Import substitution, voice crying in the desert
The cases of the Russian legislation related to purchases of 44-FZ, in which, recently, the priority of Russian goods (goods, works, services-TRU), i.e. equipment and software (if there are analogues in the Register of the Ministry of Communications ).
As a law-abiding citizen of the Russian Federation working in state (municipal) organizations, I began to study the question of how to fulfill the requirements of the legislation or get around them with impunity or with minimal losses. In the process of studying the issue I found out some points and pitfalls of this process, with which I decided to share with the community.
In general, the final baseline data with which the import substitution process began:
')
Pitfalls in the search for equipment, which is divided into groups (for the time being we exclude office equipment).
Summing up the disappointing outcome, summarize.
Import substitution is possible only in large ministries, at the municipal level, there are not enough funds and personnel to bring the IT system to a state close to how it currently works on imported software. I did not come across solutions for the poor SMB, maybe someone knows how to execute the program "import substitution" without going bankrupt ???
Thank you for your attention, maybe someone will be useful information obtained by trial and error!
As a law-abiding citizen of the Russian Federation working in state (municipal) organizations, I began to study the question of how to fulfill the requirements of the legislation or get around them with impunity or with minimal losses. In the process of studying the issue I found out some points and pitfalls of this process, with which I decided to share with the community.
Starting first, I will make a small digression about the initial data for solving this issue:
Most of the municipal organizations initially can be attributed to the category of SMB consumers of IT TRU:
- Based on the minimization of the cost of IT staff, it uses proprietary software in SMB or Freeware editions (imported) that does not require a large staff qualification, which is offset by the presence of minimal basic technical support for imported software in the Russian Federation.
- Based on the minimization of the cost of equipment, equipment - used SMB equipment and spent, moreover, more than one useful life.
- Until the last moment, it was allowed to extend technical support and subscription to import software, there was a ban only on the purchase of new software having analogues in the above-mentioned Register of the Ministry of Communications and Mass Media
In general, the final baseline data with which the import substitution process began:
')
- SMB equipment more than 7 years old;
- import system software (with terminated technical support) from SMB to EnterPrise editions;
- applied software of domestic developers (for “Windows” workplaces based on import DBMS);
- software and equipment for the protection of information of domestic production (for the protection of imported software) - not State Seal, FSTEC-non-FSB certification;
- an indicative indicator of the Import Substitution Plan to switch over 3 years to 50% of domestic TRU in IT.
- a decrease in the dollar expression of the budget for the IT area since 2014.
Studying the issue of equipment for import substitution
For the purposes of organizing a municipal level, there is no need for equipment under the State Secret (in most cases), there is no need to purchase equipment based on the Elbrus and Baikal processors for “crazy” money .
For the SMB range (without State Secret), I have not yet found domestic solutions, in other cases this is a hidden rebranding of imported equipment. Domestic production often boils down to sticking “Domestic manufacturer” logos on the Supermicro server cases.
For the SMB range (without State Secret), I have not yet found domestic solutions, in other cases this is a hidden rebranding of imported equipment. Domestic production often boils down to sticking “Domestic manufacturer” logos on the Supermicro server cases.
Pitfalls in the search for equipment, which is divided into groups (for the time being we exclude office equipment).
RM equipment
RM equipment consider two options:
System blocks (ordinary RM);
The issue of purchasing new system units can be divided into four areas:
Consider in detail the pitfalls of the first two options:
- Those who check (and punish) are not interested in the technical difficulties and cost of screwing your application software to the “Patriotic OS”. Unsolvable problems, as it were, no longer exist - there is WINE, there are CryptoPRo drivers for Linux, the GIS has already partially gotten off IE. Difficult, inconvenient, expensive, but technically possible, which means you kindly order with alternatives to Windows.
-It is difficult to formalize the requirements so as to purchase windows based on the requirements of the application software, since the question why you did not switch to another application software (using domestic OS) is impossible. It is useless to convince those who think that the application software is only: 1C, drawing pictures and OFFICE (this is not sarcasm - it is an advertisement for "domestic OS" - that such products as graphic editors, office programs and media player are included in their package, and more for the work of employees of state and municipal institutions and is not necessary.)
