Linux Enterprise Desktops

[Darin Perusich]

it's been my experience that you will never get fully away from windows,
there will always be some need for the apps avialable. but there are
ways around this. my experience with this comes from an environment
using solaris and windows but it applies to linux as well. 

the company i work for, cognigen has invested quite a bit in sun
hardware and software. when the company was smaller, meaning 10 to 15 or
so users everything was run on solaris and you'd have to go to a PC to
do anything windows bases. everyone had a thin client at there desk that
connected them to a sun e450 and they used CDE as the desktop, CDE is a
nasty beast if you as me and why we switched to KDE. we use NIS+ for
consolidation of passwds, groups, home directories, and whatever else.
NIS uses primary and secondary/backup servers for domain control, i.e
PDC and BDC for the windows people. you can also define sub domains,
domain.com is the overall controller, abc.domain.com, def.domain.com for
sub-domains like marketing, hr ./etc.

what to do when you need office at your unix desktop? the easiest, if
not best solution is to use citrix metaframe? get yourself a windows2000
running terminal services on a beefy box, install office or what ever
and then install citrix and it's just about ready to go. on the
unix/linux end to citrix client take about 15 minutes to install and
configure. it's not as fast as having it natively but it work well, any
of the latency are currently being worked on. we'd did benchark testing
between win2k and nt4, win2k is the way to go, speed and performance
wise.

back to the authentication. once you get your citrix server up you don't
want to have to maintain accounts on this box as well, that's why you
use nis+ for the unix machines. unix, windows password synchronization
any sysadmins biggest problem. one which we've vistied on many
occasions. depending on your environment one may be the better pick. if
you want to share your unix filesystems out to the windows machines
you're are likely to use samba, so setting samba up as a PDC might be
the right choice. you can use LDAP, novel "claims" to have solved this
across the enterprise for unix, windows, oracle you name it. i don't
have as much faith as they do though. if you don't mind having NIS+ and
a windows PDC microsoft has a really cool feature included in it's
services for unix. they has a mechinism for password synchronization, a
daemon that runs on you unix server and the windows machine. so when you
change your password in one place it propagates to the other. it
actually works and much to my suprise they provide the source code so
you can compile it if they haven't provided the binary.

we choose to use Sun's PC Netlink which is software that make you sun
server look just like a nt4 PDC/BDC/member server. it is sun's answer to
samba but it's not reversed engineered. it doesn't have the password
synchronization, but it's coming in the next version. again this
solution depends on you environment. pc netlink will suck the data out
of your windows PDC also so you won't loose that data.

to make every system look to same you'd setup a jumpstart server for
solaris or a kickstart server for redhat linux. it's a hands free method
to install you workstation once you get it setup. for kickstart you
configure a boot floppy and let go and on sun machines you do "boot net
- install" from the eeprom (sun's bios, kind of).

nothing mentioned can be done overnight, unless of course your superman
and you can go back in time but they are all feasible ways to migrate
from one to the other.



"Michael R. James" wrote:
> 
> Having spent over 6 years as a network administrator with approximately 1200
> users spread across the US in a multi-site WAN, I was charged with seriously
> looking at Linux for the desktop and server environments.  I have experience
> with Microsoft NT, and Novell Netware servers.  Based on my experience, along
> with the research I completed, I believe that Linux can successfully control
> the desktops.  There must, however, be some prerequisites completed first.
> Enterprises won't just drop Windows (or Netware) and migrate to Linux on a
> whim.    There has to be some type of blueprint available, allowing them a
> smooth transition from one to the other.  I've scoured the web and found very
> little documentation in transitioning existing networks to Linux solutions.  I
> propose that the administrators in this forum share their experiences, both the
> problems encountered and the solutions implemented.
> 
> Windows NT allows for either a workgroup configuration, where every workstation
> maintains it's own user id's and passwords, or for central authentication, the
> Primary Domain Controller.  The workgroup environment is easily mimicked with
> Linux, as every Linux workstation would maintain it's own list of users and
> passwords.  The Primary Domain Controller could also be mimicked, using a NIS
> server.  The question is how to implement Backup Domain Controllers?  Could the
> NIS database be securely replicated to other servers?  Common "home"
> directories could be maintained as NFS exports from a central server.  Printing
> is a no brainer, using LPR/LPD.  Star Office could be used as the
> wordprocessor, spreadsheet, etc application.  What services are absolutely
> necessary for the Linux workstations?  Certainly, each and every workstation
> wouldn't need MySQL or Apache running as a service.  How would one implement
> NTP for standard time synchronization on the network?  How would one plan and
> implement a heterogeneous network, with Linux, Window, and Mac clients?  What
> obstacles are now forced on the plan?  Certainly an enterprise migrating to
> Linux would not do so in a day.  They would be much more receptive to a phased
> transition, which would ultimately mean heterogeneous clients on the network.
> 
> Until a "blueprint" or outline for the transition is detailed, I fail to see
> Linux being implemented in the Enterprise on a grand scale.  I believe all the
> pieces are present for this eventuality.  They just need to be orchestrated
> into a reasonable solution.  Perhaps we, as a group, could contribute to this.
> 
> Thoughts, ideas are welcome.
> 
> Michael R. James, CNE
> mrjames at localnet.com

-- 
Darin Perusich
Unix Administrator
Cognigen Corp.
darinper at cognigencorp.com