Linux Picked in Gendarmerie Lineup


If the process of migrating away from Windows is a bit trial and error, then La Gendarmerie Nationale, France’s national police force, have practiced it until perfection over the last ten years. What started as the realization that their IT infrastructure had become rigid and inflexible, eventually built into one of the smoothest large-scale migrations ever seen in IT.

Rather than this practice getting them to Carnegie Hall, the Gendarmerie gained a flexible, modular IT environment and over 5,000 workstations migrated to the free Linux distribution Ubuntu with no significant user re-training.

How it Started

In 2001, Lieutenant-Colonel Xavier Guimard and his team within the Gendarmerie’s Bureau Securit√© Architecture found themselves dealing with an organization with 12,000 units, 4,300 sites, and 105,000 people using an outdated IT infrastructure that was both expensive to maintain and unable to integrate with other agencies. It didn’t take long for them to determine that they needed a more modular, flexible solution.

The goal was never specifically to migrate away from Windows, or to Linux. Instead, the goal was to free themselves to change any piece of software easily, and they included operating systems as one of those software components.

Starting with the Servers

Large tools that did everything but locked you into being unable to switch away from them were left behind, and more focused tools that could speak using standard protocols were phased in. Such a policy freed the Gendarmerie from being dragged along any particular company’s upgrade cycle and licenses.

By 2002, they were also certain that the best road to this destination involved implementing a strict open standards IT policy. Since open source software turned out to adhere better to standards than proprietary, eventually they added open source to the policy as well.

At the time, they were using many operating systems: AIX, Solaris, NT 4, DGUX, OpenVMS, and more. Each project came with its own system. So the first thing they did was to limit the list of OS’s. Debian was chosen for new servers, for its stability.

Without any additional budget, the first move was to place 85,000 new users onto a Cyrus IMAP mail server on Debian, while 20,000 existing users were migrated from Microsoft Exchange 5.5 on an NT 4 domain to Active Directory and Exchange 2003. They also found that some of their Web-based applications were optimized for Microsoft Internet Explorer. In 2003, they undertook the effort to make these applications W3C-compliant so they could be used with any browser on any operating system.

Next, the Office Software

The next time that Microsoft increased their prices on Microsoft Office licenses, one of the accountants got annoyed and went to Guimard’s team asking about alternatives. They suggested The accountant downloaded and tried it, and just days later returned to the IT director announcing that worked for what they needed.

A few months later, the IT director approached the Gendarmerie’s national director. His plan: to migrate part of the organization to When the national director learned that did everything they needed and was free, he said no, migrate everyone.

Before 2004, the Gendarmerie was purchasing 12,000 to 15,000 Microsoft Office licenses annually. In 2005, their IT department purchased only twenty-seven. These licenses go to users who must have Microsoft Office in order to handle Microsoft Excel files with specialty macros from other agencies.

When the migration proved successful, the next step was taking 80,000 users from Microsoft Outlook to Mozilla Thunderbird and from Microsoft Internet Explorer to Mozilla Firefox. The move to Firefox was decided because the browser was considered more respectful of W3C specifications.

During the same year, the Gendarmerie put out a public tender looking for a human resources management solution that they could use with W3C compliant protocols, along with their existing web single sign on and LDAP infrastructure. LOGICA came forward, adapting their solution to fit the Gendarmerie’s needs.

In Comes Vista

The Gendarmerie might have been content to remain with Microsoft Windows except for one thing: the announcement of Vista in 2006. Switching to Vista would be a serious migration project with hardware upgrades, concerns with the activation mechanisms, and the sense that Vista didn’t seem designed for professional use. It also appeared that their users would have be trained for the change since Vista was significantly different from XP.

So Guimard and their colleagues stopped to consider. They’d been striving toward independence from any particular piece of software, including the operating system itself. But could they actually manage to change operating systems?

To answer this question, System Architect Danek Pascal and the team developed a plan to map out a standard workstation that would suit most of the Gendarmerie’s users. Ubuntu was chosen as their alternative Linux desktop since they were already using Debian for the servers, the Ubuntu community is very active, and the Ubuntu GUI is very user-friendly.

The mapping process included calling numerous stakeholders, and using an open source project that Danek himself leads, known as OCS Inventory NG (Open Computer and Software Inventory Next Generation). What resulted was a list of 35 critical applications such as office programs and a variety of software used for police tasks and management.

After building a matrix of software needs, they estimated the “grip” that each application had to Microsoft Windows and how widespread each of those applications were within the Gendarmerie. This matrix made it easy for them to see what could be easily migrated (, Thunderbird, Firefox, and a number of web applications) and where they would run into more difficulty.

