> An org can now transition everything to Linux locally, and only be left with these fully functional blockers.

What are the equivalents of Active Directory and the likes of Group Policy? I've seen some compatible/similar tools (like FreeIPA), but they don't seem very popular.

Edit: that’s not a gotcha question or something, I’m genuinely curious about the experiences of people who’ve done deployments like that. I also remember trying to setup Samba to allow some Windows PCs to access storage shares on a Linux box and nothing wanted to work with no obvious error messages. Oh and I have no love for the likes of Kerberos either.

I haven't done it, but Ansible would be the equivalent to group policies, no? The learning curve is very different though.

You can use Samba and Kerberos for identity management. But again, very different to use.

There are no equivalents that encompass the technologies and ease of deployment and management for on-prem.

Samba works just fine as a file server. I'm sure there's some intuitive GUI out there (like Synology's) that makes it easy to set up as a file server only. Not sure about a DC.

But even Microsoft wants you to move to Azure AD + InTune. Arguably more secure and flexible.

>An org can now transition everything to Linux locally, and only be left with these fully functional blockers.

No. There is no vendor for this. Such a vendor would need to offer and support everything that MS is offering and supporting.

>And a vendor can easily integrate and ship that.

Integration is hard. It needs to work together. We all know that Linux has some rough edges (and so does Windows) and the vendor has to take care of it all and actually needs to fix it. A company like that has to suddenly do maintenance on many major open source projects.

> No. There is no vendor for this.

You seem stuck on this model and not at all open to those commentators who are saying the single product vendor model itself is the problem?

My observation is that, regardless the myriad solutions based on strongly enforced interoperability standards, no government has ever had the courage to directly go up against US technopoly. I can see that changing at last. And my goodness, what a long, long, dark time it's been coming.

It may be the problem, but it's also become the standard. If you want Microsoft, you know where to go. If you want Apple, you know where to go. If you want Linux or open standards, there's hundreds of companies that will help you, but which are good? Which are bad? Nobody knows.

Just ask for their certification? Almost every distro that's big enough to need an org to maintain it, has a professional certification program.

>> hundreds of companies, but which are good?

most of them, since there is a lot of competition. Competition is good for businesses.

>You seem stuck on this model and not at all open to those commentators who are saying the single product vendor model itself is the problem?

Because there seems to be no alternative.

> seems to be no alternative

That feeling (you invoke "seems" and thus the realm of appearances) is now common in all walks of life. It has rather little to do with the reality of change. Mostly it means when change comes it's as a surprise. One of the ways to unblocking is to challenge assumptions.

I think as entrenched tech people we get even more stuck in a set of assumptions that the world is moving beyond.

Like the idea of "an OS that becomes popular" Does anybody (except us tech sorts) want that? If API interoperability exists then popularity is actually undesirable and is the root of many failure modes. Why care about popularity? People want and need at least adequate functional utility.

In many ways tech never got off the starting blocks.

50 years of commercial IT and has significantly failed to achieve many of the basics. If being able to copy a simple text file from one computer to another in 2025 is still a struggle, that's failure by any reasonable standards, and BigTech companies are right at the heart of that failure.

I've got decent challenges to many of the other seemingly "no alternative" stuckness I see in this thread, but no need to labour the point - which is to clear ones mind of unexamined assumptions.

I don't particularly care.

This is not a nice to have. It is about European security.

I think we agree. But security is also very much about examining assumptions.

There are many vendors. There are no vendors large enough to handle it at government scale, but there are many vendors. If someone was serious about wanting a vendor it wouldn't be hard to become the single vendor. It isn't hard to hire a bunch of technical people, training them on whatever new desktop and set them loose - it is just expensive.