so that it can be imported into Lotus Domino.
2.4.4 E-mail migration The e-mail functionality in eGroupware is made available via any SMTP-enabled and POP3/IMAP-enabled mail servers rather than via a dedicated mail server component. The e-mail server component integrated in Lotus Domino offers POP3 and IMAP protocols for the transmission of e-mail data. Concerning synchronization of the e-mail boxes, please refer to the options discussed earlier (for example, using the "imapsync" command line program).
2.4.5 Importing the data to Lotus Notes 8/Lotus Domino 6 For migrating existing groupware systems to Lotus Notes 8/Lotus Domino, Lotus offers tools which can be used both at the user end and at the server end for migrating eGroupware to Lotus Notes/Domino.
2.4.6 Data import at the user end At the user end, importing calendar data in iCal format from Lotus Notes 8 does not pose any problems. It is also possible to import address book data in vCard format to Lotus Notes 8. However, when evaluating the export tools of eGroupware it was not possible to definitely clarify whether eGroupware offers the export of address book data in vCard format at the user end. One can, however, generally say that the import by the individual user only makes sense with smaller amounts of data.
2.4.7 Integration of external directory services in Lotus Domino 6 Migration of the user accounts from eGroupware to Lotus Domino is possible on condition that the user administration in eGroupware is implemented by integrating an LDAP directory. Lotus Domino 6 offers functions for migrating existing LDAP-compliant user directories to Lotus Domino. The LDAP Domino Upgrade Service322 offers several
320 http://www.egroupware.org/index.php?page_name=sync&wikipage=GroupDAV 321 http://www.egroupware.org/index.php?page_name=sync&wikipage=xmlrpc 322 http://www-12.lotus.com/ldd/doc/domino_notes/6.5/help65_admin.nsf/ b3266a3c17f9bb7085256b870069c0a9/bfd815f921a50c8d85256d9b004b022b?OpenDocu ment Seite 321 migration options, including for example, the expansion of the LDAP schema. It should be noted that the use of the Lotus Notes e-mail functionality requires every migrated user to be registered with a Notes ID in Lotus Domino. Furthermore, IBM Tivoli Directory Integrator323 enables the integration and synchronization of external LDAP directories. In this case too, the above-mentioned restrictions concerning varying schemas of the LDAP directory must be taken into consideration (refer to chapters III.A 2.1 and III.A 2.2). Lotus Domino 6 offers an integrated web server which also enables integration of WebDAV324 . This means that WebDAV integration can be used at both ends in order to migrate the documents managed in eGroupware. The Domino Designer can be used to design the documents managed in WebDAV.
2.4.8 Data import at the server end Starting with Lotus Domino 6, IBM provides with Lotus XML Toolkit325 a collection of integrated classes for Lotus Script, Java and C++ which enable the data import and export of the database contents. This programming interface can be used to extract, modify (via DOM and XSLT processor) and re-import data and design from existing Domino databases on the basis of DXL (Domino XML). With a view to migrating the calendars, to-do lists, contact lists and notes managed in eGroupware, the data can be read, transformed to DXL and subsequently imported to Lotus Domino using the XML RPC interface from eGroupware in XML format. DXL includes detailed design elements.
2.4.9 Conclusions In summary, this means: Due to the administration of users, e-mails, documents, calendars, address books and to-do lists outside eGroupware and their exchange via standardized protocols, such as iCal, LDAP, WebDAV and XML-RPC, it is generally possible to export the data. At the user end, the import of the calendar data to Lotus Notes 8 in iCal format is supported. The LDAP Domino Upgrade Service and the IBM Tivoli Directory Integrator enable migration of the LDAP-compliant user accounts and/or integration of the LDAP system integrated into eGroupware. With the activation of WebDAV in Lotus Domino, the exchange of documents is possible if the document administration functionality of an eGroupware installation is implemented via WebDAV. Furthermore, the SMTP-enabled mail server of an eGroupware installation can be integrated into Lotus Domino. Using the programming interfaces in eGroupware and Lotus Domino, applications can be developed which implement the data export from eGroupware and the import to Lotus Domino at the server end. It should, however, be noted that eGroupware manages not just o the data mentioned, but also further information, such as project data, polls, discussions, etc. which are internally stored in database systems and which thus cannot be exported and made available to external applications without problems.
323 http://www.ibm.com/developerworks/lotus/library/lwp-msad/ 324 http://www-12.lotus.com/ldd/doc/domino_notes/Rnext/help6_admin.nsf/f4b82fbb75e942 a6852566ac0037f284/9ba6f9d0158ccf7c85256c1d00397996?OpenDocument 325 http://www.ibm.com/developerworks/lotus/downloads/toolkits.html#notesdomino Seite 322 IBM Business partners326 offer a wide range of services for migration to Lotus Notes/Domino. 2.5 Scalix to eGroupware This chapter describes migration from Scalix 11.2 to eGroupWare 1.4. Besides the possibility to export and import the data, the integration of external directory services and mail servers will also be discussed. Due to the complexity of both systems, it should be taken into consideration with regard to data storage that global migration strategies, i.e. "from database to database at the push of a button" are difficult to implement and that the situation must be analysed from case to case.
2.5.1 Data migration eGroupWare327 considers the subject of data migration in that standardized data exchange methods are supported on module level (module = a software function, such as calendar, address book, task and project manager): iCal: calendar information, vCard: address information; CSV: calendar, address, task management, SyncML, GroupDAV; iCalServer: calendar, address, task management328; WebDAV: file and folder management. This ultimately means that a migration strategy can be orientated both towards the user and towards the data instance. This means that individual users can use the above- mentioned tools and migrate their data in their own responsibility or the source system is migrated by the system administration as a whole.
2.5.2 Address and directory data Migration of address data from Scalix can be carried out by extracting the individual user contacts of each user in the LDIF format (LDAP Data Interchange Format). The LDIF files generated can be modified according to the users' requirements using shell scripts prior to importing to eGroupWare. The open format of the LDIF specification enables editing of the data prior to migration to the target system. Thanks to the understandable structure of the format, both manual and automatic modification of the data are possible. Central migration of the data can be carried out using different applications and user interfaces. eGroupWare users are managed in the database and can logon, depending on the given configuration, both to the database and to existing authentication systems. Thanks to the technologies used by eGroupWare (for example, PHP, Apache web server, MySQL database, etc.), the system is platform-independent and runs on both Linux and Microsoft systems. For the authentication function, this means that both LDAP and, for example, MS-ADS are supported. Another side feature of an LDAP strategy is that eGroupWare address data, for example, can be stored in the LDAP and made available there to further applications in this way.
326 http://www-304.ibm.com/jct03004c/businesscenter/smb/de/de/partnerfinder 327 www.egroupware.org 328 www.egroupware.org/sync Seite 323 An LDAP can be used for authentication alone (just like IMAP, ADS, HTTP, PAM, etc.) or it can be used as an "account storage". In the latter case, the user data, including group affiliations, is managed in LDAP and is hence also available to other servers (IMAP, SMTP, Samba, etc.). With Cyrus or DB-Mail as an IMAP server and an SMTP server of the LDAP (for example, Postfix), management of the user data of the mail server is possible completely from within the eGroupWare (alias, forwarding, quota, folder ACL, sieve filter and holiday notifications).
2.5.3 E-mail eGroupWare includes an e-mail client of its own. Since the software is implemented as a web application in the browser, the e-mail client works as a web mailer. This web mailer is a pure IMAP client, whilst POP3 is being supported. With a view to the genuine e-mail function, numerous known mail servers are supported. The choice of supported mail server is smaller with regard to the use of functions which can be managed in eGroupWare, such as filters and absence rules, as well as access rights for cooperation of users in shared mail folders. The full functionality is at present available, for example, for DBMail and Cyrus mail servers. eGroupWare uses the SMTP of the mail server connected to the groupware to send mails (including, for example, for task and appointment notification messages). The "imapsync"329 command line program is a suitable tool for synchronization via IMAP from Scalix to eGroupware at the server end. This program is capable of synchronizing two different IMAP accounts with each other. It can, however, happen during the migration of IMAP mailboxes that the mail status is not always saved.
2.5.4 Calendar Calendar data is migrated for every user via API in iCal format. This means that both the extraction from Scalix and the import to eGroupware are based on iCal files. This data can be processed/edited via the API.
2.5.5 Conclusions One can sum up that the time and cost requirements of a migration project depend heavily on the type of data to be migrated. The "imapsync" command line program, for example, can be integrated relatively easily into custom-developed scripts which enable a higher degree of automation. The situation is similar in the case of address and directory data. As regards the migration of data to eGroupWare, nothing needs to be considered with regard to the client end. It is, however, important that the former individual rights of the user with regard to the old method also be migrated to eGroupWare during the migration process.
329 http://www.linux-france.org/prj/imapsync/README Seite 324 3 References 3.1 Web server and network services Depending on the given group application, references to different system components can exist. Microsoft products, in particular, are usually highly integrated and in some installations, for example, use functionalities of Microsoft Internet Information Services. The chapter concerning the web server subject (chapter II.B 1.2) must be considered in this respect. The Kolab application is a modular integration of different open source applications, including, for example, the Apache web server and different mail servers. This means that references exist to the following chapters: • B Subject: web servers, Apache HTTP server (chapter II.B 1.1) • D 1.2 Subject: network services (chapter II.D) 3.2 Authentication and directory services • It is often very helpful to connect the administration of users and user groups as well as the administration of rights and privileges in groupware with existing authentication and directory services. This creates references to the subject of authentication and directory services, chapter II.C. 3.3 Backend integration Groupware solutions are occasionally extended via existing interfaces or customized programs or plugins in order to adapt the functionalities to particular requirements. This creates references to the subject of backend integration, chapter III.D.
Seite 325 B Subject: teaming/workgroup software
1 Products/technologies Teaming software or collaboration platforms as they are also often called are very popular both among software manufacturers and IT managers in organizations. One might think that the acquisition of a software packages will eliminate all or most of one's trouble because it is more than just a single product, instead it is many products in one. Most of the systems offered include content management, a portal solution, document management, knowledge management, a search engine plus collaboration functionality. However, it should be clear to every reader that this is not the case. Why should a manufacturer sell a one-in-five product if he can sell five products? Collaboration platforms are primarily designed to support cooperation in teams, be it in internal or external projects or within organization units or in other team configurations. Such cooperation does not call for a classic content or web content system nor a classic document management system either. A Microsoft Office Share Point Server or a Lotus Quickr or a Novell Teaming + Meeting are hence unlikely to provide the complete functionality of classic systems of this kind. The functions of a document management system (DMS) serve as an example to illustrate this. Classic functions of a DMS are: • Visualization of work structures (implementation of file structures) • "In" basket / "out" basket • Shared document processing and editing (check in / check out)330 • Version management • Meta data management • Mapping of file circulation plans Of the functionalities, collaboration platforms usually provide only the following: • Shared document processing and editing (check in / check out) • Version management • Meta data management This also seems to be logical if one considers which tasks and activities must be supported in order to enable teams to cooperate. The list below hence does not claim to be complete: • Setting up teams • Assigning functions to team members • Distributing tasks and monitoring completion • Defining and monitoring time schedules
330 The "Check out" function ensures that the same document is not edited or processed by several persons at the same time. "Check in" releases a document for shared processing or editing again. Seite 326 • Drafting, editing, checking, releasing and retrieving results • Defining and implementing processes for the performance of tasks and the development of results (documents, data and information) • Ensuring reproducibility o Versioning/archiving o Logging o Keeping a project log • And many more. Functions, such as "check in" and "check out" are required especially for teams working jointly on documents in order to ensure that work does not overlap and hence to any loss of information. Versioning and simple procedures for archiving old versions and for assigning and managing metadata for the classification and retrieval of documents are required in order to ensure the reproducibility of work. However, a team usually does not require an "in" and "out" tray and hence no file organization plans. This leads to the following conclusion: If you need a classic DMS, you should not buy and use a collaboration platform for this purpose. This holds equally true for the other systems too. An organization should buy and use a collaboration platform in order to support cooperation in teams. The second aspect which must be mentioned in conjunction with teaming software is the recommendation to prepare the use of such software very carefully. This also includes the detailed definition of the relevant requirements and a precise check during the purchasing process in order to make sure that these requirements are fulfilled because the discussion below will show that it is sometimes quite difficult to identify the differences because they are hidden in the detail. Good preparation is recommended in order to avoid the investment from becoming a misinvestment or the platform from drowning in the chaos of different work spaces. The manufacturers of such teaming solutions promise quick and simple solutions for setting up such a teamwork space. Everything which is needed is put together with two or three clicks. The standard structures are similar in almost all the solutions, i.e. a wiki, a blog, a library, a calendar – and the work space is ready. If necessary, three standard workflows are added. The nice thing about almost all of these solutions is that these standard structures can be adapted and expanded more or less easily using further tools which must be separately paid for. These possibilities should be used in any case. The better the preparations and the more comprehensive the adaptations in advance, the easier the future implementation of the right work spaces for the organization concerned. These include, for example, the following preparations in advance: • Identifying the required document types331, formats and standards • Defining the different structures of the work spaces with the required functions
331 A distinction can be made here, for example, between files, blog postings, e-mails, etc. Seite 327 • Defining the right attributes for metadata • Describing the required processes and converting these to dedicated standard workflows One important aspect in this context is the need to ensure that the structures, once defined, are not subsequently randomly changed. This should be limited to cases in which this is really necessary and carried out by responsible team members. This requires a clear-cut definition of roles and the related access rights and privileges. The necessary privilege structures should hence be examined and determined in advance. Individual changes for different team areas can be implemented at any time. Furthermore, the employees responsible for the work space structures as well as all the other users should be given appropriate training in advance. This section ends with one question which must be answered by the readers themselves and which should be considered especially in conjunction with the preparations and the acquisition of a product. Since the work of teams is in most cases not designed to last forever, the question now is what should happen to the contents of the work space of a team after it has been wound up. 1.1 Mindquarry The Mindquarry teaming and workgroup software was created in 2006 at the initiatives of students at the Hasso Plattner Institute of Potsdam University. Their intention was to create a tool for workgroups which supplements the exclusively e-mail-based communication form, which is time consuming and not very user-friendly for teams, without copying the complexity in terms of handling, configuration and maintenance which most solutions from this area feature. The result of these efforts is an easy-to- install software which combines various services for group work on a clearly structured user interface. These services include tools for file sharing, message and discussion services, user administration and simple project management tools. Mindquarry was created as a free software under the Mozilla Public License (MPL). Although commercial support offerings and hosting of a commercial server service for work groups were planned within the scope of a private limited company of the developers, this project was discontinued at the end of 2007 due to lack of venture capital. A community has since continued the development of Mindquarry as a classical open source project.
1.1.1 Technology / architecture Architecture Mindquarry consists chiefly of a modular set of server applications which centrally manage all the data and information, provide a web interface, and offer several standard interfaces. It also comprises a client application and plugins which work groups can use to access this data and to communicate. The server software was designed as classical middleware. It is based on a number of existing technologies (libraries) and products and combines these to a single product under a common user interface. The central server application was implemented in the platform-independent Java (version 5, SDK) programming language. Furthermore, programming was based on several freely available libraries and technologies as follows:
Seite 328 The "Apache Jackrabbit" toolkit was used to program the integrated document administration functionality, "Apache Cocoon" was used as the framework for developing the web functionalities, and the "Dojo Toolkit" was used to develop the web interface. SWT (Eclipse) was used to program the client programs which support the file management and task management functions. Fig. 42 shows all the constituent parts of a complete installation, including an Apache web server with the mod_perl add-on which is required for document management. The Mindquarry desktop client communicates with the server application via HTTP and synchronizes itself with the collaboration server via simple PUT requests (HTTP). Furthermore, locally stored files are updated in the workspace of the file system with the contents of the distributed documents on the server via the Subversion WebDAV protocol. For this purpose, the client uses the Subversion Client Library which communicates with the mod_dav_svn module of the Apache web server. This means that the Apache web server must be installed as a precondition for using this function. The integration of this functionality into the overall architecture is described below. SSL and document management are enabled by the corresponding Apache modules, i.e. mod_dav_svn for Subversion and mod_proxy for encryption. The mod_perl module, which includes the Perl script language in which these functions are programmed. is used for internal synchronization of the user rights and privileges for Subversion, for the WebDAV function which enables a web browser to access the files just like a file manager, and for the assignment of rights and privileges implemented in Mindquarry.
Seite 329
Fig. 42: Mindquarry architecture
The central web application of Mindquarry is supported as a Java servlet by the spring- based Cocoon Framework. As a precondition for Mindquarry to run, a corresponding servlet container or application server, respectively, is required. This must be compatible with Java Servlet API 2.4 or support this, respectively. In the Windows variant, the Jetty Servlet container is installed during installation. A Linux installation requires the separate installation of a suitable container, such as Tomcat. According to the Mindquarry developers, the Apache web server should be placed in front of this architecture, so that access to Mindquarry take place via the web server. The advantage of this concept is that both the function of file synchronization (see above) with the clients and all the other functions of the web server can be used, Mindquarry with the native clients and web browsers via HTTP and via Apache JServ Protocol (AJP).
Seite 330 The different parts of the web application are broken down within the Cocoon framework into sitemaps servlets which can be addressed via URLs by HTTP requests and behave like independent, small web applications. The HTTP response of these sitemaps either contains HTML, including Javascript, image data and CSS, or information of Mindquarry clients or RSS feeds packed in XML. The full-text search functionality was implemented using Apache Solr, an open source search server which is based on the Lucene Java Search Library. Mindquarry sends all the information generated in Mindquarry to Solr which creates a Lucene index from this data which is at all times up to date. Search requests from users via the web interface are forwarded directly to the Solr servlet. The full-text search covers the contents of the wiki and all the tasks. The repository is additionally indexed and can be searched. All the customary open and proprietary formats are considered in this context, including PDF, Microsoft PowerPoint and Microsoft Word. All the user data and documents are stored by program parts which are based on Apache Jackrabbit, a complete implementation of a content repository as Java API (JCR). This acts as a database in Mindquarry and stores the data hierarchically in a tree structure. This Java content repository is a relational DBMS and is used in Mindquarry as a backend for data storage. Mindquarry extends the JCR library by a search algorithm which is capable of fully handling XPath-compliant requests (XML Path Language). Mindquarry uses Subversion for the versioning and revision of document changes. Subversion is an open source solution for tasks of this kind which implements a versioned file system. Subversion checks changes in data stocks on a client basis and hence also works offline with delayed synchronization. When the web interface is used, Mindquarry itself communicates via Subversion clients with the revision data of Subversion, whilst local desktop PCs are synchronized by Mindquarry clients via the Apache mod_dav_svn module. Plans exist to upgrade Mindquarry to a full-scale collaboration server by integrating the Apache James mail server as an independent MTU, so that mail services (mailing lists, etc.) can be integrated in the Mindquarry functions (Subversion, full-text search, etc.). Installation of the Mindquarry server is additionally contingent upon installation of a Java SDK, version 5 or higher, and Apache 2 with mod_perl as well as Subversion. All the other parts are supplied with the Mindquarry software package. An installation package (XAMPP) is available for installations under Windows; this package covers all the requirements for Mindquarry. The only hardware requirements are 256MB RAM and 100MB free hard disk capacity for the pure software, the data generated not included.
1.1.1.1 Protocols and interfaces All the programming interfaces (API) and protocols which are used in Mindquarry are fully disclosed and documented. Communication between individual parts and between clients and servers largely proceeds via HTTP, via which XML and HTML data can be sent. AJP is used as the protocol between the Apache web server and the Cocoon servlet. Apache Jackrabbit is addressed per JCR and the relational database is connected via JDBC. The Lucene index for all the relevant information retrieval functions is addressed
Seite 331 via the JSON API. The planned MTU communicates by default per SMTP and can also be accessed by mail clients via Pop3 and IMAP. Mindquarry can be used without any problems via its web interface. Conventional web browsers are all that is needed for this purpose. Additional client programs which can be installed locally are available for Mindquarry. These clients can be used in order to automatically synchronize defined areas on the local hard disk with the data on the central server. Clients of this kind exist for both MS Windows as well as Linux and Mac OS. Their implementation as Java applications enables porting to other platforms without any problems. Mindquarry enables users to be kept up to date on the latest changes and messages via an RSS feed. Many suitable RSS feed readers are also available as open source solutions and are integrated into most modern web browsers. The architecture can hence be considered to be modular and open in all respects, so that any expansion and modification of the architecture should not pose any problems via the above-mentioned interfaces.
1.1.1.2 Security aspects All access to the Mindquarry server can be SSL encrypted with optional use of the mod_proxy module in the Apache web server. Within the Mindquarry interface, user rights and privileges can be defined so that access rights and functions can be defined as required for user groups and individual users. The server itself does not offer any special security mechanisms. The data is available in non-encrypted form on the server and access to repositories, indices, etc. can take place via the well-known interfaces thanks to the modular architecture. The following documents issued by the German Federal Office for Information Security should hence be considered when it comes to implementing such an architecture: • "Sicherheitsuntersuchung des Apache Jakarta Tomcat Servlet Containers" [Security analysis of the Apache Jakarta Tomcat Servlet Container], Bundesamt für Sicherheit in der Informationstechnik, [German Federal Office for Information Security], Bonn 2006, http://www.bsi.de/literat/studien/tomcat/index.htm • "Web 2.0 – Sicherheitsaspekte neuer Anwendungen und Nutzungsformen des Mediums World Wide Web und ihrer Implementierung", [Web 2.0 – security aspects of new applications and forms of use of the World Wide Web as a medium and their implementation] Bundesamt für Sicherheit in der Informationstechnik [German Federal Office for Information Security], Bonn 2007, http://www.bsi.bund.de/literat/studien/web20/index.htm • Baustein 5.11 Apache-Webserver der IT-Grundschutzkataloge, [Module 5.11 Apache web server of the IT Baseline Protection Catalogues] http://www.bsi.bund.de/gshb/deutsch/baust/b05011.htm Although use within closed LANs is possible without any major effort, secure access from the Internet should always take place, for the reasons stated, via firewalls and proxies in order to ensure not just the enhanced security of such a solution, but also the
Seite 332 recommended SSL encryption. Inter-organization cooperation is possible via encrypted access and, thanks to the standard protocols used, can be used for both the web application and the desktop clients. A higher level of security when cooperating via the boundaries of different LANs can be achieved via VPNs or generally encrypted network connections (such as Stunnel) which can also be used in a transparent manner throughout the entire application. From an IT security perspective, it should be remembered that the document repository is indexed within the scope of the full-text search, with all the customary open and proprietary formats considered in this context, including, for example, PDF, Microsoft PowerPoint and Microsoft Word.
1.1.2 Functionalities The programmers of Mindquarry wanted to create an easy-to-use tool which supports work groups in coordinating their work and in exchanging, managing and checking these results. Several modular functions were created for this purpose which combine to form the Mindquarry teaming software. In Mindquarry, a workgroup is called a team. Teams are made up of groups of individual users and can be set up by users having the required rights and privileges. Teams and users can be defined within a wide range. Activities and tasks can be displayed on a personal basis within the team overviews. It is also possible to set up and manage different teams for a project. All users of a team have equal access rights. Plans for a rights/privileges management system on user level are underway. Mindquarry includes a task management function. Tasks with certain properties, such as status (new, running, done, etc.) or priority (high, low, etc.), can be assigned to groups and individual team members. Within a task overview, tasks can be sorted according to different criteria and exported as iCal or PDF. Several team members can be assigned to the same task. Tasks can be connected to each other so that complex project planning is possible. Tasks which have been completed are archived for future analysis. Different views are available in order to show the progress of a complete project, for example, by showing all the tasks which are underway or which have not yet been assigned. Changes in tasks are versioned and can be retrieved accordingly. All the project members are informed by RSS/Atom feeds of progress and changes. A wiki serves as an open forum for teams. Users can make and edit rich-text entries and add diagrams and tables which can be read and, once again, edited by all the project members. Different filter views are available in order to trace changes and wikis assigned to teams. Entries and changes in the wiki are logged and communicated to the project members in realtime via RSS/Atom feeds. An export function enables the output of the contents as an OPML (Open Processor Markup Language) file. A central file server is available for the exchange and shared use of files. This server is synchronized via the web frontend and the desktop client applications. The file types and formats (text data, image data, Office files, etc.) have no influence on the functions of the server. During synchronization, files are automatically updated to the latest versions and files to be deleted for this purpose are archived along with version information. The version information includes the time stamp of the change, user information and automatic version numbers. Information concerning the latest changes are also
Seite 333 published via RSS/Atom feeds. Different views can be presented via web browsers and also work via up-to-date web browsers as WebDAV applications. Mindquarry generally logs and archives all the changes within the different functionalities. Mindquarry does not yet include a classical calendar function but a timeline view enables any changes to be traced in terms of the time of their implementation. An RSS feed enables the workgroups to trace information about such changes on a timely basis. The technologies used enable the offline use and subsequent synchronization of files without any problems. Due to the concept which is designed to enable easy use, the scope of the functionalities remains behind the possibilities of comparable applications, especially with a view to the use of workflow and document management functions. However, Mindquarry covers the most common use requirements for small to medium-sized projects in an efficient manner without the need to introduce users to complex operating concepts.
Main function Details User administration User and teams can be defined within a wide range. The rights and privileges system of the current implementation is limited to rights on team level.
File administration with Documents are synchronized via clients. versioning and meta data Automatic archiving with meta information. Versioning via timestamp and user info.
Calendar and task planning Tasks with basic meta information (status, author, priority and deadlines) can be determined, connected to each other, and traced.
Special features Project-related wiki function for convenient discussions. Up-to-date project information via RSS /Atom feeds.
Search function The search function covering a complete project is made available via the web interface. This full-text search function covers the wiki and task planning areas as well as the central repository with files.
Table 55: Functions of Mindquarry
1.1.3 Conclusions Mindquarry combines several open source products to form a teaming software which can set a positive trend, primarily thanks to convenient functions and easy handling. It is suitable for implementing a simple project organization in small and medium-sized workgroups. Thanks to its ease of installation and use in conjunction with the free license, Mindquarry is also a suitable ad-hoc solution which does not require any special knowledge and preconditions. All the data stored is available both in the original format and as XML-coded information and can hence be used both manually or via other programs (without Mindquarry). This is also advantageous with a view to possible future migration, in particular, in the case of replacing migration or the export of data to new environments. The use of open protocols and programming interfaces additionally enables upgrading of the functionality of Seite 334 Mindquarry in order to address specific demands of public agencies, DMS requirements or other special conditions. The disadvantage of Mindquarry is that it does not offer any special protection mechanisms against unauthorized access and that its authorization model is only very coarse. This requires special organizational and administrative care during server installation and use. The comments of the German Federal Office for Information Security on the subjects of "Security on the Internet"332 and "Web 2.0"333 are helpful in this context. A positive aspect which deserves special mention is that the full functionality can be used even without the release of active contents. 1.2 Microsoft SharePoint Server and Services Since 2001, Microsoft has been offering several products under the name "SharePoint" which were developed to form the current product through ongoing consolidation334. The table below illustrates the development since first-time publication of SharePoint products in 2001.
Year Development / publication
Services line Server line
2001 SharePoint Team Services v1 SharePoint Portal Server 2001
2003 Windows SharePoint Services v2 Office SharePoint Portal Server 2003
2006 Windows SharePoint Services v3 Microsoft Office SharePoint Server 2007335
Table 56: SharePoint history
Under the name SharePoint, Microsoft currently offers Windows SharePoint Services 3.0 and Microsoft Office SharePoint Server 2007. Windows SharePoint Services (WSS), version 3.0, form part of the Windows Server 2003 operating system and do not require an additional license or payment336. Microsoft thereby offers a set of tools and functions that support cooperation (collaboration) between distributed teams as well as the use of custom-programmed workflows. WSS are particularly suitable for small groups and small enterprises. The core of these WWS functionalities are adaptable lists, such as to-do lists in the team, calendar, document libraries (file storage with extended features), address lists.
332 http://www.bsi.de/fachthem/sinet/allgemeines/sinetstd.htm 333 http://www.bsi.de/literat/studien/web20/index.htm 334 SharePoint Historie http://www.it-innovations.de/is/sharepoint+competence- center/office+sharepoint+server+2007.htm 335 Microsoft Office SharePoint Server 2007 is the result of the merger and further development of Office SharePoint Portal Server 2003 and Content Management Server 2002. 336 WSS requires as a minimum Windows Server 2003 with the pertinent Client Access License (CAL). Seite 335 Further lists can be created as so-called user-defined lists or imported from third-party systems337. Organizations with more far-reaching requirements which are not fulfilled by WSS can use further development stages known as Microsoft Office SharePoint Server 2007 (MOSS 2007). MOSS 2007 is available in the following editions: • MOSS 2007, Standard Edition (MOSS SE) • MOSS 2007, Enterprise Edition (MOSS EE) • MOSS 2007 for Search, Standard Edition • MOSS 2007 for Search, Enterprise Edition Since WSS form the basis for MOSS 2007, all the functions of WSS already form an integral part of MOSS 2007.
Fig. 43: Relationship between MSS 3.0 and MOSS 2007
The difference between the MOSS 2007 Standard Edition and the Enterprise Edition is the fact that the standard edition does not include the forms services, Excel services and the business data catalogue (BDC) which enables the integration of external data into the SharePoint. Since the MOSS 2007 for Search Editions are designed for enterprises which prefer to use an enterprise search rather than a collaboration portal, these editions will not be discussed further in the following.
1.2.1 Technology / architecture The other Microsoft products listed below are compulsory preconditions for a MOSS installation: • Windows Server 2003 (2008) as operating system • Internet Information Services (IIS) as web server
337 Microsoft Windows SharePoint Services http://de.wikipedia.org/wiki/Windows_SharePoint_Services Seite 336 • .NET Framework 2.0 for the SharePoint and .NET 3.0 for the Windows Workflow Foundation [WF] • SQL Server 2005 (2008) as SharePoint Repository Microsoft offers a detailed presentation of the complete system requirements on its websites338.
1.2.1.1 Architecture The illustration below shows the logic SharePoint architecture. On infrastructure level, the database, search and workflow services along with the ASP.NET framework provide the basis for all further services which usually include the operating system itself as well as Active Directory. The illustration also shows that MOSS 2007 is based on WSS 3.0.
Applications & services (MOSS 2007)
Content m Business Collaboration Portal Search Workflows management Intelligence
(Site model, indexing/search, business data catalogue, profile services, target-group-compliant addressing, use analyses, single sign-on service)
Platform services
Archiving Security Management Development Site model Extendability
Operating system services
ASP.Net: web parts, personalization, master pages, supplier framework (security, etc.)
Database services Search services Windows Worklfow Foundation
Fig. 44: Logic architecture – SharePoint
Server topologies MOSS 2007 supports different architecture models with regard to the server topology, depending on the size of the instance, its throughput and the applicable failure safety requirements. The standard for SharePoint instances is called a farm which can be a so- called small, medium or large farm. A single server is installed for development or testing purposes only because its further expansion possibilities are limited. The illustration below shows the different variants which Microsoft foresees as basic topologies.
338 http://office.microsoft.com/de-de/help/HA101945391031.aspx Seite 337
Fig. 45: Topologies of Sharepoint server farms
1.2.1.2 Protocols and interfaces Clients SharePoint environments can be accessed as required via different clients, protocols and interfaces. The available clients include, first and foremost, all the applications from the MS Office 2007 suite. These include, for example, the following: • Microsoft Office 2007 (Word, Excel, PowerPoint, Access, Outlook, InfoPath, OneNote)
• Project 2007 • Visio 2007 • Publisher 2007 • Office Communicator 2007 (client for Office Communications Server 2007 [OCS]) It is also generally possible here to use other non-Microsoft applications, such as OpenOffice.org. However, these applications do not usually offer the same degree of integration as the Microsoft products. OpenOffice.org (OOo), for example, does not offer workflow integration. This means that there is no menu item or button in OOo which can be used to select and start a workflow. However, the shared document editing function is also available when using other applications because the "check out" function is automatically applied when a document is opened. "Checking in" is then effected when the changed document is uploaded again. Further Microsoft clients which can be used include, for example, the following: • SharePoint Designer 2007
• Internet Explorer 7 or other web browsers • All WebDAV339-enabled clients on condition that WebDAV was set up accordingly
339 Web-based Distributed Authoring and Versioning Seite 338 Note: Concerning browser support, Microsoft distinguishes between two levels (levels 1 and 2). According to Microsoft, level 1 browsers are those browsers which use and support the advantages of the extended functions of ActiveX control elements. They open up the full functionality of SharePoint environments, including the administration environment. According to Microsoft, level 2 browsers offer a basic functionality so that users have read and write access to SharePoint environments and to the administration environment. The document titled "Microsoft Office SharePoint Server 2007 - Getting Started with Office SharePoint Server"340 addresses this issue and provides further details of the functions of the different browsers supported. Interfaces and protocols for direct access The following interfaces and protocols are available for direct access: • HTTP or HTTPS • FTP if this is set up and permitted in the server • WebDAV in which case the SharePoint areas can be opened by entering the corresponding URL in the Windows Explorer or linked in the directory tree just like a local directory. Interfaces and protocols for connecting other systems The following interfaces are available for connecting other systems: • SharePoint API via Visual Studio with the development extensions for SharePoint • Web Services (SharePoint Web Services which are made available with the extension of Visual Studio for SharePoint, as well as custom-programmed web services) • WebDAV for connecting WebDAV-enabled clients, such as MS Word or Windows Explorer With regard to the web service interface, it should be noted that these services must be based on .NET at the SharePoint end. Any technologies (J2EE, .NET) can be used at the other end. File formats It is generally possible to use all file formats in a SharePoint environment which can also otherwise be used under Windows. Files in any formats can be either uploaded via the web-based user interface into the SharePoint environment or they can be transferred via integrated WebDAV folders by means of a file manager. The assignment to applications for viewing and editing the files is carried out via the corresponding MIME types. Differences chiefly exist with regard to the degree of integration and, from case to case, with regard to the usability of related functions.
340 Microsoft Corporation, Published: May 2007, Author: Windows SharePoint Services IT User Assistance ([email protected]) (refer to: http://go.microsoft.com/fwlink/?LinkID=91741) Seite 339 1.2.1.3 Security aspects In order to ensure IT security in a SharePoint environment, Microsoft offers several measures and options which can be used, depending on the given characteristics and use of SharePoint and the related, different security requirements (for example, on the intranet only or also via the Internet). Within the framework and scope of the migration guide, it is not possible to discuss all these aspects in detail. Microsoft provides a detailed discussion on the TechNet pages of the following URL: http://technet.microsoft.com/en-us/library/cc263518.aspx The offering there includes, for example, the download of a 300-page volume which addresses many aspects. The relevant security measures can be divided into three groups: • Authorization models • Authentication options • Encryption and network topology Furthermore, there are also other options. Demand for these options must be examined from case to case. The discussion below shows just part of the complex. Authorization models Different access rights can be defined for a SharePoint environment with regard to its contents and user structures. This means that detailed access rights can be defined for each element of the contents structure (site, list, library, folder, document, etc. (refer also to section III.B 1.2.2.1)) and for every user and every user group. The rights and authorizations are inherited from top to bottom, for example, the contents of a site inherit the right to access the site when new contents are created. These contents can then be individually adapted as far as this makes sense. User groups are authorization groups and are used to assign to users different ranges of access authorization. The table below shows some examples of authorization groups.
Groups Standard authorization Restricted Readers Read only right for a site and restricted rights to access specific lists
Home Visitors Read right
Home Members Create contributions
Approvers Releases and restricted access
Home Owners Full access
Site collection administrators Administration of a site collection (refer to section III.B 1.2.2.1)
Farm administrators Determine which administrators are authorized to administrate which servers and server farms
Administrators Server and farm administration rights
Table 57: Examples of authorization groups in SharePoint
Seite 340 In addition to this, it is possible for the user organization itself to define further groups, for example, for external users. Authentication / user administration MOSS enables the integration of existing user directories, such as Active Directory (AD), as well as other standard LDAP directories, such as Novell eDirectory341 or OpenLDAP, for user administration. As an alternative or parallel solution, direct user administration on a SharePoint server is also possible. This can be relevant if external users are to be integrated into a team without having these external users covered by the internal central user administration function. Accordingly, SharePoint offers, in addition to authentication via Active Directory (AD) or directly at the SharePoint server, the possibility of authentication against another integrated LDAP directory. Furthermore, it is also possible to integrate so-called authentication providers based on the "ASP.NET authentication provider model"342 . The most customary providers in the SharePoint environment are the following: • SQL membership provider • AD membership provider • LDAP membership provider • Web Single Sign On (SSO) with the Active Directory Federation Services (AD FS) Further applications and services along the lines of the provider model can be programmed via the .Net framework. MOSS 2007 also supports authentication via Kerberos on condition that authentication is carried out against AD. For users who have been correctly authenticated, the use of these different options does not mean any functional restrictions within the SharePoint environment unless restrictions have been deliberately set on the basis of the defined access rights. However, the different authentication methods offer different functionalities for the authentication process itself. The functionalities of an Active Directory, for example, are not available in conjunction with the use of an OpenLDAP directory. Each organization itself must decide which method is the best under which conditions343. The following section should certainly be additionally considered in the decision-making process. Encryption and network topology With a view to the authentication method, a SharePoint environment can be split up on the basis of the network and farm topology into different security zones (such as intranet,
341 http://www.setfocus.com/technicalarticles/nickkellett/MOSS2007-and-Novell-LDAP- Authentication_pg1.aspx 342 http://msdn2.microsoft.com/en-us/library/aa479030.aspx 343 Microsoft offers guidance on the websites with the following URL: http://technet.microsoft.com/en-us/library/cc263434.aspx Seite 341 Internet presence, partner web) whilst different authentication methods, for example, can be used with varying security levels for the different zones. The underlying idea is also to make contents available subject to different access rights for the different zones. Furthermore, it is also possible to offer different functionalities for each zone (for example, a restricted search function only for the Internet presence zone). IPSec and SSL can be used to encrypt data transmission between the SharePoint servers, the servers and the client devices. Miscellaneous One problem is the fact that the full functionality can only be used if active contents are permitted. This is worrying from an IT security perspective. The comments issued by the German Federal Office for Information Security on the subject of "Security on the Internet"344, the handling of active contents345 and Web 2.0346 should always be considered in this context.
