Pour nous qui sommes habitués à utiliser des ordinateurs, il est facile d'oublier que leur maintenance, surtout pour de grands parcs informatiques, est un métier à part entière. Les menaces de sécurité doivent être repoussées, et, avec l'arrivée de Windows Vista, des choix doivent être faits concernant la migration vers le dernier produit de Microsoft ou, au contraire, vers des solutions à base de logiciels libres. Tom Johnson, administrateur pour les systèmes Mac de la branche académique de l'université de Purdue (Indiana, United States), a accepté de répondre à nos questions à ce propos. Nous avons choisi de laisser le texte de l'interview dans l'anglais original pour donner à l'article une couleur internationale. Mr Johnson nous a également rappelé que toutes les données qu'il mentionne le sont de mémoire et ne sont pas nécessairement exactes ni n'ont fait l'objet d'une recherche approfondie.

Could you present us your role at Purdue University?

I am a Macintosh system's administrator for the central IT group in the academic portion. I run Macintosh computers for the academic computer labs, I install and maintain the operating system and the software, I make sure that it ties into the central campus authentication scheme. So, basically, the Macintosh is mine, when it comes to the academic labs.

Could you give us an idea of the size of the computer networks at Purdue and of the staff involved?

Of the *entire* campus computer architecture? This goes beyond the central I.T. organization. I think there are about nine hundred people that the university considers I.T.. For computers, there are two very large machine rooms on campus, at least two more decent-sized ones not run by the central I.T. organization, and lots of smaller server rooms ran by different I.T. organizations around campus. The number of IP addresses in use is certainly greater than ten or fifteen thousand - it gives you some idea on the number of computers.

What is Purdue's exposure to security threats?

Err... the same as any other campus organization in the world, at least in the U.S.. Academic universities tend not to have firewalls at the border, because we do not know what kind of traffic needs to be coming in and out of campus. Researchers might have written or installed a program on one of the machines in their office, that they're using for one of their projects, and it's using a port that we do not know about but which has to be opened. Therefore, at the campus network level, we can't restrict the whole traffic. However, on particular servers, like those that contain the financial data, we know what needs to be opened or closed, so we can enforce more stringent security policies.

We've had our exploits, but it may concern the different I.T. organizations around campus rather than the central one, because you could easily have a situation where a department is running a small little server with Windows and Excel on which they have some social security numbers... You should probably ask the security staff about specific incidents - I should probably not be the official word on this - but I can say we had them. We haven't had any of the absolute catastrophic ones that you might have read about in the press in the last years, although there have been some very major privacy breaches. In any case, I've been working here either as a student or as a full-time staff member for thirteen years now, and security is much more on the vocabulary in the priority list than it was even just five years ago. Security was not a very important concern back then, but today, the numerous breaking to campuses and the growth of identity theft is making universities an attractive target.

Do some of the threats come from the students?

Well, this is purely personal opinion, you should ask the security staff to get an official answer. My guess is that those threats are usually the more minor ones. Students usually are not involved in identity theft: that's more for large organizations that hit multiple institutions to gather this information. What they often want is to steal resources for their own use, I have known of students who kidnapped machines in offices... One thing that students have frequently tried to use is the fact that there are two different network pipes going to the outside world: the main campus pipe and the pipe for the residential halls. Since the one for the residential halls is frequently clogged with lots of data, students will find ways to move their traffic, for example by borrowing a computer on campus, downloading the files to that computer using the larger and faster pipe that campus has, and then sending it through a very large pipe that runs between the campus network and the residential hall network. So, in many ways it's good use of network architecture but... there's a reason why they're not supposed to be able to do that. [Laughs.]

Do you think that Purdue's computer services for students are better or worse than those of the other universities?

They're at least fairly good. I'm a bad person to ask, since I've never worked in another university and I don't travel to other universities very often, although I do assist to some conferences where I get to hear the stories of I.T. workers in other universities. For example, Cornell is a very prestigious university with a gorgeous campus, but the network architecture is archaic. They actually have a server in every building to run that building's lab because the network between buildings is that bad. I think it is mostly 10 megabytes network pipes between buildings, which is terribly low when you know that even my computers here have 100 megabytes pipes. That is partly explained by the fact that it's an older campus and they just did not invest in changing all the wiring that would need to be changed. The other cause is that Purdue, being a public university, has a very compact campus of about one mile by two miles, which makes it easier and cheaper to install network infrastructure than in Cornell, whose campus isn't as dense.

