The U.K.'s National Health Service Licenses JDS

deputydink writes "Recently the NHS licensed from Sun 5000 seats of its JDS system for tactical deployments within the health care service, adding that it deemed JDS a viable desktop alternative for certain types of user communities. The NHS has already deployed JDS in its back-office. This could be the high profile boost for JDS subscription services that Sun needs."

Yikes.

As an ex Sun guy with plenty of JDS experience let me just say this is farking insane unless these tactical deployments are not mission critical deployments. For desktop use by admins or execs, that's cool but I wouldn't want anyone in the emergency room using it.

Re:Yikes.

[Aardpig]

As an ex Sun guy with plenty of JDS experience let me just say this is farking insane unless these tactical deployments are not mission critical deployments.

Don't worry, I imagine the deployments will be standard desktop use. However, from the article:

An NHS representative could not elaborate on exactly where in the agency's sprawling system, incorporating tens of thousands of users, the software would be deployed.

This makes me concerned that the NHS administration is adopting the classic 'head up arse' approach to IT administration, buying 'cool' new kit before they have any clue what they will be using it for.

Re:Yikes.

[jimicus]

I'm sure there is a very detailed plan, just not one we are privy to.

Not a troll, but you're not very familiar with UK governement IT projects, are you?

Re:Yikes.

[GORby_]

Why would we feel bad about that? It's not as if the companies are violating the GPL or that kind of things by doing that. Everybody who wants to make money that way can do that... in fact, why not just start selling your own linux distro tomorrow.

Isn't it so that Sun for example may well be making money on open source, but has also made Openoffice.org possible by releasing the source code for their office suite? Red hat has also done some good things.

Furthermore, the developpers that do the work for (almost) nothing do that of their own choice, and if they wouldn't like that someone else would profit from that, they wouldn't work on open source software. The fact that some large companies make money with open source is even a good thing, since that kind of industry backing will make linux and open source a more credible alternative for closed source software in some cases.

All this support from those large companies is certainly good for extending the user base, which IMHO gives those aforementioned developers a good feeling, because more people are able to enjoy their work.

Re:Yikes.

[Spoing]

1. Isn't anyone else feeling bad about how companies like sun and red hat make tons of cash while the open source developers do most of the real work for almost nothing?

No. I don't.

First, they're not making much if anything.

Second, much of the payback of open source is in collaboration; I craft a stick to scratch an itch, and you improve on it so we both benifit. If you sell that improved stick for a profit, I still get the improvements free.^

The amount of waste and rework involved in closed + propriatory software is amazing, so using that instead of OSS has a steep cost.

I don't feel bad about Microsoft or Corel loosing out when OpenOffice is used, let alone when FreeBSD or Linux are used instead of OSX or Windows.

1. (^. OK, not always...got me.)

Re:Yikes.

I see your point, but no -- it's not a problem.

The whole point of free software is freedom, and that includes the freedom for other people to try and profit from your work. The only freedom not granted by the GPL is the freedom to change the license; the only freedom not granted by the BSD license is the freedom to remove copyright notices.

For programmers who agree with you that money should be shared as well as code, licenses such as the AFPL exist which forbid commercial exploitation. It should be noted that the AFPL is not a Free Software license, nor does it meet the OSI's definition of Open Source, for precisely that reason.

Re:Yikes.

[dotwaffle]

The UK doesn't have an ER. We have Accident & Emergency ;) For those times when emergency would just cost too much...

Re:Yikes.

[jimicus]

I sincerely hope the NHS IT project doesn't follow this course. But, for yours and other non-UK citizens benefit, there follows an explanation of how UK government IT projects are usually run.

Such projects usually start with great, noble intentions. They may be a tad ambitious, but that's about the worst thing about them.

The contract goes out to tender, and bids are taken. Eventually, supplier(s) are chosen.

Then the requirements change, usually because they weren't very clear to begin with, or they were too ambitious, or not ambitious enough or..... Most suppliers charge a fortune for changing requirements part way through a project, so this costs taxpayers quite a bit of money.

The project now continues (with its new requirements). The requirements then change again, with an attendant price increase.

Repeat this a few times, until you have a project which is up to 2 years late.

Finally, the nice shiny new system meets requirements (more-or-less). But non-functional requirements frequently haven't been considered. "Non-functional" requirements are those which make the system usable as opposed to functional. It might be that there's so much information presented at once that staff cannot easily use it, or that the system is considerably slower than expected. It's around now that the press starts to ask questions. Like "What happened to that new system which was supposed to revolutionise XXXX?"

The government blames the supplier(s) for failing to build an appropriate system. The supplier(s) blame the government for continually changing their requirements and generally being very difficult to work with.