1.2.2 Functionalities Microsoft generally presents the functionality offered by the Microsoft SharePoint technology347 as follows (refer to Fig. 46):
Server-based spreadsheets plus BI portals built on SQL Next generation e-mail, Server Analysis Services project management, workflow, blog and wiki support Business Intelligence Collaboration
Server-based forms and Windows workflow with smart Business SharePoint Portal client and browser Services interfaces Processes Site Provisioning, Storage, Security, Management, APIs
Content Search Management
Integrated document, records Great relevance and Web content with people and management business data search
Fig. 46: Functionality of MOSS 2007
344 http://www.bsi.de/fachthem/sinet/allgemeines/sinetstd.htm 345 http://www.bsi.de/fachthem/sinet/gefahr/aktiveinhalte/index.htm 346 http://www.bsi.de/literat/studien/web20/index.htm 347 7TN25 Tech@Night Office 2007 und Office SharePoint Server 2007 Zusammenarbeit leicht gemacht [Cooperation made easy] http://live.sharepointcommunity.de/wiki/Wiki- Seiten/7TN25.aspx Seite 342 The above-mentioned functions are supported by the different SharePoint editions in part or completely. The illustration below provides an overview of the functions which are made available by the different editions. 348
Collaboration portal + content E-Forms services management Spreadsheet publishing & Document lifecycle capabilities reporting Enterprise search enhancements Business data integration
Search Data E-Forms Data Mgmt & Integration Reporting
•Business •Business •Mgmt, •Spreadsheet data data library publishing, publishing & Office SharePoint process calculation •Web part creation & •Report Center Server Enterprise integration completion CAL
Workflow Document & Site Model, Web Content Security, and Management Management •Extensible and •5 out of box •Policy •Personalization customizable Office SharePoint workflows •Management •Deployment search of •reporting for •Auditing •Site Manager enterprise Server CAL ECM •Records content and management people
Project Mgmt Team Collab •Windows •Framework: •Site and role •Text search of •Issue tracking •Workspaces Workflow repository, management team sites applications and tools Foundation versioning, infrastructure •Project •Blogs •Admin and metadata Windows SharePoint workspaces deployment •Basic •Status and document Services* history management
*Included with Windows Server and CAL licenses Fig. 47: Functionalities of the different SharePoint editions
In order to improve the understanding of the table below, please refer again to Fig. 43 which shows that WSS 3.0 forms part of MOSS and hence that all the functions made available by WSS are also made available by MOSS.
Function WSS MOSS Standard MOSS Enterprise areas Details
Services • Central administration • Site administration • Incoming e-mails Included Included • WSS search • WSS WebApplication • EXCEL Service - - • InfoPath Forms Service • Business Data Catalogue
Web • Publishing • Content distribution Content - Included Services • Variations (multilingualism)
348 Fig. 47 does not claim to be complete. Seite 343 Function WSS MOSS Standard MOSS Enterprise areas Details
Portal • Profiles Services • Personalization • Target groups - • Document and record Included administration • Office search • Document conversion
Features • Mobility Shortcut URL • Document centre • Team cooperation lists extensions • Standard content type • Translation libraries definitions • Publishing • Standard field • "Out of the box" definitions workflows • Issue tracking • Reporting Included • Workflows • Event notifications (alerts) • Discussions • RSS feeds • Data connection library Office Enterprise:
• Business Data Catalogue • Forms services - - • Excel services • Key Performance Indicator and certain Business Intelligence Web Parts Website • Blank website • Report and evaluation templates • Team website centre • Document centre Site • Document work space templates • Wiki website • Personal site • Blog • Search portal Included • Collaboration portal • Meeting work space • Website directory • Content management • Publishing with workflow
Table 58: Matrix of product functions349
1.2.2.1 Information structures SharePoint site structure The so-called site collections are at the heart of the provision and editing of information in a SharePoint environment. A site collection is a set of logically coherent and
349 MS Press "Microsoft Office SharePoint Server 2007 Administrator's Companion” Seite 344 hierarchically arranged sites with a common administration. Each site collection includes at least one "top-level web site". The pertinent sub-sites are arranged on the level below. Each site collection has its dedicated administration and is hence well suited for distributed administration and supports client capability. Fig. 48 illustrates the basic structure of a site collection.
Fig. 48: Basic SharePoint site structure
Dedicated template catalogues are made available for every site collection. Site templates define webparts, lists, libraries (document libraries, picture libraries, etc.), content types, metadata, workflows, etc. A site thus includes a number of instances of webparts, lists, libraries, etc. as well as an administrative level on which authorization and rights can be assigned via authorization groups or upon which a sub-site can inherit authorizations and rights from the higher-level site.
1.2.2.2 Metadata Before lists, libraries, etc. are created for further administration, shared processing/editing or for exchanging documents, the document types to be used must be defined, such as offers, contracts, documentation. This means that all possible document types which will be used should be defined before a SharePoint environment (collaboration platform) goes into operation in order to avoid the proliferation of non-
Seite 345 categorized – created or imported – documents. SharePoint, like many other collaboration platforms, uses metadata for this purpose. Metadata, on the one hand, serves as a uniform key word system for filter and search purposes and enhances the clarity over all the documents and the information which they contain on the other. In SharePoint, metadata is defined either by means of so-called content types350 and/or site columns. A content type defines the attributes of an entry of a list, document or folder. A content type can be used, for example, for the following specifications: • Properties which are linked to the instances of a type • Workflows which can be executed by instances of a type • Management policies which are linked to the instances of a type • Document templates for document content types • User-defined functions Content types can be connected to a list or to a library. In this case, these lists and libraries can contain instances of this type and the corresponding instances can be created within the list or library. This means that content types are also valid only for those information objects to which they were connected. It is also possible to assign more than one content type to libraries. A site column defines the attributes on site level and thereby enables their use for the definition of content types and additionally enhances the consistency of attribute names. Site columns can also be assigned to individual documents. Their effect is then also limited to these individual documents. Values of attributes defined for metadata can be read and edited by a browser via SharePoint websites without the need to open the document at the same time (refer to Fig. 49) or via one of the other clients, such as Word (refer to Fig. 50).
Fig. 49: Metadata of a document in the browser
In Microsoft Office documents, the metadata is stored in the individual documents, for example, in Word documents as document properties. The metadata for other documents is stored on the SharePoint.
350 Only available since MOSS 2007 and WSS 3.0, respectively. Seite 346 This is a document with meta data
Fig. 50: Word 2007 - Document with meta data (File --> Properties)
Existing documents can be subsequently uploaded into a SharePoint environment, for example, into a corresponding library. Their default content type is initially "Document". They can be subsequently assigned to a defined content type and the corresponding metadata can be entered. An automated import function is not offered for existing documents which, when necessary, also generates or imports the corresponding metadata. The two options described earlier in this document are available, i.e. • Uploading the documents via the web interface • Moving or copying the documents using, for example, the file manager into the corresponding WebDAV folders. Mapping or an automated import of metadata is not carried out in either case, i.e. the metadata must be subsequently entered manually. No information is available as to whether tools are available from third-party manufacturers for this purpose. One can sum up that content types influence the following areas: • Document templates When a content type is created, the document template from which it inherits is defined. A content type does not necessarily have to inherit from a document template; instead, it can also inherit from lists or libraries. • Metadata Attributes for metadata can be defined via content types and assigned to lists and libraries. • Workflow A workflow can be assigned to a content type. • Custom forms The default "Edit", "View" and "New" masks can be replaced with user-defined masks. • Information policy Rules can be assigned to a content type, such as print labels, events to be logged, expiration date and a document barcode.
Seite 347 1.2.2.3 Workflows with SharePoint "Out of the box" workflows MOSS 2007 (not in WSS) already includes several prefab workflows351 which already fulfil certain basic requirements as follows: • Approval This workflow is designed to obtain approval for release for a document or list entry. This process can be used to consent to a release, to decline a release, or to request a change in the document or list entry. • Collect feedback This workflow is to obtain feedback from other team members for a document. The workflow is complete when feedback concerning the document has been received from each team member requested to comment. • Collect signatures This workflow can also be described as a co-signing process. It enables the collection of digital signatures for a document. For this purpose, the workflow creates the corresponding tasks for every person who is requested to sign. If the e-mail functionality of SharePoint is activated, the workflow can also send a mail to every team member concerned with a corresponding request. According to Microsoft352 , this workflow can only be started from within a Microsoft Office 2007 application (Word or Excel) and it can only be signed with such a client353. • Disposition approval This workflow can be used in order to remove, following receipt of approval, documents of a library which are no longer valid. If a document is no longer valid, approval for removal is requested. If this approval is denied, the document remains in the library. • Group approval This workflow implements approval of a release by a group of persons. The workflow is largely identical to the simple release procedure described earlier. The difference is that the release must be carried out by several persons and that this workflow is only made available from a special document library. This library integrates additional views for the status of the workflow and additionally provides an organization chart from which persons to whom approval is to be granted can be selected. • Translation management This workflow can control the task of translating a document. The document to be translated is copied and the copies are distributed to the persons responsible for
351 Integrated workflows in MOSS 2007 http://blogs.msdn.com/sharepoint/archive/2006/06/07/introduction-to-sharepoint- workflow.aspx http://weblogs.mysharepoint.de/fabianm/archive/2006/08/21/Workflows-in-SharePoint- 2007-_2800_Teil-2_3A00_-Integrierte-SharePoint-Server-Workflows_2900_.aspx 352 http://office.microsoft.com/en-us/sharepointserver/HA101544281033.aspx 353 The workflow is described in detail on the following website: http://office.microsoft.com/en-us/sharepointserver/HA101544281033.aspx Seite 348 the translation of individual parts. This workflow can only be used in a so-called Translation Management Library. • Three state This workflow supports the tracking of problems and requests. The workflow creates a task for current problems and requests which are assigned to a defined user who is in charge of handling such matters. Simple sequential workflows which are set up on the basis of previously defined activities can be created using the commercial SharePoint Designer. Fig. 51 shows how the SharePoint Designer can be used to determine the individual steps of a workflow. These steps consist of actions and pertinent conditions. The individual steps are then performed in the defined order. A defined workflow is presented in the simple manner shown in Fig. 51. The column on the right shows the individual steps of the workflow which are performed from top to bottom. The left part of the window shows the individual actions of an individual step which can also be defined and changed here. It is not possible for users themselves to program individual or conditions as this requires other development products.
Fig. 51: Workflow tool - SharePoint Designer
The following additional software packages are required for users wishing to develop their own and more complex workflows: • Visual Studio 2005/2008 as development environment (refer to Fig. 52) • Visual Studio extensions for Windows SharePoint Services 3.0 (for example, for the development of web parts) • Visual Studio extensions for the .NET Framework 3.0 (for example, for workflows)
Seite 349 • Visual Studio Tools for Office Second Edition [VSTO 2005 SE] (for example, InfoPath form-based workflows) All of the above-mentioned software packages are commercial products.
Fig. 52: Workflow development with Visual Studio
1.2.2.4 Integration of Microsoft Office 2007 applications The SharePoint products belong to Microsoft's Office 2007 family so that all the Office 2007 products are integrated into the SharePoint environment almost without any problems. The functional interactions in both directions will be shown below for a number of Office 2007 applications.
Word 2007 / Excel 2007 / PowerPoint 2007 • Editing of metadata is possible via the document properties dialogue, including the possibility of forcing the input of data, if desired (refer to Fig. 50). • Office documents in a SharePoint library can be directly opened in Office, including Office 2003. This is ensured via the assignment of file types. • The use of workflows is embedded as a menu item on the user interface. This means that a menu item is available which enables the selection and starting of a workflow. • The display of the document status, i.e. whether a document is, for example, "checked in" or "checked out", is also integrated into the user interface. The use
Seite 350 of the corresponding check-in and check-out function is also possible via a menu item. • The display of all the available versions of the document, on condition that version management was activated, as well as the restoring of older versions are supported. Word 2007 • Word additionally enables the comparison of the current version to another version in a manner similar to the merging of two documents. • Blog entries can be created in SharePoint directly from within Word. This is carried out by clicking the "Start blog program for posting" option under "Administrator hyperlinks" on the blog website. Word is then started and a dedicated ribbon354 is offered for creating blog entries. • Contents for websites can be created and published (same function as above). Excel 2007 The MOSS EE Edition also offers so-called Excel Services which means that Excel as a separate service for creating Excel spreadsheets is provided at the server end. The Excel services: o offer the same functionalities as the Excel 2007 Office application, including formulas, macros, etc. and o are primarily used to create Excel spreadsheets and to render there for presentation in the browser at the server end. Access 2007
• Creation of complex evaluations of SharePoint lists in PDF/XPS and other formats • Centralized data storage in SharePoint lists, i.e. presentation of Access files (.mdb) in lists. This means that administration and versioning of Access files (.mdb) in SharePoint is also possible. Outlook 2007 • SharePoint calendars (personal and group calendars) can be integrated into Outlook and synchronized each time send/receive events are executed. • SharePoint calendars can be sent as HTML e-mail to any recipient. • SharePoint documents, document libraries and folders which are connected to Outlook are synchronized in just the same manner as the tasks and are hence also available offline (also for editing). • Tasks and workflows can be approved directly from within Outlook.
354 Microsoft uses the term "ribbon" in order to describe the new icon bars which still contain many individual functions which are, however, now offered in a clear-cut structure according to subject groups. Seite 351 • Use of the records management functionality for e-mails355 (precondition: Exchange 2007), including integration into the SharePoint Records Management functionality. The term "record” within the scope of SharePoint refers to electronically available information (for example, a document) which serves as proof of an activity or transaction of the organization and which must be stored for a defined period of time. The records management functionality primarily enables an organization o to define which information qualifies as a "record" the way in which active, future records, which are still being worked on, are to be treated and collected as soon as they have become a record, and the period during which every single record type is to be stored. o to perform records-related tasks, such as deleting expired records as well as retrieving and saving records. • SharePoint contents are also available as RSS feeds and can be subscribed to together with Outlook RSS Reader. OneNote 2007 OneNote notebooks can be made available for shared editing in SharePoint libraries. InfoPath 2007 • InfoPath forms can be published with the SharePoint Forms Services (MOSS EE) and hence become browser-enabled and can be used by mobile devices too. • InfoPath forms can be sent as an e-mail to Outlook 2007 mailboxes with the possibility to store the form results in SharePoint libraries. Office Communicator 2007 (client for Office Communications Server 2007 [OCS]) As soon as the user is active in the communicator, its availability is also displayed in SharePoint (for example, in documents which were changed by the user).
1.2.2.5 Development tools Three variants are essentially available in order to adapt SharePoint for certain tasks or to change the way it is rendered, i.e. the web interface in SharePoint itself, SharePoint Designer 2007 as a further development of Frontpage, as well as Visual Studio 2005/2008 (VS) with the SharePoint 3.0 extensions. SharePoint Designer offers possibilities for creating and managing workflows as well as editing websites. Compatibility checks in relation to standards, such as barrier freedom,
355 http://download.microsoft.com/download/c/c/1/cc12d85c-4043-41a0-9528- eb553785d5d8/Launch%20MOSS%20Dokumentenmanagement,%20Enterprise%20Conte nt%20Management%20und%20Records%20Management.pdf Seite 352 CSS and (X)HTML are also supported. SharePoint Designer can also be used without SharePoint for website development only. SharePoint Designer is sufficient for simple tasks, the design of SharePoint and simple workflows. The Microsoft Visual Studio 2005/2008 development environment must be used for larger and more complex development projects, for example, in the workflow area. Extensions for VS in the SharePoint environment: • VS extensions for Windows SharePoint Services 3.0 (for example, for the development of web parts) • VS extensions for the .NET Framework 3.0 (for example, for workflows) • VS Tools for Office Second Edition [VSTO 2005 SE] (for example, InfoPath form-based workflows) • The use of the extensions is contingent upon installation of the required frameworks. • .NET Framework 2.0 (the latest version for SharePoint) • .NET Framework 3.0 (includes, for example, Windows Workflow Foundation and Windows Communication Foundation) Since SharePoint itself is based on ASP.NET 2.0, good knowledge of this environment is required. XML schemas are the configuration basis for many objects in SharePoint, such as sites, content types, libraries. The "Collaborative Application Markup Language" (CAML) which is defined by Microsoft for SharePoint version 3 and higher and which is used in many of the above-mentioned object schemas is a special XML form.
It should be noted here that both SharePoint Designer and Visual Studio as well as the extensions and add-ons are subject to payment of license fees, depending on the VS license!
1.2.3 Conclusions SharePoint offers large potential to support processes with made-to-measure solutions. The platform is a toolkit which can be used as a very suitable means for implementing customized solutions. Many functionalities are already included, whilst functions which are not yet available can be programmed and implemented quite easily. Furthermore, functionalities which are not required can be deactivated. However, universal suitability and flexibility also have a downside, i.e. relatively complex and costly implementation. SharePoint is not an application that can be installed as an off-the-shelf program which can go immediately into operation. Careful planning in advance of the implementation process is urgently recommended in order to be able to effectively use the technical possibilities. When it comes to opening up the world of collaboration portals and workflows, WSS are a favourable variant for the current Windows Server platform on condition that these are also used independent of the collaboration aspect and that a WSS license was included from the very beginning. If, however, Enterprise functions are needed, substantial sums must be paid in additional license costs so that one should check whether these
Seite 353 functions are really needed. Further costs are, for example, incurred if realtime collaboration functions (such as instant messaging, web meetings, etc.) are also to be used. Office Communicator 2007 is required for this. However, one advantage and at the same time disadvantage of this product is the high degree of integration of other Microsoft Office products and the resultant platform dependence. One particular disadvantage is the fact that full functionality can only be used by permitting and using active contents. This means that security limitations may have to be accepted. Those in charge of a decision in an organization must hence decide between full functionality or full security. 1.3 O3Spaces Workplace 2 The young company O3 Spaces B.V. was established in 2005 in the Netherlands in the environment of the ideas which emerged in conjunction with the marketing buzzword of Web 2.0. The initial aim was to implement a web-based supplement for several Office platforms. In view of the good documentation and license-free use of OpenOffice.org und and the open ODF document format, development soon focused on exactly these issues. Customer feedback confirmed the decision made by the founders, so that the young company focused its efforts on the development of a collaboration software which is closely connected to OpenOffice.org. The result is O3Spaces Workplace which was published in 2007 as version 2.2. This collaboration application features direct integration in OpenOffice.org and offers the possibility to work in teams across different platforms, including Microsoft Office. O3Spaces Workplace is available in three license versions / editions as follows: • O3Spaces Workplace Professional Edition This version was developed for organizations which use OpenOffice.org or StarOffice. The license, support and updates are sold as a package on a subscription basis. Free Professional Edition versions are available for testing purposes. • O3Spaces Workplace On Demand Edition The On Demand Edition can be used ad hoc as an SAAS (Software As A Service) solution. In this case, the server application and the data stored thereon are hosted by the supplier on its server and the customer only has to install the client software. This solution is a low-administration option for organizing workgroups at short notice which can be easily reached via the Internet using Workplace 2.2. In this case, however, the data is stored by the supplier who hence controls data security. • O3Spaces Workplace Community Edition The Community Edition is a free edition which is, however, limited to ten users. This software is proprietary. The manufacturer plans to provide an open source variant of Workplace under GPL in the near future. The manufacturer has announced a programming interface (API) for the third quarter of 2008 which is to enable third parties to also create extensions and add-ons for Workplace. Seite 354 1.3.1 Technology / architecture
1.3.1.1 Architecture Workplace 2.2 is a server application with several clients. The server stores all the information, metadata and documents which are centrally required, and makes these available to local Office applications and on a local desktop via different interfaces on a web interface or via different plugins. The server was implemented as a Java application in servlets on a J2EE application server (Apache Tomcat). All the metadata and version information is stored and managed in a PostgreSQL database. Documents are conveniently stored in a file system whilst Document Store enables versioning as well as basic document administration and full-text search. User administration and directory access are available via LDAP server synchronization. The repository for document management can be accessed both from WebDAV, so that it can be easily accessed using web browsers, and via an independent Workplace API which will be available to programmers in the near future in order to enable easy upgrading of the scope of functions and which is already used by the optional plugins. Plugins are available for OpenOffice.org, StarOffice and MS Office. The plugins enable access to the repositories and to basic document management functions directly from within the Office applications. The plugins use the Workplace API and were programmed using UNO or, in the case of the MS Office plugin, as a .NET application. The OSGi framework enables programming of modules and extensions/add-ons which enhance the functionality of Workplace. OSGi is a command interpreter via which system requests can be directly passed on to the application. A command line additionally enables direct requests during runtime. This OSGi Studio command interface is already available and enables the quick implementation of simple functions, such as deactivation of system messages to a particular user. A description of the OSGi command line interface is contained in the basis of the administrator documentation. The repository can also be accessed via the Workplace Assistant. Workplace Assistant is a Java application which integrates different functions of O3Spaces Workplace directly in the desktop, so that realtime information and central files can be viewed without open web browsers or Office applications. The Workplace Assistant shows up as an icon on the task bar and includes a pop-up menu which enables the administration of blocked files, logging on to different workspaces and reading of RSS feeds concerning changes in workspaces. However, the standard tool for accessing the functions of Workplace 2.2 is a modern web browser, such as Firefox 2 or Internet Explorer 7 with Ajax support. Three client components can hence be chosen for Workplace 2.2: • Workplace as the central, graphic web frontend via which all the functions and the administration are carried out • Workplace Assistant as a Java-based desktop integration as well as • Office Suite Plugging for OpenOffice.org and Microsoft Office.
Seite 355 1.3.1.2 Protocols and interfaces The different components and services of Workplace 2.2 communicate mostly via documented standard interfaces. Users and user groups can be imported via LDAP. Several services are supported to this effect, including OpenLDAP, Active Directory, Sun Directory Server and Novell Directory Server. Installers for Microsoft Windows and Debian Linux are available for the installation process. Further installation packages are available as RPM (RedHat, SUSE, Mandriva) and a VMware Image. At the client end, only a Java runtime environment, version 1.5 and higher, and a web browser (for example, Internet Explorer 7, Firefox 2 or Mozilla) are required. Office Suite plugins are available for OpenOffice.org version 2.0.4 and higher, for StarOffice version 8 / update 5 and higher, and for MS Office XP/2003/2007. The .NET framework version 2.0 and higher is required for installation under Microsoft Windows. A Java runtime environment, version 1.5 or higher, is required for installing the server, and port 8095 must be free. O3Spaces Workplace can be installed under Microsoft Windows, several Linux derivatives and Solaris. Plugins are available for OpenOffice.org, StarOffice and Microsoft Office. Desktop integration is also offered for Microsoft Windows, Solaris and Linux. Integration in the task bar, however, is supported solely under Microsoft Windows. The Assistant can be started in OpenOffice.org and StarOffice via a pulldown menu entry named "Workplace".
1.3.1.3 Security aspects SSL encryption is possible for the connections between the client and server. Access via non-encrypted HTTP can be limited or prevented by different means. Integration of the entire service into a VPN is additionally possible without any problems. The repository is located in non-encrypted form on the server and is only protected by access rights on application and system levels. Access control within the application is implemented on user level and can be defined on the level of individual workplaces or individual folders for every user. The IP address of the client systems is stored as meta information and, in the case of IP addresses without dynamic assignment, can be used as an additional access and security criterion by restricting access to certain network areas and IPs. A substantial part of the functionality of O3Spaces Workplace 2.2 is made available via the web frontend. With regard to the active dynamic contents used there, Ajax is used in technological terms. In this context, special security information released by the German Federal Office for Information Security concerning Web 2.0 should be taken into consideration. This information is available in the form of a study which can be downloaded from the websites of the German Federal Office for Information Security356.
356 http://www.bsi.de/literat/studien/web20/ Seite 356 1.3.2 Functionalities O3Spaces Workplace 2.2 offers several tools for coordinating small and larger workgroups with a document management and versioning function. All the functions of the applications are offered via the Workplace web interface. In this way, users authenticate themselves via a secure connection in relation to the application and are granted access. This is not a standard method, but a proprietary solution. Projects are created as so-called workspaces within the application. Each workspace has its own task structure and a file archive. In order to define a workspace, project- specific templates – so-called spacelets – can be additionally defined. Spacelets can contain certain files, appointment lists, references to forum discussions, or a specific project calendar. This facilitates the administration of complex projects on which several teams are working at the same time. Within a workspace, a user is given access to project-specific discussion forums and file storage areas. Users can also open several workspaces at the same time and toggle between these using the tab key. This flexibility makes Workplace an interesting option even for more complex projects with different workgroups whose members perform different tasks. The view within a workspace is determined via freely definable or pre-defined spacelets. One spacelet can, for example, represent a calendar view whilst another spacelet displays the file administration. Spacelets are created as windows within the web interface and configured with the corresponding functions. The Workplace Assistant on the desktop offers, in addition to the Office plugins, a possibility to block documents which are being processed locally. Following logon, it is also possible to select workspaces there whereupon messages are additionally displayed on the desktop in realtime reporting the blocking of documents by other group members. The Office plugins for OpenOffice and StarOffice additionally use a template management module which constitutes a project-specific template archive. In this way, new Office documents can be create directly on the basis of modified templates (refer to Fig. 53).
Seite 357
Fig. 53: Template management module
Workplace offers a separate document management functionality for every workspace. Files which are opened, created or modified via the web interface or the plugins are automatically versioned and archived. This concerns all possible file formats and includes timestamps and information concerning users as well as optional comments. Conventional Office formats from Microsoft Office, StarOffice and OpenOffice.org are additionally indexed and can hence be found by the full-text search function of Workplace. A special feature of O3Spaces Workplace are the Office suite plugins for OpenOffice.org and Microsoft Office. They implement a strong integration of the Workplace functions and appear as distinct icons within the Office application. They enable the direct loading of documents from the repositories and the storing of the documents on the server again without the need for local intermediate storage, manual blocking and subsequent publication via clients or the web interface. The documents stored in this way are also automatically versioned or blocked and the corresponding messages are distributed to the clients which are logged on. The repository of a Workspace can be searched according to different criteria (date, user, etc.) (ODF, PDF and Microsoft document formats). All the clients are capable of working offline and of performing delayed synchronization of information and documents. Further spacelets can be configured in such a manner that they show a calendar view in which appointments and task information can be displayed and edited. A classical discussion forum can be created where all the users of a workspace carry out online discussions which are sorted according to topics. The corresponding spacelets provide information about the newest entries.
Seite 358 Function Description User administration Existing users, who have the "administrator" role, assign new users to the workspaces which, for their part, can be created as project instances.
File management Documents are synchronized via clients and plugins directly from within the Office application. Automatic archiving with meta information as well as full-text indexing are supported.
Time scheduling Time scheduling for groups and individual users is possible via a calendar spacelet.
Special features Freely definable views in the web client and simple work in different projects at the same time. Particularly high degree of integration in OpenOffice.org, StarOffice and Microsoft Office.
Table 59: Functions of O3Spaces Workplace
The application clearly focuses on cooperation in different Office documents. It is not possible to assign tasks to employees, track the completion of tasks or to steer and control processes. Workplace 2.2 is hence not a universal tool for project work; instead, it can be recommended as a supplement for a project planning and tracking tool for cooperation in heterogeneous environments. Administration of Workplace 2.2 is carried out via a separate web interface. This interface, called "Studio", enables the administration of users and files and facilitates the control of hardware resources and metadata. Different useful tools support this work, for example, the possibility to import complete directory hierarchies from local directories by importing these from ZIP archives. The table below illustrates the functions which the different editions make available.
Function On Demand Community Pro- fessional Simple roaming 9 - - No server installation 9 - - No local installation, security through the 9 - - manufacturer Automatic updates 9 - 9 Upgrade and update services 9 - 9 Backup and recovery 9 external external Security and user management via users, 9 9 9 group roles and privileges management Online community support 9 9 9 LDAP 9 9 9
Seite 359 Function On Demand Community Pro- fessional Online professional support 9 - 9 Bugs & patch support 9 - 9 Integrated help function 9 - 9 Support for clustering - - 9 Server-based installation with an unlimited - limited to 10 9 number of users users Automatic versioning, check-in/check-out 9 9 9 function Multilingual versions 9 9 9 Office integration 9 9 9 Timely reports concerning changes within a 9 9 9 workspace O3Spaces Workplace Assistant 9 9 9 Template management for OpenOffice.org / - 9 9 StarOffice Management of locked files via the 9 9 9 O3Spaces Workplace Assistant Search for opened documents 9 9 9 References to documents in the wiki, portal 9 9 9 or on the website OpenSearch-compatible repository - - 9 Spacelets for online discussion forums 9 9 9 Spacelets for calendar functions 9 9 9
Table 60: O3Space – functions of the different editions
1.3.3 Conclusions O3Spaces Workplace 2.2 constitutes an environment-independent collaboration environment with elementary DMS functions in heterogeneous environments with different platforms and office applications. Group and user administration can be synchronized with existing user data via LDAP. Process control and project tools are currently not planned, so that the application is particularly suitable for small to medium project sizes and work groups in heterogeneous environments.
Seite 360 1.4 Novell Teaming + Conferencing Novell launched the Teaming + Conferencing357 product in October 2007. However, the underlying technology for this project has been on the market for around 13 years and was developed by Sitescape which has been acquired by Novell in the meantime358. The ICEcore collaboration solution is the basis for the Novell product and can be downloaded as open source software at: www.icecore.org. ICEcore is subject to the Common Public Access License (CPAL)359. Teaming + Conferencing is the result of the joint further development of ICEcore by the companies Sitescape and Novell. The illustration below shows the differences between the open source product and the Novell solution, as well as the commercial add-on modules.
ICEcore ICEcore Enterprise ICEcore
Portal adds: add-on Personal, team & global workspaces modules Blogs, wikis and discussion forums Advanced document conversion & viewing
Document management z More document types converted First release: Surveys and polls z Scalability – higher performance indexing Advanced Workflow Team calendars and tasks z Higher quality conversions Telephony Interface Expertise locator Higher performance search Search Basic Workflow Subsequent release: File transfer through WebDAV Oracle & MS SQL database support Advanced Search LDAP import Support for regulatory compliance processes, Offline Capability MySQL database support such as Sarbanes-Oxley, HIPAA, etc. Web conferencing Compliance with 508 accessibility standards Instant messaging/chat LDAP synchronization Presence engine Voice conferencing
Open source Novell Teaming+ SiteScape Conferencing modules
Fig. 54: Functions of ICEcore OSS, Novell Teaming + Conferencing and ICEcore add-on modules
Novell Teaming + Conferencing is a collaboration platform for Linux systems. Teaming + Conferencing are two software packages which can also be used and purchased separately. The manufacturer offers the two packages both individually and as a combined package. The two packages provide different functionalities for a collaboration platform (refer to section III.B 1.4.2). This is why both the technology used and the functions available will be discussed as largely separate issues360.
357 Pronounced "Teaming plus Conferencing" 358 http://www.sitescape.com/ 359 http://en.wikipedia.org/wiki/Common_Public_Atvontribution_License 360 In order to be able to use Novell Conferencing in Novell Teaming, the installation and configuration information in the Server Installation Guide must be adhered to. http://www.novell.com/documentation/team_plus_conf/index.html Seite 361 1.4.1 Technology / architecture
1.4.1.1 Novell Teaming Architecture The hardware and software requirements361 for installing the Teaming software are listed below (all the other components are included in the installation package): • Hardware o 2GHz processor (multi-CPU systems are recommended) o 2GB RAM o 250MB hard disk capacity This is the memory requirement for the installation of the software alone. It goes without saying that additional hard disk capacity is required for the team work spaces and the data, documents, etc. stored there. • Software o Sun JDK 1.5.0_011362 or higher or IBM JDK 1.5 (JDK 1.6 is at present not supported) o Database management system MySQL 5.0.37 (or higher) server and client for Linux MySQL 5.0.26 (or higher) server and client for Windows (MySQL 5.1 is at present not supported) SQL Server for Windows Server 2000 or 2005 Oracle 9, 10 The following operating systems are supported363: • Novell Open Enterprise Server 2.0 (Linux kernel) • SUSE® Linux Enterprise Server 10 sp1 • RedHat Enterprise Linux 3 or 4 • Windows 2003 server Fig. 55 below illustrates the architecture used for the teaming software package. Novell Teaming is a pure Java/J2EE web application. Apache Tomcat364 is used as the servlet/application server. The "LifeRay Portal Enterprise and Professional Version 4.0" open source software from the company LifeRay is used as the portal solution.
361 For a detailed description, please refer to the Installation and Configuration Guide, http://www.novell.com/documentation/team_plus_conf/team102_instconfig/ data/bookinfo.html 362 Corresponds to the new version numbering JDK 5 used by Sun (refer to http://java.sun.com/javase/downloads/index_jdk5.jsp) 363 http://www.novell.com/products/teaming/tech_specs.html 364 http://tomcat.apache.org/ Seite 362
Fig. 55: Architecture of the Novell teaming software package365
Protocols and interfaces The Apache Lucene366 open source project is used for the search function in Novell Teaming. Access to the file system is implemented via WebDAV (server and client). Other important interfaces are: • JDBC for access to the database • LDAP for the integration of directories, for example, for user administration A user administration system based on an LDAP directory can be integrated. As an alternative or parallel solution, direct user administration on the Teaming server is also possible. The advantage of this is that it is not necessary to include external team members in the internal central user administration system. • SMTP, POP3 and IMAP for e-mail integration • WebServices for connecting further applications and services • iCal for the connection and administration of calendars which, for their part, can be published with WebDAV. • HTTP and HTTPS for access, for example, via browsers. Data and documents of the team work are stored in the database or on the file system using Novell Teaming.
365 From the Installation and Configuration Guide from Novell (refer to http://www.novell.com/documentation/team_plus_conf/) 366 http://lucene.apache.org/ Seite 363 Security aspects Authentication and user administration Authentication takes place via the browser-based user interface. Authentication is possible both against an LDAP directory and against the user database of the Teaming software. This means that parallel user administration is possible both in an LDAP directory (for example, the central internal user directory) or locally on the Teaming platform. This has advantages when it comes to integrating external team members who are, however, not to be included in the internal user administration system. For the implementation of a single sign on solution, Novell Teaming supports the company's own Novell Access Manager solution367. as a proprietary, commercial product which is not included in Teaming + Conferencing. Furthermore, authentication via these interfaces is also supported for the use of WebServices and WebDAV. Authorization Access rights are granted in a role-based manner for every work space and folder. Novell Teaming provides a set of basic roles for this purpose368. A hierarchical structure of the different work spaces (refer to section III.B 1.4.2.1 – Structures used) enables the use of a distributed administration approach. Client capability is supported at the same time. Novell Teaming also supports load balancing and the implementation of clusters in order to ensure the required availability and performance.
Tools Several web-based interfaces, so-called portlets, are available for the configuration and administration of Novell Teaming for various tasks and components. Fig. 56 below shows the so-called "Enterprise Admin Portlet" with a detail of the user administration system.
Fig. 56: Enterprise Admin Portlet
367 http://www.novell.com/products/accessmanager/overview.html 368 Details can be found in the "Installation and Configuration Guide" http://www.novell.com/documentation/team_plus_conf/team102_instconfig/ data/bookinfo.html
Seite 364 1.4.1.2 Conferencing Server System requirements369 Installation of Novell Teaming is subject to the following requirements: • Operating system: SUSE Linux Enterprise Server 10 (SLES 10) or Red Hat Enterprise Server 4 • The libneon and libpq libraries These libraries are not installed, for example, in the case of a standard installation of SLES 10. • PostgreSQL370 Must be installed on one of the conferencing hosts.
Architecture / system components Fig. 57 below shows the system components and the connections between them. Thanks to its highly modular design, the conferencing server can be configured for operation both on a single computer and on multiple computers. The components communicate via XML-based interfaces. Communication between the individual instances of these interfaces is based on well-defined protocols which define the format (XML), the structure, the contents, the meaning and the order of messages sent between these instances.
Fig. 57: Novell Conferencing architecture371
369 Details are described in the Novell "Server Installation Guide". http://www.novell.com/documentation/team_plus_conf/conf10_svrinst/data/bookinfo.html 370 The "Server Installation Guide" for Novell Conferencing does not contain any version details. Seite 365
The components are as follows: • XML router Routes XML-based communication between the components. • Client connector Controls the incoming connection requests of the clients and sets up user sessions together with the session manager. • Session manager Manages the user sessions and enables users to exchange instant messages. • Meeting controller Controls ongoing meetings and distributes the results of a meeting to the participants in the meetings. • Notification server Sends notification/announcement mails and instant messages on behalf of the meeting controller and the schedule server. • Address book Storing of address books of individual persons and groups • Schedule server Stores and, when needed, retrieves time schedules, options and participants for meetings. • Voice bridge Control of telephone resources, establishing connections to conferences, and other functions. • Meeting archive server Creates Macromedia Flash-based archives of meetings in a repository which can be accessed via the web. • App share server Transmits joint application data from the speaking meeting participant to the other participants • Invitation web service Connects meeting participants via "invitation URL"372 • External web service Provision of web services for connecting external applications. The list of components, along with the general description of their tasks, also largely describes the functions of the conferencing server.
371 From "Server Installation Guide" for Novell Conferencing http://www.novell.com/documentation/team_plus_conf/conf10_svrinst/data/bookinfo.html 372 This is a special URL which is sent to the participants of a meeting and which contains a special code which identifies the meeting. Seite 366 Tools A web-based interface, the so-called "Conferencing Administration Console", is available for the administration of Novell Conferencing. The illustration below shows the user interface of this administration interface373.
Fig. 58: User interface of the administration interface for Novell Conferencing374
1.4.2 Functionalities Teaming + Conferencing is a platform for the cooperation of work groups whose members are employees of an organization. External participants can also be invited as required. The Teaming package provides the tools for the shared editing and exchange of information and documents as well as for coordination and planning of the joint work. The conferencing package additionally provides the tools for realtime communication, i.e. telephone and web conferences, chats, etc. All the activities and processes can be supported by automated workflows. Fig. 59 gives an overview of the major functions which are made available.
373 Refer also to the contents of the "Operations Guide" for Novell Conferencing. http://www.novell.com/documentation/team_plus_conf/conf10_op/data/bookinfo.html 374 From the "Operations Guide" for Novell Conferencing. http://www.novell.com/documentation/team_plus_conf/conf10_op/data/bookinfo.html Seite 367 KommunikationCommunication BearbeitenEditing Blogs TelefonkonferenzenTeleconference Blogs
Wikis IM && ChatChat Wikis
Shared PresencePresänz Gemeinsame IntegratedIntegrierte Dokumentedocuments DiscussionDiskussionAdministration Verwaltung suiteSuite Workflow ForumsForen
AufgabenverwaltungTask management
WebWeb conferencesKonferenzen Termin-Time &schedule Kalender & calendar managementVerwaltung
Fig. 59: Workflow of controlled collaboration
1.4.2.1 Teaming functions Functions The functions of the Teaming software are orientated towards the provision of team workplaces with all the tools which a team requires for its work. The table below shows the different areas/tools which can be made available on a workplace. The following function areas can be created within a workplace:
Functions Details Team/global workplaces • Creation and administration of team affiliation • Connection to eDirectory via LDAP • Team membership can be dependent upon the following properties: • Users • Groups • Organizations • Teams can also be made up of external users. • Address books of the teams • Publication of the team mail addresses via eDirectory for GroupWise Team discussion forum • "Threaded” discussions for the teams • New entries can send mails to Groupwise. • Users can reply directly via Groupwise.
Seite 368 Functions Details Team calendars & tasks • Team events and tasks can be created on the Teaming portal. • Team members can decide whether they wish to have these events and tasks sent to Groupwise. • Events and tasks are presented as tasks and appointments rather than as mails in the Groupwide system. Document management • Users can upload documents (files) into the folder. No restrictions exist with regard to the use of different file formats375 . Restrictions, at best, exist with regard to further use (refer to the next bullet point). • Documents can be presented in HTML format in the browser on condition that they can be read. This means that the presentation of encrypted documents is not possible. Whether a document can be displayed in the HTML format is displayed on the user interface (refer to Fig. 63). The presentation of the contents in the browser is then effected by a mouse click on the HTML entry. • Documents can be directly opened and edited in Office – always via WebDAV. • Documents can be "checked out". • Prior versions are automatically archived; versioning is carried out on the basis of timestamps. • The OES/Netware Filesystem can be used as a mirror – as a so-called "virtual import”. Workflow • Simple workflow • Manual changing of the status • Access control • Notification • Extended workflow • Complex transitions • Simultaneous workflow Other team functions • Polls / surveys • Wikis • Blogs • RSS • Dashboard Search A simple / quick search is provided. The extended search offers significant advantages for a targeted search. Fig. 60 below shows a detail of this extended search.