There is one service that we provide, and that other universities often do not offer, although I think some others such as the Indiana University in Southern Indiana do something similar: we give every student, staff and faculty member a five-hundred megabytes served-side storage space that they can access as a network drive on Windows, Mac, or Linux. It gets mounted by the lab machines when you log in to them, so it's a central place to keep files that you can reach from anywhere on the planet. We started that with a hundred megabytes back in 1998, and there still are universities that only give their students five megabytes to this day...

Do you use free software on computers, and if yes where?

We certainly do. Our licensing group is very busy, they handle lots and lots of contracts. We have a lot of expensive software, but we also use free software on our machines: for example, the end user can use Firefox, Thunderbird, etc. We recently installed an X11 client on the Windows machines, which is freeware. However, even with freeware, we still have to make sure the license agreement fits with what we do with the machines.

Freeware or free software ?

Freeware is just a ... category of free software. It would be software that is free, freeware ... it's my usage of the term.

I'm thinking about free as in "free speech", not free as in "free beer".

Awww! What do you mean by "free speech software" then?

Err... Linux, for example, is free software, under the GNU GPL.

Ok... That's still "free software" in the same sense as what I'm thinking of. We do use it in certain portions for the organization. Linux is used in this I.T. organization, it's used all over campus, although we do not use Linux very much in my particular academic branch. In fact, most of our Unix boxes are Sun Solaris. This is partly for traditional reasons, as we've been running Solaris since before Linux existed, and partly because of the hardware that we have got on those machines. We have been looking at Linux more in the last two to three years, however, for the back-end we already know how to run Solaris and want the support for the servers, and, for the end user, we don't use it in the labs as we don't really have much demand for it. People who want to use Unix can come to a Windows machine, start up an X11 client, connect to one of our big Unix servers and use that, so they don't need Linux on the desktop, they just need a Unix machine they can connect to.

I will mention that a lot of the software packages that we run on the Sun Solaris boxes would be in the same category as Linux, in that they're GPL or other similar licenses. The five hundred megabytes storage space on the servers are actually managed under Unix, and the contents are provided out to all the clients via Samba, which speaks the Windows filesharing protocol SMB, and is free software. We use a lot of other packages like that on the Unix servers, because it makes our lives easier.

Is your university trying to migrate to free software for philosophical reasons or is it...

No, there is no push for that. There is some lobbying from certain parties, but it is neither campus-wide, nor located in the I.T. organization. For example, the software I use on the Macs to push files from my master server to the clients is a free package called radmind coming from the University of Michigan, and I've been using that since 2003. On the Windows side, we're trying to find a replacement for our software package that was written in the mid-90s for the same purposes, because it was a garage project, written by a guy in his spare time, that has not been updated since 97, and it will not survive the transition to Windows Vista. There is a Windows version of the radmind package, which is an open-source project on which people are working, but it's not fully functional yet because, since its heritage is Unix, there are lot of changes such as registry handling that have to be done. There is another package called LANDesk which would cost us about 250000$ to buy and then 75000$ to 100000$ each year for maintenance costs. However, management was basically telling us: "Make it work, we don't care how much it costs.", so... We could help out the open source project, but we would have to hire somebody, as we don't have somebody available in the staff, and at the moment we're more inclined to pay for the software package rather than have to hire someone. There are other costs involved with hiring people beyond salaries, and since the salaries budget is separated from the purchasing budget in the university system, it's sometimes easier to get money from your purchasing budget than from your people budget.

What kind of problems arise from the concurrent use of free software and proprietary software?

What kind of issues are you thinking of?

Well, between... file formats, for example?