- purchase of system units without an OS, under existing OLP licenses of Windows 7 (most of the application software is focused on this OS);
- purchase of system units with Windows 10 (almost no other version of Windows is on sale);
- the purchase of system units without OS (for the further installation of the "Domestic Linux");
- purchase of system units with the "Domestic Linux");
Consider in detail the pitfalls of the first two options:
- System blocks on which you can easily install Windows 7, but you should pay attention to a series of processors, released after 2015 processors (after Skylake) often have video embedded in the processor that does not have drivers for Windows 7. And I think in the near future these processors will disappear from store shelves, with them already and so is not complete set of ready-made blocks of "domestic producers."
- When purchasing system units with Windows 10, there is a need to justify why you do not want to take the "Domestic operating system." And it is almost impossible, I will explain why:
- Those who check (and punish) are not interested in the technical difficulties and cost of screwing your application software to the “Patriotic OS”. Unsolvable problems, as it were, no longer exist - there is WINE, there are CryptoPRo drivers for Linux, the GIS has already partially gotten off IE. Difficult, inconvenient, expensive, but technically possible, which means you kindly order with alternatives to Windows.
-It is difficult to formalize the requirements so as to purchase windows based on the requirements of the application software, since the question why you did not switch to another application software (using domestic OS) is impossible. It is useless to convince those who think that the application software is only: 1C, drawing pictures and OFFICE (this is not sarcasm - it is an advertisement for "domestic OS" - that such products as graphic editors, office programs and media player are included in their package, and more for the work of employees of state and municipal institutions and is not necessary.)
Thin clients (for connecting to terminal sessions of virtual machines);
Thin clients are a financial alternative to a very strong system block.
But here, too, there are pitfalls that can be detected, alas, only with the purchase of these devices.
Consider the example of three configurations checked personally (the assembly on the raspberry pi 3 knee - not considered, this is not for industrial use):
But here, too, there are pitfalls that can be detected, alas, only with the purchase of these devices.
Consider the example of three configurations checked personally (the assembly on the raspberry pi 3 knee - not considered, this is not for industrial use):
1. the cheapest readymade configuration Espada E-734 (import);
Briefly about the unit, more or less smart, easily customizable, only the RDP client, USB flash drives are available through the network environment, Rutoken - does not break through.
Conclusion:
You can safely replace the system blocks in which you do not need a digital signature.
Conclusion:
You can safely replace the system blocks in which you do not need a digital signature.
2. The average price range DEPO SKY A60 (DEPO OS);
On the disk attached to the delivery of the Thin client, the documentation and the management program - HOW WOULD HERE! BUT!
The site has scant information about the possibilities (until you buy it, you will not understand what you bought). FU !!!
A bunch of client options, but interested in RDP. HOORAY!
Thank God it was possible to connect to Win7 SP1 RDP 7.1 Hurray!
Several options configurator that can fray each other FU!
Through a text editor is configured after reading the documentation Hurray!
Rutoken managed to throw inside the terminal virtual machine Hurray! BUT!
Only ONE TOKEN FU!
Only if there is an installed TOKEN when the thin client FU is turned on!
With a temporary seizure-TKEN disappears FU!
USB flash drives are available through the network environment and again when you turn on the FU thin client!
The DEPO OS producer turned out to be GrapeCOM (Ukrainian-Crimean production). The documentation can be seen there, only the logo differs from the DEPO documentation. UNCLEAR!
Slows down, slower Espada E-734 FU!
The configuration of the thin client, climbing the attached setup program with the GrapeCOM logo, can be torn down. FU!
Not all screen resolutions are available (bad for widescreen monitors) FU!
Sticks key on FU! (although there may be a single instance defect).
The optional USB Redirect TRIAL program is almost URA !, price $ 139 FU!
Conclusion:
You can "stressfully" replace the system blocks in which there is one EDS.
The site has scant information about the possibilities (until you buy it, you will not understand what you bought). FU !!!
A bunch of client options, but interested in RDP. HOORAY!
Thank God it was possible to connect to Win7 SP1 RDP 7.1 Hurray!
Several options configurator that can fray each other FU!
Through a text editor is configured after reading the documentation Hurray!
Rutoken managed to throw inside the terminal virtual machine Hurray! BUT!
Only ONE TOKEN FU!
Only if there is an installed TOKEN when the thin client FU is turned on!
With a temporary seizure-TKEN disappears FU!
USB flash drives are available through the network environment and again when you turn on the FU thin client!
The DEPO OS producer turned out to be GrapeCOM (Ukrainian-Crimean production). The documentation can be seen there, only the logo differs from the DEPO documentation. UNCLEAR!
