[Solar-general] interesante
Diego Saravia
dsa en unsa.edu.ar
Lun Ene 3 23:56:02 CET 2005
http://techrepublic.com.com/5208-6230-0.html?forumID=5&threadID=165827&start=0
Linux on the Desktop at work and worth it
This post is in response to the various naysayers in these forums who say
Linux on the business desktop is either not possible or not worth it.
See
http://itheresies.blogspot.com/2004_04_01_itheresies_archive.html
* The Forces
Like many organizations around the world, the two former organizations that
employed me suffered major blowouts in their IT budgets leading up to Y2K. As
a result, the IT upgrades in 1998/1999 were expected to last five or six years
after 2000. Windows 98SE was the latest stable platform available 1999.
Keeping to budget and upgrading all the desktop *hardware* for Win2K and then
XP would be difficult if not impossible.
After careful deliberation, the management at the larger organization decided
to use some of its existing tech savy IT staff to evaluate Linux on the
desktop as a stop gap measure and as a replacement for some of the desktops
during the next upgrade round.
Neither organization operates in the IT industry and both prefer not to face
direct scrutiny or suffer the hordes of Microsoft salesdroids who magically
appear at the doorstep of any company publicizing Linux deployments. So both
shall remain nameless for now.
* The Effort
Over the last four years I have deployed and supported almost ninety Linux
desktops at my former employer. Not all of the desktops are running Linux,
they still have around the same number of Win98 machines, half of which are
scheduled for replacement with Linux ( either Xandros, Suse or a custom
version of Fedora/Redhat ) in 2005/6. The other half will be upgraded to join
the small number of current Win2K desktops and laptops.
We started out with a combination of Redhat 6.2 and Ximian Gnome. This was
limited to call center and data entry. Later we put StarOffice/Linux a number
of desktops for people who do not deal with incoming and outgoing Microsoft
Office document formats on a regular basis.
It was a major effort. Two years ago, they could not have done it without
serous expertise from the existing Unix administrators and knowledgeable folks
such as myself. For example, it took myself around three weeks of hacking
around with Redhat 8 to get it to the point where everything just worked and
only the required functionality was exposed to the user.
* The Steps
First of all, on all PCs, Netscape ( and later Mozilla ) replaced Microsoft IE
and Outlook, and since all the enterprise systems used web based interfaces,
on Linux it looks very similar.
They started deploying some of the desktops HD partitions using Norton Ghost.
Later they just created a small rescue partition hosting customized Linux
system, that once installed, performed the same task. The administrator can
set the default in the grub configure file for the next reboot. A second VFAT
partition is kept on Win98 and dual boot systems. This is not overwritten by
default and provides a persistent local file system.
Although they have chosen to deploy Linux using the traditional thick
desktop/workstation model, they use a spare server that operates as an X11
application server. This is used on a regular basis by the helpdesk, IT
support and a few Windows users that access both windows and remote X Linux.
The rescue partition, that can be also network booted via PXE, is based on the
Linux Terminal Server Project ( http://www.ltsp.org/ ). During an install or
if a security violation is detected, the user of the desktop is booted into
Linux thin client, and can access all their files though the Application
server. Forensic examination, repairs and installs can take place in the
background while the person uses the thin client.
Some individuals like to download and install software, either in the local
filesystem or home directories, and get annoyed when the installed software is
erased or overwritten. Unauthorized software installs remain a major problem
in terms of both security and licensing. For those users we offered a choice,
either stop installing software or buy and provision their own laptop with a
loan from the organization. The individual owns the laptop but can only access
the internal network if they allow the IT department to inspect the laptop on
a regular basis.
We focused on getting the SAMBA services and NFS working correctly. Using pam
the users have the same user name and password for each platform.
Each users networked Linux home directory contains a subdirectory that holds
the SAMBA'ed share of the users networked Windows desktop and "My Documents".
Any person can log in to either Linux or Windows and find their files with
ease. In the same way, similar desktop icon/start menu entries and links to
enterprise applications and directories on are on both Microsoft and Linux
users desktop.
We handled peoples transitions from Windows to Linux in small groups. In each
department, we targeted the friendly tech savvy users, some who were
surprisingly quick learners, and set them up first. It's easier for people to
turn to the tech savvy person at the next desk with questions than to call up
the helpdesk. Once people were shown the Linux desktops in action, there was
less resistance than expected. We never tried to force anyone to make the
shift. Those who personally invested in complex scripted Microsoft Excel or
Powerpoint documents remain free to run Microsoft Office and OpenOffice side
by side on Win98se or Win2k. At least one of the scripting gurus has begun to
build document scripting in OpenOffice, using Java.
Users in transition could dual boot either Linux or Win98. Later, some users
could access a remote Linux desktop from Win98/Win2k using a Windows based
X11-server. If a person had a problem, they could just boot or switch back
into a familiar environment, and preferably log the problem with the helpdesk.
We deployed VNC on all platforms ( For Linux http://www.karlrunge.com/x11vnc/
). All the user had to do was to call in to the helpdesk and click on
"ShowDesk/OK" to let the support person see/access their desktop. This can be
a surprisingly effective teaching tool. The user can follow the actions
required to fix a problem, in the context the user is working in.