With this matrix, Danek’s team began to think in terms of features. Could the Linux desktop provide all of the features they needed? To determine this, they built a list of required features for what they were calling a standard Gendarmerie workstation. This standard workstation could be used by 90 percent of the staff in their many locations.

Then began the challenge of building this standard workstation entirely in Ubuntu. One large (and very common) issue was to replace Microsoft Outlook calendaring functions for Thunderbird users. To this end, they chose Mozilla Lightening calendaring using CalDAV, CardDAV, SyncML, and other such standards and Open Business Management (OBM) for the server.

Since not all of the features they wanted were immediately available, Danek’s team hired external developers to extend OBM to this level of integration, and then contributed the code back into the main project as well. Eventually they had their prototype workstation built, and had their national IT training center build some e-learning courses to help users with Linux basics, such as browsing filesystems.

Rather than disrupting operations with changes, users are migrated to Linux when their old workstation’s warranty expires. Given that they’re receiving a brand new computer in the process, the change is typically accepted eagerly, and some users have even made the transition to Ubuntu on their own existing systems so their computers would run faster.

In 2008, 5,000 users were migrated. To check on how the process was going, Danek’s department held a conference in Paris in October. The goal was to speak with local officers about the changes and find out what was working and what wasn’t from people in the field. What these meetings made perfectly clear was that the change to Linux was a non-event. They were still using the same software they were before so the users had little trouble with the rest.

Working with Open Source Vendors

Nick Barcet, Ubuntu Server Product Manager with Canonical UK, says that Canonical’s main involvement in this entire process was publishing Ubuntu in the first place. Since Canonical is the commercial sponsor of the Ubuntu project, the Gendarmerie didn’t contact them until 2008. In fact, Canonical only knew about the desktop migration plans two days before they were publicly announced.

Essentially Danek and his colleagues were at a point of needing an official contact with Ubuntu’s publisher, and wanted to give back after receiving so much. The public tender process for third-party Linux support will be completed in the summer of 2009. Until then, Canonical is providing free support. In return, the Gendarmerie have opened cases that turn out to be more of a collection of important feedback than they are support requests.

For example, a couple of months before Ubuntu 8.04 was released, Danek contacted Barcet to say they had this “stupid ,but important” problem. They couldn’t automate workstation upgrades with cron scripts because people would be interrupted in their work. On top of that, their network was only so efficient, and they didn’t want everyone upgrading at the same time.

Instead, the Gendarmerie wanted to give the user the choice of when to do the upgrade. The problem was that only the administrator could authorize an upgrade, and in an enterprise-class installation regular users were not part of the admin group, so they couldn’t implement. Whenever Canonical makes adjustments like this for users, these adjustments are fed back into Ubuntu, at least as configuration options.

A larger issue involved the identification and authentication process. For each environment, the process can be different, and adding in the fact that the Gendarmerie provide police services, the requirements were in many ways more rigorous as well. For example, their identification and authentication process cannot break people’s ability to work if the network goes down. If you have a national emergency, you can’t have people locked out of their computers or necessary applications because the network is down. Caching data also becomes very important for the same reason. Cases such as this were where Canonical was really able to dig in, get to know the Gendarmerie’s architecture, and make a difference.

In fact, this network and caching infrastructure isn’t just a duplication of what the Gendarmerie had before. It’s a significant improvement.

Astounding Results

Since July 2007, the Gendarmerie has purchased only 200 software licenses– total. Rather than recurring license costs, they own what they buy. In addition, maintenance costs are heavily reduced. Danek says that one major factor of this is that for open source, many different companies can provide support, so they have a choice of who they pay for this purpose rather than being locked into a vendor.

Danek says that they will always have a few Microsoft Windows boxes around in IT for very specific reasons, and they’re fine with this. Again, the goal was never to completely move away from Microsoft. The goal was to maintain as much choice and flexibility as possible.

At this point, the only limiting factor when it comes to their Linux deployment is a specific service application that’s replacing an ancient piece of local software. Development on this application is running late but it’s expected to be completed in the beginning of 2010. When that happens, he says, the way is completely open to universal Ubuntu workstations, with a target of 18,000 of them by this time. And all without rushing into throwing their users and IT staff into chaos.

Finally, if you’re a numbers person, consider this. The Gendarmerie now purchases computers with no operating system licenses involved. That factor saves them ‚Ǩ150 (around US$200) per computer. In five years, then end of their license renewal period, the Gendarmerie will save ‚Ǩ12 million (nearly US$16 million) on operating system licenses alone. Add in client access licenses, mail system client access licenses, and so on, and the five-year cost to bring their users to this same level of functionality would be ‚Ǩ60 million (nearly US$80 million).