After a while, the pattern becomes apparent - no matter which suppliers are chosen, the involvement of the government has become known as a kiss of death. This doesn't always help the supplier either, particularly if they bid for a number of government projects. Google for "crapita" to get an idea of what I mean.

IT and the NHS

[suckmysav]

Given the NHS's spectacular track record in failed IT projects, I have grave concerns that this has as much a chance of ending up being a PR nightmare as it it does a triumph where Sun is concerned.

Just a question-

[thewldisntenuff]

How does one define "tactical deployments"?

Are we talking ER situations? Homeland Defense/Emergency offices? I mean, the article leaves little mention, just stating that they are to be used in "tactical deployments"?

Any docs out there who can explain?

-thewldisntenuff

Re:Just a question-

[cimmer]

Tactics are components of an overall strategy. Strategy wins the war, tactics will win the battles. In this case, "tactical deployments" probably means "we don't really know how well this is going to work, we certainly are not going to risk our mission critical functions (and jobs) on this, so we'll figure out where to use it and let you know how things pan out".

Re:Just a question-

[MmmDee]

I think the term, "tactical deployment" as used here simply means installing and verifying the software works at the customer's facility. To my knowledge, there is no such term used in the medical community. This link just shows as an example company using the term as I described (from a google search).

Re:Just a question-

[MarcQuadra]

Well, where I work a 'Tactical Deployment' is when a user takes vacation or a sick day and I reimage their box with a newer OS. There's a lot of folks who cling dearly to their old familiar software.

They don't even know what hit them.

Re:Just a question-

[stevelinton]

I would guess this will be deployed in the NHS administrative structures, rather than in hospitals or GP surgeries. There are loads of parts of the NHS where they need lots of seats to run a few specific applications rather than general computing:

* the NHS direct call centre operation
* the huge adminstration that tracks monitors and pays for
all non-hospital NHS prescriptions
* central and regional management and support -- allocating money

Re:Just a question-

[DrXym]

Tactical deployment means finding 5000 machines in the whole of the NHS that will actually install and boot JDS.

Re:Thats good...

[Alwin+Henseler]

It includes Linux as underlying OS to run on, and several components that are also used in Linux-based systems. Is that good enough?

Medical records and open source

[cimmer]

I find it pretty interesting that Sun was able to score this deal in an area where security is such an important aspect. Or perhaps that's why they were able to do so? Either way, it seems like a solid jab for the open source community.

Re:Medical records and open source

[0racle]

Its probably one of the reasons in part why Sun instead of say Red Hat or SuSE would have got the contract. Once the decision to go with Linux was made you look at who will provide the support, and being the Health Service and the 'tactical deployment' description, I would assume that would mean a 24/7 on-site support ability. By this point it comes down pretty much to IBM or Sun. There's a good chance the NHS has a prior relationship with one of them, if not both, so the past experience with that coupled with what the decision makers knew of their reputation with the ultimate leveler, the cost, is what will draw the final decision. While IBM is no slouch when it comes to security, they are moving an unaltered Red Hat or SuSE, both of which have frequent security bulletins, while Sun also has a decent record of security, and modifies Linux to create the JDS, which at the very least could give the impression that it might be the more secure of the two.

Re:Medical records and open source

[DrXym]

... Red Hat or SuSE, both of which have frequent security bulletins

But anyone with half a brain in their IT department would know that is a good thing. And they should have evaulated those systems as a matter of course. I'm sure both companies would offer 24/7 support if you paid them for it.

I don't run JDS - I can't because it has the suckiest hardware support since Corel Linux and I wouldn't due the licence - so I have no idea of how good their security bulletins are. What I do know is that if there are few or none, that it is a cause to be extremely, extremely worried. After all, JDS is just an old SuSE with UI sprinkles and some extra Sun stuff. I consider it highly implausible that it is all immune to the issues that would face a older generic SuSE, or that the Sun stuff is perfect and bug free in every way.

Still, like you say Sun could be a tier 1 supplier for the NHS with an existing support contract. If so I wouldn't be surprised if Sun tossed 5000 licences at them just to drum up hardware sales. Even so, JDS bears every indication of being a lemon, so I'd be reluctant to sign a piece of paper committing myself to it, no matter how many copies sun threw my way.

Re:Medical records and open source

[legirons]

"I find it pretty interesting that Sun was able to score this deal in an area where security is such an important aspect"

You mis-spelled "cost".