Table 61: Novell Teaming functions
375 Refer also to the list of formats in the appendix. Seite 369
Fig. 60: Extended search Novell Teaming
Seite 370 Structures used Novell Teaming distinguishes three types of workspaces: • Company-wide global workspace • Workgroup-wide workspace • Personal workspace Sub-workspaces and folders can be created within each of these workspaces as soon as they have been set up. The higher-level access rights are by default inherited to the lower level. The respective administrator of a workspace or folder can subsequently modify these access rights should this become necessary. Furthermore, project workspaces can be created which are specifically tailored to the requirements of a project management system. The following standard folders can be created for every workspace: • Discussion • Blog • Wiki • Calendar • Guestbook • File • Photo album • Poll • Tasks • Milestone Besides the use of these standard structures, it is also possible to design and insert so- called user-defined entries in order to address specific needs376. These so-called custom entries can be created using the teaming administration portlet. These are forms and views for specific content entries which, just like the standard forms and views, can be connected to workflows so that far-reaching adaptation to the specific demands of a public authority is possible.
Workflows Novell Teaming enables the definition of simple workflows using the Teaming administration portlet and, within this portlet, the Workflow Designer. For this purpose, the different states are selected and connected to each other with the appropriate status transitions.
376 Refer to: Administration Guide http://www.novell.com/documentation/team_plus_conf/team10_admin/data/bookinfo.html Seite 371 Each status is linked to a work step and identifies the result of the complete performance of this step. Furthermore, a status shows who is responsible for the next step within the process (overall workflow). The status transitions define the sequence of the work steps and indicate when, how and/or under which conditions a transition is possible. The illustration below shows the types of transitions possible.
Fig. 61: Status transitions in the Novell Teaming workflow377
The result of the defined states and transitions of a workflow can then be rendered in the form of a graphic presentation.
Fig. 62: Graphic rendering of a workflow in Novell Teaming378
The workflow can then be connected to a folder in which the workflow is to be used379. The additional, commercial "advanced Workflow add-on module" 380 is required when it comes to creating more complex workflows. This module enables the definition of so-
377 From: Administration Guide http://www.novell.com/documentation/team_plus_conf/team10_admin/data/bookinfo.html 378 From: Administration Guide http://www.novell.com/documentation/team_plus_conf/team10_admin/data/bookinfo.html 379 Details are described in the Administration Guide for Novell Teaming. http://www.novell.com/documentation/team_plus_conf/team10_admin/data/bookinfo.html 380 Refer to: Administration Guide for Novell Teaming http://www.novell.com/documentation/team_plus_conf/team10_admin/data/bookinfo.html Seite 372 called workflow questions and their integration into workflows. These are questions which a user must answer before the next transition can take place and the respective transition responds according to the answer.
Document support Novell Teaming in principle enables the uploading of any files and file formats into a workspace or folder381. If the contents can be read, these can be additionally converted to HTML and hence made available to users who do not have a suitable application to enable the file to be opened. In the case of certain files, such as image files, this is often not possible because reading of the contents is not possible. Wherever presentation in HTML is possible this is then also shown accordingly on the user interface (refer to Fig. 63).
Fig. 63: Presenting documents in the HTML format
Novell Teaming offers two options for editing documents as follows:
• Downloading the document to the desktop, editing the document, and subsequently uploading the document again.
• An "edit" button is made available for certain file types which starts the application corresponding to the file type by means of a small Java applet. Access in this case takes place via the WebDAV functionality. When the document is stored, a new version of the document is then created it the respective workspace. No further action is necessary in the browser. As a precondition for using the second functionality, the application which is to be used to edit the document must support WebDAV. Novell Teaming must be informed via the administration function which application this supports.
1.4.2.2 Conferencing functions The table below once again provides an overview of the functions of Novell Conferencing. Part of the functionality was already discussed within the framework of the description of the different components of Novell Conferencing (refer to chapter III.B 1.4.1.2).
Seite 373
Main function Details Telephone (voice) conferences • Supports VOIP • Full duplex (several persons can speak at the same time) • Voice integration in a web conference
Web conferences • Different roles (moderator, participant, listener, etc.) • Conferences can be recorded • Re-usable conference settings • Applications sharing • Whiteboard • Desktop sharing • Co-browsing • Joint editing • Query system • Breakout sessions • Participant audit Instant messaging (IM) • Conversations • Bidirectional • Groups • File transfer • Emoticons • Recording of conversations • Personal history for persons • Virus protection • System monitoring
Table 62: Novell Conferencing functions
1.4.3 Conclusions Although the collaboration platform from Novell is not yet fully mature, it already constitutes a very comprehensive solution for joint work in teams, work groups and projects. Especially the functional offerings in the area of realtime collaboration constitute a special feature in certain areas. Minor weaknesses are found in conjunction with the versioning of documents and the flexible assignment of metadata which, for its part, has implications for the search function. However, Novell Teaming + Conferencing can definitely hold its own when compared to other solutions. Another positive aspect is that with ICEcore an open source version is available which already provides essential functions of Novell Teaming and that the product is largely based on open source components and predominantly on open standards.
Seite 374 1.5 Lotus Quickr 8.0 Lotus Quickr was published for the first time by IBM in June 2007382. At the time this chapter went to press383, Lotus Quickr was available as version 8. Lotus Quickr is available as a standard edition with two installation variants as services for Lotus Domino or as services for WebSphere portal, also referred to by the manufacturer as the Java Enterprise variant. The decision as to which of the two installation variants can be used depends on the required functions and on the existing experience and/or infrastructure. The following reasons can be relevant in this context: • Technology is already used and/or experience with certain technologies is already available, such as Lotus Domino or IBM WebSphere. • Preferences or requirements exist in favour of one of the operating systems supported. • Certain functionalities are desired or needed which are only made available by one of the two variants. • The know-how of IT staff and/or users gives preference to one of the two variants. According to IBM, the background for the decision to offer two product variants is the further development and/or continuation of existing product offerings, i.e.: • Lotus Quickr Services for Domino is the successor product to Lotus Quickplace. Lotus Quickplace users can migrate to Quickr when renewing their service agreements. • The Java Enterprise environment of WebSphere Portal has been including document management functions for some time now. The Quickr services of the Java variant are based on these functions and supplement them with other team functions. According to the manufacturer, the aim is to permanently offer both variants with the same functionalities, only for different platforms. Quickr 8.1, which is announced for the first half of 2008, is to constitute a first step in this direction. Quickr 8.1 is to include, for example, the team calendar functionality which is not yet available in the Java variant. The decision as to which of the two variants to use must be decided by each and every organization separately. Besides the above-mentioned standard edition, a "Quickr Entry Edition" will be made available with Quickr 8.1. This edition is to provide basic functionalities for the personal exchange of files and documents. It will, for example, be possible to upload documents to Quickr libraries and also to download the documents from these Quickr libraries again. Connectors for connection to standard applications (refer also to section III.B 1.5.1.2), such as Microsoft Office, will also be included in the delivery. The Quickr Entry Edition is
382 http://www-03.ibm.com/press/us/en/pressrelease/21756.wss 383 As per February 2008 Seite 375 to be made available to Lotus Notes users within the scope of service/maintenance at no additional license fee. Lotus Quickr is a purely proprietary solution which is based on tried-and-tested technology in many areas as will be discussed in more detail later in this document.
1.5.1 Technology / architecture
1.5.1.1 Architecture As already mentioned, two variants are available for the installation of Quickr. These two variants are in part also based on very different technologies, a fact also expressed by the names of the variants. These technological differences also affect the functionalities provided as well as administration and configuration. The specifications and information concerning system requirements provide an indication of the technology used. IBM Lotus Quickr 8.x is available for different operating systems, depending on whether the "Services for IBM WebSphere Portal” or the "Services for IBM Lotus Domino” are to be used: • Services for IBM WebSphere® Portal® o HP-UX on HP Integrity o Linux on x86 o Windows • Services for IBM Lotus Domino® o AIX o i5/OS o Solaris o Windows The system requirements differ accordingly, depending on the operating system and installation variant. These are described in very much detail on the websites of IBM384. The differences will be illustrated below on the basis of two examples.
Services for IBM WebSphere Services for IBM Lotus Domino Portal Windows Linux x86
Operating system Red Hat Enterprise Linux (RHEL) • Microsoft Windows 2003 Enterprise Server (ES), Standard Edition Server Service Pack 1 and 2 (Microsoft product Advanced Server (AS), site) Workstation (WS) and Desktop for x86-32 V4.0 Update 4 • Microsoft Windows 2003 Enterprise Server
384 These can be viewed on the websites of IBM: http://www-1.ibm.com/support/docview.wss?rs=3264&uid=swg27009740 Seite 376 Services for IBM WebSphere Services for IBM Lotus Domino Portal Windows Linux x86
Hardware requirements • Minimum 4 GB free disk space • RAM - 512 MB or more is for installation for IBM Lotus recommended Quickr • Disk space - 1.5 GB or more is • CD-ROM drive recommended • Processor: CPU speeds of late- • Disk swap space - 2 times model, mid-range to high-end physical RAM installed servers are re-commended. • CD-ROM drive Pentium 1 GHz or equivalent at a minimum. • Processor: CPU speeds of late- Production environments should model, mid-range to high-end consider the Pentium 4 servers are recommended. processor at 2.5 GHz or higher. Pentium 1 GHz or equivalent at a minimum. Production environments should consider the Pentium 4 processor at 2.5 GHz or higher Lotus Domino Server - Lotus Domino 7.0.2 Fix Pack 1
Application Server WebSphere Application Server - V6.0.2.17 Network Deployment
Web Server • Apache Server 2.0.49, 2.0.52, & HTTP server included with Lotus 2.0.54 Domino • IBM HTTP Server 2.0.47.1 • IBM HTTP Server 6.0, 6.0.1, & 6.0.2 • Microsoft Internet Information Services 6.0 • IBM Lotus Domino (as Web server 7.0.2, 7.0.1, 6.5.5 & 6.5.4 • Sun Java System Web Server 6.1 SP3 • Sun Java System Web Server 6.0 SP9 Web Browser • Microsoft Internet Explorer 7.0 • Microsoft Internet Explorer 7.0 for Windows XP for Windows • Microsoft Internet Explorer 6.0 • Microsoft Internet Explorer 6.0 SP2 for Windows XP SP2 (and patches) (Microsoft • FireFox V2.0 product site) • Mozilla FireFox V1.7 • Apple Safari 1.2.2 and 1.2.4 on Mac OS X version 10.4 LDAP Directory Server • IBM Tivoli Directory Server 6.0 • IBM Tivoli Directory Server 5.2 • IBM Tivoli Directory Server 5.2 and 6.0 • IBM Lotus Domino 7.0.2, 7.0.1, • IBM Lotus Domino 7.x & 6.5.x 6.5.5, & 6.5.4 • Sun ONE System Directory • •Novell eDirectory 8.7.3 Server 5.2 • Sun Java System Directory • Sun ONE Web Server (was Server 5.2 iPlanet) Enterprize 6.0 SP 4 • Windows Active Directory 2000 • Windows Active Directory 2003 or 2003 • Windows Active Directory Application Mode (ADAM) 2003
Seite 377 Services for IBM WebSphere Services for IBM Lotus Domino Portal Windows Linux x86
Java runtime environments Java Runtime Environments Java Runtime Environment supported 6.0_01, 5.0_11, 5.0_09, 5.0_06, Version 5.0 For the Web Content 1.4.2_12, 1.4.2_10, 1.4.2_08, Management component in 1.41_07 Lotus Quickr (wikis, blogs, lists, authoring portlet, rich text editor, list viewer, and html viewer)
Software for collaboration - • IBM Lotus Domino 7.0.2, 7.0.1, IBM Lotus Sametime 7.5 or 7.5.1 Domino and Extended Products 6.5.5, & 6.5.4 (optional) • IBM Lotus Sametime 7.5 (WebSphere Portal 6.0.1+) & 7.0 • IBM Lotus Instant Messaging and Web Conferencing 6.5.1 • IBM Lotus QuickPlace 7.0 • IBM Lotus Team Workplace 6.5.1 External Security Software - • Netegrity SiteMinder 5.5 and 6.0 • Multi-Server/LTPA Software for license IBM Tivoli License Compliance - management Manager
Feeds Support • Documents component: supported levels for publish: • Atom: 1.0 • RSS: not supported • Documents component: supported levels for import: • Atom: 0.3, 1.0 • RSS: 0.90, 0.91 Netscape, 0.91 Userland, 0.92, 0.93, 0.94, 1.0, 2.0 • Feed reader component: supported levels for import: • Atom: 0.3, 1.0 • RSS: 0.91, 0.92, 2.0 • Wiki and blog components: supported levels • Atom: 1.0 • RSS: not supported Connectors - • Lotus Quickr connector for Lotus Notes • Lotus Quickr connector for Sametime • Lotus Quickr connector for Microsoft Windows Explorer • Lotus Quickr connector for Microsoft Office Table 63: System components and requirements of Lotus Quickr 8
Seite 378 According to the manufacturer, the two installation variants include all the components necessary for operation except the operating systems. This means that neither WebSphere Portal nor Lotus Domino Server must be installed and that no additional licenses must be obtained for these.
1.5.1.2 Protocols and interfaces Both installation variants of Lotus Quickr are implemented as a series of web applications which users can access and use via standard browsers. Furthermore, certain additional tools (for example, connectors) are available which enable the use of desktop applications as clients, predominantly under Windows. The connectors mentioned earlier are based on the web service technology. They serve not only to connect desktop applications but also as interfaces with applications, such as Lotus Sametime, in order to integrate their functionalities into Lotus Quickr. IBM currently offers connectors for IBM Lotus Notes, IBM Lotus Sametime, Microsoft Windows Explorer and Microsoft Office as part of Lotus Quickr. These must be installed separately on the clients. This can also be carried out by the users themselves on condition that they have the privileges required for this on their clients. The connectors can then be made available to the users for downloading via the server. The use of these connectors is currently limited to Windows clients. IBM plans to extend the availability of the connectors. Quickr 8.1 is to provide, for example, connectors for Microsoft Outlook and Lotus Symphony. In the case of the services for Lotus Domino, the web applications are made available via a Domino server or executed on this server, respectively. This enables Quickr to use a whole range of Domino components and services, including, for example, the following: • E-mail • Authentication and access control • Lotus Domino Off-Line Services • Lotus Domino domain search (search across several areas and multiple servers) • Lotus Domino directory service This service can be optionally used for user administration. However, other LDAP directory services can also be used for this purpose. • (Lotus Notes) templates as the basis for the creation and provision of websites for the different work areas. In the case of the services for WebSphere Portal, components and functionalities of the Portal software are used accordingly.
1.5.1.3 Security aspects Authorization Authorization is implemented by assigning roles which are provided with different access rights. Standard roles are:
Seite 379 • Reader Can read only those contents for which he or she was authorized. • Author Is authorized to create new and to edit and delete existing contents in those team areas to which he or she has access (for which he or she was authorized). • Manager Is authorized, in addition to the author's rights, to create new users and to modify and delete existing users for his or her team areas. • Super administrator Has full access rights. • Developer Is authorized to add new components which can then be used by other users. Further roles can be defined and assigned as required. Roles can be assigned to individual users and to user groups. In this way, access rights can be granted for all the contents structure elements. Authentication and access control Services for Lotus Domino Authentication by default takes place via a user ID and password. Furthermore, the Lotus Domino single sign-on feature can be used in order to enable users to log on to a server without being prompted to log on again while the session is underway. Access rights are granted in a role-based manner and via user groups. The rights are assigned on an area by area basis, with the rights inherited in the hierarchical structure from top to bottom. However, an area administrator can adapt the assignment of rights for an area. The user administration system should be integrated into an LDAP directory because only then can the following functions be made available to the users385: • Authentication via single sign-on • Superuser access to the server(s) • User names in double-byte character sets • "My areas" for listing personal areas • Integration of Lotus Sametime functions
385 Refer also to the administrator manual for Lotus Quickr: http://publib.boulder.ibm.com/infocenter/lqkrhelp/v8r0/index.jsp Seite 380 This approach offers the following further advantages. • Central user data storage • External members of work groups are given a uniform name and ID with central storage. Different names and IDs can be used in the case of local storage in the areas. • Local affiliation to areas is also supported. This means that a user can be assigned as a member to one or more areas. The directory service can be controlled either by Lotus Quickr or by the Lotus Domino server. This can be configured via the administration environment. If the directory service is controlled by the Domino server, Quickr can use any directory from the list of all directories used by the Domino server386.
Services for WebSphere Portal387 Authentication is by default carried out via the user ID and password using mechanisms of the portal and/or of the application server. Quickr additionally supports authentication via SSL client certificates as well as automatic logon via a so-called "logon URL". Such a logon URL includes the user ID and password. Such a logon procedure is not recommended from an IT security perspective. In this case too, single sign-ons can be used, however, using the WebSphere rather than the Domino technology. In analogy to the use of the services for Lotus Domino, it is also possible to integrate a directory service as a user directory for central user data storage. On the other hand, realm support enables users from different directory structures to be brought together and to be presented to Quickr as a homogenous user group. An alternative option is administration of the users in the Lotus Quickr database. With regard to access control, structures comparable to the use of the services for Lotus Domino are used in conjunction with the services for WebSphere Portal. Rights are assigned in a role-based and resource-related manner. All the resources, such as web modules and portlet applications, are arranged in a hierarchical structure with the access rights always inherited from top to bottom. The access rights for each resource can then be modified individually. This short presentation is only an attempt to outline the underlying principle. It generally involves detailed mechanisms the presentation of which requires several pages in the administrator manual388. Clustering and replication In order to ensure the required availability and performance during access to Lotus Quickr, the functions of Lotus Domino clustering and replication or of the WebSphere
386 According to the administrator manual, even more than one; refer to: http://publib.boulder.ibm.com/infocenter/lqkrhelp/v8r0/index.jsp 387 Refer to the administrator manual for Lotus Quickr: http://publib.boulder.ibm.com/infocenter/lqkrhelp/v8r0/index.jsp 388 Refer to the administrator manual for Lotus Quickr: http://publib.boulder.ibm.com/infocenter/lqkrhelp/v8r0/index.jsp Seite 381 functions for the implementation of a cluster and for synchronizing the contents of the areas between the servers can be used. Miscellaneous One problem is the fact that key functionalities can only be used if active contents are permitted. This is worrying from an IT security perspective. The comments issued by the German Federal Office for Information Security on the subject of "Security on the Internet"389, the handling of active contents390 and Web 2.0391 should always be considered in this context.
1.5.2 Functionalities
1.5.2.1 Lotus Quickr services for Lotus Domino Cooperation in teams by means of Lotus Quickr is supported in defined work areas which are divided into different functional areas. In these work areas, work groups can use the various functions, such as blogs, wikis, tasks as well as chats and online meetings (only in conjunction with Lotus Sametime), or the functionalities of shared editing and use of documents in order to cooperate. In addition to this, further functions are available which are summarized in the table below. In the work spaces, templates and schemas as well as functions and user interfaces can be used in order to create new areas and templates in a relatively easy manner.
Within the work spaces created, the following activities can be carried out, depending on the particular function concerned: • Creating documents • Editing, copying, moving and deleting documents • Adding attachments • Creating and editing entries in calendars • Administration of access rights • Informing about new and changed contents • Uploading files in the following formats on condition that Windows Internet Explorer is used as the browser: o HTML or HTM files o XML file formats of MS Office 2007 (*.docx , *.pptx and *.xlsx) o .doc/.xls/.ppt files of MS Word 2000/XP/2003 on condition that the respective MS Office applications are installed o Image files of the .Gift, .jpg or .jpeg types
389 http://www.bsi.de/fachthem/sinet/allgemeines/sinetstd.htm 390 http://www.bsi.de/fachthem/sinet/gefahr/aktiveinhalte/index.htm 391 http://www.bsi.de/literat/studien/web20/index.htm Seite 382
Functions Details Document management Checking document contents in or out Versioning of documents Categorization of documents (metadata) Administration and management of Special task folders are available for the administration tasks and management of tasks. Automated monitoring of tasks is possible with PlaceBot in conjunction with the use of the services for Lotus Domino.
"My spaces" The "My spaces" folder is used to compile a list of all the spaces of a user where this user is a member. The different spaces may well be located in different servers of a Lotus Quickr cluster.
E-mail The e-mail function can be used to edit incoming e-mails and new members can be invited. The e-mail function can be set up for every work space.
Subscriptions Different information sources can be subscribed to, such as RSS feeds or info letters. Portal functions • Wikis • Blogs • Personalization function Automation/workflow • So-called masks can be used in order to implement workflows. Lotus Quicker makes several standard workflows available392. • PlaceBots enable the automatic tracking and monitoring of tasks. RSS feeds Can be set up in different work spaces, such as blogs or wikis.
Realtime collaboration The chat function and presence display can be made available by integrating IBM Lotus Sametime using the available connector and a corresponding configuration393 .
It is then additionally possible: • to plan and schedule online meetings (telephone conferences and e-meetings) • to invite and • to take part. A calendar and a time planning/scheduling system are available for this purpose.
392 Refer to the user manual and the administrator manual: http://publib.boulder.ibm.com/infocenter/lqkrhelp/v8r0/index.jsp 393 Refer to the user manual and the administrator manual: http://publib.boulder.ibm.com/infocenter/lqkrhelp/v8r0/index.jsp Seite 383 Functions Details Search The extended search is particularly recommended. It enables the targeted search for: • folders • chats • rooms • contents. With regard to contents, further targeted search is possible for: • authors • a particular creation date • concrete text segments. The search can be limited to one area or it can be expanded to cover all the areas (even on several servers).
Offline areas An area can be stored as a copy on the client (for example, a notebook) and used there in offline mode. This area can be synchronized with the online area.
Table 64: Functions of Lotus Quickr services for Domino
Structure of the work spaces Lotus Quickr makes areas / spaces available for collaboration in work groups. Areas are implemented in the form of Lotus Notes databases (NSF files)394. The structure of a database is defined by the corresponding templates which include the forms and fields. Three different types of templates are available for creating an area / space395: • Standard This template provides functions, such as table of contents, discussion, tasks, cooperation, member folders. • Blog This template enables the display of information in the form of a diary and includes, for example: o inline comments o a calendar o a search function and o the setting up of an RSS feed.
394 Further information about templates can be found at: http://www.ibm.com/developerworks/lotus/documentation/dominodesigner/ 395 Refer to the user manual, Services für Lotus Domino, section: "Einen Bereich erstellen" [Creating an area / space] http://publib.boulder.ibm.com/infocenter/lqkrhelp/v8r0/index.jsp Seite 384 • Wiki This is the template for an area / space which is primarily based on cooperation and which supports interaction. It also includes, for example, the setting up of an RSS feed. Templates can be modified and further templates can be created using the commercial Lotus Domino Designer product396. Further templates are also made available free of charge by third-party suppliers397. Logic spaces are distinguished within an area / space. Each space can contain further spaces. Furthermore, every space contains folders and masks as well as a member folder. Folders are distinguished according to types for different functions as follows: • Simple list • Discussion • Sorted list • Presentation • Folder with header line Lists are, for example, message lists, contact lists and project task lists. Masks are input masks with underlying functionalities, such as the checking of an entry or a workflow which is executed. Masks can be created by the user or imported as HTML or MS Office files. Automation In Lotus Quickr Services for Lotus Domino, workflows are implemented via masks. These workflows are, however, relatively simple398. The workflows which are included in the delivery and which can be selected in conjunction with the creation or modification of a mask include, for example, the following: • Submit only The author can only submit. • Editor-in-chief The document is to be checked and released by a particular member. • Release The document is to be checked and released by several members. • Several authors All the members having author access rights in the current area are authorized to edit every element created using the mask. So-called PlaceBots can be used for the automatic tracking and monitoring of the completion of tasks. PlaceBots are agents which can manage and edit data within an
396 http://www-306.ibm.com/software/lotus/products/dominodesigner/ 397 http://templates.snapps.com/ 398 It was not yet possible to obtain details concerning the question as to whether and, if so, how workflows can be modified or created by the user and integrated. Seite 385 area. These agents can work in a time-controlled and event-driven manner. They are created either on the basis of Java or using Lotus Script.
1.5.2.2 Lotus Quickr services for Websphere Portal In analogy to the use of the services for Lotus Domino, blogs, wikis, tasks as well as chats and online meetings (only in conjunction with Lotus Sametime) or the joint editing and use of documents are available to the work groups for their collaboration. In addition to this, other functions are available which are summarized in the table below.
Functions Details Document management • Checking document contents in or out • Versioning of documents • Categorization of documents (metadata) Administration and management of Special task folders are available for the administration tasks and management of tasks.
"My spaces" The "My spaces" folder is used to compile a list of all the spaces of a user where this user is a member. The different spaces may well be located in different servers of a Lotus Quickr cluster.
E-mail The e-mail function can be used to edit incoming e-mails and new members can be invited. The e-mail function can be set up for every work space.
Subscriptions Different information sources can be subscribed to, such as RSS feeds or info letters. Portal functions • Wikis • Blogs • Personalization function Automation/workflow Workflows are implemented by the so-called composite instructions in conjunction with the use of the services for WebSphere Portal399.
RSS feeds Can be set up in different work spaces, such as blogs or wikis.
399 Refer to the user manual and the administrator manual: http://publib.boulder.ibm.com/infocenter/lqkrhelp/v8r0/index.jsp Seite 386 Functions Details Realtime collaboration The chat function and presence display can be made available by integrating IBM Lotus Sametime using the available connector and a corresponding configuration400. It is then additionally possible: • to plan and schedule online meetings (telephone conferences and e-meetings) • to invite and • to take part. A calendar and a time planning/scheduling system are available for this purpose.
Document editing The default editor for Lotus Quickr is the "Rich Text Editor”. As a precondition for using desktop applications, such as Office applications, for work with documents, the "library browser plug-in" must be installed and activated in the browser. According to the manufacturer, ActiveX and the functionality for the creation of scripts must be configured for this purpose. The browsers supported are: • Microsoft Internet Explorer and • FireFox401. • Search A portal search function is available in Lotus Quickr services for Portal. This facilitates the indexing of information sources and improves the search. The search is made available via the search centre. The following important search functions can be used: • Filtering of the search results on the basis of different attributes • Use of one or more search services • Use of search strings/terms in order to restrict the search • Creation of search groups • Crawler search in multiple websites, portal sites and sub-domains • Same search functions as on the Internet • Searching of documents • Language support • Categorization in a taxonomy • Editing of document metadata Table 65: Functions of Lotus Quickr services for WebSphere Portal
Area structures402
400 Refer to the user manual and the administrator manual: http://publib.boulder.ibm.com/infocenter/lqkrhelp/v8r0/index.jsp 401 However, without any version information being given in this context (refer to http://publib.boulder.ibm.com/infocenter/lqkrhelp/v8r0/index.jsp) Seite 387 In this case too, structuring according to areas is carried out, with the following area types offered for a new area to be created: • Adapted Only a few standard components are installed in this case. The user can then gradually develop the area further and add the required components. • Library Library areas are used to collect documents and media files. • Meeting area This type is specifically orientated towards organizational and administrative functions for work group meetings. A library (sub-area) for the documents relevant for the meeting forms part of this area. • Project library area This area is specifically designed for work in projects. • Team blog This area enables the presentation of information in the form of a diary. • Team area This type provides an area where different team contents can be managed. The blog and library area form part of such an area in order to implement a large variety of functions. • Team wiki This type is specifically designed to support interaction. The templates for the different area types can be adapted as required and supplemented with user-defined templates.
Automation In order to implement workflows, Lotus Quickr Services for WebSphere Portal use the concept of integrated applications. Application templates are used to create integrated applications403. These application templates offer an easy and simple way of creating new integrated applications. Several templates are available for this purpose from an application template library. These templates can be used as a basis for creating new templates and integrating these into the library. The templates are used to define various elements for the integrated applications, such as properties, roles and their parameters. It is also possible to define workflows for some of these templates. The document release process is included as a standard workflow in the delivery for both parallel and serial release.
402 Refer to the user manual and the administrator manual: http://publib.boulder.ibm.com/infocenter/lqkrhelp/v8r0/index.jsp 403 Refer to the Lotus Quickr user manual, services for WebSphere Portal, integrated applications, http://publib.boulder.ibm.com/infocenter/lqkrhelp/v8r0/index.jsp Seite 388 1.5.2.3 Management and administration tools The tools of Lotus Quickr and the tools of Lotus Domino are available as a combination for the administration and management of a Quickr environment in conjunction when the services for Lotus Domino are used with an installation variant as services for Lotus Domino. These include: • Lotus Quickr o The "QPTool” This tool is executed via the server console with commands and the pertinent parameters. o The "qpconfig.xml” configuration file o The "site administration" on the homepage of the server This is a web-based administration interface via which the connection to the user directory can be established, access to the server(s) controlled, and other configurations managed. • Lotus Domino o The Domino Administrator client o The configuration via the "names.nsf" Domino directory o The notes.ini configuration file If the services for WebSphere Portal are used, the administration tools are made available with the underlying WebSphere Portal and/or the tools supplied along with Portal can be used. These include: • Various administration portlets for the administration of the Portal resources • An XML configuration interface for the batch processing of administrative tasks • A script-based interface for creating user-defined administration scripts, for example, for the automation of administrative tasks.
1.5.3 Conclusions One positive aspect is that Lotus Quickr is a collaboration software which offers a host of functions which support cooperation in teams, which supports more than just one operating system platform on the server end and which is based on tried-and-tested technology of the manufacturer. It is not yet possible to say whether it is positive or negative that the software with its two installation variants, i.e. services for Lotus Domino on the one hand and services for WebSphere Portal on the other, is based and can be used on two different (application) server platforms. On the downside, it must be noted that the manufacturer is unable to provide any relevant information as to which criteria should be used for a decision in favour of the one or other solution. Furthermore, it is not clear whether and where relevant differences exist in the functions. Within the scope of the discussion in this document, it was only
Seite 389 possible to find indications of functional reasons in the sphere of the possibilities for online use and workflow design and use options. One can conclude that the use of additional functionalities, such as "realtime communication", requires the acquisition of further commercial software, such as Lotus Sametime, from the manufacturer. Another drawback is the ongoing, single-sided orientation towards and dependence on Windows and Microsoft products as well as file formats in the client area. Despite the fact that Lotus Quickr is ultimately a web application, the optimized use of all of its functions requires additional software at the client end which is today only available for Windows, Microsoft products, file formats and Lotus products.
Seite 390 C Subject: Office / desktop
1 Products/technologies The following discussion of the Office suites will focus on the standard applications of Microsoft Office (in short: MS Office) and OpenOffice.org/StarOffice (in short: OOo/SO). A new discussion of the migration options with a view to this category of applications appears to be necessary in view of the publication of MS Office 2007 and the new versions of OpenOffice.org (OpenOffice 2) and Sun (StarOffice 8). Since the publication of the last migration guide (version 2.1), all the Office products have undergone substantial change with a view to file formats. The current Microsoft Office version, for example, uses a new (standard) file format which is now fully based on XML. The standard file format used by OpenOffice.org and StarOffice, respectively, is now an international standard that has been slightly modified. This change should be examined in a new, updated version in order to find out, for example, which changes were implemented, how these affect work with the Office suites, and which new conclusions can be drawn when it comes to a migration decision. The following section provides a comparison of the two Office suites, OpenOffice.org 2 and StarOffice 8 and Microsoft Office 2007. OOo and SO are combined because these two suites have only minor functional differences. For the sake of completion, the predecessor products (MS Office 11; SO 7/OOo 1) and their major differences when compared to their respective successor are presented too. 1.1 OpenOffice.org 2 and 1 / StarOffice8 and 7 The basic technology of the two Office suites is developed on the basis of OpenOffice.org. In 2000, Sun Microsystems migrated the source text of the then StarOffice 5.2 Office package to the OpenOffice.org Open Source project. The OpenOffice.org project is subject to the LGPL404 (Lesser GNU Public License) which enables the deriving of commercial products from OpenOffice.org. Reusing relevant components of OpenOffice.org does, however, guarantee that the specifications of the API and of the ODF file formats are the same for all the derivatives. Sun develops new components for StarOffice and compiles a product package which includes professional quality assurance, comprehensive documentation, support and training offers. Some of the Sun components are: • Migration tools • Additional templates and diagrams • TrueType fonts similar to those of Microsoft
404 All the OpenOffice.org versions before 2.0 were published parallel to this under the Sun Industry Standard Source License (SISSL). More details can be found mat: http://www.openoffice.org/FAQs/license-change.html, as well as in section 3.13.5.1 of version 2.1 of the migration guide. Seite 391 • An integrated spell-check and thesaurus functionality, with OpenOffice.org using by default the MySpell (LGPL) spell checker or the improved Hunspell variant since version 2.02, respectively • The Adabas-D database from the company Software AG Furthermore, Sun offers bug patches or service packs for the different product versions. At present, a new StarOffice service pack for every version405 with improved security aspects, bug fixes or improvements in import filters is released every three months. OpenOffice.org, in contrast, contains these components in the latest version only and the complete product package must be downloaded. Unlike the free OpenOffice.org suite, the StarOffice suite is a commercial product, with Sun Microsystems distributing the former at no charge to pupils, students and academic institutions. Furthermore, StarOffice 8 has been available since August 2007 as part of the free Google Pack406 .
1.1.1 OpenOffice.org 2.x / StarOffice 8 Version family 2.x is the latest version of the free OpenOffice.org Office suite which was published for the first time in October 2005 following around two years of development and replaced the predecessor family 1.1.x. More or less at the same time as the release of the new version, version 1.1.5 was published which included an import filter for the new ODF document format of the successor version family. OpenOffice.org runs under Microsoft Windows, Linux, Mac OSX, Solaris, FreeBSD and other Unix derivatives and is distributed free of charge under the LGPL license. StarOffice 8 is based on the sources of OpenOffice.org 2.x and, as already mentioned, includes several add-ons and extensions from Sun Microsystems. Installation packages are available for Microsoft Windows, Linux and Solaris. Key new features compared to the older versions of OpenOffice.org 1.1.x and StarOffice 7, respectively, include a dedicated database model (Base), as well as the use of OpenDocument Format (ODF) as the default file format which was specified by OASIS on the basis of the old OpenOffice.org file format and which was published in 2006 as an international standard (refer to ISO/IEC 26300), as well as improved support of MS Office documents. Other new features can be found in the area of user control, the further developed import and export filters as well as support of digital signatures which were integrated for the first time into OOo. The user interface was modified in certain areas in order to be more similar to that of MS Office 2003 and in order to support users of other Office suites when it comes to migration.
1.1.1.1 Components and functionalities The Office suites include all the major individual applications which are known from other Office packages. A full list of all the functionalities of the Office components mentioned
405 The latest service packs have been available since October 2007 for StarOffice 6 (Service Pack 8), StarOffice 7 (Service Pack 11) and StarOffice 8 (Service Pack 8). 406 Refer to: http://pack.google.com/. Seite 392 below will not be given in the following. Only the core applications, i.e. word processing, spreadsheet and presentation tools, will be discussed in more detail. These are the applications which are available in almost all Office suites. All the other applications either vary or belong to other subjects, such as databases, or can also be considered to be individual applications. The Office applications are, in detail, the following:
Writer (word processing) Writer is the word processing component of the Office suites. The program supports all the functions of modern word processing and is orientated towards the functionalities offered by Microsoft Word. In order to facilitate the processing of large and complex documents, individual text documents (.odt) can be subsequently merged to form a single global document (.odm). The so-called navigator which offers various overview views and structures and thereby facilitates the retrieval of certain pieces of information as well as orientation in long documents is particularly helpful in this context. Format templates can be set up for individual characters, paragraphs, frames, lists, chapters and pages. With the texts, different indexes, such as tables of contents, lists of keywords, illustrations, references, tables and objects can be generated and adapted. Live-hyperlinks and text marks provide direct access to text segments. Furthermore, a formula editor and a references database is available for authors of scientific text. The formula editor offers a host of categorized symbols for the presentation of quantitative operations, relations, functions, operands and attributes. The references database can be used for automatic generation of a list of references. For this purpose, the user enters his or her sources via a mask into a table from where the sources can be subsequently added as a list of references to the document.
Fig. 64: The Navigator in OpenOffice.org Writer
Calc (spreadsheet) Calc is a spreadsheet function which enables the presentation and editing of data in spreadsheets. Data can be entered manually or from a data source. In the latter case, data sources registered in OpenOffice.org can be displayed using a function key, and the
Seite 393 data contained therein can be imported to the spreadsheets using the drop and drop function. Raw data from different data sources can be gathered and further processed in this form, including the possibility to use "formulas in natural language", such as =´Stückzahl´*´Preis´ (=´quantity´*´price´). Defined data areas can be displayed or hidden. A "data pilot" offers support when it comes to analysing numerical material. The effects of changes in individual factors can be watched in calculations which comprise several factors. Furthermore, several pre-defined scenarios exist for the management of complex tables where various wizards offer assistance to users. Cell formatting parameters and the presentation of spreadsheets can be adapted to given requirements or formatted using integrated templates. The user can directly create or adapt calculation functions and individual formulas. In contrast to the predecessor version, spreadsheets can now contain 65,536 instead of the former 32,000 lines which improves, above all, compatibility with Microsoft Excel.
Fig. 65: Formulas in natural language in OpenOffice.org Calc
Impress (presentation) Impress is a presentation tool of the OpenOffice.org Office suite and can be considered to be the counterpart of Microsoft PowerPoint. This tool enables the creation and editing of graphic renderings, animations and slide presentations. The presentations can be provided with diagrams, drawing objects, text, multimedia and other elements. Templates are also available for the creation of professional slides to which dynamic effects, including animation and fading effects can be assigned. Master slides support the adaptation of the design of complete presentations. Recurring elements, such as diagrams, background colours, header and footer lines, or simple text, can be inserted and are then available to all the slides. The documents can be stored in different OpenOffice.org and StarOffice formats or a Microsoft PowerPoint presentation or template. Exporting is also possible to Flash, HTML or XHTML and to different graphic formats, such as PNG, JPG, GIF and the SVG format for scalable vector graphics. Immediately after the application is started, a wizard for creating presentations is activated which can also be opened during work. The view can be changed during work and a preview function supports the adaptation of effects and animations. Impress was given a new user interface with version 2.0 which is orientated more clearly towards Microsoft PowerPoint and which is hence particularly suitable for users after migration.
Other applications • Draw (graphic) Draw is a vector-based graphic program which enables the creation and editing of both 2D and 3D graphics. It comes with templates for drawing elements and a selection of adaptable forms and shapes. These include standard shapes, symbol shapes, block arrows, flowcharts and legends for inserting comments.
