Best-of-breed approach results in huge economic gains

This article focuses on messaging systems. These systems traditionally consist of e-mail and associated applications like address books, calendaring/scheduling, task lists and notes. Nowadays, real-time and multimedia applications such as presence/status information, instant messaging (IM), internet telephony (Voice over IP, VoIP) and video calling are quickly becoming part of the typical messaging suite, in integrated form referred to as unified communications.

In this case we stay away from the related field of collaboration/groupware applications, containing workflow, chatroom, wiki, bookmarking, videoconferencing, file sharing, collaborative editing, task/project management, application sharing, revision control, and other functionality that is used to create a collaborative working environment.

We do realise, however, that all these applications are part of a continuum spanning personal communications, via groupware and enterpriseware (e.g. blogging and intranets), all the way to publishing to the whole (online) world (i.e. social media).

Policy Context

Legacy

Messaging platforms as they are currently deployed in organisations are often a legacy from the days when mail, office productivity and file & print services covered most needs for professional communication and collaboration. Vendor lock-in, an investment in the skills of users as well as of system managers, familiarity with the interfaces, resistance to change (also related to the relatively high age of public servants and their risk-avoiding behaviour), unhealthy relations between suppliers and buyers, and other non-technical reasons have often prevented the move to open, modern environments that are more secure and less expensive.

Description of the way to implement the initiative

Interoperability

Messaging naturally depends on the interoperability of the systems and clients used by the connecting parties, which nowadays cover the whole world. Only very large providers — 'Big Internet' companies like Google, Microsoft, Facebook and LinkedIn — have user bases so large that they can afford to create so-called walled gardens by using closed or tweaked communication protocols. This closed character, the lack of privacy, and uncertainty — about the location where your data is stored, the risks involved and the security measures taken, your legal position and the applicable jurisdiction — should all in themselves be reasons to avoid these services.

Open standards

The rest of the world, including the open source community, has to adhere to open standards for their software to be practically useful. For e-mail those standards are SMTP and IMAP/POP. There is LDAP for directory services, SIP for internet telephony, and XMPP (Jabber) for chat.

These standards often come with stacks of associated protocols for additional services. Some examples for mail are TLS to secure connections, PGP to encrypt and sign messages, and DKIM/SPF/DMARC to fight spam, viruses and other nasties delivered by mail. SIP sports SDP, RTP, SRTP and ZRTP for session management and encryption, and SIMPLE and MSRP for presence information and instant messaging. OTR is often used to encrypt instant messaging conversations.

Technology solution

Mix and match

The availability of all these open standards, and the need for software providers to adhere to them in order to connect, mean that all sorts of components — even closed-source and open-source — can be mixed and matched with relative ease to form a complete solution.

Here four different types of fully or partially OSS-based implementations are listed, ranging from a best-of-breed constellation to a monolithic solution. Below various examples of implementations are presented, showing the diversity of what is readily available or can be composed from popular open source software packages.

1. An individual open source software component:
   for example an MTA (Mail Transfer Agent), i.e. a mail server such as Exim or Postfix;
   a webmail interface like Roundcube;
   and malware scanners like Clam AntiVirus and SpamAssassin;
2. A best-of-breed approach, building all of these open source software components into an integrated mail system, for example combining:
   • an MTA,
   • POP/IMAP servers (i.e. client-side mail servers),
   • a webmail interface,
   • malware scanners,
   • cryptographic protection against spam and viruses (i.e. using DKIM, SPF and DMARC),
   • a management interface, and
   • a statistics report generator;
3. A software suite combining all of these software components in a pre-packaged mail server platform:
   IndiMail, for example, brings together a dozen open source tools in an integrated mail server system, including:
   • a core system based on the secure qmail MTA,
   • the Courier IMAP and POP3 servers,
   • Fetchmail, a mail retrieval tool,
   • the ClamAV bulk virus scanner,
   • Bogofilter, a bulk spam filter,
   • the TCP wrapper tcpserver,
   • daemontools, a server supervisor kit,
   • the qmailanalog statistics tool, and
   • iwebadmin, a web-based user administration interface;
4. A monolithic solution, providing an integrated mail and messaging service;
   these software packages often lean towards groupware, and they are often backed by a company providing commercial releases, services and support;
   some examples are:
   • Kolab, a messaging system built on the Horde framework, the Cyrus IMAP system, the Postfix MTA, and the Roundcube webmail interface,
   • Zarafa, a messaging system originally positioned as a replacement for Exchange Server.

Technology choice: Mainly (or only) open standards, Open source software

Main results, benefits and impacts

Here various examples of OSS-based implementations of mail/messaging systems at public agencies are presented. They show the diversity of the software that is readily available and solutions that can be composed from popular OSS packages.