The transition from Microsoft Office98 to Staroffice/OpenOffice is difficult.
At first we had to go though all the Office templates the targeted users
needed and rewrote them for StarOffice. Before 1997, the organization relied
on a few complex template macros in Microsoft Word 6. These were abandoned
before 1998 because (a) the hassle required to upgrade them to each major
release of Microsoft Office and (b) the number of macro virus the organization
suffered despite keeping Norton Antivirus up to date twice a day. Instead of
Macros and document embedded VB, a few documents are generated on the in house
developed server in RTF format. Fortunately, with a little tweaking, these
generated document were fully import compatible with Microsoft Office and
OpenOffice.
In terms of user education, for day to day usage, most people did not find it
that difficult or frightening a change from Microsoft Office to
StarOffice/OpenOffice. Those who regularly designed complex layouts or Visual
Basic based scripting just stuck with Microsoft Office.
The organization keeps Microsoft Office97/98 as the standard document formats,
with StarOffice and now OpenOffice defaulting to saving in that format. A few
internally used documents are now being stored in OpenOffice formats, as it is
becoming the prefered format when the final document is shipped in Adobe PDF
format.
Each department has a couple of accessible Win2k machines that run Microsoft's
Office2k and IE alongside Openoffice and Firefox. These are multimedia capable
systems and serve as staff Internet access, plugin device compatibility and
document conversion. All of these have network limited access to the servers.
A public share on the file server is used to copy content from the normal
desktops. This public share is scanned each time a file is added, and dispite
the Win2k desktop having up to date antivirus protection, the server side scan
still pick up a few cases of spyware/malware/worms. A large Linux partition
contains a checksummed bit copy of the NTFS partition. Booting Linux on these
systems sets up a background script that overwrites the NTFS partition from
either the local copy or the file server.
The Payoffs
Since switching to Netscape Navigator in 1998, the organization has not been
subjected to the multitude of scripted vulnerabilities that plague IE and
Outlook users.
They have never suffered a successful incursion by any worm/virus/trojan
malware on any of the Linux desktops. They run tripwire on the desktops and
can perform remote inspections of processes. There is no need for any third
party antivirus software on the Linux Desktops. They do use third party
antivirus tools on the servers to scan the document directories and incoming
and outgoing email.
In comparison to Win98,Win2k and XP, keeping the Linux desktops up to date is
a breeze. We maintain a read-only NFS'ed public directory that, after testing,
we drop RPMs packages into. A cron job on each desktop inspects the directory
for new files and then runs yum and updates the system. We stagger the start
times to prevent overloading the network or file server. In most cases, the
update takes place entirely transparent to the user.
In terms of remote support, Linux Desktops blow Win9x to XP out of the water.
Beside VNC users desktops, you can access the remote desktop though a ssh'ed
command line, a web based interface (webmin), or use Xnest to access a
separate instance of a desktop on the same machine. In all three of the latter
cases, the access can be invisible to the user of the machine. The helpdesk
can pass on the address to the support engineer who, with his laptop with VPN
access, can track down problems literally anywhere in the world with an
Internet connection.
Thick, slim or thin, Linux desktops are in. The organization is free to deploy
future Linux desktops anyway they wish.
There is no part of this deployment of Linux which is Linux vendor dependent.
With a little effort it could be translated to another Linux vendor's platform
or even a community based distribution such as Debian.
In my or the manager's opinion, the result was well worth the combined effort
of the IT management, support staff, and users.
* That was the hard way
The effort that we put into developing our own solutions with the Linux
software of the day was a major undertaking. Today, we would not have to
undertake anything close to that same effort.
Xandros Desktop Management Server (xDMS)
http://www.xandros.com/products/business/xdms/xdms_intro.html
Xandros' xDMS is a close to turnkey solution for small organizations. When
combined with their desktop offerings it does all that a small organization
needs for the majority of its users.
Novell offers similar desktop management vary suitable for larger organizations
http://www.novell.com/products/desktop/index.html
You will find that organizations that currently deploy Novells directory
services can very quickly deploy Linux along side.
Both above vendors require per seat licensing, and can lock the enterprise in
at the IT management level. But both also offer many of the same advantages of
Linux on the desktop for a fraction of the effort and inside knowledge required.
Is Linux in the desktop for everyone in the enterprise? Maybe not. But it's a
matter of when Linux will be ready, not if Linux will be ready.
But does that mean your organization should not be investigate deploying Linux
on the desktop where it makes sense now? No! Start investigating where
deploying Linux makes sense.
http://www.novell.com/coolsolutions/nld/features/a_linux_switch_nld.html
* Lastly
Do not trust everything Microsoft and its supporters say about Linux. They
selectively deceive and outright lie.
http://www.novell.com/linux/truth/index.html
http://www.theregister.co.uk/2004/09/09/ms_capgemini_newham_report/print.html
http://www.theregister.co.uk/security/security_report_windows_vs_linux/
http://www.opensource.org/halloween/halloween11.html
http://www.eweek.com/article2/0,4149,1426514,00.asp
--
Diego Saravia
dsa en unsa.edu.ar
Más información sobre la lista de distribución Solar-general