Seite 394 Tables, diagrams, formulas and other elements created in OpenOffice.org can be inserted into drawings. • Math (formula editor) Math is a tool which enables the graphic presentation of mathematical equations and more complex formula structures. However, this formula editor should not be mistaken for a mathematical calculation program. The functions are limited to the graphic creation and editing of mathematical formulas. • Base (database) With Base, OpenOffice.org has included for the first time since its version 2 a dedicated module for the administration, creation and editing of databases, and with HSQLDB additionally includes a Java-based, platform-independent and relational SQL database management system which stores its data in HSQL databases in XML format. Since October 2007, Sun Microsystems has been providing a Report Builder which significantly simplifies and improves the creation of database reports. In addition to the function modules mentioned here, many free and proprietary solutions exist which supplement OpenOffice.org and cover certain areas (such as calendaring and groupware functions) which are addressed by Microsoft Office applications407.
1.1.1.2 Programming, macros and automation possibilities The sometimes very intensive use of Office programming functionalities must be considered to be questionable both with a view to the problems which this always means to a greater and lesser degree for any kind of migration and with a view to the obstacles to interoperability with other Office applications, as well as with regard to correct maintenance/updating and targeted support for software fragments of this kind which are sometimes hidden at points within the Office software landscape. One can generally note that, when it comes to developing complex applications, there are better and more professional solution approaches which are clearly better suited for such applications, especially with a view to the migration to be carried out as well as support for such applications. However, the concepts available will nevertheless be briefly presented here, also in order to illustrate the problems at several points. OpenOffice.org and StarOffice support the concept of embedding program code in documents and templates in the form of macros. For this purpose, the Office suite comes with an integrated development environment (IDE) which enables users to record, edit and test macros. Besides StarOffice Basic408 (also known as StarBasic and OOoBasic) as a basic dialect which resembles the VBA language used in MS Office but which is not compatible with VBA, the popular Python and JavaScript script languages can also be used to develop macros.
407 http://wiki.services.openoffice.org/wiki/OpenOffice.org_Solutions. 408 An introduction to StarBasic can be found at: http://docs.sun.com/app/docs/doc/819- 0439?a=load. Seite 395 From an IT security perspective, macros should generally be used with care because the execution of harmful macros can also be triggered by these mechanisms. Time and again this has led to smaller and major adverse effects in the past.
When it comes to implementing complex extensions of the Office suites and to integration with electronic business processes and external applications, OpenOffice.org and StarOffice offer the possibility to add so-called Extensions409 . These address the Office suites via a documented programming interface410 (API, Application Programming Interface) which is based on UNO411 (Universal Network Objects) component technology which is implemented in a manner independent of a particular programming language and at present enables writing of extensions in C++, Java, Python, CLI (C#, VB.NET and other languages from the .NET family (on condition that a ".NET connection" exists for the platform in question), StarBasic, JavaScript and OLE Automation. Separate Software Development Kits412 (SDKs), which include the documentation and development tools for the programming interfaces, are available for StarOffice and OpenOffice.org. Furthermore, a plugin413 is available for the NetBeans development environment which significantly facilitates certain programming tasks. Wizards simplify the initial steps at the time a new project is launched. IDE support, such as code completion and a context-sensitive help function, simplify work with the API of the Office suites. The plugin is available at no charge from the integrated Plugin Update Center of NetBeans. Furthermore, the availability of the source codes of OpenOffice.org and the LGPL licence facilitate the very easy sharing of solutions which were developed for one user and/or public agency with other users and/or public agencies. This means that it is not necessary to buy and pay for solutions several times over.
1.1.1.3 File formats One of the key new features of OpenOffice.org 2 and StarOffice 8 is the introduction of ODF (OpenDocument format) which replaces the previously used proprietary StarOffice format. Although the former is based on the latter, it was developed in an open standardization process by OASIS and later by ISO and is now increasingly used in and supported by the products of many reputable manufacturers. Unless anything to the contrary is explicitly stated, documents are stored in OpenDocument format.
Type of document File extension
Word processing odt
Word processing (template) ott
Drawing odg
Drawing (template) otg
409 The Firefox browser and the Thunderbird mail client pursue a similar concept. 410 Refer to: http://api.openoffice.org/. 411 Refer to: http://udk.openoffice.org/. 412 The OpenOffice.org SDK can be found at: http://api.openoffice.org/SDK/index.html, whilst the StarOffice SDK can be found at: http://www.sun.com/software/star/staroffice/sdk/index.jsp. 413 Refer to: http://wiki.services.openoffice.org/wiki/OpenOffice_NetBeans_Integration. Seite 396 Type of document File extension
Presentation odp
Presentation (template) otp
Spreadsheet ods
Spreadsheet (template) ots
Diagram odc
Diagram (template) otc
Graphic odi
Graphic (template) oti
Formula odf
Formula (template) otf
Word processing (master document) odm
Word processing (HTML template) oth
Table 66: File extensions of ODF documents
The many integrated options of importing and exporting data to file formats of other applications are closely related to this. A complete list of all the file formats supported would go beyond the scope of this document. A selection of the most important supported file formats of other manufacturers is shown below.
File format Import Export
OpenOffice.org 1.x documents Yes Yes Microsoft Office 6.0, 95 and 97/2000/XP Yes Yes (.doc) Microsoft Word 2003 XML (.xml) Yes Yes
Rich Text Format (.rtf) Yes Yes StarOffice 3.0, 4.0 und 5.0 Yes Yes Text (.txt, .csv) Yes Yes (X)HTML (.xhtml, .html, .htm) Yes Yes DocBook (.xml) Yes Yes AportisDoc (Palm) (.pdb) Yes Yes Pocket Word (.psw) Yes Yes PDF No Yes
Adobe Flash No Yes414
Table 67: Import and export options to OOo /SO
414 Presentations only Seite 397 1.1.1.4 XML technology Via many freely accessible interfaces (for example, Simple API for XML - SAX, Document Object Model - DOM) and open XML-based file format, OpenOffice.org provides flexible access to all the functions and data for creating, searching, accessing, modifying and deleting document contents. Besides OpenOffice.org, further applications exist, such as KOffice415, Suns StarOffice and Google Docs and Spreadsheets, which also use OASIS OpenDocument format which is the result of a public development process. XML format and the development of software components support the far-reaching portability of ODF documents from and to Office Open XML documents (OOXML). OOXML is the new XML-based standard file format in MS Office 2007 which is preferred by Microsoft416 (refer also to chapter III.C 1.2.4). Restrictions in this context primarily concern more complex documents and embedded tables. Thanks to XML-based ODF file format, the use of other XML standards by XLST for filtering and converting XML structures is possible without any problems. Communication via SOAP with Web Services in OOo/SO is currently not available, but can be implemented via Java Web Service libraries. HTML-compliant elements can be used in OpenOffice.org documents for designing input fields and forms. The XForms417 standard for the definition of form pages which is specified by the W3C consortium is also supported. With regard to work with application-specific XML documents, both Office suites include an XSLT processor which enables the creation of import and export filters for any XML file formats. Filters are supplied, for example, for the XML file formats of Microsoft Word 2003 and Excel 2003, well as DocBook as an XML format which is predominantly used to create technical articles, books and documentations.
1.1.1.5 Web service-based integration Both OpenOffice.org and MS Office include an API418 for web service-based integration. The OpenOffice.org API is designed independent of a programming language or an operating system. OpenOffice.org 2 can at present be programmed in the Java, C++ and StarBasic programming languages and under Windows via OLE/COM control. All the programming languages use the same API. This means that the API provides the same development possibilities no matter which dialects are used. Furthermore, both Java and C++ enable the development of components which can perform the most varied functions as plug-ins in OpenOffice.org: • New chart types • New Calc functions
415 http:/www.koffice.org 416 OOXML was adopted by the ECMA (European Computer Manufacturers Association) in December 2006 as ECMA standard 376. ISO standardization has been applied for. 417 http://www.w3c.org/TR/xforms 418 Relevant information on this topic can be found at: http://api.openoffice.org/ (online documentation). The specification of the interface can be found at: http://udk.openoffice.org/ . Seite 398 • Wizards • Additional functionality for the user • StarBasic upgrade StarBasic is the integrated, modular script language in OpenOffice.org and follows the same principles as VBA. The structure and syntax of both languages are very similar in many respects, so that porting of existing VBA macros to StarBasic is facilitated. Besides the API, OpenOffice.org just like MS Office provides a development environment (Integrated Development Environment (IDE)) with a user interface that is very similar to the development environment of MS Office. Further information concerning the programming and development environment can be found in section III.C 1.1.1.2, Programming, macros and automation possibilities).
1.1.1.6 Extensions in StarOffice8 The Enterprise Edition of StarOffice8 comes with several further functionalities. These include a tool for migrating macros as well as analysis tools for evaluating and assessing the risks of the migration possibilities of individual documents. Furthermore, the Java Desktop System (JDS) replaces the StarOffice Configuration Manager which was integrated from StarOffice 7.
1.1.2 OpenOffice.org 1 / StarOffice 7 OpenOffice.org 1.x and StarOffice 7 are the predecessor versions to the OpenOffice.org 2.x and StarOffice 8 Office suites described in section III.C 1.1.1. In order to avoid redundancies, this section focuses on the differences in relation to the above-mentioned current versions. OpenOffice.org 1 was published in 2002, at that time as a freely available Office variant which was based on the source code of the commercial StarOffice 5.2 product. The most striking new feature compared to the old StarOffice version is the elimination of the integrated desktop. Updates were offered in several stages which implemented, for example, in version 1.1 the export to PDF files and – in some components – flash files without the need to install additional software. The integration of an XSLT processor additionally enables integration of other XML file formats and the export of OpenOffice files into other XML formats (DocBook, XHTML, Word 2003, etc.). The last OpenOffice.org 1.1 update was carried out as version number 1.1.5 in 2005. Almost parallel to the release of OpenOffice.org 2, an import filter for the then new OpenDocument format was integrated which was designed to enable the opening and reading of version-2 documents. In a corresponding move, Sun Microsystems offered StarOffice 7 which is based on the sources of OpenOffice.org 1.1. Besides professional quality assurance and extended support, StarOffice 7 includes the following elements and features: • The AdabasD database application • A commercial spell-check function • Strongly expanded ClipArt and template libraries • Import and export filters for WordPerfect documents Seite 399 • Additional fonts • An adapted user interface
1.1.2.1 Components and functionalities OpenOffice.org 1.1 includes the following individual applications which were already discussed earlier: • Writer • Calc • Impress • Draw • Math The Base database component was only added in the OpenOffice.org 2 suite and in StarOffice 8, respectively. As an alternative, StarOffice7, included, as already mentioned, the AdabasD database application from the company Software AG. Differences in the scope of functions of OpenOffice.org 1.x and StarOffice 7 in relation to the successor version can be differentiated in that they concern the Office package in its totality on the one hand, or concern certain core components only on the other:
General differences: This version of Openoffice.org and StarOffice offers a rudimentary PDF export function only. It is not possible to adjust the degree of compression or the print area. With regard to their usability, the differences in relation to Microsoft Office as the competitor product are underlined even more strongly. This concerns the design of the user interface as well as the names of individual tools. The format template, for example, is called Stylist and the wizards are called Auto-Pilots which makes migration particularly difficult. The toolbars are inflexible and not very adaptable so that a customized user interface design is not possible. The document formats supported are the old StarOffice formats. The OpenDocument format had not yet been introduced at that time. Although import and export to the proprietary Microsoft formats continue to be offered, they only work in conjunction with documents with a simple structure. Properly importing template-based documents or animated PowerPoint presentations is not possible. Tables integrated into tables are not supported which adversely affects the export into file formats which support nested tables (for example, Microsoft PowerPoint). With regard to security, this version does not support digital signatures.
Specific differences: OpenOffice.org1 does not include a separate database administration module. Instead, versions 1.1 and higher come with a so-called data source tool which enables the import of data from different sources and the integration of data into Office documents. The free Java Runtime Environment (JRE) is required for certain wizards, the references database, as well as certain extensions and export filters. In principle, however, Open- Office.org is capable of running without JRE.
Seite 400 1.1.2.2 Programming, macros and automation possibilities The basic IDE enables the creation of macros. In order to expand program diversity, numerous templates, add-ons and macros are available in the StarOffice Basic and Java languages.
1.1.2.3 File formats The main applications (word processing, spreadsheet, presentation program) of the OpenOffice.org version family 1.1 support the following file formats: • Text document (.sxw) • Text document template (.stw) • Microsoft Word (.doc) • Microsoft Word 2003 XML (.xml) • Rich Text Format (.rtf) • StarWriter 3.0, 4.0 and 5.0 (.sdw), • StarWriter 3.0, 4.0 and 5.0 template (.vor) • Text (.txt) • HTML Document (OpenOffice.org Writer) (.html und .htm), • DocBook (.xml), • AportisDoc (Palm) (.pdb), • Pocket Word (.psw). With a view to the integrated import and export possibilities to and from other formats, OpenOffice.org version 1.1.5 already comes with an import filter for OpenDocument format which enables work with the new standard format. StarOffice7 additionally enables the editing of WordPerfect documents, a feature which is not included in OpenOffice.org1.1. Otherwise the same import and export functions are provided which are also available from the successor version family. However, these filters have been improved in the meantime, so that the use of alternative file formats works better in the newer versions.
1.1.2.4 XML technology OpenOffice.org 1.1. only permits the use of HTML-compatible elements as input elements. This was changed in version 2.0 of OpenOffice.org. With a view to the usability of application-specific XML schemas, importing and editing of an XML schema are possible due to the XML-based standard format in OpenOffice.org. Following the import of such a schema, an XML-enabled document can be set up using all the known functions of the program just like any other normal word processing document. The capability of web service-based integration is supported by OpenOffice.org Basic, a programming language from the family of Basic programming languages, which is largely compatible with other Basic language versions, such as Visual Basic from Microsoft.
Seite 401 OpenOffice.org offers programming interfaces with WRITER documents via UNO (Universal Network Objects). UNO is an object-orientated interface with OpenOffice.org applications and OpenOffice.org documents.
1.1.3 Summary
OOo 2 / SO 8 OOo 1 / SO 7
Native file format ODF SWX, SWT (templates) ODF, WordPerfect (v4 – v11), Built-in import functions DOC, XLS, PPT, WordPerfect Lotus Notes 1-2-3 (until v9.7), from other formats MS Office formats
Built-in export functions to PDF, Adobe Flash, (X)HTML, PDF, XHTML other formats DOC, XLS, PPT, WordPerfect
Yes, (with macros and Java, Extension possibilities, Yes, (with macros and Java, C++, JavaScript, Python, programming C++) Beanshell)
Support of application- Yes, via XSLT Yes, via XSLT Stylesheets specific XML formats
Support, web service- Yes, can be implemented via based integration into Conditionally Java Web Service libraries process chains
OpenOffice.org: free software OpenOffice.org: free software or or LGPL license (GNU Lesser LGPL license (GNU Lesser General Public License from General Public License from the Licensing the Free Software Free Software Foundation); Foundation); StarOffice: StarOffice: commercial product, commercial product, licensing licensing on a per-user basis on a per-user basis
OpenOffice.org and StarOffice: Microsoft Windows, Linux, Microsoft Windows, Linux, Availability for operating Solaris, Mac OS X and other Solaris; OpenOffice.org only: systems Unix variants. Mac OS X, FreeBSD and other Unix variants.
Table 68: Overview of characteristics of OOo 1/SO 7 and OOo 2/SO 8
1.2 Microsoft Office 2007/2003/2002/97 Microsoft Office has been available in the current Microsoft Office 2007 version since January 2007. With Microsoft Office 2007, several important changes compared to the Microsoft Office 2003 predecessor version were introduced. These include, first and foremost, the new XML-based Office Open XML file format which replaces the former binary formats, as well as a newly developed user interface which is very different at first glance. The comprehensive support for work with application-specific XML formats and web services, which was already included in the predecessor version, has been enhanced even further.
Seite 402 Microsoft Office 2007 is currently available for all customary Microsoft operating systems, including Windows XP. A Microsoft Office 2007 version Mac OS X is in planning. Microsoft calls this version "Microsoft Office 2008 for Mac" or "Microsoft Office:mac 2008" which will be available in the first quarter of 2008419. The use of Microsoft Office 2007 is at present (as per September 2007) still limited within the public administration. Installations of the different predecessor versions of Microsoft Office account for the largest share. Microsoft Office is a commercial product for private and professional users.
1.2.1 Components of the Office package Microsoft Office is offered in different packages. The individual packages differ primarily as regards the number of applications included in addition to Microsoft Word, Microsoft Excel and Microsoft PowerPoint. The table below provides an overview of the applications which are currently available in the different packages using version 2007 as the underlying example:
Windows Office Basic Home & Stan- Small Profes- Ultimate Profes- Enter- application Student dard Business sional sional prise Plus
Word X X X X X X X X
Excel X X X X X X X X
PowerPoint X X X X X X X
Outlook X X X X
Outlook with Contact X X X 420 Manager
Accounting 421 X X X Express
Publisher X X X X X
Access X X X X
InfoPath X X X
Groove X X
419 http://www.macoffice2008.com/#ex_fg 420 Volume license customers buying Office Professional Plus 2007 or Office Enterprise 2007 can download Office Outlook 2007 with the Business Contact Manager from the volume license services website or contact their dealer in this respect. 421 Microsoft Office Accounting Express 2007 is available in the US only. Seite 403 Windows Office Basic Home & Stan- Small Profes- Ultimate Profes- Enter- application Student dard Business sional sional prise Plus
OneNote X X X
Communicator X X
Integrated Enterprise Content X X X 422 Management
Integrated electronic 423 X X X forms
Extended functions X X X of IRM and 424 guidelines
Table 69: Applications in the different suites for MS Office 2007;425
In the predecessor version, these package combinations and the components contained therein could differ slightly despite identical names. The applications contained in the packages, including their functions, will be described below. In recent years, Microsoft has expanded its Office package by adding more and more applications which can also be regarded as stand-alone solutions, so that these will be mentioned here only briefly. Furthermore, certain applications, such as Outlook which, depending on the given edition, must be part of the Office suite from Microsoft, can also be assigned to other subjects, such as to the groupware subject in the case of Outlook or to the databases subject in the case of Access. The discussion at this point will focus on the core applications (word processing, spreadsheet, presentation). In this respect, the view has not changed when compared to the earlier versions of the migration guide. The three core applications in the MS Office suite are the following: • Microsoft Office Word (word processing) • Microsoft Office Excel (spreadsheet) • Microsoft Office PowerPoint (presentations). The other applications in the currently available Office version 2007 depend on the package version selected in each case, i.e.: • Microsoft Office Publisher 2007 (desktop publishing program)
422 ECM from Microsoft enhances the content management functionality for all the users within an organization through integration with familiar tools such as the Microsoft Office system. 423 Version 2007 of the Microsoft Office system offers core functionalities for the creation and completion of forms as well as forms services in order to simplify the distribution and administration/management of electronic forms. 424 Version 2007 of the Microsoft Office system offers IRM (Information Rights Management) functions as well as guideline checks to protect digital information against unauthorized use in enterprises and organizations. 425 http://office.microsoft.com/de-de/suites/FX101635841031.aspx?pid=CL101732621031 Seite 404 • Microsoft Office Access 2007 (database management system) • Microsoft Office OneNote 2007 (creation and management of notes) • Microsoft Office Outlook 2007 (groupware application, including mail client, contact manager, time scheduler, etc.) • Microsoft Office InfoPath 2007 (creation and evaluation of electronic forms) • Microsoft Office Communicator 2007 (messenger software which enables different types of communication, such as IM, video, voice) • Microsoft Office Groove 2007 (a program which comes with tools and communication options designed to support working in groups).
1.2.2 Functionalities A full list of all the functionalities of the Office applications mentioned above will not be given in the following. However, a short overview will be given and the most important functions described.
Microsoft Office Word 2007: Microsoft Office Word 2007 includes all the functions of the predecessor versions. The new user interface concept is the most striking feature for users of the new 2007 version. The "fluent" user interface displays the editing tools in a demand-controlled manner. This is designed to enable more efficient and faster work. The definitely most far-reaching change in the new version is the new default file format. Office Open XML (.docx) replaces the former binary file format (.doc). However, the old file formats will continue to be fully supported in future and downward compatibility is to be ensured. However, downward compatibility requires a plug-in in the respective versions of MS Office 2000 and higher. Other important features of the 2007 version include the following: • Extended support for work with application-specific XML schemas because the contents of the documents can be edited even by product-independent solutions due to the new default file format. • Improved support for web services with which data and functions can be used from within applications via interfaces with other applications. • Global spell-checking which imports changes even for other applications of an Office package.
Microsoft Office Excel 2007: Microsoft Office Excel 2007 includes all the familiar functions of the predecessor versions. Excel enables complex calculations using formulas and functions. Data can be evaluated using sorting and filter functions as well as pivot tables and rendered graphically in diagrams. VBA (Visual Basic for Applications) enables the expansion of the scope of Excel functions. Under Mac, this is possible using AppleScript. Other important features of the 2007 version include the following:
Seite 405 • In conjunction with Sharepoint Server 2007 and Excel Services, tables can be released and edited in web browsers. Excel Services offers two interfaces for this purpose, i.e. a web-based UI (User Interface) in order to view Excel tables within a browser, and a web service interface which enables programmatic access to published tables. • Increasing the data volume to up to 1 million characters and 16,000 columns. • An improved diagram function. • New OLAP formulas and cube functions open up more possibilities for work with multi-dimensional databases. • Simplified connection to external data sources: Connection data is no longer specified in Excel 2007; instead, the connection is simply selected from a list. The connection manager is used to store every connection which has already been used before so that this can then be reused when the program is started again.
Microsoft Office PowerPoint 2007: Microsoft Office PowerPoint 2007 can be used to create presentation slides with animations, different backgrounds and transitions. Presentation slides can be stored in the binary PowerPoint .ppt file format, as PDF (Adobe Portable Document Format) or as XPS (XML Paper Specification Format). The latter, however, requires the installation of add-ins as a precondition for using these storing functions. Besides the standard presentation format (.ppt or .pptx and .pptm for files with macros, the latter for Windows only), the screen presentation format (.pps or .ppsx, respectively) is often used in order to immediately display the presentation in full- screen mode.
Other MS Office applications • Microsoft Office Publisher 2007 Microsoft Office Publisher 2007 is a program for the creation of page-orientated documents, such as marketing materials or customized mailings. • Microsoft Office Access 2007 Office Access2007 is a database management program for the management of structures data in tables with a defined data record structure and for the creation of reports. • Microsoft Office OneNote 2007 Microsoft Office OneNote 2007 is a program for the recording and management of notes. • Microsoft Office Outlook 2007 Microsoft Office Outlook 2007 is a generally known client for groupware solutions, in particular, MS Exchange. • Microsoft Office InfoPath 2007 The InfoPath application can be used to create XML-based forms and to use these from within Office.
Seite 406 • Microsoft Office Communicator Microsoft Office Communicator is an instant messaging solution. • Microsoft Office Groove 2007 Microsoft Office Groove 2007 which is included in Microsoft Office Ultimate 2007 is a program which supports group work.
1.2.3 Programming, macros and automation possibilities The functions of the Microsoft Office 2007 applications can be expanded, adapted and customized using different technologies. The technologies available for this purpose include the following: • Smarttags enable context-sensitive automation via information and actions. They are similar to hyperlinks, but are dynamically attached to key words or key phrases. They are based on COM classes which implement a detection and an action interface. The former is responsible for detecting the keywords and the latter for the executing action and presentation of the action menus. • Macros are small programs which are usually written in Visual Basic for Applications (VBA). Their purpose in Office is to effect automated execution of a defined sequence of commands and outputs in order to support the user. • .NET is a software platform developed by Microsoft for the development of Internet applications which is based on open standards. The .NET concept consists of four components as follows: Frameworks and Tools, Building Block Services, Enterprise Servers and Mobile Devices. The framework is responsible for the individual applications and controls access to the data; it makes a user interface as well as class libraries and web technologies available (for example, the execution of programs in several languages). Building Blocks Services support available Internet services, such as updates and search services. Finally, Mobile Devices enable the execution of applications on mobile devices. Extensions of the functionalities of Microsoft Office are sometimes used quite intensively within public agency-specific software solutions. On the one hand, the programming environment available with Microsoft Office is used by many public agencies and other organizations to create document-specific scripting solutions (macros) in order to largely automate work processes with MS Office. This even includes the implementation of department-spanning workflows. On the other hand, public agencies also use a number of external software solutions that are more or less integrated into Office. It should be emphasized here that this at times very intensive Office programming practice is rather questionable with a view to the problems which result time and again from this: • for every form of migration • for ensuring interoperability with other Office applications • for ensuring proper maintenance/updating and targeted support for such software pieces. One can generally note that better and more professional solution alternatives are available for the development of complex applications which are much more suitable with
Seite 407 a view to the migration projects to be performed and with a view to the maintenance and support for such applications. A look at the concepts used here should also illustrate this. • The Visual Basic extensions can be used for Office 97, Office 2000 and Office 2003 and are hence very widely used. The Visual Basic programming environment of Microsoft Office 97 – 2003 is based on the BASIC programming language. This Visual Basic family of languages currently includes several dialects as follows: • Visual Basic (Visual Studio, full version) • Visual Basic for Applications (VBA) • Visual Basic Scripting Edition (VBS). Although all the dialects have the same syntax, they differ in terms of functionality and performance (for example, compiling right through to the executable machine code is possible with Visual Basic but not with VBA). The programming environment of MS Office includes Visual Basic for Application (VBA). VBA is available under a Microsoft license, so that third-party manufacturers can integrate VBA into their products. The use of the Office 97 package or higher is assumed as the starting point for the purposes of this guide. Earlier versions provided different programming environments for the different products (Word Basic, Excel VBA, Access Basic). Office 97 standardized the programming environment as VBA version 5. The table below shows the VBA versions vs. the different Office versions.
Office versions VBA versions 95 Word Basic, Excel VBA, Access Basic 97 5 2000 6 XP 6.3 2003 6.4 2007 6.5
Table 70: Microsoft Office versions and the pertinent VBA versions
VBA is an interpreter language that can be executed in Microsoft Office applications only. VBA is based on COM (Component Object Model) which is a proprietary further development of Microsoft's OLE (Object Linking and Embedding) technology. MS Office is not just capable of using COM objects, but even offers COM objects itself. Office 97 comes with more than 550 own COM objects, Office 2000 with more than 600. Via COM, it is also possible to use external functionalities in Office. VBA enables the use of external programs (such as the operating system) in the form of DLLs (Dynamic Link Libraries), whilst Visual Basic Script (VBS) does not enable such an integration.
Seite 408 The illustration below once again shows the possibilities of VBA to use functionalities.
Fig. 66: VBA in the Office application
The following module types are distinguished in VBA: • Modules • Class modules • Forms Modules contain general procedures which are not connected to an object. Class modules (form and report modules), in contrast, are connected to objects and trigger certain event procedures (for example, a response to a user entry, such as clicking a button). These modules enable the expansion of functionalities that exist in MS Office, the automation of sequences of function calls, as well as the implementation of additional functionalities. Amendments, automated functions and additions are referred to as macros and scriptings. In order to integrate these macros in MS Office, the menu bars and buttons of the symbol bars, in particular, can be modified in order to facilitate their use. Special procedure names (such as AutoOpen, AutoNew) identify the program code which is executed automatically when Office files are opened. This mechanism is often used in templates. This does, however, mean a security risk because it also means that harmful procedures ("macroviruses") can be executed in this way. Macros and scriptings can be activated and integrated in the following forms in Office: • as add-ins, • in templates, • as wizards. Add-ins can be further distinguished as follows, depending on their use: • COM add-ins: compiled DLL or EXE files which are generated by Visual Basic (full version). These add-ins can be used in an application-spanning manner. • Application-specific add-ins: Application-specific add-ins are generated by the integrated programming environment of Office and can be used within Office only. Add-ins are typically used where the program code must be permanently available in the application, without the user having to specifically load any particular templates.
Seite 409 With VBA version 5, a uniform development environment was integrated within the Office application. Although the so-called IDE (Integrated Development Environment) is started in a separate window, it runs in the process of the Office application. IDE comes with the following features and elements: • Editor with syntax check and colour highlighting • Project Explorer • Additional properties window • Debugger tools • Object browser • Conditional compilation • Mechanisms to protect against changing or copying of the code programmed • IntelliSense (completion, drop-down selection, syntax information) The application provides a macro reader that can be used to record and store sequences of interactions of the user with the application. The use of such functionalities by the users makes it even more difficult to find the corresponding macros in the templates and documents in the case of a migration project because although users are generally very reluctant to document when and where they created which macros for their work, they usually expect that these macros continue to be available and to function after migration. Since Office itself consists of a large number of COM objects, 'remote control' of Office, by way of so-called COM automation is possible. Windows Scripting Host (WSH) or PerlScript can be used, for example, for remote control. Indications are that in future Microsoft will increasingly rely on the Visual Studio Tools for Microsoft Office Systems426 (VSTO) and Visual Studio Tools for Applications (VSTA)427 with a view to Office automation. These are .Net-based tool sets which can be used to develop applications on the basis of the Office applications (VSTO) and can be adapted for the use of .NET languages (VSTA). VSTO and VSTA are members of the family of Visual Studio 2008 products. The most recent versions are VSTO 3.0 and VSTA 2.0 which have been available since the 3rd quarter of 2007. It is not yet possible to predict whether they will replace VBA one day. For the time being, it seems that Microsoft will continue to support the VBA line.
1.2.4 File formats Microsoft Office 2007 supports several native file formats, including the following: • The traditional Microsoft file formats, i.e. .doc, .xls, .ppt, etc. • The new Office Open XML file format. With the release of Office 2007, Microsoft replaced the old binary formats with Office Open XML as the default format which is used throughout for Word, Excel and PowerPoint. In contrast to the previous format, the contents (text, graphics, tables, etc.)
426 http://msdn2.microsoft.com/de-de/vstudio/aa718674.aspx 427 http://msdn2.microsoft.com/en-us/vsx2008/products/bb933739.aspx Seite 410 and the metadata (i.e. the "layout" of contents) of the documents are stored in packages and stored in a compressed form in a ZIP archive. Office Open XML was submitted to the ECMA (European Computer Manufacturers Association) for standardization and was adopted as ECMA standard 376 in December 2006. ISO standardization has been applied for. With regard to the import and export possibilities to and from other formats, the main applications of Microsoft Office 2007 (word processing, spreadsheet and presentation) offer the following, partially built-in import and export possibilities for certain older formats and external formats: • Binary formats (.doc, .xls, .ppt) from earlier Microsoft Office versions (Microsoft Office 97 - 2003) • WordML (Wordprocessing ML) • OpenDocument • PDF The latter two require the use of plug-ins. Besides direct editing and modifying of individual parts of the packages, Microsoft Office 2007 also enables work with user-defined, application-specific XML schemas. A graphic user interface supports the user in this context. This graphic user interface enables, for example, the direct import of application-specific XML schemas into a document. XML can be initialized as required using placeholders, such as a text example or an input request. The XML elements added are highlighted in colour during the creation phase. This colour highlighting is removed during the subsequent use of the document, so that the XML structure remains hidden. Following the import of an XML schema, a document can be edited using all the known functions of the program just like any other normal Word document. In the laboratory example of a "Birth certificate" ["Geburtsurkunde"], the XML schema was inserted into the document which was subsequently designed.
Seite 411
Fig. 67: User interface for work with XML schemas in MS Word 2007
Fig. 67 shows the graphic user interface. The document which is based on the XML schema is shown on the left. The right-hand side shows the XML structure panel with an imported XML schema. In order to add XML elements from the XML schema to the document, these elements can be simply moved from the XML structure panel to the document using the "drag and drop" function. However, one should not underestimate the fact that validation of the data or of the structure is not yet possible in the graphic development tools. When the user changes the structure in the document, the XML schema is damaged. However, the developer can implement a validation. However, the developer of the XML schema can protect the nodes against changes in the new Office 2007 version, so that an implementation for validating the data is not necessary. Several options exist for the storage of completed documents and for the data entered in input fields which are defined by XML Markup. If the data entered, together with all the other information – i.e. all the data embedded in the document – is to be stored as XML, this can be carried out using Office Open XML format which has been disclosed by Microsoft. Furthermore, it is also possible to filter and store only the data entered (without any additional information). The data saved in this way automatically corresponds to the specification of the imported XML schema. The illustration below shows a segment of a resultant XML data record.
Seite 412
Fig. 68: Data record according to the "Birth certificate application" ["Antrag Geburtsurkunde"] XML schema
Microsoft Office 2007 additionally offers the possibility to automatically check the data for the given XML schema. In this way, incorrect XML data records can be detected and blocked before being exported to web services, eGovernment platforms, etc. Incorrect or incomplete entries are already highlighted when they are made. In contrast to the predecessor version, it is no longer necessary to program the validation of the entry. Microsoft Office 2007 can export all the required information from the XML schema and validate this information automatically.
1.2.5 Web service-based integration Microsoft offers two different tools in the field of web service-based integration in order to equip Microsoft Office 2007 with a web service interface. One of these variants offers the Microsoft Office Web-Services Toolkit 2.0 which can be downloaded at no cost. This toolkit and Visual Basic for Applications (VBA) can be used to program macros which send requests to web services which are, for example, made available by back office processes. The second, much more elegant, option is based on the use of the .NET framework. The freely available .NET framework offers a host of functions for the development of complex web service interfaces.
1.2.6 Differences between MS Office 2007 and its predecessor version The Microsoft Office 2007 predecessor versions are very common in the administration. One can even firmly assume that the vast majority of all the workplaces in German administrations use one of the Microsoft Office 97 - 2003 versions.
Seite 413 The Microsoft Office 2003 version was the first to integrate comprehensive support for work with XML files into the Office package. These features include support of the XML- based WordprocessingM file format, as well as comprehensive support for work with application-specific XML schemas and for integration into process-orientated and/or service-oriented architectures (SOA). With optional retrofit add-ons, Microsoft Office 2003 applications can even read and write the new Open Office XML format. If these add-ons are not implemented, these versions are then unable to read the file format of Office 2007. In contrast to the current Office version, the earlier versions were not offered in such a host of packages. In the case of Office 2003, users were able to choose from six packages (for example, Professional Enterprise Edition, SSL Edition, Standard Edition, etc.). Just like the current version, these differ in terms of the number of applications which are offered in addition to the core applications.
1.2.6.1 Components These core applications and the most important differences compared to the current version will be briefly outlined using Office 2003 as an example. Individual functions or the other versions and applications will not be discussed further at this point.
Microsoft Office Word 2003 Several new concepts and technologies were introduced with Microsoft Office 2003 which were developed even further in the current 2007 version. These concepts and technologies include, in particular, the following: • The introduction of the open, XML-based Wordprocessing ML file format • Support of work with application-specific XML formats • Support of automation processes, workflows and data connection by various technologies, such as dynamic SmartDocuments, programmable macros and .NET programming
Microsoft Office Excel 2003
With Microsoft Office Excel 2003, just like with the Word word processor, several new concepts and technologies were introduced which were developed even further in the current 2007 version. These concepts and technologies include, in particular, the following: • Import and export functions from and to any XML formats directly from within the application • Support of web service-based integration • Workflows can be triggered via buttons in the application. • Further support of automation processes, workflows and data connection by various technologies, such as dynamic SmartDocuments, programmable macros and .NET programming.
Seite 414 • Until Excel 2003, the spreadsheets were limited to 65,536 lines and 256 columns (from A to IV). In the current version, the limit was increased to 1,048,576 lines and 16,384 columns.
Microsoft Office PowerPoint 2003: Microsoft Office PowerPoint 2003 can be used to create presentation slides with animations, different backgrounds and transitions. Presentation slides can be stored in binary PowerPoint .ppt file format, in PDF (Adobe Portable Document Format) or in XPS (XML Paper Specification) format. However, the latter require the use of plug-ins as a precondition.
1.2.6.2 Other So-called smarttags were introduced with Office 2000. The functionality was enlarged in Office 2003. Smarttags enable context-sensitive automation. A smarttag triggers a function in response to an input (for example, a pre-defined word or a known number). Smarttags also enable the use of functions in other applications, such as the automatic opening of further documents. Simple smarttags and COM-based smarttags can be distinguished. Simple smarttags are administrated in XML lists which are stored at a defined point in the computer network and which are then available to all users. COM- based smarttags, in contrast, are used as so-called smarttag add-ins.
1.2.6.3 File formats Microsoft Office 2003 supports several native file formats, i.e.: • The traditional Microsoft file formats, i.e. .doc, .xls, .ppt, etc. • WordprocessingML XML file format which was introduced with Microsoft Office 2003 The Office 2003 versions of Word and Excel were the first to enable the storage of their documents as XML files. However, WordprocessingML XML file format, which was initially used for this purpose, was subject to many restrictions. When an Excel folder is stored in an XML file, for example, the diagrams are lost. If, for example, Word documents with embedded Excel worksheets are stored as an XML file, these Word documents do not contain the worksheet as XML, but as a binary block coded in a printable form (extract):
Seite 415 WordprocessingML XML format has been completely replaced in Microsoft Office 2007 with the new Office Open XML format. Until that time, the import and export possibilities built in by default in the core applications were the binary formats (doc, xls, ppt) as well as WordprocessingML. As mentioned earlier, add-ons enable the opening of the new standard formats too. In Microsoft Office 2003, certain applications enabled the automatic checking of data on the basis of a predetermined XML schema. In this way, incorrect XML data records can be detected and blocked before being sent to web services, eGovernment platforms, etc. Incorrect or incomplete input fields are already highlighted while the entry is being made. It is not necessary to program the validation of the input. Microsoft Office 2003 can export all the required information from the XML schema and validate this information automatically.
