Linux Integration Guide
时间:2005-01-09 来源:leirenyuan
Friday July 23, 2004 (10:41 PM GMT)
By: James Gaskin
Single-vendor enterprise computing centers exist only in the minds of some non-technical corporate executives. IT employees know that every computer room hosts a wide variety of hardware and software products from a range of vendors. Almost every enterprise network already includes Linux, even if the corporate executives of that network don't know it. For instance, modern Web, proxy, and security/firewall servers often run Linux.
Luckily, a combination of planning, expectation management, and opportunity recognition can guarantee the acceptance of Linux systems by most companies. This paper provides strategies for integrating Linux systems into existing enterprises.
Leveraging the open source cost advantages
First, a word of caution: Do not make cost the primary advantage for installing Linux systems. Executives will almost always side with what they know (Microsoft and Windows) over the unknown (Linux) in spite of major cost savings. Microsoft's PR attacks managed to obfuscate cost of ownership numbers sufficiently to make this argument a wash for Linux advocates in most enterprises. Even strong ROI and TCO arguments may wither under the Microsoft marketing machine.
Do use cost as an opening gambit, however, by leveraging proposal timing. After Linux makes a positive entrance in one specific task, prepare Linux options when asked for budgetary numbers to replace or consolidate existing systems or adding new functions. Compare them heads up against comparable Microsoft systems.
An executive will often choose Linux as a prudent investment over Microsoft when budgets shrink and deadlines loom after enough proof that Linux has performed well for the company in other areas. Many enterprise departments, when squeezed, look for ways to reduce their per processor, per machine, and per seat licensing costs, especially for lower profile network applications.
Web servers
Any existing Microsoft Windows Internet Information Server (IIS) installations should be scheduled for a "security upgrade" and moved to Apache Web server on Linux. Web sites written to design standards will transfer so easily that switching the server to Linux and Apache may go unnoticed. To be sure, follow this plan:
- Schedule a content upgrade
- Include a security upgrade request
- Upgrade hardware if necessary to match company server specifications
- Mirror the IIS system to a pilot Apache/Linux system
- Develop the content upgrade on the Apache system
- Switch over a day early to clear up any configuration issues before the announced live date
Web content written with Microsoft FrontPage or Active Server Pages extensions will need extra attention to perform correctly under Apache, and may be poor candidates for Linux replacement in the short term.
POP3 email servers
Reliable and functional third-party POP3 servers exist for Windows servers, but Sendmail powers far more email traffic across the Internet than Microsoft Exchange does. However, enterprises where Microsoft Exchange provides email services rarely switch away from Exchange without extreme pressure from a company owner or executive, or severe pricing issues.
A feature-for-feature Linux-based replacement for Exchange has yet to be delivered, but that time nears. For instance, SuSE Linux OpenExchange Server 4.1> provides the majority of Exchange functions and support Microsoft Outlook clients. Still, Linux fans fighting Exchange head-on will lose virtually every contest for the next three years unless the company looks for an Exchange replacement because of Exchange problems, not the attraction of a Linux alternative.
That said, Linux applications can reduce the high overhead burden of some mail services from an Exchange server. Spam filtering takes far more CPU overhead and expensive add-on programs inside Exchange than a fronting Linux server handling the chore cheaply and quickly. Virus filtering using Linux is another option with high ROI.
Keep Exchange, but use a Linux proxy server to front the Exchange server and provide spam/virus filtering outside Exchange. Emphasize the layered security aspects of the extra Linux proxy server if challenged.
Sendmail (with both open source and commercial versions) and other Linux-based email applications can provide cost-effective spam and anti-virus filtering for large numbers of users. Linux offers a variety of mail transfer agent applications beyond Sendmail, including Postfix, Exim, and Qmail. Remote offices that currently use the POP3 protocol rather than a proprietary Exchange client can make the move to a Linux system without missing a message or even realizing a switch occurred.
One report from a bank detailed taking a PC slated for disposal and installed Linux and SquirrelMail to provide Web-based email. This new email service allowed bank employees to view email through their Web browser, but more importantly, it offered a way around the bank's management-imposed limit of 2MB storage per individual mailbox. Adding a Linux server with Sendmail to a resurrected PC broke through that barrier for employees so well that the bank tried SpamAssassin as a complement to the new Web email. Remember that pattern: pilot project becomes accepted quickly and the next Linux success comes soon after.
Other common Web e-mail applications running on Linux include Horde and NeoMail. Many ISPs provide one or sometimes all three options on their Linux servers.
DNS, DHCP, and LDAP servers
Microsoft's Active Directory (AD) needs a stout Domain Name Service (DNS) server to run properly, but Microsoft has yet to produce one that follows standards well enough to interoperate with the rest of the world. The DNS services built into every Linux distribution offer improvement.
Dynamic Host Configuration Protocol (DHCP) servers inhabit every router, network-attached storage, and file server box, but large networks need distributed yet coordinated DHCP. Many DHCP options exist for Linux servers, including an IPv6 version ready for download on SourceForge.net.
Identity management and authentication service providers offer many schemes (AD, Novell Directory Services/eDirectory, Sun ONE Identity Server, etc.), yet LDAP remains the authentication glue for many enterprise networks. LDAP (Lightweight Directory Access Protocol) services power security, access to network resources, and email distribution, but remains low-profile (until it breaks). Because reliability and security rate high on the must-have list for LDAP servers, Linux options fit the bill for many companies. DNS, DHCP, and LDAP servers can be dropped onto a network with no changes necessary to clients using those services if the clients follow protocol standards.