But here we don't have HIPPAA, and everyone in the NHS runs windows computers with viruses on them (not as much of an exaggeration as you think), it's common for whole departments to lose their computing facilities when a new virus hits, it's common for confidential information to make its way from a virus-infected computer to the internet. Many [most?] computers are never patched, and while they've got a firewall "around" the whole lot, everyone who's got laptops in their office (many doctors use tablet PCs) knows how effective one exterior firewall is.

They were once trying to roll-out an entire public-key cryptosystem in one go, which was the last time security was mentioned. I don't know if they were going to install a separate "prescription-signing" computer in each doctor's office, or install something on their Windows machine, but either way the talk is of extremely high cost, and extremely low value. Perhaps all the years of removing "non-medical" administrative positions are taking their toll, but more likely it's this way because everything related to UK government is that way.

Of course, people on slashdot will say that nothing should be connected to the internet, but then medical researchers are just the same as physics researchers -- websites and email addresses and newsgroups are very useful tools for doing research. And the surgeries in the shetland-end of nowhere with dial-up access to the mainland probably aren't going to have security of any sort, indeed I doubt that anyone has the funds to implement "military grade" 2-unconnected-networks security.

They just signed another contract for a quintillion windows licenses a year ago for both government and the NHS, if that gives any idea of their preferred platform

Re:Medical records and open source

[DrXym]

Not necessarily. For example Mozilla 1.4.1 might be more stable than Mozilla 1.7.2 but it doesn't contain a whole bucketload of security fixes that have happened in the last year (e.g. the XPI onload exploit, removing support for certain protocols). It wouldn't surprise me if hundreds of major and minor security fixes have gone into Mozilla since then.

And that's just one package. The same could be said for glibc, GNOME, XFree, CUPs, Samba, Apache - you name it.

Likewise, the kernel is 2.4.19 based and therefore wouldn't pick up any driver or security fixes that have appeared since. Perhaps Sun / SuSE have retrofitted critical patches, you're still left with a heavily forked and obsolete kernel used by no one else. There have been eight 2.4.x releases since, and already most other dists are on 2.6.x with a 2.4.x fallback if need be.

And perhaps the update mechanism itself is less friendly than other systems causing users to ignore it. It's fairly trivial to update SuSE or RH, but apparantly you have to type your serial number to update in JDS. Who is going to bother with that?

Also, JDS has a bunch of proprietary Sun code sitting on top for network deployment & management. Who's to say what remote exploits are lurking within it since no one has had the chance to review it?

So old doesn't imply secure. Of course the same could be said for Red Hat, but to be honest, their QA and hardware support is miles better, upgrading is easy, and their tools are open source and can be reviewed by any one.

Re:Medical records and open source

[toriver]

Then again, SuSE == Novell these days, and that name has a good rep in the corporate world, from back when Microsoft didn't care that PCs could be networked, and left all of that to third parties like Banyan, Sun, various universities and especially Novell.

The third-party market practically died with Windows 95, but still.

JDS has been a Godsend for me

[akedia]

I work as a network administrator for a national architectural research institution. Recently, we replaced several dozen aging Windows XP workstations with Sun thin-clients running the JDS system for to run the proprietary topographic software our employees use and I am very impressed. The integrated system managment tools are bar-none the best I've ever used, and a distributed system offers users much more power than they would ever need, without the extra cost of running an NT-based domain. Sun really has built an excellent product.

Re:JDS has been a Godsend for me

Yeah, JDS is better than most other non-linux solutions but most other linux-solutions are better than this one. It's a step up, but not a big one.

Re:JDS has been a Godsend for me

[Nos.]

Agreed, the company I work for had us evaluate JDS as a product, and while definitely better than MS, I still wouldn't use it over a properly setup Linux setup.

Re:JDS has been a Godsend for me

[darkonc]

Yeah, JDS is better than most other non-linux solutions but
....
When all you know is garbage, mediocre looks like heaven.

Re:JDS has been a Godsend for me

[Donny+Smith]

JDS _is_ a properly setup Linux client.

If you want to make it easy for non-gurus to manage Linux, you need some management tools with GUI - and in the end, that is what JDS is.

Mozilla on JDS

[z3021017]

I just hope they updated the integrated Mozilla browser!

The last time I used JDS, the version of Mozilla preinstalled was 1.4, which did not support NTLM proxy authentication and thus I had major issues getting the computer on the Internet.

In the end, I just installed Firefox.

Re:Mozilla on JDS

Yes, because you really want your surgeon to be browsing tranny porn while operating on you.

Re:Mozilla on JDS

[MarcQuadra]

Well if you recall, Mozilla 1.0, 1.4, and 1.7 were all 'extra stable' codebases, designed for vendor repackaging and forking.