1.2.7 Summary
Microsoft Office 2007 Microsoft Office 97 to 2003
Office Open XML Native file format (docx, pptc, etc.) Binary formats
Built-in import functions Binary formats (.doc, .xls, .ppt) Binary formats (.doc, .xls, .ppt) from other formats Office 97 - 2003 Office 97 - 2003
Built-in export functions to Binary formats (.doc, .xls, .ppt) Binary formats (.doc, .xls, .ppt) other formats Office 97 - 2003 Office 97 - 2003
Yes, (with macros, smarttags, Visual Basic for Applications Yes, (with macros, smarttags, Extension possibilities, (VBA), or .Net programming .Net programming programming environment) environment or VBA)
Yes, comprehensive support even with graphic editors, as Support of application- Yes, comprehensive support of Microsoft Office 2003 and specific XML formats even with graphic editors higher
Yes, comprehensive support even with graphic editors, Yes, comprehensive support smarttags and .Net Support, web service- even with graphic editors, programming environment, as based integration into smarttags and .Net programming of Microsoft Office 2003 and process chains environment higher
License required because License required because Licensing commercial version commercial version
Microsoft Windows XP (or Microsoft Windows XP with higher), Windows Server 2000 Service Pack (SP) 2, Windows with SP3 (or higher) and Availability for operating Server 2003 with SP1 (or higher) Windows Server 2003 (or systems and Windows Vista higher)
Table 71: Overview of the characteristics of MS Office 2007 and Office 97 - 2003
Seite 416 2 Migration paths This chapter discusses the issue of migration between the Office applications which were previously discussed above in detail. Interoperability between the application has an important role to play, both for the migration of existing documents and their continued use as well as for the exchange and shared editing and processing of documents. During a migration project, interoperability between the organizational units concerned must be maintained because it is usually not possible to migrate all the units at the same time. Furthermore, interoperability with other organizations must also be maintained after migration in as far as such other organizations do not use the same Office applications whilst the shared processing and editing of documents are part of day-to-day business with these. Ensuring interoperability is hence a crucial decision criterion when it comes to selecting a migration path. Interoperability of Office applications, as the name already indicates, is not a unilateral issue and is hence discussed in section (III.C 2.1) as a general subject independent of concrete migration paths. Besides interoperability, the lock-in scenarios also have an extraordinarily important role to play in a migration decision. It must hence be clarified in advance to what extent other services and applications are dependent upon concrete Office applications, be it because certain proprietary interfaces are used or be it because certain functionalities are required which are only made available by an Office application. The occurrence of such lock-in scenarios is closely related to the possibilities of Office programming and the extent to which the possibilities within the framework of Office automation are used. If an organization wishes to maintain the necessary independence, other concepts must be developed. The OSS solution of the "tarent_doktor" document generator (refer to III.C 2.3 "Discourse") is a good example. Each migration process calls for comprehensive and sound preparation and, when necessary, appropriate rework. This is particularly important when it comes to migrating Office applications in view of the large number of documents which were created by the Office applications during the course of time where it is not always clear whether migration of these documents is in fact necessary and, above all, in which form these documents are to be migrated. Section III.C 2.2 provides some practical tips in this respect. The following migration paths will be discussed in more detail in the following:
• Migration from MS Office 2000 - 2003 to OOo2/SO8428 • Migration from MS Office 2000 - 2003 to MS Office 2007 • Migration from OOo1/OOo2/SO7/SO8 to MS Office 2007 • Migration from OOo1/SO7 to OOo2/SO8 Any migration of Office applications is predominantly characterized by the following migration measures: • Migration of the documents
428 OOo2 = OpenOffice.org Version 2.x, SO8 = StarOffice Version 8.x Seite 417 • Migration of the macros and scripts used • Restoring the connection to data sources used in the documents • The handling of existing application integrations The above-mentioned migration paths will be discussed with a view to these aspects. 2.1 Interoperability of Office applications Compatibility between the old and the new application is a key challenge in all migration scenarios. The following concrete questions must be answered: Is the new application capable of directly importing the data of the old application? Or is preparatory or touch- up work necessary or are explicit conversion steps needed? How can these be handled? Which information is lost during the process? Furthermore, downward compatibility is becoming increasingly important if the migration project covers a longer period of time or if only certain parts of an organization are to be migrated. The following questions must be answered: How can documents which were generated or edited by the new application be further processed by the old application. Does the processing of a document by different applications or application versions ("round trip") lead to errors which can even trigger a snowball effect? The same questions also arise if the goal to be achieved is not just migration within an organization but also interoperability with other organizations.
2.1.1 Discussion levels Whenever interoperability of Office suites is referred to in this guide, this means the exchange of files and may hence also be referred to as "file-based interoperation". A differentiated discussion of the compatibility problems to be resolved can help highlight both the potential and the limits of interoperability of Office applications based on files. Although the following compatibility levels are explained using the example of word processing, they are – to a varying extent - also applicable to spreadsheets, presentation programs and many other applications. • The logic level: the document model Every application has an internal view of a document to be processed which differs from human perception. A simple letter with a letterhead is an absolutely self-explanatory object for the human reader. However, in order to enable a word processing program to make up the letter, the program must ensure that the text and footnotes move when the text changes, whilst letterhead, date and fold mark remain unchanged. For this purpose, the word processing programs knows suitable elements, such as text boxes, embedded objects, footer lines or watermarks. The set of such layout tools, which form the document model, varies from word processing program to word processing program. An Office suite may include tools which do not have any counterpart in the document model of other Office applications. At document model level, the compatibility of two word processing programs can be judged by the extent to which the models are identical (model compatibility) and the extent to which the tools of one model can be translated to the tools of the other model (model transferability).
Seite 418 • The technical level: the file format The document model just discussed is an internal construct of an application. It is accessible to the user working with the application. Other applications, in contrast, normally have no access to the document model. Instead, they access the files in which the application stores its documents. Although the files contain the entire information of the document model, they may well have a different structure. Instead of the last processing status of the document, they can, for example, store an older status and additionally all the editing steps carried out since. Furthermore, binary coding of the file is possible, so that it can be used by suitable applications only, for example, by the standard format of Microsoft Word. What's more, the file can also be written in a format which is more or less readable for human readers, such as RTF format or compressed XML archives which use ODF and today also OOXML. Most applications are capable of storing and reading documents in different file formats. However, the complete information contents of the document model can often only be stored in a single, i.e. the 'own' ('native') file format. The use of other file formats then means a loss of information. At file format level, compatibility is initially judged by whether the format is technically readable. Technical readability can be ensured by using a standardized file format (RTF, XML) without the format being documented. If technical readability is given, it must be clear which of the data represents the latest revision status of the document and how it is to be interpreted. This step is important if a file format does not store the latest revision of a document, but instead the work steps carried out last, i.e. quasi a macro. If technical readability is given and if the revision of the document has been restored, this revision must finally be translated into the document model of the reading application. Only after this last step does the reading application 'understand' the document so that it can make it available for editing. • Graphic interpretation and layout compliance A user editing a text document is usually interested not just in the wording but also in the make-up of the text. Modern word processing programs offer a host of design and make-up options and usually offer these to users in a WYSIWYG sense. Users can reasonably expect that a document will always and under all conditions look the way it is presented on the screen at the time of editing. "Always" here applies to all conceivable printers, alternative operating systems and environments, as well as other applications and application versions in a migration context. In practical work, WYSIWYG has unfortunately always been a good intention which is implemented in most cases to a large extent, but hardly ever completely. Just changing the printer driver, for example, can already destroy the layout of longer documents containing large numbers of pictures. The technical reasons are as diverse as they are (in most cases) reproducible. The meaning of compatibility for layout compliance must be defined from case to case. A fold mark printed in the wrong position fails to serve its purpose. In contrast, a fold mark which is a little bit thinner or longer is not a serious problem. If, in contrast, the design details, for example, of a city's coat of arms are destroyed during grey level conversion, this is then no longer acceptable. What
Seite 419 matters is hence the requirements which the result must fulfil, for example, the print on paper, as well as compliance with official forms or layout guidelines. On which of these three levels is the question of compatibility then decided? Since layout compliance problems are perceived immediately, they are often regarded as the crucial yardstick for interoperability. However, whether these problems do actually affect round- trip interoperability in practical use depends heavily on the concrete application scenario. Layout compatibility shortcomings may be acceptable under certain conditions if interoperability is ensured on the other levels. It is, however, often not easy for users to assign apparent compatibility problems to one of the three levels. If, for example, the layout of a table has changed completely after conversion of a file in application A to a file in application B, this change may at first be seen as a lack of layout compatibility and believed to be a file format problem. In reality, however, the reason may be incompatibility of the document models which a conversion tool tried to remedy by way of well-meant, but unsatisfactory, translating intervention. However, the correct identification of the level to which a compatibility problem belongs is of central importance because the potential solutions are a function of this. The following section specifically examines the contributions which XML technologies can make at the different levels.
2.1.2 Measures for overcoming interoperability obstacles Incompatibilities at layout compliance level are difficult to overcome. If, for example, a printer has a significantly coarser resolution than another one, a finely shaded area in the city's coat of arms may become a non-differentiated, black area. Hardware standardization or professional make-up of the graphics can remedy this situation. In other cases, two different printers may technically be capable of yielding identical results, but the principles of operation of the necessary printer drivers of an application can differ so strongly that they do in fact yield different results. Such a phenomenon is an internal problem of the application. Guidance as to how such shortcomings can be overcome cannot be given in this document. It may be of little comfort that most layout problems are caused by incompatibilities in the document model. Incompatibilities at document model level can be remedied by the above-mentioned process of mapping one model into the other. These translations would have to be reversible in order to ensure unrestricted round-trip interoperability between both models. This is seldom the case in practical life. This is due to a number of general reasons. One of these is the different degree of distribution of design and layout options within the models. The document model of application A may, for example, know 25 different line patterns whilst the document model of application B knows just 7. Another general reason is the difficulty to identify certain features of a document as the result of deliberate user intervention or as the artefact of a model translation. However, the almost inevitable asymmetries of such model translations are the central cause for the snowball- like increase in anomalies during multiple document conversion processes between two formats. Roundtrip interoperability may be achieved under these conditions by actually using only those layout options in documents which are identical in all document model candidates. Furthermore, their translation can be designed in such a manner that it is usually reversible, but at least free from snowball effects. This requires the potential layout Seite 420 options to be identified. Document templates can then be designed in such a manner that they use only these interoperable design and layout options. Practical success is finally also dependent on whether users are informed of the permissible layout options and whether they actually adhere to the given framework. If even those layout options are to be used which do not fulfil the above-described conditions, the document processing cycle should be split up into two phases. The first phase is the real processing phase. It is limited as far as possible to the document contents and therefore avoids any layout intervention. The second phase begins when editing of the contents is fully completed. This phase is marked by fine-tuning the layout of the document using only one of the applications involved. This means that round-trip processing does not take place during this phase, so that the related problems no longer occur. Compared to the other levels, incompatibilities at file format level are a technically quite simple challenge, but were nevertheless found to be a substantial obstacle in the past. The use of XML which has become common by now facilitates the situation substantially on this level. 2.2 Preparing the migration process Certain considerations are required in advance of the migration process in order to avoid most of the future problems which may otherwise arise. One important measure is intensive stock-taking effort which should, in particular, also cover the existing Office documents and templates. The following section addresses the issues to be considered in this context. This will then be followed by a presentation of possible document conversion methods.
2.2.1 As-is analysis The stock of existing documents and templates should be identified in advance of the migration process. The resultant status is the main criterion for the selection of a particular migration strategy. The list below shows some criteria according to which existing documents and templates should be classified in groups. This list mentions the aspects to be taken into consideration when using external data sources, and addresses the question as to how to proceed when it comes to integrating external applications. • Need to reuse documents and templates This aspect is one of the most important ones because it decides how complex the subsequent document migration process will be. The larger the number of existing documents which are to be read only in future, the lower the total migration effort for the documents. o Documents and templates which may require further processing usually have to be converted to a new editable format whilst ensuring minimum losses in terms of contents and quality. o Documents which will only be read, but no longer edited, should be converted to PDF (or PDF/A for archiving) with a view to their long-term availability. o Documents and templates which are no longer needed should be completely and finally deleted.
Seite 421 • Complexity of documents The degree of complexity has an important role to play with a view to the complexity of the migration process. o Simple documents These documents do not contain any macros, proprietary graphics (such as WordArt), vector graphics, complex formatting instructions or elements like footnotes, tables or indices. These documents are ideally processed by batch conversion (refer to section III.C 2.2.2). o Complex documents These documents contain macros, shared components, paragraph and page formatting instructions, proprietary and vector graphics, as well as many links and cross-references, OLE objects, frames, text boxes, footnotes, active components, form fields, form controls, forms or charts, i.e. a host of different formats and elements. The degree of complexity varies strongly in this area and can be neither categorized nor clearly identified. The degree of complexity depends on the application which was used to create the documents and on the question as to what extent the above-mentioned features are used in the document. This hence calls for a detailed analysis of the documents to be converted to another format for further editing. • Complexity of templates The degree of complexity of the templates also has an important role to play with a view to the complexity of the migration process. The number of templates should hence be limited to the necessary extent from the very beginning. o Simple templates Simple templates consist of generic text429 and the corresponding formatting information which serve as the starting point or as rough models for new documents. Good examples include templates for letters, reports or minutes some of which are already included in the Office suites as delivered and which are offered in order to enable simplified creation of new documents. The same conversion options are available for simple templates which also exist for simple documents. o Complex templates Complex templates contain form fields and macros which are not always easy to convert and which must hence be created anew using the development environments of the respectively other Office suites or which even require new development from scratch. • Use of external data sources
429 A particular text without any origin context, i.e. the symbolic in a linguistic expression without any relation to reality. Seite 422 External data sources must usually be re-linked. This is normally possible without any major problems. These data sources include, for example, databases. • Integration of external software The applications to be integrated must first be identified. It must then be examined whether these applications are available for the target environment of the migration process. If the use of a new Office suite involves a change in operating system, one will have to expect that not all the external programs can be executed there. It may be possible to create executable programs for the new environment too on condition that the source text of the external software is available. Otherwise alternative solutions must be found. Even if the migration project does not involve a change in operating system, it will have to be examined whether integration of the external software (for example, using interfaces) into the alternative Office suite is possible. If integration is not supported, alternative solutions must be found in this case too, and this increases the degree of complexity of the migration process. Rework following the migration of documents Following conversion, the documents should be checked in order to make sure that the following settings were converted correctly: • Margins • Tabs and indents • Line spacing within paragraphs • Spacing between paragraphs • Tables • Header and footer lines • Lists • Pictures It is generally always recommended that the converted documents be checked with a view to the correctness of the above-mentioned settings rather than relying on the compatibility promises of the Office suppliers. In order to avoid such a task from becoming a never-ending story within the framework of a migration project, one should check in advance which documents will still be needed in future for which purposes. This step as well as the check for correct or at least acceptable conversion results should, whenever possible, involve the owners, i.e. the users who created the documents. Furthermore, measures must be taken to ensure that, following conversion, the document format selected as the conversion target is in principle maintained in order to avoid potential formatting losses due to repeated conversion in both directions.
2.2.2 Selecting a suitable conversion method Two methods can be generally used to convert documents. With the first method, the documents are first opened in the original file format in the Office application which is the target of the migration process and subsequently stored in the native target format. This
Seite 423 means that migration is carried out using an import filter. Filters of this type are today available for all the Office suites discussed in this document. The second method is batch conversion. With this method, a converter converts a group of files to another document format. The method of choice for a given application depends on the degree of complexity as well as the extent and quantity of files to be converted. 2.3 Migration from MS Office 97 - 2003 to StarOffice 8/OOo 2
2.3.1 Migration of documents OOo 2/SO 8 offer import/export mechanisms for external file formats, both binary and XML-based. Besides the integrated standard filters in OOo and SO, it is also possible to use OpenXML Translator. This open source solution was developed by Novell and Microsoft and enables the import and export of documents in ODF format. However, the disadvantage of this solution is that it is only available under Novell's own OpenOffice distribution for Linux and Windows. As an alternative solution, Sun offers its ODF plugin for Microsoft Office430 as an import/export filter which MS Office users can use in order to read and write text documents, spreadsheets and presentations in the OpenOffice and StarOffice format. Some of these mechanisms use XSL transformations and are accordingly configured and amended by stylesheets. Filter stylesheets can be bundled as packages and hence installed by the user in a single step. The filter systems for Microsoft Office 2003 XML formats (SpreadsheetML and WordML) form part of the standard installation kit with OOo 2/SO 8 431. The following filters are additionally integrated: • MS Win Word 5.0 Word 6.0, 95, 97, 2000, XP • MS Excel 4.0, 5.0, 95, 97, 2000, XP • MS PowerPoint 97, 2000, XP • Corel WordPerfect • RichTextFormat • Text files From the user's perspective, the XSLT filters installed blend with the familiar functionalities ("Open...", "Save as...") and with the many, permanently installed binary format filters which still exist there. A document template can be additionally identified as part of an import filter configuration. The (formatting) styles of this template are then automatically applied to the document imported in response to assignments of the (import) stylesheet to this effect. Conversion is generally performed in an acceptable quality unless the documents are complex and contain, for example, macros. MS Office features certain layout properties and formatting attributes which OOo/SO does not support or treats differently. This means that a converted document must be manually re-edited to a certain extent in order
430 http://www.sun.com/software/star/odf_plugin/ 431 http://www.openoffice.org/issues/show_bug.cgi?id=33450 Seite 424 to obtain a format which corresponds to that of the original document. A fully satisfactory conversion success should not be expected especially in the case of complex and very product-specific document properties, such as indices, fields, frames and tables. Furthermore, differences between the original document and its converted counterpart can also occur after conversion of basic attributes and formatting instructions, such as page margins and blank spaces between paragraphs. Compared to earlier versions, however, these restrictions were significantly reduced. The table below shows application-independent and application-specific problems which can occur during conversion.
Application Problems
• Auto shapes are shifted. Application-independent • OLE objects are lost (under Linux only!) • Checkboxes and form functions • Macros and VBA code • Lists are not imported with the format Word (.doc) unchanged. • Hyperlinks and text marks can get lost. • Comments are converted only conditionally (some comments can appear as text in the document). • Animated text is not always shown. • References in tables may be incorrect. Excel (.xls) • Office 2007 includes "native charts" which can conflict with older versions (because they are no longer OLE objects). • Conflicts between user-defined functions / formulas and integrated functions • Not all the AutoShapes can be presented. PowerPoint (.ppt) • Master background is not shown. • Some animations are not imported.432 • Table 72: Possible conversion problems
2.3.2 Migration of macros and scripts Macros and OLE/COM are unfortunately often used too intensively in order to extend Office functionalities and for Office automation under Windows. This method repeatedly causes problems in migration projects, sometimes even with continuing migration. Since the macros and scriptings in the MS Office suites are primarily based on VBA, they cannot be executed under OOo/SO.
432 Refer to the "Migration Guide StarOffice 8" – in contrast to the last version, presentation of almost all animations and picture transitions is now claimed to be possible. Seite 425 Various tools are available for automated migration to OOo/SO. These tools analyse the existing documents and templates and convert the existing macros from MS Office to StarBasic in a largely automated manner. These tools are unfortunately not available as free software. They are only part of the StarOffice Enterprise Edition. A thorough analysis is hence necessary in order to determine which approach is economically more effective, i.e. • manual conversion or new creation, respectively, • investing in the StarOffice Enterprise Edition or • commissioning a Sun migration partner who has access to these tools. Besides StarOffice Basic, Java or C++ can also be used to re-write the macros using an IDE editor. Initially, one should generally check which elements of the existing macro programming will be indispensable even in future and/or whether other solutions are available which are more flexible and less platform-dependent. Excursion: document generator Within the framework of the "OSS desktop" pilot project, an application was developed for the Federal Ministry of Justice which is used for standardized, IT-based generation of documents. The document generator replaced an application that was based on VBA macros. Since the original legacy application did not support OpenOffice or StarOffice, it was not possible to use this application in a heterogeneous Office environment, so that it had to be replaced. The document generator is developed under a GPL license and is hence available for free to all interested parties. The application was developed by tarent GmbH433 . The document generator is used to generate and edit different document types needed for day-to-day work. The Federal Ministry of Justice uses the document generator in order to generate, for example, rulings and final copies for varying purposes, such as a memorandum, order, submission to the minister or submission to a permanent secretary. Unlike other solutions, which exclusively use the script and macro interfaces of Microsoft Word or OOo/SO, the document generator was written in Java. It hence represents a uniform solution for both Linux-based and Windows-based client systems. The document generator also supports both OOo/SO and Microsoft Office word processing applications. The document generator supports the following Office suites: • StarOffice 7, 8
• OpenOffice.org 1.x, 2 • Microsoft Office 97 - 2003 The document generator is implemented in Java and for its use requires a suitable Java runtime environment (Java runtime environment version 1.4 and higher) on the client systems concerned. The application is integrated into the respective Office user interfaces (menu, symbol bars) with the respective technologies available for the particular Office system (StarBasic/VBA). Since this interface usually only concerns the calls of the application dialogues, this integration layer is very small and hence not critical in terms of maintenance and updating. The document generator implements the
433 Maintainer of the document generator: www.tarent.de Seite 426 entire logic and all the automatic functions which were originally implemented through the use of VBA macros. The document generator uses simple document templates of the respective Office suites in order to provide the final document. The application clearly distinguishes between application logic and presentation layer, so that independence from the respective Office environment is achieved and the use of macros is not necessary. Using placeholders and format templates, users or administrators can design any document templates which are additionally needed and adapt these to any given requirements. The illustration below shows the general architecture of the document generator.
NutzerschnittstelleUser interface – – Programmoberflächeprogram interface OpenOfficeOpenOffice // StarOffice-StarOffice documents Dokumente
ApplicationApplikationslogik logic PDF documents Office suites Interface with Interface DataDatenconnector connector Microsoft documents
DataDatenhaltung storage DocumentDokumentvorlagen templates
Fig. 70: Architecture of the document generator
Users create their documents with the familiar Office program and perceive the document generator as part of the Office solution because the document generator is integrated into the respective Office user interfaces. Users can control the document generator via a dedicated icon bar or via the application menu. The dialogues of the document generator are displayed as "child windows" of the respective word processor. When documents – in particular, letters – are created, the recipients of the letters can be picked from address catalogues. The address catalogues can be updated and edited via dialogues of the document generator. Address catalogues exist as personal catalogues which can be edited by the user as required on the one hand and as read-only catalogues which are made available from a central source. Address data can be provided both from simple text files and from database systems. The text files feature the same data format under Windows and Linux-based systems. Another address format which the document generator can use is vcard format which can be exported from various groupware solutions (such as Microsoft Outlook). Another variant is the use of a central LDAP directory service for the supply of address information.
Seite 427 2.3.3 Migration of data sources Microsoft Office 2007 includes special drivers which can be used to retrieve data from several data sources. These include, for example, the following: • Microsoft SQL Server Analysis Services (OLAP supplier) • Microsoft Office • dBASE • Oracle It is also possible to use ODBC drivers from other manufacturers in order to retrieve information from data sources other than those listed here. Information concerning the installation process of a PDBC driver or of a data source driver not listed here can be found in the documentation of the respective database.
2.3.4 Integration of applications When it comes to integrating external (i.e. non-Office) applications and to migrating such integrations to OOo/SO, the type of integration of MS Office suites and the related dependencies (lock-in scenarios) have an important role to play. Many of the specialist and standard applications in use today rely heavily on proprietary API modules, such as API, COM and DDE. The degree of dependence of such integrations can vary strongly. A simple and still quite unproblematic integration is the use of the MAPI interface in order to access certain Office applications from within an application. In the end, however, it does not matter whether this is a Microsoft Office application or an OpenOffice.org application. Integration is much more of a problem if an application accepts only certain MS Office applications or if these are even a precondition for using the full functionality of the application in question. These differences when it comes to the integration of MS Office applications in other applications require careful analysis in order to determine whether migration is technically feasible and how complex and costly the project will be. If the source code of the external application is available, it must be examined from case to case whether integration of OOo/SO applications is possible via the UNO (Universal Network Objects) interface made available by OOo/So. 2.4 Migration from MS Office 97 - 2003 to MS Office 2007 The discussion on migration between the old MS Office versions discussed in this section focuses on the Office 2003 and 2007 suites. The following explanations focus on migration from MS Office 2003 to MS Office 2007 because the predecessor version of this migration guide already discussed MS Office 2003 as a target of migration paths. Relevant aspects concerning older versions of MS Office are also mentioned in as far as they deviate from MS Office 2003 as the starting situation.
2.4.1 Migration of documents MS Office 2007 can open and edit the document formats of earlier versions. The user can manually adapt the standard document format to his or her specific needs. However, the use of different document format always involves a risk that data may be lost
Seite 428 underway. Microsoft hence offers several updates for users of older MS Office 2003 versions which enable the use of the new file format. In conjunction with the Office Migration Planning Manager434 (OMPM) offered by Microsoft, all the Office documents on the computer can be analysed, prepared for editing in the new Office 2007 environment and migrated to the new file format by way of batch conversion. However, since the OMPM was developed specifically for converting Office 2003 documents, users of older Office versions are well advised to consider any changes in terms of the migration possibilities to Office 2003.435 The core applications of MS Office 2007 (Word, Excel and PowerPoint) offer a compatibility mode. It enables users to edit documents in MS Office 2007 using the tools and functionalities of older versions. When, for example, a diagram is inserted, the diagram tool of the older Office 2003 version is opened in compatibility mode instead of the diagram tool of the Office 2007 version. This means that the diagram can be edited in older versions and downward compatibility between the versions is ensured. If the object were inserted without this mode, this would mean that editing of this object in older versions would only be possible to a limited extent. Compatibility mode is particularly helpful for organizations where MS Office 2007 is used parallel to older versions. The table below shows when the mode is activated:
PowerPoint Action in Office 2007 Excel 2007 Word 2007 2007
Opening of file formats of older Office versions X X X
Conversion of documents in Office 2007 into a format X X X of older versions (using the "save as" option)
Changing the standard document format X X X (into that of an older version)
Creating a new document on the basis of a .dot template X (from older Office versions)
Table 73: Compatibility mode with MS Office 2007
The use of this feature reduces compatibility problems between the versions significantly and enables loss-free migration. Should any compatibility problems occur despite this, a message is displayed informing the user about a possible data loss and the reason for this. If, for example, a table with 800,000 lines is to be stored in Excel 2007 in the document format of an older version, the user is informed that there is a risk of data loss. Thanks to add-ons and update offerings, documents can be migrated without any major problems from older MS Office applications to the current version.
2.4.2 Migration of macros and scripts In the default setting, documents in OOXML format (XML format in MS Office 2007) do not contain any executable code (no macros). Files which contain macros have the same
434 http://go.microsoft.com/fwlink?linkid=75727 435 Migration guide 2.1 contains information on this topic. Seite 429 format as files without macros. This means that no difference can be initially seen on the surface. However, files with macros contain additional components which depend on the type of automation included in the document. A file with activated VBA macros, for example, contains a binary component which, for its part, contains the VBA macro. If a code-specific component is contained in a file without macros (be it by mistake or deliberately), the Office applications will not permit the code to be executed – with no exception. Migrating macros from older MS Office versions is possible without any problems. The new Office version automatically identifies the existing code when the file is opened. The code can be subsequently executed after it has been saved in the appropriate document format (for example, .docm in the case of Word documents). The new MS Office applications can examine the new format with regard to code-based components and relations without potentially harmful code being executed. If a file appears to be suspicious, all the components capable of executing the code can be removed from the file so that the code cannot cause any damage.
2.4.3 Migration of data sources Microsoft Office 2007 includes special drivers which can be used to retrieve data from the following data sources. • Microsoft SQL Server Analysis Services (OLAP supplier) • Microsoft Office Access (version 97 and lower require prior conversion) • dBASE • Microsoft FoxPro • Microsoft Office Excel • Oracle • Paradox The data connection wizard of Office 2007 enables the establishment of a connection to a previously defined external data source.
2.4.4 Integration of external applications Similar to the discussion in section III.C 2.3.4, the degree of integration of Microsoft Office suites is less important in the context of the continuing migration approach which is considered here because the product line is the same. In this case too, however, compatibility of the integrations should be carefully examined in advance. Reliable results as to whether major problems may exist in this context are not yet available. 2.5 Migration of StarOffice 7/8 and OOo1/2 to MS Office 2007
2.5.1 Migration of documents MS Office 2007 does not genuinely support the document formats of the other Office environments discussed here, so that it is not possible to directly import ODF documents or documents in old OOo/SO format. However, a converter subsidized by Microsoft is
Seite 430 currently under development436 which is to enable the import and export of ODF documents to and from MS Office 2007. The converter can also be executed as an independent application and is hence suitable for batch conversion operations of multiple documents. However, it translates on the level of the XML data structure via XSLT rather than generating an internal document model. This means that simple documents are usually converted with a satisfactory result. There are, however, features where the concepts of the document models differ. When these features are converted, the converter produces errors and/or unnecessarily complex documents. This concerns, for example, the following features of text documents: • Certain formatting attributes (small caps, flashing text, line spacing with interleaf, background images for paragraphs and tables) • Automatic page breaks after paragraphs • Line numbering • Sub-tables (sub-tables which are seamlessly integrated into a table) However, the converter explicitly mentions problems of this kind, so that only limited manual effort is required to inspect the results. If the results of the above-mentioned approach are not satisfactory or if the source files are still available in old OOo 1.X/SO 7 file format, the built-in options offered by OpenOffice.org/StarOffice should be used in order to convert the documents to the corresponding proprietary Microsoft binary format which is imported by MS Office 2007 largely without any problems. An alternative approach is the conversion path from old OOo 1.X/SO 7 file format to ODF and then to OOXML, i.e. another two-step conversion path. The quality of the conversion results must ultimately determine which approach is best.
2.5.2 Migration of macros and scripts None of the paths discussed in section III.C enable automatic migration of macros and OOo/SO add-ons, so that the required functionalities must be newly developed. However, since the manufacturers of all the Office suites discussed here disregard the respective macro languages in the specifications of their open file formats, it should be evaluated whether it might be in the interest of security and interoperability to equip the documents with minimum "intelligence of their own" and to shift the business logic to centralized processes instead. This would also improve maintainability because changes can be made at a central point.
2.5.3 Migration of data sources When it comes to migrating data sources, a distinction must be made between OpenOffice.org 1.x / StarOffice 7 and OpenOffice.org 2 / StarOffice 8 because the new version includes a database component and far-reaching changes have been implemented with regard to the connection of data sources.
436 http://odf-converter.sourceforge.net/ Seite 431 2.5.3.1 Data connection in OpenOffice.org 1.x / StarOffice 7 OpenOffice.org 1.x and StarOffice 7 enable registration of a number of externally stored data sources in the Office suite and also enable access to these within .sx* documents. However, this connection is lost during conversion to the MS Office format which is necessary for conversion, so that, for example, MS Word documents generated merely contain text representing the respective field name (refer to Fig. 71) at the position in question.
Fig. 71: External data fields after export to an MS Word document
However, since the data is stored externally and addressed either via standardized interfaces, such as ODBC and JDBC, respectively, or available in a format of an external manufacturer (such as dBase), the data can be manually connected to the document on completion of the migration process.
2.5.3.2 Data connection in OpenOffice.org 2 / StarOffice 8 In the new versions of the Office suites, external data is always connected via the integrated Base database module. Besides the possibility to integrate external data stocks described earlier, this module also offers a native database format, i.e. the file structures of the open source HSQL database which are embedded in the ODF ZIP file from where they can be easily taken and opened up by an independent HSQL instance437 .
437 Refer to: http://hsqldb.org/. Seite 432 2.5.4 Integration of applications The decisions and challenges of replacing migration from OpenOffice.org/StarOffice to Microsoft Office are the same as those discussed earlier in section III.C 2.3.4. The Microsoft-specific interfaces mentioned there are now mainly replaced with the UNO programming interface438 of the OpenOffice.org and/or StarOffice suites. Simple, loosely coupled application integrations, such as the opening of hyperlinks in the web browser or the integration of address books of different e-mail programs, are already included in the standard scope of Microsoft Office or can be easily retrofitted by installing the appropriate software. In contrast to this, applications which are connected relatively closely to the internal principles of operation of the Office suites (for example, the so- called "extensions") require a new development or the search for an equivalent alternative. 2.6 Migration from StarOffice 7/OOo1 to StarOffice 8/OOo2Star
2.6.1 Migration of documents SO 7/OOo 1 and SO 8/OOo 2 use different file formats. A migration project hence requires suitable converters and/or import and export filters which are, however, made available by the new versions. The table below shows the filters made available in SO 8/OOo 2 which can be used for both export and import.
Filter name Format concerned
StarOffice 6.0/7 Text Document StarOffice XML text document
StarOffice 6.0/7 Text Document StarOffice_XML text template Template OpenDocument Text Open Document text OpenDocument Text Template Open Document text template StarOffice 6.0/7 Master Document Writer Globaldocument OpenDocument Master Document Open Document Master StarOffice 6.0/7 Spreadsheet StarOffice XML (Calc) StarOffice 6.0/7 Spreadsheet Template StarOffice XML Vorlage (Calc) OpenDocument Spreadsheet Open Dokument spreadsheet document OpenDocument Spreadsheet Template Open Dokument spreadsheet document template StarOffice 6.0/7 Drawing StarOffice XML (Draw) StarOffice 6.0/7 Drawing Template StarOffice XML Vorlage (Draw) OpenDocument Drawing OpenDocument drawing OpenDocument Drawing Template OpenDocument drawing template StarOffice 6.0/7 Presentation StarOffice XML (Impress)
438 Refer to: http://udk.openoffice.org/ Seite 433 Filter name Format concerned
StarOffice 6.0/7 Presentation Template StarOffice XML Vorlage (Impress) OpenDocument Presentation OpenDocument presentation OpenDocument Presentation Template OpenDocument presentation template StarOffice 6.0/7 Chart StarOffice XML (Chart) OpenDocument Chart OpenDocument chart document StarOffice 6.0/7 Formula StarOffice XML (Math) OpenDocument Formula OpenDocument formula editor
Table 74: Available document format filters in SO 8/OOo 2
The functionalities of the filters shown are very complex and enable the complete conversion between the documents and templates into the different file formats. Installation of the filters is not necessary because they are included in the standard delivery of the Office suite and automatically activated when a document is opened. Version 1.1.5 and higher integrates the filter for Open Document format in OpenOffice.org. A patch which provides this functionality is available for older versions. No special knowledge is hence required for its use. Migration can be easily carried out by simply opening the documents in the application. Automated conversion using batch scripts is not necessary. Furthermore, a patch is available for the older versions, SO 7/OOo 1, which also enables these older versions to use the new format (ODF).
2.6.2 Migration of macros and scripts The two OpenOffice.org and StarOffice versions do not differ to a major extent with regard to programming. Users can continue to use an operating-system-independent and programming-system-independent API and use StarBasic, Java, C++ and Python in order to create extensions and add-ons. However, problem may occur when it comes to migrating older macros and scripts. This is especially due to the fact that these extensions are very closely orientated towards the internal system model of OpenOffice.org and that certain functionalities may no longer be offered by the API. This can mean that parts of macros can no longer be executed or no longer provide the required functionality. In the case of open source developments, the documentation or the "developer notes" often provide helpful information. Macros developed within an organization should be checked for their correct functioning prior to being used.
2.6.3 Migration of data sources Since StarOffice 7 and OpenOffice.org 1.1, the Office suite has included an integrated, system-independent database interface termed Star Database Connectivity (SDBC). It enables high-level access439 to databases, irrespective of the underlying database backends. The data sources are integrated by means of drivers which are either supplied
439 Access which does not depend on the underlying database backend. Seite 434 by the database manufacturer or developed with OpenOffice.org. Since version 2 of OpenOffice.org and StarOffice 8, respectively, the Office suite has included an independent database module which replaces the previously used database frontend and which simplifies the connection of data sources. This means that no problems are to be expected when it comes to migrating the old data sources.
2.6.4 Integration of applications OpenOffice.org offers several programming interfaces for application integration. The Office bean, a Java class, enables the integration of OpenOffice.org components into the user's own Java applications. They hence enable the integration of functions from the Office suite which can be activated by clicking the appropriate buttons which are added for this purpose. The Office bean is used to embed the Office functionalities into Java programs and to embed Java programs into OpenOffice.org/StarOffice. Since its version 2, it has featured the stability and maturity necessary for productive use. Furthermore, both versions of the Office suite include an OpenOffice/StarOffice-specific object middleware termed UNO which can be addressed by StarBasic, Java, C++ and Python. UNO is an interface which is used by the different programming languages in order to use the functions of Open Office. Since the underlying principles of the systems for application integration have remained unchanged, albeit with significant functional expansion, migration can be expected to proceed without any problems on condition that the same operating system is used.
3 References 3.1 Teaming/workgroup software Teaming/workgroup software is used in order to enable efficient work in work groups. These programs enable the efficient publication and archiving of files as well as several communication options. For this purpose, integration of their functions as plugins is often possible within the Office applications. This implies a direct reference to section III.B.
Seite 435 D Subject: backend integration
1 Products/technologies This chapter primarily discusses the two J2EE and .NET software platforms. Both platforms enable the development of customized applications irrespective of the type of application concerned. Both desktop applications for the client and server applications can be developed on both platforms. One key element of both of these technologies is the development of web applications. However, this chapter focuses less on the functionalities for the development of web applications and more on the basic functionalities in the area of the development of applications at the server end as well as on the differences between the concepts of the two technologies. The "Migration paths" chapter (refer to chapter 0) also addresses functionalities relevant for migration with a view to the integration of backend systems. Besides the two J2EE and .NET software platforms, this section also includes a discussion on CORBA as a tried-and-tested middleware technology. However, unlike J2EE and .NET, CORBA cannot be used to develop applications. Significant differences also exist, however, between Java – in particular, J2EE – and .NET: J2EE aims at providing a uniform, platform-independent runtime environment for distributed applications. This aim, "a language for all platforms", has been successfully implemented in practice with the help of impressive development environments. The .NET framework pursues the opposite approach. In this case, a uniform runtime environment for Windows machines (clients and servers) is made available for all the languages (including, for example, Visual Basic) which were used for programming in the Windows world. This "one platform for all languages" basically failed to achieve compatibility with other platforms. The examples given in the following chapters will show that these basic differences between the two approaches are today no longer valid in each and every case. 1.1 Microsoft .NET platform (COM, DCOM, OLE, ActiveX) The Microsoft .NET platform is the implementation of the so-called Common Language Infrastructure Standard440 for Windows. Important parts of the framework (the Common Language Infrastructure (CLI) and the C# programming language) were additionally adopted as ISO standards. This standard aims to enable the development and execution of applications in a manner which is largely independent of the programming language used. This was designed to counteract the proliferation of special abstraction technologies441 which aimed to support the development of a particular type of application, as well as the problems resulting from a lack of integration of these technologies442 .
440 http://www.ecma-international.org/publications/standards/Ecma-335.htm 441 Examples of this include Microsoft Active Server Pages (ASP) for the development of active websites and the Microsoft Active Template Library (ATL) to enable the use of other components by the user's own application. Seite 436 The .NET framework is included in the standard delivery of the Microsoft Windows Vista operating system and can be re-installed at no charge for other Microsoft operating systems. The illustration below gives an overview of the components of the framework.
