Searching for the Ideal Linux Distribution for Eupen Hospital: KDE Advice Needed

Hello everyone,

I am currently conducting a proof-of-concept at the Eupen hospital, where we are looking to adopt a user-friendly and stable Linux solution for our infrastructures. Since most of our applications are now accessible via the web, we think it might be beneficial to switch our computer fleet to Linux.

I have tested several Linux distributions to assess their suitability, specifically looking for a KDE desktop environment due to its stability and ease of use. Here are my observations regarding a few distributions:

Linux Mint: Very simple installation, no crashes, easy LUKS support with Btrfs, automatic printer detection and language/keyboard change without issues. However, the Cinnamon interface seems outdated, no search in the start menu, complicated Wi-Fi sharing, Active Directory connection limited to Kerberos, graphic issues without Wayland, window resizing improvable.

Ubuntu: Secure Boot integration, TPM2, LUKS support, and direct connection to Active Directory. Unfortunately, no printer detection and Gnome3 interface bewildering for those accustomed to Windows.

Zorin OS: Clear interface, takes the positive points of Ubuntu with LDAP connection. However, it is mainly a thematic overlay for Gnome3, and the interface remains similar to that of Linux Mint.

Manjaro KDE: Fast and easy installation with LUKS support, integrated KDE interface, rolling release with the latest kernel, very close to the Windows experience. Negative points: complexity of Pacman for novice users (e.g., inconsistent F5 VPN), no basic LDAP connection, non-functional printer detection.

KDE Neon: Latest KDE updates, but without printer/LDAP integration. Issues with LUKS installer and Calamares, no easy Secure Boot installation.

Kubuntu: Similar to KDE Neon, but delay in KDE updates.

I have not tested Suse or others, just Manjaro to see how arch could work, as we want to remain on a Debian/Ubuntu base, thus limiting diversification.

I am interested in your feedback on distributions that could be suitable for business use, ideally with KDE. Although we can compose a complete image and recompile it, the integration of KDE with LDAP remains problematic, notably for recording usernames in Active Directory.

Thank you in advance for your advice and experiences!

KDE Neon shouldn’t be in the list. It is a bit unstable to upgrade and has bad hardware support.

Kubuntu is not just with delay updates, the rest of the system is more recent than on Neon, thanks has a more recent ubuntu foundation (kernel, gcc, etc).

OpenSuse/Suse is definitely missing. The distribution has been working on improving security and quality.

Arch/Manjaro and rolling distro in general shouldn’t be tried: you don’t want a rolling release that can break or has updates daily that, plus the induced increase of down-time and bandwith implied for a Hospital. I don’t know if local caching is possible (it is possible on Debian based distros IIRC).

You want LTS-like distro, that don’t change often and have security focus, before recentness or ease of install.
Hospitals have IT staff that should deal with installation. What they would need is some tooling to make OS images and deploy them easily, and ease of maintenance.

An upgrade model with A/B partition/snapshot à la steamdeck, would be great, to guarantee higher availability.

Since most of our applications are now accessible via the web, we think it might be beneficial to switch our computer fleet to Linux.

Are you sure that’s all. Wont they need some medical appliance support software ?
Keeping a windows machine would make sense then.
LibreOffice is available for all of them for office productivity work.

But if that’s the case, functionally any of them that can update to recent version of browsers should be all-right.

With the Windows 10 EOL and the window 11new-hardware price tag, no-wonder. That’s some fair savings for hospitals budgets.

opensuse leap or even tumbleweed sounds perfect for your use case, you might have to configure them a bit tho

Hello,

Thank you for your feedback. We indeed need to maintain a hybrid computer setup, because some server applications only work on Windows. Completely getting rid of Windows is not feasible for now. However, for client systems, we are considering migrating to Linux.

As for Arch, that is one reason I chose Manjaro, which remains the most stable rolling version.

Thank you also for your information on KDE neon. I thought it was an official and stable version, offering a good compromise between the latest version and stability.