It would be unwise for Sun to run Mozilla 1.5 or 1.6, because in between the 'extra stable' releases a lot of things change and (historically) break.

Once a year or so, the code gets the big projects landed and the tree gets a more thorough debugging than normal, any forks happen (camino, netscape, galeon), and a 'benchmark' release is made.

JDS Back Office ?

[tonyr60]

"The NHS has already deployed JDS in its back-office."

Probably not, although I hesitate to suggest that a /. article is wrong. More likely that they deployed JES (Java Enterprise Server)

Re:JDS Back Office ?

[Chembryl]

Its misleading at best.

Having applied for a job updating the patient care record system for the NHS, I can tell you that only in the London region (via Syntegra consulting) are they using Java in the back office for sure. The north of England's regions on the otherhand are most definately (via Accenture) transfering over to .NET.

Could be a ploy

To get the best deal out of MS ala Telstra Australia.

Re:Could be a ploy

[darkonc]

In serious negotiations, you're best off if you're seriously willing to go with the alternative. If you've done your homework, and you're pretty sure that you could do an equivalent (or better) deployment with non-MS software, then you can hold off until MS offers you enough incentives to stay with them, or go with the alternative. In either case you then win.

If, on the other hand, MS realizes that you're bluffing, (and they'll probably get real good at sussing out badly designed deployments, if they haven't already), they might just deide to play hardball.

The deployments that have caused MS to really cut their prices were deployments where the customer was very serious about going to a non-MS solution.
In the Munich case, they went Linux in spite of MS's price cutting, In the British case, they had already done a (successful) pilot.

Now, if I were the CIO of a large company, I would definitely look at doing a couple of pilot projects. Worst case, I might get MS to drop their prices by a few extra points. Best case, I might find that the Open Source is a huge step better than the MS product, and worth changing to at any price.

Two key issues...

[jkrise]

while deploying alternate desktop environs in a health-care setup:

1. Printing: Best way forward is internet printing. Very difficult to get the right drivers working the right way on each desktop, but for internet printing.

2. Drivers for medical devices: Most devices come with Windows drivers only. Hardware mfrs. and Linux distors really need to take some effort here. By the way, this is a weal area for Windows versions as well. Every new OS release or Service Pack screws up some or other device driver or dll, and some app stops working!

Currently I use Windows on those m/cs that are interfaced to these devices or printers. There's no major issue with plain Linux distros and no major advantage having JDS instead.

-

Re:Two key issues...

[jimicus]

2. Drivers for medical devices: Most devices come with Windows drivers only.

I don't work in the NHS, but IME when an organisation the size of the NHS (one of the biggest employers in the country) says "we want it to work in Linux", the answer is not "We don't support Linux".

Re:Medical records, open source and security

[darkonc]

Given that Linux is getting higher security certifications than Windows is (now that we've got companies with enough money invested to make the process worthwhile), I'd say that Windows is (or should be) he underdog when security is paramount.

The last thing you want to hear in the middle of an emergency resuscitation is: "I can't pull the chart up, I've got a virus!"

5K is not that much is it?

[killjoe]

5K desktops does not seem like that big of a number to me. Didn't they already sign a deal for 100K desktops someplace?

Don't get me wrong. I am glad there are 5K more linux desktops in the world but Sun was hinting at much bigger numbers.

Re:5K is not that much is it?

[jimicus]

You're absolutely right. Which makes me think this is a pilot. Maybe it's to put the frighteners on Microsoft to get a better deal, maybe it's serious.

However, it can't have escaped NHS management attention that a high-profile pilot of Linux on the desktop is an excellent way to negotiate discounts on Windows. Given the quantities involved, it is possible that the discounts could be worth considerably more than 5000 "throwaway" JDS licenses.

Re:Thats good...

IMHO, no, because it contains old versions of programs, incomplete translations (Mozilla and StarOffice don't have as much translations as for example Galeon and OpenOffice), less than standard hardware-recongnitions (due to older kernel etc..) and does not even include KDE libraries (i.e. you can't even run k3b, which is IMHO the only excellent cd writing program in Linux). Personally I prefer any real distro such as Mandrakelinux, SuSE or Fedora above Sun Java Desktop.

But commercially Sun is a big name, and probably that alone makes them interesting for some people...

Just to confirm

[drsmithy]

Sun selling software by subscription = good.

Microsoft selling software by subscription = bad.

Correct ?

Just to clarify

[jcast]

Any business model anywhere that leads to Linux deployments = good.

Any business model anywhere that leads to Windows deployments = bad.