J# C# ... C++ ASM Code
Compiler Compiler Compiler Compiler
IL Code IL Code IL Code IL Code
Common Language Runtime
JIT Compiler
BetriebssystemOperating system
Fig. 72: Components of the .NET framework
The following concepts are specified in the Common Language Infrastructure Standard: • Common Language Specification – definition of a uniform basic scope of programming languages which can be used • Common Type System - definition of a common type system • Virtual Execution System – a runtime environment which is capable of processing an intermediate language (Common Intermediate Language – CIL) which is also standardized • Libraries and profiles – specification of seven standard libraries which contain typical, reusable application functionality, as well as of two profiles which describe sensible basic sets of a standard implementation of libraries which have been implemented The applications are programmed in a language that is supported by .NET and they have access to the comprehensive .NET class libraries. The .NET framework supports a large number of programming languages. The compiler translates the source code into a command code (not a machine code) which is called CIL code (Common Intermediate Language) and sometimes also IL code (Intermediate Language). The combination of such compilates and pertinent metadata is called an "assembly" and constitutes the typical deployment unit of the .NET world. The result of this action, for example, is an
442 In order to create an active website which is to use other components, the developer must familiarize himself or herself with both ASP and ATL technology and apply both of them together. Seite 437 EXE file. When this EXE file is loaded, the Common Language Runtime (CLR) with its JIT (just-in-time) compiler translates the EXE file into machine code. In the Microsoft .NET platform, the Common Language Runtime (CLR) implements the runtime environment (VES). Besides the generation and administration of machine code, the CLR offers additional services, above all, for storage administration (garbage collection). Apart from the standard libraries, this is additionally supplemented by a host of other class libraries (Microsoft calls these "technologies") due to which the full range of .NET functions is available for Windows only. .NET is available in the following versions. • .NET 2.0: A comprehensive expansion of the functionalities of .NET, for example, data protection API (DPAPI), FTP support, better support for the internationalization of applications • .NET 3.0: Includes .NET 2.0 and supplements this with certain Microsoft technologies443 • Windows Presentation Foundation: A uniform approach for different user interfaces • Windows Workflow Foundation: Support of workflow-based applications • Windows Communication Foundation: Support of service-orientated applications through a uniform approach for different communication technologies • Windows CardSpace: Central and consistent administration of digital identities for authentication (of both users and applications). Besides independence from particular programming languages, another focus of the .NET platform is support for the development of distributed applications using, in particular, web services. The .NET platform is also to replace earlier Microsoft technologies for component-based application development, such as COM, DCOM and ActiveX. However, these approaches can continue to coexist with .NET. Furthermore, possibilities exist for mutual activation of .NET and COM functions. However, in view of the more robust security model and automated storage management Microsoft recommends the.NET platform for new developments too. The .NET framework enables the control of authorization on application level through so- called Code Access Security (CAS). In this way, it is possible to determine which actions (for example, access to resources, such as files, environment variables, printers or databases) an application is authorized to carry out, irrespective of whether the user executing the action is a simple user or an administrator. Besides the authorizations which exist by default, it is also possible to implement new authorizations. Furthermore,
443 http://www.microsoft.com/germany/msdn/library/net/EinfuehrungInNETFramework30. mspx?mfr=true Seite 438 security settings can be determined as a function of the identity of the user executing the program or of the origin of the program. The security checks are carried out by the Common Language Runtime and concern pure .NET applications only. COM functions, which are opened from within .NET applications, for example, are executed without security-based restrictions (apart from the user rights and privileges set at the operating system end). Such external calls of old modules (COM-based or DCOM-based) can bypass the CAS even if it is activated. The CAS is often bypassed, especially by the use of tried-and-tested, but older software modules on a COM or DCOM basis. This is why many developers reject the CAS, stating that it is generally helpful, but not practicable. CIL programs executed by the XLR are referred to as "managed components" because they are executed by the CLR in a controlled manner with the involvement of the CAS. In contrast to this, code which is executed directly by the CPU rather than by the CLR is referred to as "unmanaged code". This concerns, for example, COM functions which are called from within .NET applications. The term "managed code" hence refers to the execution of code by a virtual machine and/or the management of this code. Although the term "managed code" was introduced by Microsoft, this technology is also used by others, such as Java. In this case too, a virtual machine manages the code. As a result of the platform independence of the underlying Common Language Infrastructure (CLI) due to its general concept, and further as a result of its standardization by Ecma International and ISO, two open source projects already offer .NET functionalities even on other operating systems444. These are Mono445 supported by Novell and DotGNU Portable.NET446 . Mono is a development and runtime environment which enables the creation and execution of .NET applications under Linux, Solaris, Mac OS X, Windows and Unix. The level of .NET support of Mono in the current 1.2.4 version is between .NET 1.1 and .NET 2.0. .NET 2.0 support is to be complete by the end of 2007. It is the declared goal of DotGNUs Portable.NET to set up a collection of free software tools for compiling and executing CLI applications. DotGNU Portable.NET focuses in this context on compatibility with the corresponding ECMA-334 standard447 (C# programming language) and ECMA-335448 (CLI) as well as Microsoft's real CLI implementation (.NET). The aim here is that applications, which were developed under Portable.NET, can also run under Microsoft .NET without any problems and that many Microsoft .NET applications function properly both under Portable.NET and hence also under operating systems as diverse as, for example, Linux, NetBSD, FreeBSD, Solaris and MacOS X. One can conclude that the .NET platform enables the development of applications in the most different programming languages. The most recent functional extensions are available in Microsoft Windows environments only because further developments by Microsoft cannot be reproduced by the open source platforms until Microsoft's
444 It remains to be seen how far these technical possibilities will eventually have to be restricted as a consequence of legal issues, such as patent or copyright aspects. 445 http://www.mono-project.com/Main_Page 446 http://www.dotgnu.org/pnet.html 447 http://www.ecma-international.org/publications/standards/Ecma-334.htm 448 http://www.ecma-international.org/publications/standards/Ecma-335.htm Seite 439 developments have been published. Some time after their publication, extensions and add-ons are usually also available on the open source platforms. It must be noted in this context that proprietary, non-standardized extensions from Microsoft cannot be included in the open source platforms for license reasons. 1.2 SUN J2EE platform In 1999, SUN split up its Java class libraries, which were up till then integrated to form a single development kit, into three editions as follows. • Java 2 Platform, Standard Edition (J2SE): This edition is the basic skeleton of the Java programming language. The addition enables the development of Java applications primarily for clients and additionally forms the technical basis for the Java 2 Platform, Enterprise Edition (J2EE). • Java 2 Platform, Enterprise Edition (J2EE): The Enterprise Edition expands the Standard Edition with an entire series of functionalities which support the implementation of applications at the server end. These include, for example, the component model, communication APIs and management functionalities. SUN recommends the Enterprise Edition for the development of service-orientated architectures. • Java 2 Platform, Micro Edition (J2ME): The Micro Edition restricts the Standard Edition to such a degree that the development of Java applications for devices with reduced hardware performance (for example, mobile phones, PDAs, etc.) becomes possible. SUN offers a reference implementation for the Enterprise Edition (J2EE) which is discussed in more detail in this section; however, this reference implementation is primarily not designed for practical use. Several manufacturers (including SUN) offer application servers on the basis of this reference implementation which implement the J2EE standard according to this reference implementation. Due to the inherent independence of the Java language and concepts from the hardware / operating system combination used, and further thanks to its free availability449 , the J2EE platform has become a widely used system450. In the currently available version 1.5451 , the Java 2 Platform, Enterprise Edition (J2EE) was renamed Java Platform, Enterprise Edition (Java EE). Since the name J2EE has become popular and was not changed until the latest version was released, the name J2EE will continue to be used within the framework of this migration guide. The architecture of J2EE defines a component model (beans), encapsulates large- calibre information technology and cross-section services (databases, transactions, directories, transaction monitors / message queuing, other legacy EIS) in standard interfaces, and combines both of these – i.e. components and interfaces – in a predominantly declarative manner in the runtime system. The main function of the
449 http://java.sun.com/javaee/overview/faq/j2ee.jsp#free 450 http://www.java.com/en/javahistory/timeline.jsp By 2002, downloads of the J2EE software development kits had already reached the 2-million level. 451 As per October 2007 Seite 440 implementations is to make cross-section services and management tools available. Furthermore, J2EE defines a role-based development model.
Fig. 73: Structural view – multi-tier architecture452
The J2EE platform includes numerous class libraries for the development of server- based Java applications and web services which provide functionalities and services for the development of distributed and multi-layered Java applications. The concepts of J2EE are based on architecture principles which are, for example, also demanded by SAGA. This means that SAGA-compatible multi-tier architectures can be implemented. One important basic concept for this are components which are executed on a so-called application server (J2EE Application Server). The application server offers the components the following basic services: • Security management • Transaction management • Name and directory services • Communication between the components • Lifecycle management of the components • Deployment support, etc. Just like an application developed on the basis of J2SE, the J2EE application server offers the components an abstraction of the resources of the underlying hardware / operating system combination (file system, network, ...). The development of largely platform-independent applications is thereby enabled.453 In contrast to J2SE, this server
452 SAGA 4.0 453 Leitfaden Plattformunabhängigkeit von Fachanwendungen [Guide to platform independence of specialist applications], http://www.kbst.bund.de/cln_012/nn_836802/SharedDocs/Anlagen-kbst/software_Leitfaden ___20Plattformunabhaengigkeit__von__Fachanwendungen,templateId=raw,property=publi cationFile.pdf/software_Leitfaden_%20Plattformunabhaengigkeit_von_Fachanwendungen. pdf Seite 441 offers more far-reaching support for the development of applications at the server end, for example, in the fields of multi-user operation, load distribution and scaling. The J2EE specification defines the following types of components: • Client applications and applets: These components run on the client computer and are used to access the parts of the respective application at the server end. • Java Servlet, JavaServer Faces, and JavaServer Pages (JSP): These are technical components which are executed on the server and, for instance, enable access to the application via a web client (a browser which displays websites generated at the server end). • Enterprise JavaBeans (EJB): EJBs are components at the server end which implement the application logic. They are used to simplify the development of complex, multi-layered and distributed application systems. The following types of EJBs are available: o Entity Beans which enable the modelling of (persistent) data. o Session Beans for the implementation of stateless or stateful processes, with the possibility of activating Session Beans, version 1.4 and higher, even as a web service. o Message Driven Beans for asynchronous communication, for example, with legacy applications via the Java Message Service (JMS). • Java Naming and Directory Interface (JNDI): This is a name and directory service which enables the storing of references to remote objects under a defined name and in a defined place (binding). Furthermore, JNDI enables the finding of bound objects via their names (lookup). • Java IDL / Corba: Java IDL constitutes an interface with CORBA. Java ORBs can be implemented with Java IDL. • Remote Method Invocation (RMI) and RMI via IIOP (RMI-IIOP): RMI is used for distributed communication between objects. With RMI-IIOP, J2EE is compatible with CORBA. The J2EE platform also comes with mechanisms for the security of applications which enable the assignment of rights and authorizations even on very detailed levels as a function of where the application to be executed comes from and who executes it. JAAS (Java Authentication und Authorization Service) is one example that should be mentioned here. JAAS is a framework which enables user authentication for the most different types of applications, including stand-alone applications and rich clients. J2EE often offers the possibility to use different solutions depending on the particular requirements. Authentication can be carried out not just by JAAS but also, for example, by way of form-based or HTTP-based authentication. In the case of form-based authentication, as the name already indicates, any HTML forms can be used for authentication. In the case of HTTP-based authentication, in contrast, a web browser requests the user name and password in a corresponding dialogue. In contrast to JAAS, these two mechanisms are hence designed more for web applications.
Seite 442 Numerous other application server solutions exist besides the SUN reference implementation. These include, for example, open source products, such as • GlassFish454
• JBoss Application Server455 • Apache Geronimo456 and
• ObjectWeb JOnAS457 as well as proprietary products from reputable manufacturers, such as: • BEA WebLogic Server458 • IBM WebSphere Application Server459
• SAP NetWeaver Application Server460 and • Oracle Application Server.461 The exact scope of J2EE support varies between the different application servers. Although some of the servers mentioned are SUN J2EE certified, certification in most cases is based on J2EE 1.4. Some functionalities of Java EE 5 are not yet supported. Applications which were developed on the basis of the J2EE platform can be connected via several interfaces to other systems or applications. The technologies available for this purpose include, for example, the following: • The Java Database Connectivity API (JDBC): This programming interface enables the addressing of relational databases from within Java programs. • The Java Persistence API (JPA): Although JDBC in principle enables access to relational databases, it is not directly possible to store objects in a relational database because the structure of a relational database is generally different from the structure of the Java objects to be stored. Object-relational mapping is hence necessary in order to store the objects. The JPA provides a database-independent interface for such mapping. • The J2EE Connector Architecture (JCA): This technology enables the connection of existing legacy applications (so-called Enterprise Information Systems) to newly developed applications via a standardized architecture. • The Java Transaction API (JTA): This API defines interfaces via which distributed transaction management systems can be connected to J2EE.
454 https://glassfish.dev.java.net/ 455 http://www.jboss.com/products/jbossas 456 http://geronimo.apache.org/ 457 http://wiki.jonas.objectweb.org/xwiki/bin/view/Main/WebHome 458 http://www.bea.com/framework.jsp?CNT=index.htm&FP=/content/products/weblogic/server/ 459 http://www-306.ibm.com/software/webservers/appserv/was/features/ 460 http://www.sap.com/germany/plattform/netweaver/components/appserver/index.epx 461 http://www.oracle.com/lang/de/appserver/index.html Seite 443 One can conclude that the J2EE platform offers an established, tried-and-tested technology which has proven its worth in many practical applications. Even complex applications can be implemented with J2EE. Many products and technologies, even from large manufacturers, are today based on Java technology. Besides the SUN implementations, many other J2EE implementations are available from different manufacturers, so that customers can choose among a large variety of products. However, the overall situation is different when the J2EE platform is compared to Microsoft .NET. Whilst the use of different programming languages was already included in the concept of .NET, the Java idea was based on the approach to execute applications which were developed in one programming language (Java) on different operating system platforms. SUN has meanwhile begun to provide Java technology as open source under GPLv2. Large parts of Java SE, for example, are available under GPLv2. Open source projects, such as Apache Harmony, are already working on the development of an open source version of Java technology. Although Java in theory also offers the possibility of developing compilers which enable further programming languages in addition to Java, this approach is relatively rare in practical life. This could, however, change in future with the advent of languages like, for example, Ruby. JRuby already enables the simultaneous use of Java and Ruby. 1.3 Object Management Group CORBA The Common Object Request Broker Architecture (CORBA) defines, on a very high level of abstraction, how distributed objects can communicate with each other. Since its first 1991 version, the CORBA specification has undergone continuous improvement and expansion within the scope of an open standardization process by the Object Management Group462 . CORBA has hence become a very mature and comprehensive standard with broad-based support. Distributed communication in the CORBA environment is based on clients accessing server objects. For this purpose, the interface with the functionality offered by the object at the server end is defined first using a formal description language (Interface Definition Language - IDL). This definition is then converted to so-called stubs (at the client end) and skeletons (at the server end). The stubs enable the client to access the remote functionality in almost the same manner as if this functionality were available locally as a program function. The developer of the server object accordingly fills the skeletons with functionality. Concrete communication between the two ends proceeds via an Object Request Broker (ORB) which enables not just the transmission of function calls and return values, but also other services, such as for finding a server object with a particular functionality. With CORBA 2.1, important security functions were added in 1997, for example, SSL encryption for IIOP in CORBA. A specification of a service463 (Secure Service Specification), which is subject to ongoing further development, is now available and provides comprehensive options for the implementation of security requirements, such
462 http://www.omg.org/technology/documents/formal/corba_iiop.htm 463 It goes without saying that implementations of this service also exist, even with some of the OSS products (for example, with MICO and TAO). Seite 444 as identification of users and objects, access control, confidentiality and integrity in CORBA environments. Numerous CORBA-compliant ORB implementations are available, including both open source products, such as: • MICO464,
• ORBit465, • omniORB466, • JacORB467 and
• TAO468, as well as proprietary solutions, such as • IONA Orbix469 and • Borland Visibroker470. At the client and server ends, the CORBA functionality is made available via so-called Language Mappings471 between the IDL and the respective programming language. An overview of the mappings specified by OMG is available on the Internet472. The programming languages supported include Ada, C, C++, COBOL, Java473, Lisp, PL/I, Python and Smalltalk. Furthermore, mappings for XML and MOF474 are additionally available for modelling tasks. One can sum up that CORBA is a technology which is generally underestimated. CORBA, for example, enables the implementation of a service-orientated architecture (SOA). The underlying standard is mature and numerous OSS implementations are available. Earlier performance problems have now been resolved. Nevertheless, CORBA still only plays a very minor role in the current discussion about WebServices and SOA and is often merely considered to be a theoretical possibility which is becoming less and less important in practical life. For migration purposes, it is hence important to precisely determine whether and for which purpose the ORB concepts of CORBA are to be used. Whenever possible, the standard backend technologies, in particular, under J2EE should be used for implementation instead of CORBA. If this does not suffice, interfaces with CORBA are available.
464 http://www.mico.org/ 465 http://orbit-resource.sourceforge.net/ 466 http://omniorb.sourceforge.net/ 467 http://www.jacorb.org/features.html 468 http://www.cs.wustl.edu/~schmidt/TAO.html 469 http://www.iona.com/products/orbix/ 470 http://www.borland.com/de/products/visibroker/index.html 471 Mappings are transformation rules which are applied in order to convert IDL constructs into the corresponding constructs of the programming language used. 472 http://www.omg.org/technology/documents/idl2x_spec_catalog.htm. 473 In the case of Java, a mapping exists which converts IDL constructs to Java, as well as a mapping which can be used to generate IDL constructs from Java constructs. 474 MOF: Meta Object Facility, an OMG standard for the platform-independent definition, manipulation and integration of data and metadata. Seite 445 2 Migration paths 2.1 Migration of a .NET-based application to J2EE Migration of an application from one programming platform to another cannot take place as a fully automated process. One will have to expect that large parts of the codes will have to be re-written. Although Java and .Net languages have similar context and the syntax of, for example, C# is relatively identical to that of Java, they basically pursue different aims. The main problem lies in the different system libraries. These libraries differ significantly in terms of scope and structure. The following discussion is designed as a guide for analysing the options and costs in conjunction with a migration project.
2.1.1 Discussion of the individual application tiers during a migration project When it comes to migrating an application, this should be broken down into logic tiers rather than being considered as a monolithic block. Software is usually split up into the following tiers during development: • Presentation tier Ideally, this tier does not contain any logic of its own and merely offers the system and the user the possibility to interact. • Communication tier If an application is distributed to several computers, for example, in order to retrieve data from an external billing system, the required communication logic is implemented on this tier. • Business logic tier This is where the business processes of an application are implemented, for example, a workflow for capturing data. • Data access tier Access to the data sources takes place on this tier. Different technologies are used, depending on the tier concerned. These must be handled separately during migration. If, for example, ASP pages (.Net) are to be migrated to JSP pages (J2EE), migration on the presentation tier must be handled in a manner that is completely different to the handling of migration of ADO.Net components to JDBC on the data access tier. Furthermore, the frameworks used must be taken into consideration during the analysis of the application to be migrated. Numerous networks which support the development of complex applications exist in the .Net and Java worlds. Ideally, both a Java and a .Net version of a framework exist. This facilitates the migration process significantly. If a framework is available on one platform only, the migration project becomes significantly more complex and costly because completely different concepts and philosophies may have to be taken into consideration.
2.1.1.1 Presentation tier Depending on the type of application concerned, different technologies are used during implementation.
Seite 446 • Stand alone applications are installed and executed on the user's computer. In the .Net world, these applications are implemented using the Windows Forms technology. In the Java world, these are the SWING/AWT user interfaces. Various frameworks can be used in addition, such as SWT475 (an open source component of the Eclipse project). Due to the different scopes and structures of the components, automated migration of the components is not possible here. However, approaches exist which are designed to support developers during migration. The Eclipse Modelling Framework (EMF476) is one example which should be mentioned here. The framework can generate Java code from a structured model. In the case of a Windows Forms user interface, the basic structure for the SWING/AWT elements can be generated on the basis of the XML description of the user interface elements and a code generator. This procedure speeds up the migration process significantly because developers can use the basic framework to which they merely have to add the missing code parts rather than having to develop everything from scratch. • Web applications are executed on the server. The user accesses the user interface via a web browser. In the .Net world, these are usually implemented as ASP(.NET) pages. In the Java world, however, different standards exist, such as JavaServer Pages (JSP) or JavaServer Faces (JSF) which have recently become increasingly important. Migration is relatively simple if the web pages are implemented as simple forms. In this case, the EMF framework mentioned earlier can be used or simple parsers, such as Xerces, can be used. Rich clients, such as Java applets, are not regarded as web applications in this context because they can be compared to stand-alone applications from a migration perspective.
2.1.1.2 Communication tier Communication between parts of an application which is distributed to several computers usually proceeds via standard protocols and technologies, such as TCP/IP or SOAP. Migration does not cause any major problems in such a case because the customary communication standards are available on both platforms. In the case of communication proceeding via web services, the basic structure can be generated both in .Net and in J2EE using a WSDL (web service description) during the migration process. However, problems must be expected if more demanding requirements must be fulfilled, for example, in the security area, so that different web service standards, such as OASIS WS Security, are used. These problems are due to the large number of different web service standards as well as differences in the support of standards by the different tools and frameworks. Migration between different security standards may well reach the cost and time input and the complexity levels of a new development.
2.1.1.3 Business logic tier In the case of simple applications running on a single server, the business logic mostly consists of normal classes in both C# and Java. Migration should not cause any major problems in this case. The syntax of these two languages is similar and suitable
475 SWT – Standard Widget Toolkit - http://www.eclipse.org/swt 476 EMF – Eclipse Modelling Framework - http://www.eclipse.org/emf Seite 447 conversion tools are available. The net2java477 open source project, for example, can be used for migration from .Net to Java, whilst Microsoft's JLCA478(Java Language Conversion Assistant) can be used for migration from Java to .Net. JLCA, in particular, has come to be a mature tool with comprehensive support from Microsoft and usually enables automated conversion of a large part of the code. Things are more difficult in the case of enterprise applications which are, for example, implemented via COM+ in the .Net world and via EJBs in the J2EE world. In this case, developers must take a very close look at the logic and re-write the corresponding code in the target language. Usually, however, migration from COM+ to EJB is easier than migration in the opposite direction because the scope of functions of COM+ is a sub-set of the EJB functions. Migration from EJB to COM+ is significantly more complex especially in cases where functions are used which are not included in the COM+ technology.
2.1.1.4 Data access tier When the data access tier is migrated, two different parts of an application are migrated, i.e. the program code and the SQL statements. Migration of the program code takes place in a manner similar to migration of the code on the logic tier using the appropriate tools. Although differences exist between ADO.NET and JDBC with regard to access, these differences are of a minor nature and do not usually cause any major problems. The SQL requests remain untouched as long as the same database is accessed. If the database is also migrated, the SQL statements must be adapted according to the syntax differences. Other activities may additionally be required (refer to chapter II.A). If persistence frameworks, such as Hibernate, are used, the migration process is either relatively simple if a corresponding version of this framework exists on the other platform, or very complex if no corresponding version exists, so that the data access tier must be completely re-developed from scratch.
2.1.2 Migration of a SOA-based distributed application If the application landscape is based on an SOA architecture, this can significantly simplify migration between the different platforms. If the applications are implemented via web services – as is typical for an SOA architecture – migration can be carried out in many small steps. It is, for example, possible to replace a single .Net web service with a J2EE web service without any changes in other applications becoming necessary so that such other applications remain unaffected. In this way, the application modules can be successively replaced step by step. Although this means a larger number of migration projects, the complexity of the individual projects is significantly reduced in this way. Furthermore, the migration risk is also minimized because first experience can be gathered with the operation of individual, preferably non-critical services on the basis of the new platform and this experience can then be used in the following migration projects. Although the degree of complexity of the individual projects is reduced, all the aspects and risks discussed in this guide continue to apply. This is why these projects must also be taken seriously and planned accordingly as migration projects. It should
477 Refer to: https://net2java.dev.java.net/ 478 JLCA – Java Language Conversion Assistant - http://msdn.microsoft.com/vstudio/java/migrate/jlca/default.aspx Seite 448 also be noted that parallel operation of Java-based and .Net-based platforms will be necessary for a certain period of time and this means that operating costs may increase accordingly.
2.1.2.1 Bridge technologies It may be necessary under certain conditions for Java and .Net technologies to have to work together. This can occur, for example, in the case of a complex application which cannot be replaced with the new technology in a single step. This may require .Net modules to address Java modules either on the same system or via the network. One possible option is to implement a kind of proxy with web services. A .Net program module can then exchange data with Java modules via this proxy. The disadvantages of this approach are the relatively complex task of programming the proxies and performance losses due to working with XML and the transmission of data between the web services. The so-called bridge technology is used in order to avoid these disadvantages. These technologies enable access to .Net from Java classes in a manner as if the former were Java classes and vice versa. Although proxies are also used in this case, these are generated by suitable tools in automated processes. Complex proxy programming is thereby eliminated. Furthermore, performance losses are reduced because the products offer not just web services, but also further performance- optimized communication channels, such as TCP/Binary. JNBridge479 from JNBridge LLC is a product which is successfully used in practical applications.
2.1.2.2 .Net applications of non-Windows-based operating systems As an alternative to complete migration from .Net to J2EE, possibilities exist to execute .Net applications even on non-Windows operating systems and hence to enable migration of the operating systems in a manner relatively independent of the migration of the applications. This, for example, enables migration to Linux without the need to migrate an existing .Net application at the same time. The Mono open source project led by Novell offers several modules, such as a C# compiler and the Common Language Runtime which enable the execution of .Net applications on Linux, BSD, Unix, Mac OS X or Solaris operating systems. However, Mono does not yet fully implement the functionality of the current .NET framework. Due to the momentum of the further development of .NET, it is likely that this situation will continue in future. It is hence to be carefully examined from case to case whether Mono is a suitable temporary migration alternative on the application level. The Cross Compiler from Mainsoft offers another possibility. This enables compilation of .Net code directly in Java bytecode and for this to be executed on a J2EE application server. Furthermore, a module exists for Visual Studio which simplifies the development of .Net applications for non-Windows operating systems significantly. This product is interesting because it enables developers to continue using Visual Studio for development in .Net, whilst the results can be deployed and run directly as a J2EE application on a J2EE application server.
479 JNBridge – a JNBridge LLC product - http://www.jnbridge.com/ Seite 449 2.1.3 Conclusions One can conclude that migration between J2EE and .Net is certainly a complex task. However, a general statement is not possible as to whether migration or a completely new development makes more sense. Depending on the level of complexity and the technologies used, this question must be answered in each case on the basis of a corresponding analysis. Automated migration, however, is definitely not possible. Although procedures and tools are available which facilitate migration, a substantial amount of manual work must still be expected. This chapter has also discussed alternatives to complete migration. These include gradual migration using Bridge technologies and web services as well as the operation of .Net applications of non-Windows-based operating systems. These two approaches enable migration of the applications step by step and thus the distribution of migration effort over a longer period of time whilst at the same time reducing the complexity of the individual migration projects.
Seite 450 E Subject: Terminal services and client concepts The decision to use terminal servers and thin clients can be made both during a migration project and in advance of the project and will hence be discussed in this context. This is, however, not a classic migration subject because terminal server environments are usually not migrated. However, terminal servers can be very helpful when it comes to implementing and supporting migration projects. This is the case, for example, if specialist applications must be successively made available for a new operating system environment after the rest of the server landscape has already been migrated within the scope of step-by-step migration. The use of the technology discussed in the following is primarily a decision which must be made within the framework of a public agency's overall IT strategy. The solutions presented are meant to give an insight into the general issue and to illustrate the technological potential. The technologies discussed can be used in very different areas: • Linux-based servers and client systems with the Linux Terminal Server project • NX Server from NoMachine with Linux-based server systems and client systems for Windows and Linux • Windows Terminal Server from Microsoft with (predominantly) Windows-based client systems • Presentation Server from Citrix with Windows-based server systems and various client systems (Linux, Unix, DOS, Windows, etc.) The systems presented offer a large bandwidth of technical solutions and must be analysed in more detail from case to case depending on the given requirements. Besides technical differences and options, the systems also vary strongly with regard to licensing models and costs. The administration and service of desktop PCs are very labour-intensive jobs, especially in cases where the computers are fitted with different hardware and software. Furthermore, increasing complexity of the hardware and software used can render desktop PCs more susceptible to failure and thereby increase administrative requirements. The list below gives some examples of the tasks related to system administration: • Installation and, if necessary, configuration on site • Adaptation to user requirements • Management of software updates and new installations (testing, distribution, installation) • Fault and error diagnosis and trouble-shooting, support • Spare-parts management Although suitable administration tools and/or system management applications are available in order to largely automate work and minimize costs and time requirements, the overall work input is nevertheless very high. Furthermore, not every organization is in
Seite 451 a position to purchase the sometimes very expensive system management software and to hire and train the personnel required for this. This is particularly valid for smaller organizations. The use of terminal servers can reduce these problems. In a distributed IT landscape, programs are usually installed and executed on the desktop PCs. Servers are primarily used for central data management, for data backups and for managing access rights. In the case of a terminal server solution, one or more powerful central computers, i.e. the real terminal servers, ensure site-independent access to the required data and applications. The terminal servers offer users direct access via a graphic user interface of the operating system via the network. Terminal services enable users to use software which is not installed on their local computers. The applications are made available by a terminal server and used via a client/terminal. A terminal server usually emulates several clients (sessions). This means that it makes applications available to the clients which are usually remote for which the users have authorization. The user can use these applications just like on a normal PC using the mouse and keyboard. In contrast to distributed IT architectures, the central servers make available both the data and the applications. The applications and data of the terminal servers must be accessed via special terminal client applications. The table below provides a short overview of the advantages from the use of terminal servers.
Advantages Explanation
Central administration Operating system and applications are offered in a simple, centralized form on the terminal servers. Centralized software upgrading (updates) is possible. Work on the client systems is seldom necessary. The administration of applications is centralized, fault diagnosis and trouble-shooting are simplified. Increased productivity for users and administrators. The provision of additional applications (which are already set up on the terminal server) for the user is speeded up. Elimination of time-consuming trouble-shooting operations on site drastically reduces administrative workloads. Furthermore, it is ensured that all the users work with consistent applications.
Reduced hardware Client systems require fewer hardware resources (it may even be requirements possible to use a client without a hard disk of its own) because almost all the operations can be executed on the server, if necessary. Regular removal/replacement of the client hardware due to increased requirements on the part of operating systems and applications is no longer necessary. The existing hardware can be used longer because the requirements are determined by performance rather than by software changes.
Seite 452 Advantages Explanation
Enhanced security The use of client computers (for example, without hard disks) means that data can be stored, for example, on the central servers only. This reduces the risk of data loss, unauthorized access, manipulation or theft.
Independence of the Client computers can be quickly replaced because no personal data client computer or settings are stored on the clients. Most importantly, users can easily change their place of work without having to go without "their" familiar environment.
Flexible support during The use of terminal servers can significantly support migration migration projects because they enable, for example, a migration process step by step. When the client operating system is changed to a Linux-based system, the familiar Windows applications can continue to be made available via a terminal server until the users have been trained in the new Linux application. Terminal servers can also avoid costly porting or even new development of necessary applications. Once they have been prepared for use on a corresponding terminal server, they can continue to be used under the new operating system.
Low energy consumption The use of one or a few powerful servers and many client computers with simple hardware components and low energy consumption also reduces overall power consumption. According to IBM, a mainframe with the same performance consumes a maximum of just 10% of the energy of a distributed IT architecture.480
Table 75: Advantages of terminal servers and thin clients
Besides these advantages, there are, however, also certain disadvantages which should be considered when deciding whether to use terminal servers or not.
Disadvantages Explanation
Dependence User sessions are aborted when the terminal servers fail. Work cannot be resumed until the problem on the terminal server is fixed. Furthermore, an abort of a user session can lead to loss of data. This disadvantage can be minimized by the use of a server farm (cluster).
480 http://www.computerwoche.de/index.cfm?pid=858&pk=556868; http://www.heise.de/newsticker/meldung/97276 Seite 453 Disadvantages Explanation
Increased resource The terminal servers require a significantly higher resource capacity, requirements on the part in particular, for the RAM. However, in relation to the total demand of the terminal server (servers and clients), fewer resources are required because certain operations need to be carried out on a server only once for all users rather than separately on every single client.
Special measures for Integration, for example, of notebooks with no permanent network mobile devices access requires additional measures, such as the offline mode of the Application Streaming from Citrix.481
Increased network load The server and client systems communicate on network level. The content differences during screen build-up or instructions for screen build-up are transmitted. Certain applications (for example, graphic programs) can lead to a significant increase in network load. However, network traffic can also be reduced in the case of certain applications (for example, word processing) because changes only (keyboard entries and screen changes) are transmitted during saving rather than complete files on a regular basis.
Adaptation of existing Not all applications can run on a terminal server without problems. applications Especially in the Windows area, applications may exist which open system files for writing and lock these files for other users. Problems of this kind can usually be resolved by administrative intervention, for example, by changing rights and privileges.
Table 76: Selected disadvantages of terminal servers and thin clients
Different client types can be used for communication with terminal servers. • Fat clients A fat client is a full-scale desktop PC. It uses special terminal server/client software in order to access the terminal server. • Thin clients Thin clients are computer systems with minimum hardware resources. The clients take their operating system either from a flash EPROM or they are booted via the network (pxe, tftp, nfs).
1 Products/technologies 1.1 Linux Terminal Server Project The Linux Terminal Server Project (LTSP)482 is a software for Linux which enables the use of Linux as a terminal server. The software is widely used by schools and educational institutions as well as in developing and newly industrialized countries because it permits the continued use of older, low-performance desktop PCs. LTSP version 4.2 was released in 2006. LTSP is a free software which is available under the GNU General Public License.
481 http://www.citrix.de/produkte/schnellsuche/presentation-server/Application-Streaming/ 482 http://www.ltsp.org/ (as per 1 November 2007) Seite 454 Technically speaking, LTSP makes it easier to use the capability of the graphic x server to split up any Linux program into two parts, i.e. program execution and display. The program is executed on a server whilst display and input operations using the keyboard or mouse can be carried out on any number of terminals. The number of thin clients is determined by the data rate of the network and the performance of the server. The hardware requirements for the server can be classified as very low. Configurations with 50 workstations with Mozilla and OpenOffice via a DUAL P4 -2,4 (XEON) with 4GB RAM are not unusual. In contrast to the low hardware requirements, the requirements for the network are quite demanding (bandwidth and latency). The use of the X protocol alone means that a 100- Mbps network can only provide around 30 sessions, for example, with Office applications. The software consists of a server application from which clients can boot remotely via Netboot to receive their operating system. With this configuration, the applications run completely on the terminal server and in principle do not require a hard disk of their own. The memory requirements of the clients, which are low anyway, were once again reduced further in the current version, so that the requirements for the client computer can be classified as very low. The minimum requirements are a computer with 32MB RAM and a PCI bus. Furthermore, the hot-plug capability of the clients was improved. Use of local scanners or USB sticks is also possible. Support of Multihead-X additionally enables the use of multiple monitors. Any Linux distribution can be used as the server system. This, for example, also supports methods for authentication against an Active Directory running on a Windows server, and access to resources of a Windows network is enabled in this way. The LTSP client supports access to both LTSP and Windows terminal server applications. Besides the variant where the server makes the operating system available to the client, numerous hardware architectures and operating systems, in particular, Apple OS X and Windows XP, are supported at the client end. In summary, one can conclude that, thanks to low hardware requirements, the LTSP project is particularly positioned as a low-cost alternative to conventional workstations at schools and educational institutions where the connection between the terminal and client is established via a LAN and the level of parallel access is limited. Unfortunately, however, experience shows that LSTP is not very scalable. This is another reason why LSTP is primarily used by small organizations or work groups. Furthermore, its use is only recommended in conjunction with low security requirements because network interruption, in particular, can result in a loss of data. 1.2 NoMachine NX Server In mid-2007, Medialogic published the NoMachine NX483 terminal server and the NX client version 3.0. The name "desktop virtualization and remote maintenance system" is currently used.
483 http://www.nomachine.com/ Seite 455 The functionality of the free version, which is available for Linux and Solaris, is limited when compared to the commercial version (also for Linux and Solaris). An overview of the functional differences can be found on the websites of NoMachine on the Internet484. The NX server is licensed485 on the basis of simultaneous users and on a per-server basis rather than on a per-connection basis. The number of users is unlimited with the Enterprise license. The NX Distributed Computing Architecture is based on a further development of X- Window. X-Window can be regarded as a basic system for graphic user interfaces in Linux-based operating systems. This means that the screen display can be implemented not only on the local computer, but also on a remote computer in a network-transparent manner. The keyboard and mouse commands are additionally forwarded. A distinction can be made between an X server, which renders and sends the graphic data, and an X client which receives and graphically displays the data. Responses (usually keyboard and mouse entries) of the client are again received by the X server. Both use the X protocol in order to communicate. Pertinent pairs of X client requests and X server responses form a round trip, however, not every request requires a response. Round trips require considerable bandwidth and thus prevent the use of the X protocol in slow networks. Compression of the data transmitted of around 70:1 on average can be achieved via the NX protocol.486 The NX compression technology hence permits the use of X-Window even in networks with narrow bandwidth and high latency. Intelligent compression and caching of data already transmitted should enable any user to execute the original versions of the customary X desktop environments via any network connection on a standard X server. Besides special X protocol compression methods, NoMachine has developed integrated proxy agents which enable the implementation of complete remote desktop sessions via narrow-band Internet connections. NX includes a load distribution functionality where servers distribute the network load evenly and assign sessions to multiple different servers. Furthermore, NX enables the transmission of individual applications via narrow-band connections, so that, for example, applications running on a Linux server can be used under Windows or on a thin client. Version 3 of Medialogic NoMachine (NX) offers, for example, the following functionalities: • Session shadowing: Multiple users can now simultaneously share in a single session, for example, for presentations or support. • Desktop sharing: The local X display is accessed via NX. • Improved availability: Flexibility in the area of the "Multi Node Setups" has been increased. • Event-controlled scripts on the server: The administrator can have dedicated scripts activated, for example, when starting a new session or creating a new user.
484 http://www.nomachine.com/features.php (as per 1 November 2007) 485 http://www.nomachine.com/licensing (as per 1 November 2007) 486 http://www.pl-berichte.de/berichte/lt2004-nxartikel.html Seite 456 The management of the NX servers was simplified in that it is no longer necessary to create dedicated NX accounts thanks to improved integration with the host systems (already since version 1.5 from 2005). NX does not offer LDAP support for authentication. NX uses the remote functions of SSH to access the functions of a server whilst all communications are encrypted. Additional products for the integration of security tokens (for example, Aladdin eToken PRO, Rainbow iKey 3000) were developed in order to ensure enhanced protection of the internal IT infrastructure. A secure authentication possibility can be offered in this way. NX servers and client products work primarily under Linux from different distributions. Whilst the server will be offered in future under Solaris only, the NX client is in principle available for any hardware platform under Linux as well as all customary operating systems, such as Windows, Mac OS X or Solaris. The NX functions for network computing can hence be used not just in Linux environments but also with other operating systems. NX translates the protocols of these environments into the X protocol, such as RDP, which is used by Microsoft and Citrix. This means that access to Windows applications is also possible. In summary, one can conclude that NX server can make OpenOffice, KDE and other X applications available parallel to a large number of users. In single-window mode (for example, of KMail, operated from within Windows), this is helpful for "step-by-step" migration.487 NX generally enhances other terminal server installations through its compatibility with these (or, more precisely, through conversion of the protocols to NX) also because bandwidth is saved and performance increased. NX is thus about to become a basic technology which constitutes an alternative to established solutions. NX can clearly hold its own when compared to other products in terms of performance and features. 1.3 Microsoft Windows Terminal Server Microsoft has been offering terminal services since 1995 with NT 3.51. Since then, the functions have been continuously developed further with every new Windows server version. Although the terminal server is an integral part of the respective server operating system, it is subject to a separate license. For Windows Server 2003, this means the corresponding licenses must be acquired for both server 2003 and for the terminal servers. For the use of the terminal services under Windows Server 2003, license costs must be paid for access by more than two sessions running parallel. Under Windows Server 2003, a CAL (Client Access License) must be acquired irrespective of the desktop system used; a distinction is made here between licenses per device and licenses per user. Every device CAL permits a device (used by any user) to perform Windows sessions on a server. Every user CAL permits a user (using any device) to perform Windows sessions on a server. After most of the market had been left to Citrix for a long time, Microsoft is now becoming increasingly important in relation to Citrix on the market for terminal servers. In large environments, however, Citrix continues to be the market leader and is supported by a strategic partnership with Microsoft.
