Samba-AD migration at BCEAO – Central Bank
Each of the 24 agencies operates an office automation domain based on Samba3 software, a highly critical and rapidly obsolescent software.
Type of project
- IT identity card of the company
- Number of stations / Number of users
- multi / single-user / geographical location
- context (merger of municipalities, company takeover…)
Each of the 24 agencies operates an office automation domain based on the Samba3 software, a highly critical and rapidly obsolete software.
In the context of the Samba-AD migration, it was a question of :
- Merge office networks to allow VIPs to connect, regardless of the regional bank visited
- Improve network security by implementing 802.1x and Active Directory
- Converge to market technical standards
- Continue with Samba because it has always worked for BCEAO
Extract from the project report :
BCEAO mandated TRANQUIL IT to accompany its teams in :
- Samba3-PDC-NT4 Windows domain migration to Samba Active Directory technology,
- rename the main domain
- merge all 26 domains into a single BCEAO domain. Denis CARDON, a graduate engineer from ENS of Mines of Nancy and CEO of TRANQUIL IT, and Yvan KARMOUTA intervened in Dakar from 14th September to 11th October 2015 (Yvan returned to France on 3rd October).
BCEAO has a long history of investing in IT technologies of the free world. This strategy has the advantage of rely on local skills development and reduces the importation of technologies without the associated knowledge transfer.
Samba3 domain technologies are based on Windows Server NT4 running, with several improvements to allow better load handling and guarantee greater security. However, NT4 quickly becomes obsolete. For example, the latest Windows 10 version can only be integrated into a Samba3-NT4-PDC domain if the old CIFS/ SMB1 protocol is forced to be used.
The choice to switch to Active Directory was therefore a logical one. It is also one of the concerns of a large number of French administrations that have also made the historic choice of Samba.
The choice of Samba4-AD rather than MSAD is not the most obvious choice and many structures question this option.
The feedback from the BCEAO will be emulated.
The choice of Samba4 had another advantage that is not necessarily perceived at first sight. Indeed, the tools provided by the Samba environment allow to easily migrate the Samba3-NT4 technology domains to Active Directory. The use of Microsoft-only technologies would have generated additional costs because the providers would not have had the necessary skills to use these tools. We have seen this in several projects in France, where large IT services companies are struggling to recover Samba3-NT4 domains and migrate them to MSAD.
However, BCEAO’s choice does not lock it into a static technology. The Samba project aims to support all the features and protocols of Microsoft Active Directory.
BCEAO agents were therefore able to observe that all Microsoft RSAT management tools also work with Samba-AD. In a way, one can entrust the administration of a Samba-AD server to a person who has only had Windows training, and as long as he does not try to connect in “remote office” to the server, he will not see the difference.