We do have to take into account file format problems, but for the most part... We're not big users of OpenOffice, for example; we've got it installed on the Macs but it's actually an old version, I'm not sure that people are using it anymore. One of the things that we do in our group is that we install and maintain what we call "core" or "common software". Everybody or many different parties use this: we will maintain it. So examples are: Microsoft Office, Adobe Photoshop, Adobe Acrobat, even some specialized packages like MathLab, which is used by enough people across an engineering-focused campus like this one. Then there are the situations where the instructor buys the software, provides us the media and the license agreement, and asks us to install this on our machines so that his students can use it. And... if there are file format problems who come with that, then it is not our responsibility, it is the instructor's problem to figure out how to use it and to teach his students how to use it. We do not teach students how to use software or to use computers - we maintain computers. There are certain academic classes which teach that, either the more advanced computer classes or those on how to use Microsoft Office.

Are some of your students publishing some of their school research projects as free software?

I have no idea, we don't work with students that closely. I would guess that it would depend on what they're doing. I could bet the university is very interested in making money of out whatever they can, and you might want to sell your research to get the money for the formation. The university has a very large research park with which they collaborate, and they try to sell technologies that are developed on campus to the businesses. However, I'm sure there have been projects that have been freely distributable from campus. Actually, there was a member of our staff who wrote a Mac program in the late eighties called RevRdist, which was a Mac implementation, conceptually, of the Unix rdist used to distribute files to client machines - it was in fact quite similar to the radmind package I was talking about. He made that free - just anybody on the planet could go download it, I know that guys in Australia were using it to run Mac labs back in those days. It was like: "We wrote this for our internal purposes, but if you want to use it, go ahead. And if you want to help out and contribute some code..." [Laughs.] Cisco has actually helped that out - they are needing that package and so they improved it a lot - mostly adding file compression and network code optimizations - because they were trying to push numerous files over very small network pipes for their own purposes. I just don't know of any specific projects here that have done that.

Do you feel that there are specific advantages or disadvantages with free software?

[Laughs.] If I answered that, it would be completely personal opinion, certainly not the organization's. For the radmind package, for example, there are advantages to the fact that you can go in and help. Being able to modify the code and to maintain it is useful, and free is always nice, it helps on the budget front. The problem is: if some features are missing, you basically have to assign your programmers to the task, and your organization has to have the appropriate staff. University of Michigan have been able and willing to encourage that project for years. For my organization, our programmer crew has shrunk significantly in the last five or six years, and when they leave, we do not replace them. We used to write all kinds of programs, but these days, we barely have enough people to maintain what we currently have, much less to write anything new. Basically, the philosophy changed to "buy it, don't build it". That is right to some extent, because at a particular point of time, for example, we were trying to build our own webportal. What you could answer is: "Why? Other people have already built webportals, even free ones, just go get those and implement them, don't write your own from scratch." You should not spend time reinventing the wheel - that somebody else has already invented. However, if there really isn't any software that does your task, maybe it's worth developing it.

The other thing is, when comparing a commercial product that does that task to your free/open-source package, cost is one consideration but not the only one. For the radmind package, the question was: "Can we have the programmer manpower to help push this project along?" The commercial package does a lot of things beyond file distribution, which is neither our main focus nor our main goal but an extra, however, it has some limitations on the file distribution front that we don't like. Radmind does exactly what we want, but it's not finished, it doesn't handle the registry very well, and it doesn't have those extras, it just does file distribution. Fortunately we probably have another six months to figure that out, since Windows Vista will not be deployed this fall. The instructors will have to come in and test everything, we will have to reinstall every single one of our three hundred Windows apps when we migrate to Vista. We still have old DOS programs installed that the instructors requested, and they're going to crash and burn. We have to give the instructors enough lead time to find a replacement considering the budget limitations, and get back to us. Even industry will wait before passing to Windows Vista, and they are not semester-based like us. A change as big as Vista is not happening between the fall semester and the spring semester, it is only happening over summer, so we're looking at summer of 2008 for that.

What would you like to say to conclude this interview?

Bye. [Laughs.] I've talked too much already, so... And hopefully again none of this gets me fired. [Laughs.] I will have to put in the proviso that these are my opinions, not the opinions of my I.T. organization, spoken from my office, not through the approval of the communications group. Hopefully, the fact that it's a high school newspaper from a different country will keep me from being crucified. [Laughs.]