487 http://www.pl-berichte.de/berichte/lt2004-nxartikel.html Seite 457 Remote Desktop Protocol (RDP) is the protocol which the Microsoft terminal services use in order to ensure secure communication between the terminal and the terminal server. In 2006, RDP 6.0 was published for Windows Vista. RDP offers a host of possibilities. It is, for example, possible to reduce the required bandwidth, to share resources with others, and to use multiple display units at the terminal. The Microsoft terminal server gives remote computers access to Windows-based programs which are executed under Windows Server 2003. The server provides the basic functions necessary to execute programs, store files, or use network resources. Windows Server 2003 enables the provision of simple audio data for output at the client, the integration of group guidelines into the sessions, and the control of display units with any resolution and colour depth. Transmission of print and audio signals to local devices, which are directly connected to the terminal, is also possible. Furthermore, it is also possible to temporarily interrupt connections without the user having to log off at the terminal server. The configuration of applications for terminal server operation via group guidelines simplifies administration of the Windows terminal servers. Administrators no longer have to make settings separately for every server, instead, they can do so centrally with effect for all the servers. An Active Directory Services Interface (ADSI) Provider enables program-controlled access to user-specific terminal services settings, such as home directory, authorizations, etc. Besides the provision of applications, RDP enables remote administration of the terminal and quick trouble-shooting when users encounter problems. RDP offers encryption possibilities (128-bit key) and enables smartcard authentication. However, the fact that mutual authentication of the client and server is not required, is a weakness of RDB which can facilitate a man-in-the-middle attack. With the RDP v5.2 version, the server authenticates itself to the client with a certificate, so that attacks should have been prevented, but the success of this measure was limited because it was possible to read out the keys used. Microsoft hence recommends additionally protecting RDP communication via TLS because authentication is ensured in this way.488 Microsoft offers both the server (Windows Server 2000 and 2003) and the client software exclusively for Windows operating systems. Clients are available for most Windows versions (including Pocket-PC), Mac OS X, Linux and FreeBSD. The Portable Operating System Interface (POSIX) also enables the provision of POSIX-compatible Linux and Unix applications. One can sum up that the decision to buy terminal server solutions under Windows is hindered by the fact that the line drawn between Microsoft basic functions and add-ons is continuously shifting. Citrix with its Presentation Server product clearly dominates the market for additional products. The decision is additionally hindered by the fact that the capabilities of the terminal server and of the pertinent clients are expanded with every new Windows version because Microsoft must compete with other server systems, increasingly from the Linux environment, on the market for software infrastructure. At the same time, suppliers of supplementary products are increasingly under pressure and are forced to permanently expand their product range by adding new features and programs.
488 http://www.heise.de/security/artikel/print/61945 Seite 458 This dilemma continues: Whilst on the one hand the basic functions offered change with each new Windows version and in relation to the planned application, customers complain about features which must be paid for because the benefits of standard features are limited due to reduced functionality for reasons of license marketing on the Windows server operating systems. Ultimately, however, the improvements of the terminal services mean that the share of installations which work without additional external add-ons is growing. In Windows Server 2003, the features of the terminal server were improved further so that it can be used without costly additional software or free alternatives (VNC, etc.). Only larger installations continue to depend on support in the form of add-ons from external suppliers, usually in the form of the Citrix Presentation Server. 1.4 Citrix Presentation Server Citrix is a US-based software company which became familiar especially with its Terminal Server product and which for a long time was synonymous for terminal servers. Citrix cooperates very closely with Microsoft. This cooperation includes technical cooperation in the fields of new expansion possibilities for the Windows terminal server and mutual licensing of patents. Furthermore, Citrix has access to the source code of the Windows server. Although the Citrix products are still very widely used and are highly regarded for their suitability for large, heterogeneous networks involving complex management requirements, Citrix now faces growing competition (for example, from the Microsoft terminal server). The Citrix Presentation Server is the successor to market leader Citrix Metaframe and is used to provide Windows applications. Metaframe enables the logic networking of several terminal servers to form a server farm. The user (client) is then faced with so- called published applications rather than a single server to which he connects. A mechanism within the server farm then decides on which server the user's applications will be executed. This architecture ensures availability even when a server fails. The Presentation Server from Citrix requires its own server and client licenses in addition to the licenses for Microsoft Windows Server / Terminal Server. Just like all other Citrix products, Citrix Presentation Server is subject to the "concurrent user" license model. This means that only as many licenses must be acquired as users are to simultaneously work on the presentation server. The Citrix Presentation Server software itself may be installed on any number of servers. ICA (Independent Computing Architecture), as the protocol used is called, is used exclusively for communication between the terminal server and client. Besides the transmission of graphics and keyboard/mouse entries, ICA also supports the transmission of audio data, access to local memories or devices connected, such as a scanner or USB stick. The ICA protocol generally requires very little bandwidth (10-20 kbps for simple applications) because only changed graphic data or mouse and keyboard entries of the user, etc. are transmitted. It is also possible to use GPRS or GSM connections whilst client applications are available for the related devices, such as smartphones. Version 4.5 of the Citrix Presentation Server, which was released in 2007, is offered in three variants each of which is based on a Windows terminal server:
Seite 459 • Advanced Edition: The advanced edition is designed for the requirements of medium-sized environments. The secure provision of the Windows applications via the network is immediately possible without any modification of the applications. Besides numerous other functions, the advanced edition offers a mature load balancing functionality for implementing powerful server farms. Load balancing means that individual sessions are evenly distributed to all the Citrix servers of a farm. This is carried out as a function of the current load of every single server. Parameters measured include, for example, CPU load, available RAM and network and hard disk access. In this way, it is possible to connect servers with very different performance levels to constitute a farm. • Enterprise Edition: The enterprise edition is designed for the requirements of larger environments. It additionally offers an application streaming function that enables streaming of centrally configured and managed Windows applications on user desktops or further presentation servers throughout the entire enterprise as well as the provision of such applications for execution there. With application streaming, desktop applications are sent to the device on demand where they are executed locally in a protected environment without having to be installed on the device itself. This "pull-based" provision model is an alternative to local desktop installations on the individual devices. The streamed applications are executed in an isolated environment on the device. This avoids from the very beginning any version conflicts on the device because the streamed application does not come in contact with other applications installed there. Streaming means that the individual program components are downloaded and executed locally as required. Once the application has been downloaded to the device, it can also be used in offline mode. As soon as a connection to the server is re-established, the application is automatically compared to the previously stored application profile on the server and, when necessary, automatically updated. The enterprise edition comes with additional administration tools to support large server farms. • Platinum Edition: The platinum edition includes additional functions for IT security and performance management. Primary authentication is carried out via the credentials from Microsoft. Furthermore, authentication is also possible on the basis of biometric features or using smartcards. The connection between the server and client is SSL/TLS-secured. All three Citrix Presentation Server 4.5 editions support Microsoft's Windows Server 2003 and Windows Server 2003 x64 platforms. Furthermore, all the editions include Presentation Server 4.0 installation media in order to support Windows 2000 server environments. The Presentation Server Enterprise and platinum editions additionally include Presentation Server for UNIX operating systems and offer support for Sun Solaris, IBM AIX and Hewlett-Packard HP-UX.
Seite 460 The client application is referred to as Citrix ICA Client and is available for a large number of operating systems, for example, all the Windows operating systems, DOS, Java, Linux, further Unix derivates and hand-held systems. In short, one can conclude that the Citrix Presentation Server is very important, in particular, for large networks that require meticulously developed management concepts. The RDP and ICA can be considered to be almost identical in terms of their functionalities. Compared to other suppliers of terminal solutions, Citrix has the advantage of being a (one-stop) supplier of client applications for almost every platform which does, however, also mean that the Microsoft licenses must (also) be acquired in addition to the Citrix licenses.
2 Migration paths As already mentioned in the introduction to the subject of terminal services and client concepts, terminal servers and the pertinent clients are not a classical migration subject in the sense that data, accounts, settings, etc. are to be migrated from one environment to another. The use of terminal servers is preceded by fundamental, strategic decisions which are orientated towards goals such as reduced administration requirements, increased data security, or lower hardware and energy costs (refer also to the introduction to this complex of issues - chapter III.E 1). The use of terminal servers in this context then forms part of a fundamental strategic decision which is often aimed towards consolidating and re-orientating the IT landscape. On the other hand, the use of terminal servers can support a strategic change in the IT landscape in the medium to long term, for example, a change in the operating system throughout the entire organization. Within the scope of such fundamental decisions, terminal servers have an important role to play when it comes to supporting migration projects. Terminal severs can be used wherever applications, for example, of a Windows environment, fail to run in a Linux or OSS environment. If these applications are indispensable, they can be made available to users via a terminal server. This avoids the need for a frequently costly and time- intensive new development and enables efficient change. However, the long-term goal is to replace these applications with new applications which are compatible with the new IT infrastructure within the scope of the ongoing acquisition of new products whilst adhering to the principles of economic efficiency and investment protection. The terminal servers used then become obsolete. If, however, terminal servers are a fundamental component of an IT infrastructure, a change in the terminal server technology used is normally driven by similar strategic decisions as those in favour of a general change in the operating system or of the software running on this. The reasons for such a decision can vary greatly and will not be discussed here in more detail (refer to module I). The decision itself is the first important step of the migration project. The second step is the selection of the new terminal server technology. Whilst this certainly also depends on the reasons which led to a decision to migrate, it also depends on the requirements which the technology must meet with. It is very difficult to compare the functions of individual terminal server solutions because of the large number of functions and the fact that the use of other tools can often compensate for missing functions. All the solutions presented generally fulfil the basic functions of the provision of applications on a client computer. Differences which favour Seite 461 one solution or another are often related to the specific requirements, for example, of individual public agencies. From the applications to the number of parallel sessions and the client operating system or hardware necessary for the client (for example, the possibility to connect more than one video display unit to one client), these factors lead to requirements in every organization which call for a detailed analysis also with a view to future needs. The market for terminal server solutions is generally very dynamic and not very transparent. Overlapping, for example, occurs with concepts which are discussed under the buzzword virtualization. The following overview of the terminal server solutions which are discussed in section III.E 1 hence merely offers initial orientation and is designed to provide the reader with an idea of possible evaluation criteria. This list does not claim to be complete. Furthermore, the evaluation of some criteria may even be obsolete at the time this chapter is read.
LTSP NoMachine Microsoft Microsoft Citrix NX Terminal- Terminal- Presen- server server tation 2000 2003 server Local printers X489 X X X X Local storage media, X X X X X USB sticks Local audio output X X X X X
Load balancing 490 X X X X (farm) Low requirements for the network X X X X (measures in the case of interruption) Use of applications by the client without X X network access Authentication LDAP491, LDAP, SSH MS MS MS SSH Credentials Credentials Credentials Active Directory X492 X493 X X X support Encryption SSH SSH SSL/TLS SSL/TLS SSL/TLS
489 X = fulfilled (in principle) 490 Developments are currently in the testing and trial phase; refer, for example, to: http://www.mindtouchsoftware.com/blog/2007/04/30/ltsp/. 491 http://www.pcxperience.org/thinclient/documentation/ldap.html 492 Not supported by all versions (NX Enterprise Server NX Advanced Server only) 493 http://www.linux-magazin.de/content/view/full/13549/month/12/year/2007 Seite 462 LTSP NoMachine Microsoft Microsoft Citrix NX Terminal- Terminal- Presen- server server tation 2000 2003 server Client operating Customary Customary Windows Windows (All) systems (Linux, (Linux, versions, versions, customary Windows Windows OS X, Linux OS X, Linux (DOS, XP, OS X) XP, OS X) Windows, Java, Linux Handheld, etc.) Client protocol X-Window, X-Window, RDP RDP RDP, ICA support RDP NX, RDP Server operating Linux Linux, Win 2000 Win 2003 Win 2003, systems Solaris 2003 x64, (Solaris, AIX, HP- UX)494
License costs None Depending Server and Server and Microsoft on the client (users client (users licenses number of / devices) / devices) + servers licenses licenses installed495 Depending on the number of parallel sessions Operating system Linux Linux Windows Windows Windows, basis for terminal (Unix) applications
Operation of the X X client without a hard disk (thin client)
Table 77: Overview of the functions of different terminal server solutions
It should once again be emphasized here that not every application can be easily made accessible via a terminal server. Applications with lots of 3D graphics and multi-media features usually tend to be less suitable for terminal server operation. However, ex-ante input is difficult to forecast and, furthermore, can be categorized in terms of programming and administration input requirements because the problems are strongly determined by the existing parameterization situation. Within the scope of a planned migration project (of the client and server operating systems and applications), the establishment of very realistic test environments is strongly recommended in addition to the assessment of the time and costs required to set up the terminal servers because it is very difficult, for example, to predict behaviour under load conditions as well as incompatibilities, if any.
494 With the Platinum Edition only. 495 http://www.linuxland.de/store/em99/EM99-202-EN/de/?view=desc Seite 463 Terminal server decisions are also strongly influenced by the know-how available. Additional software solutions which cover functional requirements are often available, but are not very well known. A thorough market analysis is hence recommended especially in the OSS environment. After a decision for a new terminal server solution has been made which meets with the defined requirements, the question then arises as to which migration procedure should be chosen. This is particularly important if the operating system is to be changed because there is little use in merely changing the terminal server solution if the existing applications do not come to terms with it. The procedure models to be considered here are, in principle, similar to those which are also available in the case of a change in operating system in environments without a terminal server (refer to section I.D 2). This discussion shows that a change in terminal server technology for whatever reason is not fundamentally different from other types of migration. The detail differences ultimately result from the specific decisions and requirements of the public authority in question. The following discussion addresses possible migration paths primarily with a view to the necessary preconditions and functional differences which are worth mentioning. 2.1 Migration from Microsoft Windows Terminal Server to NoMachine NX Server Migration from Microsoft Terminalserver to NoMachine NX Server is usually preceded by the decision to migrate the client and server operating systems from Microsoft to Linux, or this decision is accompanied by the decision to introduce NoMachine NX Server. The decision to migrate to Linux does not necessarily require the replacement of the Windows Terminalserver because Microsoft offers clients for Linux. Furthermore, rdesktop is an OSS client which already forms part of most Linux distributions and which can replace the binary MS client. Alternatives must be found when Linux applications are also to be made available via a terminal server at the latest. In this respect, NoMachine NX Server excels through its performance due to the NX protocol which requires only little bandwidth on the one hand as well as a license model which generates costs on a pro-server rather than on a pro- connection basis on the other. Furthermore, NoMachine NX Server is also perfectly suited for integrating both worlds. The free NX client supports not just the NX and the X protocols, but also the Remote Desktop Protocol (RDP) which is used by Microsoft. Moreover, applications which are made available by a Windows Terminalserver via RDP can be integrated into the NX server via agents. The NX server can then make the application available to the NX clients via the very efficient NX protocol.496 The main reasons for a change can hence be summarized as follows: • a general change to Linux • provision of Linux applications and • the integration of applications from Windows and Linux environments.
496 http://www.pl-berichte.de/berichte/lt2004-nxartikel.html Seite 464 However, the multifunctionality of the solution may not restrict the importance of always stock-taking all the functions, services and programs when use of the terminal servers begins. Only on this basis is it then possible to examine which of them can be replaced with open source and which of them should be left in place for technical, economic and commercial reasons.497 In this case too, Office applications and ERP clients, which usually require fewer 3D presentations or high-resolution graphics, are better suited for terminal server use than CAD applications or applications for editing audio or video data. As already mentioned in the presentation of the NX server, NX offers • efficient compression of normal X traffic • an intelligent mechanism for storing and reusing (caching) data already transmitted and • a strong reduction in time-consuming X round-trips, and thereby enables practically unrestricted work speed of the user and only minor consumption of the bandwidth of the network.498 When changing the terminal server from Microsoft to NoMachine, it should be noted that an NX client must be rolled out on every client computer unless this is to be operated as a web client. Since the NX client is not open source, no NX client is usually installed in customary Linux distributions. Windows computers do not contain an NX client in the standard configuration anyway. In contrast to this, current Windows computers include a client for connecting to the Windows terminal server. However, the clients are very easy to install. The standard installation types are used for all the operating systems (.exe under Windows, .rpm or .deb files for Linux). 2.2 Migration from Microsoft Windows Terminal Server 2000 to Microsoft Windows Terminal Server 2003 A change from Windows Terminalserver 2000 to Windows Terminalserver 2003 is primarily determined by the change in the underlying server. Compared to Windows 2000 Server, Windows Server 2003 features enhancements especially in the area of high availability, security, scalability and administration/maintenance; these indirectly also support the terminal server. • High availability Besides the Microsoft Cluster Service and Network Load Balancing, familiar since Windows 2000, additional monitoring and process recycling features also contribute towards improvement. • Security: Important changes in the security area concern the definition of server roles. Only those services which are required by the respective server role are installed. The critical functionality499 must be explicitly enabled. Secure systems can be
497 http://www.dtnet.de/Loesungen/OSS- Migration/OpenSourceEinfuehrunginUnternehmen/index.html 498 http://www.pl-berichte.de/berichte/lt2004-nxartikel.html 499 For example, the frontpage extensions in the IIS. Seite 465 implemented together with the tried-and-tested security mechanisms from Windows 2000 Server, such as Kerberos, PKI, SSL, IPSec, and so on, which are, of course, also included in Windows Server 2003. • Scalability In order to be properly prepared for load peaks, for example, with Internet applications, the use of Network Load Balancing clusters was found to be a proven concept in the past. A new graphic user interface facilitates the use of this functionality in Windows Server 2003. • Administration and maintenance The functionality made available by Windows Server 2003 is a number of times more granular and better adapted to the requirements of real-life operations than the tools of earlier MS server operating systems which were known as on-board tools.500 Compared to Terminalserver 2000, the following improvements deserve special mention in the case of Terminalserver 2003:501 • Better scalability Terminalserver 2003 supports a larger number of users per server than Windows 2000 Terminalserver. Network load and server load technologies are also supported. • Simpler administratability By integrating group guidelines, Terminalserver 2003 offers better possibilities for remote administration of a client. WMI (Windows Management Instrumentation) Provider with write and read access offers a host of administration options. • User-friendly remote desktop connection The remote desktop connection is the terminal client of Windows. A new user interface enables easier operation, the storing of connection settings, dynamic adaptation to the available bandwidth, and so forth. • Extended RDP Windows Terminalserver 2003 supports RDP 5.1 which was delivered together with service pack 1 for Windows XP. This means a large number of extensions compared to RDP 5.0 which was used by Windows Terminalserver 2000. If RDP 5.1 is used, local resources are available during the session, such as the file system of the client, audio output, serial connections, printers or clipboard. This means that files can be opened, stored or printed on the local client even if the application is running on the remote terminal server. RDP 5.1 additionally
500 A comparison of the functionalities can be found at: http://www.microsoft.com/germany/windowsserver2003/uebersicht/vergleich.mspx or http://www.microsoft.com/germany/msdn/library/windows/windowsserver2003/WindowsSer ver2003AlsAnwendungsplattform.mspx?mfr=true 501 http://msdn2.microsoft.com/en-us/library/Aa383015.aspx; http://www.abacus.ch/downloads/pages/2004-03/s58-59.pdf Seite 466 enables a colour depth of 256 colours up to true colour and the definition of screen resolutions of 640 x 480 up to 1600 x 1200.502 A change in terminal server from the 2000 to the 2003 version is generally only advisable if the extended functions are required. The most important features at the client end are the extended possibilities for using multimedia applications which require a high screen resolution and colour depth or the output of audio data. At the server end, the decision for server consolidation, for example, replacing several smaller servers with a more powerful server, can justify a change, in particular, against the background that Microsoft has already announced that it will discontinue support for Windows 2000. In the case of a change in terminal server from 2000 to 2003, it must be additionally ensured that the client software is updated so that the extended functions of RDP can be used. This is the Remote Desktop Connection software which is available for all newer Windows versions.503 Migration from Windows 2000 Server to Windows Server 2003 usually proceeds "out of the box" and is well-documented.504 Problems which cannot be generally predicted can occur depending on the server role defined, the parameterization situation and on additional software which may be additionally installed. Experience shows that problems practically never occur as a result of terminal server settings or functions. 2.3 From Microsoft Windows Terminal Server to Citrix Presentationserver In a study from July 2004, Gartner Research compared Windows Terminalserver 2003 and the then Citrix MetaFrame Terminalserver. According to this study, Windows 2003 Terminalserver is sufficient if Windows applications only are used, if fewer than 800 users are connected, if a maximum of 10 applications are used, and if the Microsoft Windowsserver Management functionality is used.505 A subsequent study conducted by the Tolly Group on behalf of Citrix confirmed the results of Gartner Research. Besides a minor speed improvement, the advantages of Citrix Presentation Server compared to Windows 2003 Terminalserver were especially found in the area of performance stability and higher server utilization. Whilst the response of Windows Terminalserver 2003 became overproportionately longer as the load increased, it remained very stable in the case of the Presentation Server.506 These results continue to be valid today. Citrix Presentation Server is the large solution in the area of terminal services. In the area of the public administration of LVA Rheinprovinz, an organization of the statutory pension insurance scheme, some 5,000 users at several sites were provided with applications. The application software was shifted to a central server farm with more than 80 Citrix Presentation Servers. Furthermore, more than 140 offices with some 17,000 users were provided with the
502 http://www.microsoft.com/technet/prodtechnol/windowsserver2003/de/library/ServerHelp/ 7750ed9c-f468-484e-a08f-ccab73ddd3fe.mspx?mfr=true 503 http://www.microsoft.com/downloads/details.aspx?displaylang=de&FamilyID=80111F21- D48D-426E-96C2-08AA2BD23A49 504 A page with information from Microsoft can be found at: http://www.microsoft.com/windowsserver2003/upgrading/w2k/default.mspx 505 According to: http://www.abacus.ch/downloads/pages/2004-03/s58-59.pdf 506 http://www.tolly.com/ts/2006/Citrix/PresentationServerEnterprise/ TollyTS206146CitrixSystemsPresentationServer4August2006.pdf Seite 467 required applications for the computer centre of the finance administration of the federal land of North-Rhine Westphalia. As another showcase project in the public sector, Citrix refers to an implementation of the server at the Herne municipal works with around 300 users connected.507 However, this is probably the lower limit of users who can be reasonably supplied via Citrix Presentation Server. Besides the advantages of scalability, the Citrix solution includes further functions which Windows Terminalserver 2003 on its own does not offer, so that Citrix Presentation Server is generally the more comprehensive solution which is specifically designed for the demands of large public authorities and companies with the most varied application scenarios. Further functional differences can be divided into the categories of user perception, administration, compatibility and security with regard to data confidentiality and integrity. The individual categories will be discussed in more detail below and short, exemplary application scenarios are outlined which highlight the additional benefit of the extended functionality (apart from better scalability) of a Presentation Server compared to a Windows Terminal Server.508 • User perception: In the area of user perception, improved and faster print functions should be mentioned in addition to the performance improvements of the applications (in particular, with high server utilization) discussed earlier. The processing of a print job, for example, is reduced by a factor of 2-3. Furthermore, improved multimedia capabilities (for example, synchronization of audio and video or bidirectional exchange of audio data) enable eLearning applications or demanding graphic programs. For mobile laptop users, Citrix Presentation Server offers a function termed Application Streaming which enables users to use an application even without a connection to the network. • Administration: Presentation Server generally offers much more differentiated administration possibilities. A management console can be used in order to define exactly when which application is published or which rights are necessary in order to use an application. Furthermore, automated installation of applications is possible on different Presentation Servers. Individual sessions can be distributed on the basis of different criteria, such as CPU load or RAM load. Geographically distributed servers can be combined to form a so-called farm and thereby offer better protection in the case of a server failure and enable the targeted monitoring of individual applications. Furthermore, Presentation Server enables the use of individual applications via a web browser and the integration of these into a web portal without the need for a repeated
507 These and further examples of Citrix in the public administration can be found at: http://www.citrix.de/modules/resource/download/42e116630e199a42010e1caf38e5000a/Oe ffentliche%20Verwaltung.pdf 508 http://www.citrix.de/modules/resource/download/42e1166210bbd11f0110bcd89f500003/ eng_ValueAdd_CPS4.5_TS2003.pdf Seite 468 logon. Extended management functionalities for the print services enable not just additional functions, such as the targeted selection of a paper tray, binding, double-sided printing, etc., but also the integration of a large number of printers whose use can be restricted via guidelines. • Compatibility: The greater compatibility of Presentation Server compared to Terminalserver 2003 is also expressed (besides the possibility to integrate a large number of printers), for example, by the fact that a larger number of client operating systems (including many hand-helds and smartphones) and more USB devices (such as scanners or for USB synchronization of pocket PCs) are supported. The Application Isolation function can be used in order to publish applications via a terminal server which were not developed for use on this. It is, for example, possible to isolate registry entries, the locking of libraries, object descriptions, etc. so that other applications are not affected by the settings. • Security with regard to data confidentiality and integrity: Besides encryption via an SSL Gateway or a hardware-supported VPN, Citrix offers wide support of security-relevant technologies. In the field of strong authentication, for example, tokens, smartcards or biometric sensors are supported. Furthermore, separate configuration of DMZs is not necessary in order to channel the data communication of Presentation Server. Useful forums on the subjects of migration and the installation of Citrix Presentation Server with problem solutions and/or causes can be found on the pages of the German Citrix User Group (DCUG).509
3 References In conjunction with the migration of terminal services, references exist primarily to the subjects of authentication services and network services. 3.1 Authentication and directory services Authentication and directory services are usually integrated within the framework of terminal services and client concepts in order to be able to manage and control a larger number of users and their identity data. This avoids redundant data handling on the one hand and saves considerable administrative work on the other. Refer also to chapter III.C. 3.2 Network services Network services are a general precondition for the use of terminal services. They open up the possibility to implement terminal services by connecting the terminals to the servers and offer basic tools for administration. The discussion in chapter II.D should hence be taken into consideration during the course of a migration project.
509 http://www.dcug.de/cms/portal.php. Seite 469 IV. Appendix
A Abbreviations ACE Access Control Entries ACL Access Control List AD Active Directory ADAM Active Directory Application Mode ADC Active Directory Connector ADMT Active Directory Migration Tool ADO ActiveX Data Objects ADS Active Directory Service ADSI Active Directory Service Interface AFS Andrew File System AIX Unix Distribution from the company IBM AJAX Asynchronous JavaScript and XML Alt. Alternative APC Desktop PC API Application Programming Interface APOC A Point Of Control APOP Authenticated Post Office Protocol APT Advanced Package Tool ASCII American Standard Code for Information Interchange ASF Apache Software Foundation ASP Active Server Pages ATL Active Template Library ATM Asynchronous Transfer Mode BB Bulletin Boards BDC Backup Domain Controller BfD Bundesbeauftragter für den Datenschutz (The Federal Data Protection Commissioner) BGB Bürgerliches Gesetzbuch (German Civil Code) BHO Federal Budget Code BIND Berkeley Internet Name Domain
Seite 470 BMF Federal Ministry of Finance BMI Federal Ministry of the Interior BOOTP Bootstrap Protocol BSD Berkeley Software Distribution BSI Bundesamt für Sicherheit in der Informationstechnik (German Federal Office for Information Security) BVA Bundesverwaltungsamt (Federal Office of Administration) CA Certification Authority CAL Client Access License Calc. Calculation CAS Code Access Security CCSMT SMS Migration Tool CDO Collaboration Data Objects CGI Common Gateway Interface CIFS Common Internet File System CIM Common Information Model Circ. Circulation CIS COM Internet Service CLI Common Language Infrastructure CLR Common Language Runtime cn Common Name CO Crossover Office COLS Commercial Linux Software COM Component Object Models COM+ Component Object Models CORBA Common Objects Request Broker Architecture CPU Central Processing Unit CSS Cascading Style Sheets CUPS Common UNIX Printing System DACL Discretionary Access Control List DAV Distributed Authoring and Versioning DB Database DBMS Database management system DC Domain Controller
Seite 471 dc domainComponent DCOM Distributed Component Object Models DDE Dynamic Data Exchange DDNS Dynamic DNS DFS Distributed File System DHCP Dynamic Host Configuration Protocol DIT Directory Information Tree DLC Data Link Control DLL Dynamic Link Libraries DMS Document management system DMZ Demilitarized Zone DN Distinguished Name DNS Domain Name Server DNSSEC Domain Name System Security DOM Document Object Model DOMEA Document Management and Electronic Archiving DRBD Distributed Replicated Block Device DS Directory Service DSO Dynamic Shared Objects DTD Document Type Definition DTS Data Transformation Services DP Data processing DXL Domino Extensible Language E2K Exchange 2000 ECMA European Computer Manufacturers Association Ed. Editor EFQM European Foundation for Quality Management EFS Encrypting File System e.g. For example EJB Enterprise Java Beans EMF Enhanced Meta Format ESC/P Epson Printer Language etc. et cetera EULA End User License Agreement Seite 472 EVB-IT Supplementary terms and conditions of contracts for the procurement of IT services EXT2 Extended Filesystem Version 2 EXT3 Extended Filesystem Version 3 FAT File Allocation Table Fn. Footnote FQDN Full Qualified Domain Name FRS File Replication Service FSG Free Standard Group FSMO Flexible Single Master Operation FTP File Transfer Protocol GC Global Catalog GDI Graphics Device Interface GGO Joint rules of procedure of the federal ministries GmbH Private limited company GMBI Joint ministerial bulletin GNOME GNU Network Object Model Environment GNU GNU's Not UNIX ??? GPL General/Gnu Public License GPOs Group Policy Objects GPS Global Positioning System GSS-API Generic Security Service API GUID Global Unique Identifier GWB Gesetz gegen Wettbewerbsbeschränkungen (German Law Against Restrictions on Competition) HACMP High Availability Cluster Management Protocol HAL Hardware Abstraction Layer HD Hard disk HIS Host Integration Server HP Hewlett-Packard HS Budget view HSM Hierarchical Storage Management HTML Hypertext Markup Language HTTP Hypertext Transfer Protocol
Seite 473 HTTPS Hypertext Transfer Protocol Secure IaC Information and Communication ICA Independent Computing Architecture IDE Integrated Development Environment IEAK Internet Explorer Administration Kit IETF Internet Engineering Task Force IIOP Internet Inter-ORB Protocol IIS Internet Information Server IL Intermediate Language IMAP4 Internet Mail Access Protocol 4 IMAPS Internet Mail Access Protocol Secure IMKA Interdepartmental Coordinating Committee for Information Technology in the Federal Administration IP Internet Protocol IPC Interprocess Communication IPP Internet Printing Protocol Ipsec Internet Protocol Security Protocol IPv6 IP Version 6 IPX Internet Packet Exchange IRC Internet Relay Chat IRM Information Rights Management IS Information Store ISA Internet Security and Acceleration ISAPI Internet Service Application Programming Interface ISC Internet Software Consortium ISO International Organization for Standardization ISSN International Standard Serial Number IT Information technology IT-WiBe Recommendations on economic efficiency assessments for IT systems at the federal administration J2EE Java 2 Enterprise Edition J2SE Java 2 Standard Edition JAXP Java API for XML JDBC Java Database Connectivity
Seite 474 JDS Sun Java Desktop System JFS Journaled File System JIT Just In Time JMC Java Message Service JNDI Java Naming and Directory Interface JRE Java Runtime Environment JRMI Java Remote Method Invocation JSP Java Server Pages JTA Java Transaction API JVM Java Virtual Machine KBSt Co-ordinating and Advisory Agency of the Federal Government for Information Technology in the Federal Administration KDC Key Distribution Center KDE K Desktop Environment KLR Cost/output analysis KMS Key Management Server KN Costs/benefits kWh Kilowatt hour LAMP Linux, Apache, MySQL, PHP LAN Local Area Network LANANA Linux Assigned Names and Numbers Authority LDAP Lightweight Directory Access Protocol LDIF LDAP Data Interchange Format LGPL Lesser General Public License Li18nux Linux Internationalization Initiative LM LAN Manager LMRepl Directory replication service loc. cit. Loco citato – in the place mentioned LPD Line Printing Daemon LPI Linux Professional Institute LPR Line Printing Redirector LSA Local Security Authority LSB Linux Standard Base LTSP Linux Terminal Server Project
Seite 475 LVM Logical Volume Manager LVS Linux Virtual Server MAC Media Access Control MAPI Messaging Application Programming Interface MB Megabyte MD Man-days MDX Message Digest X MFT Master File Table MIME Multipurpose Internet Mail Extension MLP Message/Multilayer Link Protocol MMC Microsoft Management Console MMQS Microsoft Message Queue Server MOM Microsoft Operation Manager MPL Mozilla Public License MRTG/RRD Multi Router Traffic Grapher/Round Robin Database MS Microsoft MSMQ Microsoft Message Queuing MSPS Microsoft Proprietary Standards MTA Message Transfer Agent MTBF mean time between failure MTS Microsoft Transaction Server MTTR Mean Time To Repair NAS Network Attached Storage NAT Network Address Translation NCSA National Center for Supercomputing Application NDS Novell Directory Service NetBEUI NetBIOS Extended User Interface NetBIOS Network Basic Input and Output System NetBT NetBIOS over TCP/IP NFS Network File System NIS Network Information Service NLD Novell Linux Desktop NNTP Network News Transport Protocol NPL Netscape Public License Seite 476 NSS Name Service Switch NTDS NT Directory Service NTFS NT File System NTFS4 NT File System 4 NTFS5 New Technology File System 5 NTLM Windows NT LAN Manager NTLMv2 Windows NT LAN Manager Version 2 NTP Network Time Protocol ODBC Open Database Connectivity ODF Open Document Format OGo OpenGroupware.org OLAP Online Analytical Processing OLE Object Linking and Embedding OMG Object Management Group OMPM Office Migration Planning Manager OOo OpenOffice.org OOo/SO Open Office.org/StarOffice OOXML Office Open XML OpenLDAP Open Lightweight Directory Access Protocol (LDAP) ORB Object Request Broker OSI Open Systems Interconnection OSOS Open Standards with Open Source OSS Open Source Software OU Organizational Unit OWA Outlook Web Access p. Page PAM Pluggable Authentication Module Para Paragraph PatG Patentgesetz (German Patent Act) PBS Portable Batch System PBX Private Branch Exchanger PC Personal Computer PCL Printer Control Language PD Person-days Seite 477 PDA Personal Digital Assistant PDC Primary Domain Controller PDF Portable Document Format Perl Practical Extraction and Report Language PHP PHP Hypertext Pre-processor PIM Personal Information Manager PKI Public Key Infrastructure PM Project management POP3 Post Office Protocol Version 3 POSIX Portable Operating System Interface for UNIX pp. Pages PPD PostScript Printer Descriptions ProdHaftG Produkthaftungsgesetz (German Product Liability Act) PS Project view PXE Pre-Boot Execution Environment QA Quality assurance Qty. Quantity RAC Real Application Cluster RAID Redundant Array of Inexpensive/Independent Discs RAM Random Access Machine/Memory RAS Remote Access Service RAW Read After Write RDBMS Relational Database Management System RDP Remote Desktop Protocol ReiserFS Reiser File System RFCs Request for Comments RHCE Red Hat Certified Engineer RHD Red Hat Desktop RHN Red Hat Network RID Relative Identifier RISC Reduced Instruction Set Computer RMI Remote Method Invocation RMS Rights Management Services RPC Remote Procedure Calls Seite 478 RPM Red Hat Packet Management S/MIME Secure MIME (Multipurpose Internet Mail Extensions) SA System Attendant SACL System Access Control List SAGA Standards and Architectures for eGovernment Applications SAM Security Accounts Manager SAN Storage Area Network SASL Simple Authentication and Security Layer SBS Small Business Server SC Samsung Contact SCCM System Center Configuration Manager SCM Security Configuration Manager SCOM System Centre Operations Manager SCS Sun Control Station SCSI Small Computer System Interface SDB Simple Database Backend SDBC Star Database Connectivity SDK Software Developer Kit seq. and following SFU Service for UNIX SID Security Identifier SISL Sun Industry Source License SLAs Service Level Agreements SLOX SUSE Linux Openexchange SMB Server Message Block SMS Short Message Service SMS System Management Server SMTP Simple Mail Transfer Protocol SNA Storage Network Attached SNMP Simple Network Management Protocol SO StarOffice SOAP Simple Object Access Protocol SPM Standard TCP/IP Port Monitor SPX Sequenced Packet Exchange Seite 479 SQL Structured Query Language SQL-DMO SQL Distributed Management Objects SRS Standard Replication Service SSH Secure Shell SSL Secure Sockets Layer SSL/TLS Secure Sockets Layer / Transport Layer Security SSO Single Sign-On SUS Java System Update Service SVG Scalable Vector Graphic SW Software SWA Scalix Web Access SWAP Simple Workgroup Access Protocol SWAT Samba Web Administration Tool TB Terabyte TCL Tool Command Language TCO Total Costs of Ownership TCP/IP Transmission Control Protocol / Internet Protocol TDS Tabular Data Stream TGS Ticket Granting Service TGT Ticket Granting Ticket TLS Transport Layer Security TNEF Transport Neutral Encapsulation Format TTS Trouble Ticket System UCS Univention Corporate Server UDDI Universal Description, Discovery and Integration UDP User Datagram Protocol UfAB Document for invitations to tender and evaluation of IT services UGS Univention Groupware Server UHD User Help Desks UI User Interface UNC Uniform Naming Convention UNO Universal Network Objects UrhG Urheberrechtsgesetz URL Uniform Resource Locator Seite 480 USB Universal Serial Bus USN Unique Sequence Number Var. Variant VBA Visual Basic for Applications VBS Visual Basic Scripting Edition VBScript Visual Basic Script VFS Virtual File System VLDB Very Large Database VMX Vintela Management Extensions VOL Verdingungsordnung für Leistungen VOL/A Verdingungsordnung für Leistungen/ Teil A Allgemeine Bestimmungen für die Vergabe von Leistungen (Procedures for the Award of Contracts for Public Supplies and Services / Part A) VPN Virtual Private Network vs. versus VSF Compilation of regulations by the Federal Finance Administration VV Administrative regulation W2K Windows 2000 W3C World Wide Web Consortiums WAN Wide Area Network WAP Wireless Application Protocol WBEM Web Based Enterprise Management WebDAVS Web Document Authoring And Versioning WiBe Evaluation of economic efficiency WINS Windows Internet Name Service WMI Windows Management Instrumentation WSDL Web-Services Description Language WSH Windows Scripting Host WWW World Wide Web WYSIWYG what you see is what you get XFS Extended File System XHTML eXtensible HyperText Markup Language XML Extensible Markup Language XPS XML Paper Specification Format
Seite 481 XSL Extensible Style Sheet Language XSLT Extensible Stylesheet Language for Transformations YaST Yet another Setup Tool
Seite 482 B Glossary .NET .NET is the name of Microsoft's current programming environment. It consists of different frameworks (class libraries), a virtual runtime environment (similar to the Java Virtual Machine) and a development environment (Visual Studio .NET). .NET supports several programming languages, including C#, C++, J# and Visual Basic. ACL An Access Control List is a list with access privileges. These lists serve as the basis for controlling access to the resources of the IT system. The system uses the ACLs in order to decide which access a user has to a resource, such as a directory. ActiveX A collective term for a technology introduced by Microsoft which enables (inter)active contents on websites. The browser downloads ActiveX program parts from the server and executes these on the user's PC. ActiveX was developed by Microsoft as an alternative to Java applets. ADO ADO means Active Data Objects and represents a high-level interface (for example, from Visual Basic) for general data access from Microsoft via an OLE DB provider (for example, for SQL Server, ODBC, Oracle, Active Directory Service, etc.). ADO includes objects for the establishment of a connection to a data source, for read, update, write and delete operations. API Application Programming Interface (a defined programming interface which can be used for integration and expansion). ASP "Active Server Pages" is being Microsoft's concept for generating dynamic websites (refer also to "JSP") at the server end (using, for example, JavaScript, Visual Basic Script). ATM Asynchronous Transfer Mode (ATM) is a technology where the data traffic is coded in small packets, called cells, of a fixed length (53 bytes) and transmitted by asynchronous time multiplexing. Compared to transmission techniques with variable cell size (for example, Ethernet) the cell technology offers the advantages that the forwarding of the cells by so- called cell relay (similar to Frame Relay) is more efficient. BOOTP The Bootstrap Protocol (BOOTP) is used to assign an IP address and several other parameters to a computer in a TCP/IP network. BOOTP is used, for example, to set the network address of terminals and diskless workstations which receive their operating system from a boot server. The operating program is then typically transmitted via the TFTP protocol. Certain peripheral devices, such as network printers, can use the BOOTP protocol to determine their IP address and network configuration (sub-network / gateway). Formerly, the RARP protocol was used to determine the IP address of diskless devices. In contrast to RARP which merely supplies the IP address, BOOTP comes with a whole range of parameters; in particular, the sub-network mask, gateway and boot server can be transmitted. However, these are not sufficient for configuring workstations and PCs
Seite 483 because additional settings are required here, such as printer, time server, etc. The DHCP is an extension of the BOOTP parameters. C# An object-oriented programming language developed by Microsoft on the basis of C and C++. CGI The Common Gateway Interface is the very first variant of the web server interfaces. Practically every modern web server supports this interface. Applications using CGI can be developed in different programming languages. Besides interpreter languages, such as PERL, it is also possible to use compiled applications which were written in C or C++. COM The Component Object Model is a software standard from Microsoft which can enable communication between processes and programs. For this purpose, COM defines an object-oriented interface which a program or a software component uses in order to make services available. CORBA CORBA means Common Object Request Broker Architecture and was developed with the aim to enable communication between applications independent of place, platform and implementation. CORBA is an open standard defined by the Object Management Group (OMG). DCOM The Distributed Component Object Model is a variant of Microsoft's COM standard. DCOM can be used for the distribution of the services of a software. DCOM uses RPCs (Remote Procedure Calls) for implementation in order to call procedures on a remote computer via the exchange of messages. DDE Dynamic Data Exchange is a procedure under Windows which enables user programs to exchange data. Data exchange itself is a dynamic process. If a file connected by DDE is changed, the change is automatically transferred to all the files communicating with the file concerned. DHCP The Dynamic Host Configuration Protocol creates the basis for the dynamic assignment of IP addresses. The DHCP client dynamically receives an IP address from central DHCP servers. Besides the IP addresses, even further configuration parameters can be sent to the client. DNS The Domain Name System is a system with a hierarchical structure for assigning names to computers connected to the Internet/intranet. DTD Document Type Definitions formally define the structure of an XML document. They determine the syntax which applies to a particular document type (and hence to a particular data format). Emulation The capability of a system or program to simulate the operation of another computer system using hardware or software resources. Failover This is a specific hardware or software feature, for example, of a database, server or network, which is configured in such a manner that its services are automatically taken over by a system with a similar or identical function in the case of a temporary system failure.