I read that following a disagreement, the head of KDE left Ubuntu to create KDE neon, thus impacting Kubuntu (rumor?).

Therefore, we are considering turning to Kubuntu for our initial tests.

Regarding KDE, is it mature enough to offer an Active Directory interconnection similar to that of Gnome 3 on Ubuntu?

Is there a way to correctly connect and register users on the login screen under Plasma 6 with Kubuntu?

Concerning openSUSE, I will nevertheless proceed with testing. However, our Linux setup is currently unified under Ubuntu Pro. If we consider switching to SUSE, an in-depth analysis will be necessary to harmonize our infrastructure with the other offered products.

I would recommend Opensuse or working with suse. open suse I would say slowroll or there immutable option where your IT could handle the image and lock down what they want. Do check if there needs to be windows only software but you could have https://virt-manager.org/ run your windows instance just make sure they enable GPU acceleration even if its just the one on the cpu.
Since most apps are in the cloud a nice locked down immutable would work best imo. Your IT team could even set it up to look like what they are already using be it windows 10 or 7. So its a smoother transition.

It might be worth talking to upper kde about KDEOS as well. as its their own home grown os that should replace neon down the line? Its not ready yet but you could defiantly get some answers an give some suggestions on what a KDE desktop would be that could work for your needs

You should be aware of some limitations of SDDM, such as lack of support for expired passwords. In general, you may want to browse existing SDDM issues when it comes to LDAP and Active Directory.

Of course using a different login/display manager is an option, but you would have to come up with your own custom setup.

That said, Fedora and openSUSE are the only distributions I would consider for KDE. I would avoid anything that ships less-than-recent Plasma versions, like Kubuntu. I am afraid there is no good deb-based solution to run KDE on.

As others has suggested maybe Open Suse or Fedora. I think Ubuntu is too “corporate” to be used in tax-money installations. (just my personal opinion)
I think your idea is great and the rest of the world should follow your example and replace every possible computer with Linux and also open source every bit of code written with tax-money. Instead of paying Microsoft, governments could donate to open source projects. I think the EU is at least trying to do something with the software part so that code is being open sourced more than before, they also have a database of existing open source projects so that its easier to find for their employees.

I don’t have experience with this. This must be possible as sddm uses standards authentication pam that has support for kerberos / Active Directory authentication.
I don’t know how well sddm does integrate on top of this, UI-wise in particular in this context.

But you can use gdm (GNOME session manager) with KDE Plasma or another session manager.

This might require some work to setup, they are some guide onlines and experiences (How to join a Linux system to an Active Directory domain How to set up SSSD with Active Directory - Ubuntu Server documentation).
That’s also something Linux consulting companies can help with.
That’s definitely possible.

Familiarity and homogeneity are important, Kubuntu is fine.

I used to use kubuntu for years and I would still be using it except it is better for users than for Plasma developers.

My take is that this is less of a distribution question and more a support availability question.

If an organisation has the resources to essentially maintain their own distribution based on one of the many available ones, then they can just pick one of those.

Any organisation that does not have the resources to do that should be looking for a support provider, ideally as local as possible.
That will still give a certain range of options which, however, will depend on the resources of that provider.

If the organisation’s resources are restricted to buying licences and maintaining systems themselves, then the only remaining viable options are distributors who support that kind of model (essentially Redhat, Canonical, Suse).

Basically you are only in the position to “start by choosing a distribution” if you are in the first category.

Realistically, your requirements are probably served by using Red Hat Enterprise Linux or SUSE Linux and installing KDE Plasma on it.

You are operating in a regulated space, which means you need the operating environment to be certified for various security and maintenance standards. You will also need a vendor relationship to maintain compliance and offer the necessary paperwork for that.

You also need auxiliary tooling for mass management, such as Red Hat Satellite or SUSE Multi-Linux Manager.

In my experience, RHEL has the necessary integration here and provides documentation/support for integrating with Active Directory systems.