Slows down, slower Espada E-734 FU!
The configuration of the thin client, climbing the attached setup program with the GrapeCOM logo, can be torn down. FU!
Not all screen resolutions are available (bad for widescreen monitors) FU!
Sticks key on FU! (although there may be a single instance defect).
The optional USB Redirect TRIAL program is almost URA !, price $ 139 FU!
Conclusion:
You can "stressfully" replace the system blocks in which there is one EDS.
3. Dear customer DEPO SKY 180 (Win10_IOT);
3. Dear customer DEPO SKY 180 (Win10_IOT);
Attached to the delivery of the Thin client is NO DISC! FU!
The site has scant information about the possibilities (until you buy it, you will not understand what you bought). FU!
About the features of Win10_IOT- info on the site there are no FU at all!
A bunch of client options (several installed and you can add), but was interested in RDP. HOORAY!
For information The password of the Administrator is not specified anywhere, there is no documentation. password - “DepoComputers” Hurray how would!
To roll out a token, you need to install its drivers as on a regular Win10 x64 system on a thin client, Hurray!
Conclusion:
You can replace any system units with a bunch of EDS., But the price is a little less than a cheap system unit for normal operation and again the restriction on NON-ORIGINAL software!
+ Additional costs for the Cal license and antivirus software when using IE on a thin client
Attached to the delivery of the Thin client is NO DISC! FU!
The site has scant information about the possibilities (until you buy it, you will not understand what you bought). FU!
About the features of Win10_IOT- info on the site there are no FU at all!
A bunch of client options (several installed and you can add), but was interested in RDP. HOORAY!
For information The password of the Administrator is not specified anywhere, there is no documentation. password - “DepoComputers” Hurray how would!
To roll out a token, you need to install its drivers as on a regular Win10 x64 system on a thin client, Hurray!
Conclusion:
You can replace any system units with a bunch of EDS., But the price is a little less than a cheap system unit for normal operation and again the restriction on NON-ORIGINAL software!
+ Additional costs for the Cal license and antivirus software when using IE on a thin client
Server equipment
The question about Server hardware arose from several detected pitfalls:
For SMB it is a bit too much, there are not so many tasks.
As a temporary measure for SMB storage (with HA functions), you can use the old hardware and the FREE version of EMC ScaleIO (in the new VxFlex OS ). On a newer hardware FREE version of StarWind Virtual SAN (VSAN)
- Domestic development of server operating systems (they do not understand equipment older than 7 years exactly, tested on HP G6, HP G7) and therefore often sell PAKs (software and hardware kits) on new hardware with pre-installed software. Now I am checking the Russian OS on the E5-XXXX V1 equipment (with the available equipment and at reasonable prices), maybe something will take root;
- The cost of new server platforms has increased significantly, and for the work of such Domestic virtualization systems as ROSPlatform , 5 or more servers are required. FU !!!
For SMB it is a bit too much, there are not so many tasks.
- Replacing the hardware storage system with just installing imported software on the old hardware is again impossible: there is RAIDIX in the MinComSvyaz registry , but as always IT is OEM for hardware integrators. Allow me to buy together with iron, which is expensive for SMB solutions.
As a temporary measure for SMB storage (with HA functions), you can use the old hardware and the FREE version of EMC ScaleIO (in the new VxFlex OS ). On a newer hardware FREE version of StarWind Virtual SAN (VSAN)
Study of software for import substitution
The study of the issue is divided into: OS, databases, office software.
Operating Systems
Operating systems from the registry of the Ministry of Communications will conditionally divide the OS RM and the OS server for virtualization.
I did not find an answer to the question why it is impossible to use free import OS (with repositories outside the Russian Federation) instead of the same programs that Russian authors allegedly have. The only difference from imported grandparents is in the set of modules and the installer (they are simply not capable of changing the mini-team of “domestic developers”).
The cost of domestic operating system RM from the registry is comparable to the cost of Windows 10.
The cost of a server operating system with virtualization features surpassed even imported bourgeois.
From the recently discovered PAK + ROSPlatform - 244 million rubles .
in terms of the needs of me as an SMB client, everything is early for more than 30 million rubles. without equipment.
What is the Nanai business-replace the debugged software running on existing hardware
Vmware Vsphere + EMC ScaleIO + Veeam Backup & Replication + Oracle DataBase on the Domestic MIRACLE with the purchase of new hardware.