Seite 484 GGO On 26 July 2000, the federal government adopted the new joint rules of procedure of the federal ministries (GGO) as a set of rules designed to comprehensively modernize cooperation between and organization of the federal ministries as well as the law drafting process. Administrative processes will be faster and simpler in future. The extended possibilities for the use of state-of-the-art information technology were newly incorporated. The revised rules additionally apply modern steering and management instruments which are customary in the business world. HTML Hypertext Markup Language – the open standard and the file format for the presentation of contents on the Internet and in intranets. HTTP A standard for electronic interaction during the transmission of web documents to the Internet. IMAP The Internet Mail Access Protocol can be used to administer e-mailboxes. In contrast to POP3, IMAP administers the mail on the server. When the mail program starts, only the header data (sender, reference and time of receipt) is loaded by default. The recipient can then select the mails to be downloaded completely. Mail to remain on the server can be filed there in special folders. IPsec A standard for network security solutions which is particularly suitable for the implementation of VPNs and for remote access to private networks via dial-up connections. IPv6 The new version 6 of the Internet protocol (IP) with IP addresses consisting of 128 rather than 32 bits as with IPv4. This may create more addressing options for websites. IPX A standard for data transmission defined by Novell. J2EE Java 2 Enterprise Edition (J2EE) is a collective term for various concepts and Java-based components which are used, above all, for the operation of J2EE application servers. Besides client-end communication with J2EE application servers, which usually takes place via a browser, J2EE also supports communication between application components. Different techniques can be used for communication at the application end, such as: XML-based web services, CORBA and direct calls from within Java programs. Java Beans Java Beans are reusable software components implemented in Java. Java Script A script language originally defined by Netscape for connecting program code to static HTML pages. The code is typically executed in the user's browser. Java A programming language developed by SUN Microsystems which is especially used in the field of Internet technology. A so-called compiler translates the source texts to a platform-independent intermediate code. This intermediate code can then be executed by a suitable interpreter on any computer. This enables the execution of Java programs on all computer platforms for which a suitable interpreter program exists.
Seite 485 JDBC The Java Database Connectivity offers a mechanism for communication with existing databases. Drivers serve as the interface between the Java program and the database. JSP JavaServer Pages are HTML files with embedded Java program code which are once converted once to servlets by a JSP engine and are then executed in the web server. The result is subsequently sent in normal HTML format to the client (refer also to ASP). Kerberos Kerberos is a protocol for secure authentication within open networks which are, for example, based on the TCP/IP protocol. If Kerberos is used, once-off registration is carried out with a Key Distribution Center (KDC, sometimes also referred to as Kerberos domain controller) which provides the user with a ticket with a defined term of validity for authentication against the services used by him or her. LAMP An open source platform for web developers and web applications based on Linux, Apache, MySQL and PHP and/or PERL or Python. LDAP The Lightweight Directory Access Protocol (X.509) is a simplified version of the DAP (X.500). LDAP is used to access directory services which can be used, for example, to query user features. Macro A combination of individual instructions and/or a sequence of commands and processes which can be recorded and saved. When a macro is called, the processes and actions are automatically executed in the correct order. MP3 A standard format for compressed audio files which was developed by Fraunhofer-Institut within the framework of the MPEG and which has become particularly popular on the Internet. MTA A software component responsible for the distribution of e-mails between different computer systems. An MTA receives messages both from other MTAs and from MUAs and passes these on to the corresponding recipients. MUA The Mail User Agent is the e-mail program which enables users to access, display, read, edit and administer electronic messages. NDS NDS (Novell Directory Services) is a highly scalable and redundant directory service which Novell introduced with the NetWare 4.x operating system. NTP The Network Time Protocol is used to synchronize the time information of different computers via a network. The NTP enables the setting of computer time precise to the millisecond. This is particularly important for processes in which several computers are involved at the same time. ODBC A standardized process ensuring access to databases. Application programs, for example, can use ODBC in order to access a diverse range of databases. OLE OLE means "Object Linking and Embedding" and is a method for the shared use of information. This information can exist in different formats
Seite 486 and can have been generated by different applications. Data from a source document is linked to and/or embedded in a target document. When the embedded data is tagged in the target document, the source application is once again opened, so that the data can be edited using the necessary functions in the usual environment. Another term used is "OLE Compound Documents". OpenLDAP OpenLDAP is an implementation of the LDAP protocol as free software. OpenLDAP is made available with the most commonly used and current Linux distributions. Since OpenLDAP pursues the LDAP standard, OpenLDAP can be used for the implementation and central maintenance/updating of a central user data administration functionality. OSI An international standard for exchanging data in networks. OSI consists of seven layers describing the individual communication processes. PDF A cross-platform document format from Adobe Systems that enables the generation and presentation of documents which consist of text, images and pictures. Perl The Practical Extraction and Report Language is a freely available programming language which is used particularly often for writing CGI scripts. Thanks to a variety of options, especially in conjunction with the processing of strings, Perl programs are often used for routine administrative tasks. PHP A server-end script language for generating database-based and dynamic web contents. POP3 When using the Post Office Protocol, version 3, the local mail program (client) generally downloads all new mails from the mail server to the local computer after the start. The client is typically configured in such a manner that mail, once downloaded, is deleted on the server. POSIX A UNIX-based interface standard according to IEEE which is supported by all UNIX derivatives. PostScript A page description language developed by Adobe for controlling printers. Postscript-enabled printers receive their print commands from the respective application program in the form of a standardized sequence of instructions which the printer interprets and translates to a print process. Process The term "process" as used in information technology text refers to the execution of a computer program on a processor. Memory space and further operating system resources are assigned to a process. A process can consist of one or more threads which share with a process the memory and other operating-system-related resources, such as files and network connections, but which are otherwise executed independent of each other. A process can also consist of exactly one thread if parallel processing is not foreseen in program execution. RAS Microsoft uses this name for the provision of dial-up services within the Microsoft operating system.
Seite 487 RDBMS The information of a database in a relational database management system is stored in tables which are in relation to each other. The organization is based on the relational model. seq. and following Server A process, a program or a computer which processes the requests of a client and/or which provides services that can be used by a client. SQL The standard query language for relational databases. SSH A protocol or a corresponding implementation (UNIX/Linux systems) of this protocol, respectively, which ensures secure access to the computers connected to a network. The implementation ensures secure data transmission via non-secure connections. SSL An encryption technology developed by Netscape and a protocol for secure communication and transmission of documents between web browsers and web servers. TCP/IP A set of network protocols which are used within a network in order to offer users various services. TCP (Transmission Control Protocol) and IP (Internet Protocol) are the fundamentals for defining the individual data packets, as well as their sending and delivery. Thread Refer to: process UNO UNO is a component model that ensures interoperability between different programming languages, different object models, different machine architectures and different processes. This can be implemented in a LAN or via the Internet. UNO is developed by the OpenOffice Community in cooperation with the development laboratories of Sun Microsystems. The basic libraries of UNO are independent of OpenOffice and StarOffice and can be used as a framework for other applications. UNO is freely available subject to the LGPL license. Java, C and C++ on Windows, Linux and Solaris are currently supported. (Refer also to http://udk.openoffice.org/ common/man/uno.html). URL The Uniform Resource Locator identifies a distinguished address in the World Wide Web, such as "http://www.kbst.bund.de". VBA Visual Basic for Applications W3C The World Wide Web Consortium coordinates the development of the WWW and the standardization of HTML, XML and their derivatives. WebDAV Web-based Distributed Authoring and Versioning is an extension of the Hypertext Transfer Protocol (HTTP) and offers standardized support for the asynchronous, collaborative creation of contents via the Internet and/or intranet. WINS A Microsoft system for the resolution of names within a network (network names <-> IP addresses). XML A specification for the definition of languages for formatting documents. XML offers strict separation of contents and design.
Seite 488 XSLT A language recommended by the W3C for creating style templates that convert XML-structures to other XML structures in a rule-based process, for example, to a page description language, such as HTML.
Seite 489 C Illustrations Fig. 1: Structure of the migration guide ...... 6 Fig. 2: Contractual relationships ...... 41 Fig. 3: Control loop of the evaluation of economic efficiency...... 72 Fig. 4: Example: manpower costs during the migration phases ...... 76 Fig. 5: Example: total manpower costs...... 77 Fig. 6: Example of a server infrastructure data collection template...... 83 Fig. 7: Example of a desktop computer data collection template ...... 83 Fig. 8: Example of a network infrastructure data collection template ...... 84 Fig. 9: Example of a printer infrastructure data collection template...... 85 Fig. 10: Example of the server infrastructure services data collection template...... 86 Fig. 11: Example of a standard software data collection template ...... 86 Fig. 12: Example of an Office data collection template...... 87 Fig. 13: Example of an "IT applications – architecture and users" data collection template...... 89 Fig. 14: Example of an "IT applications – architecture and users" data collection template...... 89 Fig. 15: Example of an "IT applications – database systems and application server" data collection template...... 89 Fig. 16: Example of an "IT applications – administration of users/rights and interfaces" data collection template...... 90 Fig. 17: Example of an "IT applications – hosting, development of applications and characteristics" data collection template...... 91 Fig. 18: Example of an "IT applications – outlook, costs and remarks" data collection template...... 91 Fig. 19: Methodology of the "Migration" WiBe ...... 98 Fig. 20: WiBe – Example 2 of a WiBe cost calculation 1, introduction costs/benefits113 Fig. 21: Example 2 of a WiBe cost calculation 2, operating costs/benefits...... 114 Fig. 22: Phases of a migration process ...... 131 Fig. 23: Decision-making process for implementing a migration project ...... 133 Fig. 24: Example of gentle and gradual migration ...... 136 Fig. 25: Example of an NT domain structure ...... 194 Fig. 26: Example of Windows 2000 ...... 194 Fig. 27: U-G-L-R method ...... 236
Seite 490 Fig. 28: U-G-R method: ...... 237 Fig. 29: Printing under CUPS ...... 255 Fig. 30: General: printing under Windows ...... 264 Fig. 31: OpenGroupware architecture ...... 286 Fig. 32: Open-Xchange architecture...... 291 Fig. 33: eGroupWare architecture ...... 294 Fig. 34: Technical interactions in Zarafa...... 298 Fig. 35: LDAP based graphic user editor...... 299 Fig. 36: Scalix platform ...... 307 Fig. 37: Scalix client systems ...... 308 Fig. 38: Scalix versions – overview of functions ...... 308 Fig. 39: Scalix integration ...... 309 Fig. 40: Interaction of the server roles ...... 311 Fig. 41: Notes architecture ...... 314 Fig. 42: Mindquarry architecture...... 330 Fig. 43: Relationship between MSS 3.0 and MOSS 2007...... 336 Fig. 44: Logic architecture – SharePoint ...... 337 Fig. 45: Topologies of Sharepoint server farms...... 338 Fig. 46: Functionality of MOSS 2007...... 342 Fig. 47: Functionalities of the different SharePoint editions...... 343 Fig. 48: Basic SharePoint site structure ...... 345 Fig. 49: Metadata of a document in the browser ...... 346 Fig. 50: Word 2007 - Document with meta data (File --> Properties) ...... 347 Fig. 51: Workflow tool - SharePoint Designer...... 349 Fig. 52: Workflow development with Visual Studio...... 350 Fig. 53: Template management module...... 358 Fig. 54: Functions of ICEcore OSS, Novell Teaming + Conferencing and ICEcore add-on modules...... 361 Fig. 55: Architecture of the Novell teaming software package...... 363 Fig. 56: Enterprise Admin Portlet...... 364 Fig. 57: Novell Conferencing architecture ...... 365 Fig. 58: User interface of the administration interface for Novell Conferencing...... 367 Fig. 59: Workflow of controlled collaboration...... 368 Fig. 60: Extended search Novell Teaming...... 370
Seite 491 Fig. 61: Status transitions in the Novell Teaming workflow ...... 372 Fig. 62: Graphic rendering of a workflow in Novell Teaming ...... 372 Fig. 63: Presenting documents in the HTML format ...... 373 Fig. 64: The Navigator in OpenOffice.org Writer ...... 393 Fig. 65: Formulas in natural language in OpenOffice.org Calc...... 394 Fig. 66: VBA in the Office application ...... 409 Fig. 67: User interface for work with XML schemas in MS Word 2007...... 412 Fig. 68: Data record according to the "Birth certificate application" ["Antrag Geburtsurkunde"] XML schema...... 413 Fig. 69: Binary-coded Excel spreadsheet in the old WordprocessingML ...... 415 Fig. 70: Architecture of the document generator ...... 427 Fig. 71: External data fields after export to an MS Word document ...... 432 Fig. 72: Components of the .NET framework ...... 437 Fig. 73: Structural view – multi-tier architecture...... 441 Fig. 74: Catalogue of monetary criteria of the economic efficiency analysis for migrations – development/introduction costs and benefits...... 496 Fig. 75: Catalogue of monetary criteria of the economic efficiency analysis for migrations – operating costs and benefits ...... 497 Fig. 76: Catalogue of non-monetary criteria of the economic efficiency analysis for migrations – urgency ...... 498 Fig. 77: Weighting system for urgency criteria...... 498 Fig. 78: Catalogue of non-monetary criteria of the economic efficiency analysis for migrations – quality/strategy...... 499 Fig. 79: Weighting system for quality criteria...... 499 Fig. 80: Matrix for determining software and hardware costs...... 500
Seite 492 D Tables
Table 1: Effects of integration and standardization on selected targets of a public agency...... 31 Table 2: Overview of components and protocols of the examples of integration solutions...... 36 Table 3: Evaluation of the degree of integration of the exemplary solutions ...... 37 Table 4: Relevance of OSS licenses for users ...... 43 Table 5: Contracts between user and dealer...... 45 Table 6: Applicable law...... 47 Table 7: Copyright issues ...... 54 Table 8: Contractual liability and warranty claims against the dealer...... 59 Table 9: Migration phases ...... 75 Table 10: Price information summary, hardware/software - server ...... 78 Table 11: Price information summary, hardware/software – desktop PC...... 79 Table 12: Price information summary, hardware/software – desktop PC...... 82 Table 13: Classification of document templates and macros ...... 87 Table 14: Information cluster for stock-taking special IT applications ...... 88 Table 15: Rating scale for support continuity for the old system ...... 115 Table 16: Rating scale for bugs, errors and downtime ...... 116 Table 17: Rating scale for service problems, personnel bottlenecks...... 116 Table 18: Rating scale for limits of expansion / upgrading ...... 116 Table 19: Rating scale for interoperability, present/future interface problems...... 117 Table 20: Rating scale for operability and ergonomics (user-friendliness)...... 117 Table 21: Rating scale for compliance with laws...... 117 Table 22: Rating scale for fulfilment of data protection/security requirements ...... 118 Table 23: Rating scale for correct procedures and workflows...... 119 Table 24: Rating scale for compliance with requirements and recommendations...... 119 Table 25: Rating scale for relevance within the IT framework concept ...... 120 Table 26: Rating scale for integration into the IT landscape of the federal administration in general...... 121 Table 27: Rating scale for follow-up effect for communication partners...... 121 Table 28: Rating scale for the pilot project nature of the IT investment project...... 122 Table 29: Rating scale for the use of existing technologies by other organizations ..... 123 Seite 493 Table 30: Rating scale for platform/manufacturer independence...... 124 Table 31: Rating scale for improved job performance...... 124 Table 32: Rating scale for the acceleration of workflows and work processes...... 125 Table 33: Rating scale for standardized and uniform administrative work ...... 125 Table 34: Rating scale for understandability and reproducibility ...... 126 Table 35: Rating scale for image improvement ...... 126 Table 36: Rating scale for attractiveness of working conditions...... 127 Table 37: Rating scale for ensuring/expanding qualifications...... 127 Table 38: Apache modules...... 165 Table 39: Functions of OpenLDAP under Linux ...... 176 Table 40: RFCs in which DNS is specified ...... 209 Table 41: Overview of the DNS resource record types supported ...... 211 Table 42: Overview of DHCP options...... 214 Table 43: POSIX privileges and Windows aggregations ...... 225 Table 44: POSIX and Windows privileges...... 226 Table 45: Properties of the Windows group privileges ...... 234 Table 46: Windows attributes ...... 234 Table 47: Comparison of file servers...... 242 Table 48: Licensing of the Microsoft system management components...... 277 Table 49: Possible components of the Open-Xchange solution...... 291 Table 50: Selection of eGroupWare modules...... 295 Table 51: Zarafa components...... 299 Table 52: Central Kolab server components ...... 301 Table 53: Optional Kolab server components ...... 301 Table 54: Possible migration and transition paths...... 320 Table 55: Functions of Mindquarry ...... 334 Table 56: SharePoint history ...... 335 Table 57: Examples of authorization groups in SharePoint...... 340 Table 58: Matrix of product functions ...... 344 Table 59: Functions of O3Spaces Workplace ...... 359 Table 60: O3Space – functions of the different editions...... 360 Table 61: Novell Teaming functions ...... 369 Table 62: Novell Conferencing functions...... 374 Table 63: System components and requirements of Lotus Quickr 8...... 378 Seite 494 Table 64: Functions of Lotus Quickr services for Domino ...... 384 Table 65: Functions of Lotus Quickr services for WebSphere Portal ...... 387 Table 66: File extensions of ODF documents...... 397 Table 67: Import and export options to OOo /SO ...... 397 Table 68: Overview of characteristics of OOo 1/SO 7 and OOo 2/SO 8 ...... 402 Table 69: Applications in the different suites for MS Office 2007; ...... 404 Table 70: Microsoft Office versions and the pertinent VBA versions...... 408 Table 71: Overview of the characteristics of MS Office 2007 and Office 97 - 2003 ..... 416 Table 72: Possible conversion problems...... 425 Table 73: Compatibility mode with MS Office 2007...... 429 Table 74: Available document format filters in SO 8/OOo 2...... 434 Table 75: Advantages of terminal servers and thin clients ...... 453 Table 76: Selected disadvantages of terminal servers and thin clients...... 454 Table 77: Overview of the functions of different terminal server solutions ...... 463
Seite 495 E Appendix –WiBe for migration projects
1 Catalogue of WiBe criteria for migration projects
Item Note/ dg eva n- eva Description of criterion et- nt bu nt Column recom dg mendat et- ion 1 x b n Development costs / introduction costs and development benefits 1.1 x b n Development/introduction costs for the new IT method 1.1.1 x b n Planning and introduction/development costs 1.1.1.1 x n Personnel costs (own personnel) 1.1.1.2 x b Costs of external consultants 1.1.1.3 x b Costs of the development environment 1.1.1.4 x b Other costs for non-personnel/ancillary items 1.1.1.5 x b Travel costs (own personnel) 1.1.2 x b n System costs 1.1.2.1 x b Hardware costs 1.1.2.1.1 x b Host/server, network operation 1.1.2.1.2 x b Workstation computers 1.1.2.2 x b Software costs 1.1.2.2.1 x b Costs for development and/or acquisition of software 1.1.2.2.2 x b Costs for adaptation of software and/or interfaces 1.1.2.2.3 x b Costs for evaluation, certification and quality assurance 1.1.2.3 # b n Installation costs 1.1.2.3.1 # b Construction/building costs 1.1.2.3.2 # b Installation of technical infrastructure 1.1.2.3.3 # b Office/room equipment, accessories 1.1.2.3.4 # n Personnel costs for system installation 1.1.3 x b n Costs of system introduction 1.1.3.1 x n System and integration tests 1.1.3.2 x b n Costs of system installation 1.1.3.3 x b Import of data stocks 1.1.3.4 x b n Initial training for users and IT specialists 1.1.3.5 x n Familiarization costs for users and IT specialists 1.1.3.6 x b n Other migration costs 1.2 x Development/introduction benefit due to replacement of the old method 1.2.1 x b Once-off cost savings (avoidance of maintenance/ upgrading costs for the old system) 1.2.2 x b Once-off revenue (from sale of old system)
Fig. 74: Catalogue of monetary criteria of the economic efficiency analysis for migrations – development/introduction costs and benefits
Seite 496 Bu Item Note/ dg evan- evaDescription of criterion et- nt bu nt Column recom dg mendat et- ion
2 x b n Operating costs and operating benefits 2.1 x b n Current material costs / cost savings 2.1.1 # b n (Pro-rata) management/communication costs 2.1.1.1 # Current costs from NEW IT method 2.1.1.2 # Current benefits from omission of OLD IT method 2.1.2 x b n (Pro-rata) host, server and network costs 2.1.2.1 x b n Current costs from NEW IT method 2.1.2.2 x b n Current benefits from omission of OLD IT method 2.1.3 x b n (Pro-rata) costs for workstation computers 2.1.3.1 x Current costs from NEW IT method 2.1.3.2 x Current benefits from omission of OLD IT method 2.1.4 # b n Consumables for hardware 2.1.4.1 # Current costs from NEW IT method 2.1.4.2 # Current benefits from omission of OLD IT method 2.1.5 # b n Energy and office space costs 2.1.5.1 # Current costs from NEW IT method 2.1.5.2 # Current benefits from omission of OLD IT method 2.2 x b n Current personnel costs / personnel cost savings 2.2.1 x b n Personnel costs from system use 2.2.1.1 x Current costs from NEW IT method 2.2.1.2 x Current benefits from omission of OLD IT method 2.2.2 x b n Costs/benefits from service item reclassification 2.2.2.1 x Current costs from NEW IT method 2.2.2.2 x Current benefits from omission of OLD IT method 2.2.3 x b n System support and administration 2.2.3.1 x Current costs from NEW IT method 2.2.3.2 x Current benefits from omission of OLD IT method 2.2.4 x b n Ongoing training / qualification 2.2.4.1 x Current costs from NEW IT method 2.2.4.2 x Current benefits from omission of OLD IT method 2.3 x b n Current costs/savings related to service/system maintenance 2.3.1 # b Hardware service/maintenance 2.3.1.1 # Current costs from NEW IT method 2.3.1.2 # Current benefits from omission of OLD IT method 2.3.2 x b Software service/maintenance 2.3.2.1 x Current costs from NEW IT method 2.3.2.2 x Current benefits from omission of OLD IT method 2.3.3 x b n Replacement/upgrading costs 2.3.3.1 x Current costs from NEW IT method 2.3.3.2 x Current benefits from omission of OLD IT method 2.4 x b n Other current costs and savings 2.4.1 # b n Data protection / data backup costs 2.4.1.1 # b n Current costs from NEW IT method 2.4.1.2 # b n Current benefits from omission of OLD IT method 2.4.2 x b n Costs of parallel external support 2.4.2.1 x b n Current costs from NEW IT method 2.4.2.2 x b n Current benefits from omission of OLD IT method 2.4.3 # b n Insurance, etc. 2.4.3.1 # b n Current costs from NEW IT method 2.4.3.2 # b n Current benefits from omission of OLD IT method 2.4.4 x b n Other current costs and benefits 2.4.4.1 x Current costs from NEW IT method 2.4.4.2 x Current benefits from omission of OLD IT method
Fig. 75: Catalogue of monetary criteria of the economic efficiency analysis for migrations – operating costs and benefits
Seite 497 Item Note/ dg evan- eva Description of criterion et- nt bu nt Column recom dg mendat et- ion
3 x Urgency criteria 3.1 x Urgency to replace the old system 3.1.1 x Continuity of support for the old system 3.1.2 x Stability of the old system 3.1.2.1 x Bugs, errors and downtime 3.1.2.2 x Service problems, personnel bottlenecks 3.1.3 x Flexibility of the old system 3.1.3.1 x Limits of expansion/upgrading 3.1.3.2 x Interoperability, interface problems at present / in future 3.1.3.3 x User-friendliness 3.2 x Compliance with administrative rules and laws 3.2.1 x Compliance with law 3.2.2 x Ensuring data protection/integrity 3.2.3 x Correct work processes 3.2.4 x Compliance with tasks and recommendations
Fig. 76: Catalogue of non-monetary criteria of the economic efficiency analysis for migrations – urgency
Weighting for No. "D" criteria migrations
3 Urgency criteria 100
3.1 Urgency to replace the old system 75 3.1.1 Continuity of support for the old system 20 3.1.2 Stability of the old system 3.1.2.1 Bugs, errors and downtime 15 3.1.2.2 Service problems, personnel bottlenecks 15 3.1.3 Flexibility of the old system 3.1.3.1 Limits of expansion/upgrading 10 3.1.3.2 Interoperability, interface problems at present / in future 10 3.1.3.3 User-friendliness 5 3.2 Compliance with administrative rules and laws 25 3.2.1 Compliance with law 5 3.2.2 Ensuring data protection/integrity 10 3.2.3 Correct work processes 5 3.2.4 Compliance with tasks and recommendations 5
Fig. 77: Weighting system for urgency criteria
Seite 498 Description Bezeichnung Kriterien für Migrationen of criteria for migrations Description of criteria for migrations 4 Qualitative/strategic criteria 4.1 Priority of the IT project 4.1.1 Relevance within the general IT concept 4.1.2 Integration into the IT landscape of the federal administration in general Follow-up effects for communication partners 4.1.3 Pilot project character of the IT investment project 4.1.4 Reuse of existing technologies 4.1.5 Platform/manufacturer-independence 4.2 Increase in the quality of specialized work 4.2.1 Increased job performance 4.2.2 Acceleration of work procedures and processes 4.2.3 Standardized administrative procedures Increased understandability and reproducibility 4.2.4 Better image 4.3 Staff-related effects 4.3.1 Attractiveness of working conditions 4.3.2 Securing/enhancing qualification
Fig. 78: Catalogue of non-monetary criteria of the economic efficiency analysis for migrations – quality/strategy
Weighting for No. "Q" criteria migrations
4 Qualitative/strategic criteria 100
4.1 Priority of the IT project 40 4.1.1 Relevance within the general IT concept 5 4.1.2 Integration into the IT landscape of the federal administration in general 5 4.1.3 Follow-up effects for communication partners 5 4.1.4 Pilot project character of the IT investment project 10 4.1.5 Reuse of existing technologies 5 4.1.6 Manufacturer independence 10 Increase in the quality of specialized work 50 4.2.1 Increased job performance 15 4.2.2 Acceleration of work procedures and processes 10 4.2.3 Standardized administrative procedures 10 4.2.4 Increased understandability and reproducibility 10 4.2.5 Better image 5 Staff-related effects 10 4.3.1 Attractiveness of working conditions 5 4.3.2 Securing/enhancing qualification 5
Fig. 79: Weighting system for quality criteria
Seite 499
2 Matrix for determining software and hardware costs
Migration object System type Product Components Costs Remarks ... Examples … Investment current current current current current costs costs year costs year costs year costs year costs year 1 2 3 4 5 Server Software Infrastructure services Directory NDS File Netware 4.11 Print Jet Direct DNS/ DHCP/ BOOTP BIND System management Software distribution Stock-taking Helpdesk Systemüberwachung MRTG/ Nagios/ Network monitoring SNMPWatchNetview Groupware & Messaging Groupware eGroupware Mail Suse Email 2 Terminal server
Hardware
Desktop PC Software Operating system Operating system Windows NT 4.0 Standard software Document exchange, PDF Acrobat Reader viewer Webbrowser und Mailclient Mozilla Office Open Office Compression WinZip Database Access Spreadsheet Excel Presentation Powerpoint Word processing Word Terminal server (client access) Hardware
Fig. 80: Matrix for determining software and hardware costs
Seite 500
3 Legal basis Federal Budget Code (BHO)510, section 7: Economic efficiency and economizing, cost/output analysis (1) The principles of economic efficiency and economizing must be considered when drafting and implementing the budget plan. These principles demand the examination of the extent to which public tasks or economic activities serving public purposes can be accomplished by outsourcing, relocating to the private sector or privatization. (2) Adequate evaluations of economic efficiency must be carried out for all measures involving expenditure. The risk distribution connected to the measures must also be taken into consideration here. In suitable cases, private suppliers must be given the opportunity to demonstrate whether and to what extent they are capable of performing public tasks or economic activities serving public purposes in the same or even in a better way (interest expression procedure). (3) A cost/output analysis must be introduced in suitable areas.
General administrative regulation511 on section 7 of the Federal Budget Code: 1 The principle of economic efficiency512 The orientation of any administrative acts towards the principle of economic efficiency is designed to ensure the optimum use of resources. This includes adherence to the principle of economic efficiency as well as the examination of whether a task must be carried out and whether it must be carried out by a public institution or body. The principle of economic efficiency means that the most favourable relationship between the purpose pursued and the means (resources) to be employed to this end must be aimed at. The principle of economic efficiency includes the principle of economizing and maximum yield. The principle of economizing (minimum input principle) demands that a defined aim be achieved with minimum input of resources. The principle of yield (maximum output principle) demands that a defined resource input yield the optimum result. The implementation of the budget plan, which usually sets forth the tasks (result, aims), is based on the principle of economic efficiency in the form of the principle of economization. The principle of economic efficiency must be taken into consideration for all measures by the federal government which have direct or indirect implications for revenue and expenditure within the framework of the federal budget. This concerns both measures to be judged according to microeconomic criteria (such as procurement for an agency's own administrative functions and changes in organization in the agency's own
510 Refer to the Federal Budget Code (BHO) in the version dated 19 August 1969, last amended by Article 3 of the law of 22 September 2005 I 2809. 511 Refer to the compilation of regulations by the Federal Finance Administration, administrative regulation on the Federal Budget Code in the version dated 16 May 2001, pages 16 seq. 512 In line with prevailing opinion in administrative sciences, the principle of economic efficiency refers to the principles of economic efficiency and economizing within the meaning of section 7 of the Federal Budget Code. Seite 501
administration) as well as measures to be judged according to macroeconomic criteria (such as investment in the transport and traffic sector, subsidies, as well as measures related to social and fiscal policy). Legislation projects also belong to measures of this type. 2 Profitability analyses Profitability analyses are tools for implementing the principle of economic efficiency. Microeconomic and macroeconomic profitability analyses must be distinguished. Profitability analyses must be carried out for all measures. They must hence be performed when new measures are planned or when measures already underway are changed (planning phase) as well as during the implementation phase (within the framework of parallel success monitoring) and on completion of measures (within the framework of final success monitoring). 2.1 Profitability analyses as a planning instrument Profitability analyses during the planning phase form the basis for parallel and final success monitoring. Economic efficiency analyses must provide information on at least the following sub-aspects. • An analysis of the starting situation and of the need for action • Goals, priority concepts and potential target conflicts • Relevant solution options as well as their costs and benefits (including follow-up costs) even if these cannot be expressed in monetary terms • The financial implications for the budget • The suitability of the individual solution options with a view to target achieval, taking the legal, organizational and human resources framework into account • The time schedule for implementing the measure • Criteria and methods for monitoring success (refer to No. 2.2). In the event that the aim cannot be fully achieved as a result of the analyses or for financial reasons, it must be checked whether the partial aim that can be achieved justifies the investment of funds and whether the proposed measure should instead be carried out at a later point in time. In the event that different options are available for the acquisition or use of assets, for example, sale, rent, lease, lease-purchase and similar contracts, it must be examined prior to the signing of a contract which type of contract is economically the most effective for the administration; a lack of budget funds to purchase an asset does not justify entering into continuous obligations. When exercising such an option, it must be considered that lease agreements require particularly thorough examination with a view to their economic efficiency in each and every single case. 2.2 Profitability analyses as an instrument of success monitoring Success monitoring is a systematic analysis method. The purpose of this analysis is to determine, during implementation (parallel success monitoring) and on completion (final success monitoring) of a measure, whether and to what extent the aims were achieved
Seite 502
as foreseen in the plan, whether the aim was achieved thanks to the measure and whether the measure was economically efficient. In the case of measures with a term of more than two years and in other applicable cases, parallel success monitoring must be carried out after periods to be defined from case to case or at times when distinct results or the implementation of parts of a measure can be expected. Against the background of the economic, social and technical change which has occurred meanwhile, the monitoring results supply the information necessary for the decision as to whether and how the measure is to be continued. Ongoing monitoring must be distinguished from parallel success monitoring. In contrast to systematic, comprehensive success monitoring methods, ongoing monitoring means the permanent, targeted gathering and evaluation of information and data for the purpose of additionally evaluating the development of a measure. All measures must on completion be subjected to final success monitoring in order to check the result achieved. There is no methodological difference between parallel and final success monitoring. Success monitoring generally encompasses the following examinations. • Target achieval check The target achieval check compares the targets and the aims actually achieved (variance comparison) in order to determine the degree of target achieval at the time of success monitoring. The target achieval check also serves as the starting point for considerations as to whether the given aims are still valid. • Effect check The effect check determines whether the measure was suitable for achieving the target and whether the target was achieved thanks to the measure. All the intended and unintended effects of the measure performed must be determined here. • Economic efficiency check The economic efficiency check shows whether the implementation of the measure was generally economically efficient with a view to the consumption of resources (economic efficiency of implementation) and whether the measure as a whole was economically efficient with a view to higher-level aims (economic efficiency of the measure). Success checks must also be carried out in the case of insufficient documentation during the planning phase. In such a case, the necessary information must be provided retroactively. The check of target achieval and the effect check are the basis for the economic efficiency check. In contrast to the economic efficiency check, however, they do not take the input of resources into account. 2.3 Methods of profitability analyses513
513 Refer to "Arbeitsanleitung Einführung in Wirtschaftlichkeitsuntersuchungen" (Working paper - an introduction to profitability analyses), attachment to the Federal Ministry of Finance circular dated 31 August 1995 - II A 3 - H 1005 - 23/95 - (GMBl 1995, page 764). Seite 503
2.3.1 General When it comes to performing profitability analyses, the simplest and economically most efficient method under the circumstances of the particular case must be adopted. Microeconomically and macroeconomically orientated methods are available. The particular method to be adopted depends on the type of measure, its aim and the effects related to it. Macroeconomically orientated methods are suitable for all measures with significant macroeconomic effects. Microeconomically orientated methods are suitable for measures which primarily concern the administrative area (such as the ministry, public agency) in question. 2.3.2 Microeconomic methods Discounted cash flow methods (such as the net present value method) must be generally adopted in the case of measures with only minor and hence negligible macroeconomic costs and benefits. Ancillary methods (such as cost comparison methods, offer comparisons) can also be adopted in the case of measures with only minor financial relevance. 2.3.3 Macroeconomic methods Macroeconomic profitability analyses (such as cost-benefit analyses) must be carried out for measures with significant macroeconomic implications. 2.4 Procedures 2.4.1 Profitability analyses must be generally carried out by the organization unit in charge of the measure. 2.4.2 The result of the analysis must be recorded and filed. This is not necessary in the case of measures of minor financial importance only. 2.4.3 Documentation pursuant to section 24 also includes the profitability analyses. 2.4.4 The officers in charge of the budget decide on the profitability analyses which are to be reported to them. They can take part in the profitability analyses and can make the consideration of a measure during the preparation of cost estimates and during the implementation of the budget plan contingent upon the submission of profitability analyses. 3 Interest expression procedure514 In suitable cases, private suppliers must be given the opportunity to demonstrate whether and to what extent they are capable of performing public tasks or economic activities serving public purposes in the same or even in a better way (interest expression procedure). An interest expression procedure can be carried out when it comes to planning new and revising existing measures or facilities. This requires a market survey based on the principle of market competition. The result of the market survey must be compared to the public solutions available in order to ensure an economically sound evaluation.
514 Concerning the interest expression procedure, refer to the Federal Ministry of Finance circular dated 31 August 1995 - II A 3 - H 1005 - 22/95 - (GMBl 1995, page 764). Seite 504
The interest expression procedure does not replace the procedure for awarding public contracts. If the interest expression procedure shows that a private solution is likely to be economically more efficient, the procedure for awarding public contracts must be carried out. 4 Cost/output analysis It is the permanent task of the public administration to improve the ratio of costs and output in performing its duties. The basis for this is the introduction of a cost/output analysis according to the standard cost/output analysis system515. The results supplied by the cost/output analysis render the costs and services performed transparent. Furthermore, effective planning, steering and monitoring are enabled in this way. The cost/output analysis can also support budget planning and budget implementation. Furthermore, information supplied by the cost/output analysis can also help identify cost-covering fees and compensations.
515 VSF H 90 01 Seite 505