So Linux = good, while Windows = bad. But: it's not true that the sales model isn't the issue. Proprietary software is bad in many ways; how, exactly, it will bite you depends on the exact licensing model used. So to discuss Windows = bad at any length, you have to discuss why Windows + (this sales model, whether that be ``sell packaged goods + free support'', subscription sales, or anything else) = bad. That's the only way to be specific.

It would be nice if there was more discussion of why Linux + (this sales model) is better for the customer than Windows + (this sales model), rather than just why Winodws + (this sales model) is bad, couched as (this sales model) = bad. So you've got a point there, although you're too far down in the thread to have a mod :)

doc -- explains (maybe)

[midgley]

The most obvious tactic is to demonstrate to a certain other supplier of desktop IT systems that they are not indispensible.

As Newham (local government in part of London) did.

Newham's anticipated savings and level of support with their eventual systems are reported to have made sharp alterations as a result of that tactic.

These will not be the first Linux desktops in the NHS and its contractors (most GPs are not directly part of the NHS but are contractors to it althoguh the latest Great Idea is to compulsorily outsource our IT to the NHS - an interesting strategy without so far a coherently stated logistical approach to implementing it) - I for one have Linux on several of the machines in the office, but our old clinical automation is Clipper/DOS and mostly won't run under DOSemu at least for me.

Linguistic Inflation and paralysis of thought The other explanation is linguistic inflation.
The NHS management can't buy things, spend money on services etc, rather they "invest".

Similarly, a sensible idea to follow-up a small trial of an office desktop by putting 5k of them to use wherever people want to use that rather than the insecure legacy system of a competitor noted for its frequent excursions from legal operation in order to see how it goes - an experiment - gets inflated into "tactical deployment".

In Soviet Russia, Kremlin watchers used to decode gnomic utterances, stripping the revolutionary cloaking in order to divine the actual information content. Religion is a bit the same.

As to the act itself, I'm here and I applaud it. I've been working for FLOSS implementation in healthcare for 5 years, including chairing the NHS session of the OSHCA London meeting which the NHS Information Authority sponsored - I would say in a sensible illustration of applying a little attention to trends other than the main line in order to remain knowledgeable about them. During that meeting the head of the NHSIA (who opened it) accepted a post in the Cabinet Office office of the e-envoy.... and a while later that Office produced the UK Policy on F/OSS from work done mainly by QinetiQ.

Oh, and a week or two after it billg had lunch with the Prime Minister and the NHS got a deal on 1E6 copies of Windows - as a tactic IMHO against embarrassment by software audits - nobody knows how many copies of anything are around in a hospital Trust, nor could find the licences.

FLOSS of course offers a strategic approach to avoiding that risk and letting people take a copy home, but governments are not yet entirely comfortable with such loose arrangements.

Open Source term being abused as per usual

[Phil+Hands]

Hm, Sun's Java runtime == Open Source? I think not.

StarOffice == Open Source? I think not.

If we'd stuck to calling Free Software, Free Software, we wouldn't have to put up with this nonsense, but as it is we have a situation where people are in the throws of defining new government policy in the UK stating that the default purchasing policy in the UK should include "Open Source" software, despite the fact that nobody involved seems to have any clear idea what Open Source means.

That allows Sun to come in and say something like "StarOffice is Open Source becasue you get to see some of the source" and the NHS folks presumably say "Fair enough, where do we sign for a site license?"

I'm surprised Microsoft don't go totally ape about this, but then again, they probably think that JDS is open source too. It wouldn't surprise me if the Sun sales folks think that it's Open Source, in the same way that most SUSE sales folks used to think that SuSE was Open Source, despite the old YaST license.

Re:Open Source term being abused as per usual

[Brandybuck]

If we'd stuck to calling Free Software, Free Software, we wouldn't have to put up with this nonsense

Oh poppycock! 99.99% of the world has never seen "The GNU Revised English Dictionary", let alone opened it up to read its particular definition of "free". Most people using English terms and phrases will be using a more traditional dictionary such as Webster's or Oxford's.

You can bitch all you want about the poor state of English having only one word for "free" and two for "freedom", but it is the language people will most likely be using when they run across the phrase "Free Software". No amount of linguistic redaction can change this.

The fact of the matter is that people will confuse "Free Software" with something other than what RMS intended. You cannot change this. Go tell your Grandma that a piece of software is "free", and the very last thing she will think is that it confers the right to redistribute modifications of the source code. Ask her if Internet Explorer is free, and she will most likely say yes. After all, it *IS* free. The FSF's intended definition just isn't being transmitted successfully by capitalizing the word "Free".

Yes, people get confused with the term "Open Source Software". No, it's not the most precise term in the universe. But it's far more accurate and unambiguous than "Free Software".