Scala-P + P-Virtualization (imported KVM QEMU) + P-Storage (Imported Ceph) + PostgreSQL for tens of millions of which are not.
In the R-systems, their technical support especially touches, is carried out if someone you have implemented, taught, set up, you can not.
The rest of the virtualization systems like “Brest” were not considered at all, somehow I don’t believe Linux developers who have a website of 1-3 pages that are crookedly displayed and also:
- no trial versions;
- no updates;
- no personal account;
- no knowledge base;
- no technical documentation;
- no prices on the site;
No news (unknown, maybe the site is already dead).
In general, there is no one to which I somehow got used to using imported paid software. Sad!
I did not find an answer to the question why it is impossible to use free import OS (with repositories outside the Russian Federation) instead of the same programs that Russian authors allegedly have. The only difference from imported grandparents is in the set of modules and the installer (they are simply not capable of changing the mini-team of “domestic developers”).
The cost of domestic operating system RM from the registry is comparable to the cost of Windows 10.
The cost of a server operating system with virtualization features surpassed even imported bourgeois.
From the recently discovered PAK + ROSPlatform - 244 million rubles .
in terms of the needs of me as an SMB client, everything is early for more than 30 million rubles. without equipment.
What is the Nanai business-replace the debugged software running on existing hardware
Vmware Vsphere + EMC ScaleIO + Veeam Backup & Replication + Oracle DataBase on the Domestic MIRACLE with the purchase of new hardware.
Scala-P + P-Virtualization (imported KVM QEMU) + P-Storage (Imported Ceph) + PostgreSQL for tens of millions of which are not.
In the R-systems, their technical support especially touches, is carried out if someone you have implemented, taught, set up, you can not.
The rest of the virtualization systems like “Brest” were not considered at all, somehow I don’t believe Linux developers who have a website of 1-3 pages that are crookedly displayed and also:
- no trial versions;
- no updates;
- no personal account;
- no knowledge base;
- no technical documentation;
- no prices on the site;
No news (unknown, maybe the site is already dead).
In general, there is no one to which I somehow got used to using imported paid software. Sad!
Database
We do not need databases by ourselves, but as an engine for application systems.
Studying my needs in terms of the possibility of transferring from Oracle DataBase to PostgreSQL, I found a bad point, unlike the database transformation from Oracle to other databases, there is no direct transformation to PostgreSQL, due to differences in structure, data types, triggers, stored procedures. This procedure is very paid, in contrast to other paid databases, you can’t do with changing the driver of access to the database; you will have to manually rewrite the bases and the APPLIED COMPLEX, which is very, very expensive.
Studying my needs in terms of the possibility of transferring from Oracle DataBase to PostgreSQL, I found a bad point, unlike the database transformation from Oracle to other databases, there is no direct transformation to PostgreSQL, due to differences in structure, data types, triggers, stored procedures. This procedure is very paid, in contrast to other paid databases, you can’t do with changing the driver of access to the database; you will have to manually rewrite the bases and the APPLIED COMPLEX, which is very, very expensive.
Office software
Office software allegedly produced domestically on closer examination is less localized for Russia than the MS office (functions in tables, system settings).
The main pitfall is documents coming from other structures, often from the MS office and when opening them in the Domestic products of the table, everything breaks.
The main pitfall is documents coming from other structures, often from the MS office and when opening them in the Domestic products of the table, everything breaks.
Import Substitution Information Security
The software protected the information even in previous periods did not have time for the release of OS versions and the software on which it was installed. It was necessary to wait for the transition to the new version to wait half a year for the release of the editors to protect information. On the example of VgateR2, until ESXi protection is released, you cannot upgrade ESXi itself. Most of the software developments on stitching information is sharpened on Windows and imported software. Under new domestic developments, not including the state secret, there is nothing at all or at the initial stage. To this it is worth adding the time for software certification. How to switch to domestic software without protection is unclear. !!!
Summing up the disappointing outcome, summarize.
Import substitution is possible only in large ministries, at the municipal level, there are not enough funds and personnel to bring the IT system to a state close to how it currently works on imported software. I did not come across solutions for the poor SMB, maybe someone knows how to execute the program "import substitution" without going bankrupt ???
Thank you for your attention, maybe someone will be useful information obtained by trial and error!
Source: https://habr.com/ru/post/423823/
All Articles