• At the end of 2012, the Polish Ministry of Defence tendered for a new mail and groupware system that had to be open source. The mail server had to run on an open source operating system, and the entire system had to be monitored by an open source application like Nagios or Munin. All customisations to the software had to be published as open source. In the requirements, the ministry explained that it wanted to eliminate licensing fees.
• The Vatican Library in Vatican City is a large user of open source software, including the Postfix MTA and the EFA filter package. According to Luciano Ammenti, head of the IT department, the combination of open source and open standards ensures long-term preservation of electronic records and prevents IT vendor lock-in.
• In 2014, the German Federal Ministry of Finance had about eighty Linux servers running in its Berlin data centre. The ministry uses Postfix as its mail system.
• The Polish administrative district of Mniów (Gmina Mniów) has been using open source applications for a decade now. In 2009, the agency was using the Qmail-toaster mail system and the SquirrelMail webmail interface. [both packages are now outdated and have been 'succeeded' by IndiMail and Roundcube, respectively.] Desktop users employed Thunderbird, the mail/messaging client from the Mozilla Foundation that is also responsible for the development of the Firefox web browser. Using open source software helps to save public resources, senior IT administrator Aleksander Podsiadły was quoted. Spending this on proprietary alternatives is a waste of money.
• Fedict, the Belgian Federal Public Service for Information and Communication Technology, is using Postfix, although the organisation never explicitly selected this MTA. It is part of a mail relay service including anti-virus and anti-spam based on Trend Micro, network architect Jan Colpaert explains. Open source software is not an end in itself here. We only care about open interfaces and being independent of vendors. At the time, we were looking for a single supplier for all of our managed security services, including mail relay, DNS, VPN, and IPS.
• The City of Nivelles, Wallonia, Belgium, is using a lot of open source software packages. For its mail system, the City has deployed Sendmail, the MIMEDefang mail filter and various other milters, Dovecot, OpenDKIM, and ClamAV. Nivelles uses Asterisk for internet telephony.
• The Zarafa messaging suite is used by:
  • the Bundestag — the German parliament — in combination with the Dovecot IMAP and POP servers,
  • the 'Green group' in the Bundestag [2, 3],
  • the Bundeszentrale für politische Bildung (German Federal Agency for Civic Education),
  • the German Federal Cartel Office,
  • the German Federal Commissioner for Data Protection,
  • the Archbishop's Ordinariate in Munich, Germany,
  • the National Library of Vienna, Austria,
  • the Dutch City of Ede, and
  • the City Council of Limerick in Ireland [2].
• The Regional Government of Andalusia in Spain has been using mail systems based on open source software since 2001. The corporate mail/messaging service infrastructure is currently based on:
  • CentOS Linux;
  • Exim;
  • Dovecot;
  • Roundcube, SquirrelMail;
  • the Solr search engine;
  • the Sympa mailing list manager;
  • an administrators' interface developed in Java and published as open source software;
  • a specific connector linking to the human resources system to facilitate automated account creation;
  • SpamAssassin and Kaspersky anti-virus;
  • OpenLDAP;
  • Agata, their own open source development for address books, calendars and task lists. Agata has a web interface and integrates with desktop clients like Thunderbird and Outlook using *DAV or SyncML;
  • the ejabberd XMPP server;
  • a simple Android/iOS app based on Xabber;
  • a service to link large files instead of sending these by e-mail: based on open source software previously developed by the University of Seville; and
  • a collaboration or corporate social network suite called 'Red Professional', based on Elgg, Etherpad and BigBlueButton.

Return on investment

Regional Government of Andalusia

According to Juan Conde, Chief of Staff for the Promotion of Free Software at Junta de Andalucía, the economic gains of this best-of-breed solution relative to proprietary solutions must be huge. Vendor proposals end prematurely when we mention that our present costs are around 4 euro per user per year. In 2012, we were serving about 250,000 people at a total cost of €983,500.

Ede, Netherlands

According to the Berenschot benchmark for Dutch municipal ICT costs, the City of Ede managed to spend 92 percent less than its peers on software licenses.

In 2011, Ede's ICT management costs were at exactly the national average. One year later, after correction for the services provided to external customers, these costs were only slightly higher (5-10 percent) than the average. But these costs were more than offset in reduced licence fees: the City paid only one tenth of what other municipalities were paying for their software. All in all, Ede's annual total ICT budget of 6 million euro was 24 percent less than what other municipalities of comparable size were spending.

The City of Ede is using dozens of open source software packages, including the Zarafa messaging system and the Asterisk software PBX (i.e. an internet telephony exchange). The savings on the PBX system and its maintenance alone are huge, Ede's then Computerisation and Automation director Bart Lindeboom told us last year. Our open source soft-PBX costs only one third of a traditional or branded PBX. Furthermore, we now are able to buy smartphones of our own choice instead of those supplied with the PBX. That means we pay 200 euro for a phone instead of 400-500 euro for a 'compatible' device.