File and print servers
To begin integrating Linux file and print servers, identify systems where licensing issues complicate continued use. For most companies, this means Windows servers, for which companies must pay license renewals at a high dollar value even if the server no longer provides a high value return to the organization. Many Windows servers debuted running applications that have now migrated to other servers or have been discontinued. When that happens, the license cost becomes high for a standard file and print server, which is the only function still performed. Target these systems for conversion and consolidation to Linux.
Samba is one of the most successful Linux (or at least non-Microsoft) third-party initiatives. Every Linux server distribution includes Samba services ready to support large numbers of file and print clients running Microsoft Windows, and will do so with less administrative overhead than a comparable Microsoft Windows server. Samba on Linux supports the SMB/CIFS (System Message Block/Common Internet File System) used by Microsoft for networking and can act as a Windows PDC (Primary Domain Controller).
To convert an older Windows server performing primarily file and print services, start a project along these lines:
- Schedule a file server upgrade
- Include a security upgrade request
- Consolidate servers when possible to take advantage of larger and faster disks and increase manageability
- Integrate the Linux server into the Active Directory as the older Windows server (if replacing one to one)
- Learn to handle winbind, the Samba user and group resolving service
- Rename the old Windows server, with file access limited to administrators
- Log out all clients and transfer the file system over the network
- Compare the file systems
- Switch over for several days before disabling the older server
Active Directory doesn't always deal properly with transferred files and ownership rights. Verify both before letting users back on the new file server.
Inside the Windows networking world, Linux file systems with Samba services appear as a normal Windows file server. Linux clients running Samba (included with every desktop distribution) can access existing Windows file servers as Windows clients, and the new Linux servers via traditional Linux networking protocols.
Linux offers two printing advancements which fit well into enterprise networks: Samba handles Windows printing in place of Windows servers, and the IPP Internet Printing Protocol. Printing flexibility for all manner of clients remains an elusive goal, especially in mixed environments. Many Linux distributions (and Apple) support the Common UNIX Printing System (CUPS).
Linux-powered appliances
Linux provides a variety of embedded software and development tools for customizing operating systems for appliance use. Finding a modern network appliance not running Linux is harder than finding a desktop computer not running Windows.
Many people consider the best appliance to be an obsolete PC with a modified Linux distribution. This provides low hardware cost and more configuration options than the standard Linux hardware appliance.
Several Linux distributions provide excellent firewalls or secure routers using minimal PC hardware. Many will run on any Pentium processor with 64MB of RAM, minimal hard disk space, and two network adapters. Some of these minimal hardware firewalls are:
- Coyote Linux Wolverine
- Gibraltar firewall/router
- Sentry Firewall CD
Most smart Windows technicians now carry a copy of the Knoppix CD, which boots on almost every PC with a CD-ROM drive and reads and writes to NTFS (NT File System). Knoppix even boots from some USB and FireWire CD-ROM drives, making it even more handy to have in the troubleshooting backpack.
Storage
Network-attached storage (NAS) devices have become a popular departmental solution for constantly expanding content. Again, embedded Linux dominates the market in storage appliances, and they often rely on Samba.
Flexibility has become a main selling point for Linux storage appliances. Every standard Linux distribution supports Windows SMB, Windows CIFS, AppleTalk, and NFS. Windows-based storage solutions rarely cover this wide a range of clients. When maneuvering for a new storage installation, verify that departments that have non-Windows clients are supported.
Converting an existing file server into NAS can be done with any Linux server distribution. There are at least two companies offering other alternatives, using embedded or highly customized Linux:
- NetMax
- ReByte
Adding Linux-based storage to an existing Windows network, using Samba or another option, has a high success rate.
Backup
The flexibility demonstrated with storage devices makes backup systems based on Linux valuable to many companies. As vendors move toward network-attached disk-to-disk backup devices, and disk-to-disk-to-tape, embedded Linux operating systems once again rise to the occasion.
Enterprise backup solutions will remain under the control of the major application vendors for the next few years, but departmental and remote office backup solutions must improve. Many enterprises do a spectacularly poor job providing backup and recovery tools for remote offices and mobile users. Linux appliances designed for such operations are now on the market at affordable prices.
For enterprise use, leverage Linux storage devices as intermediate backup servers. Gather backup data via disk-to-disk transfer to the Linux station, then use common Linux tape backup options: mt and tar.
Corporate executives expect backup devices to have non-Windows operating systems, so this is another easy step in Linux integration.
Clusters, grids, and supercomputers
No enterprise today believes acceptable availability means 23x6. High availability through clusters or grid computing has become increasingly important to companies in all types of business beyond the HA early adopters.
IBM mainframe Linux options include clusters within a single hardware system. The Linux High Performance Computing list over 25 Linux cluster vendors waiting to supply products from a single quote form. Another source of information is the Linux Clustering Information Center.
Stepping up from big iron, some businesses now look to supercomputers to solve business problems. Executives who check the Top 500 Supercomputer Sites will see Linux mentioned as the driving software force in system after system. When it really is rocket science, drop the NASA name for validation and use its new Linux-powered supercomputer as an example.
Clusters often solve a specific business problem and don't necessarily interact with the majority of the user community. This specialization, along with the high cost of infrastructure for the new cluster, makes executives more willing to sign a Linux dotted line.
Taking over the desktops
People say about art that they "know what they like." Artists know the truth: people only like what they know.
Many Linux fans believe the desktop matters more than the server room, and demand faster integration of Linux desktops into their company network. This tactic in sports is called pitting your weakness against your opponent's strength. This tactic will not succeed in the next two years. Although major hardware suppliers (Dell, IBM, HP) advertise Linux as a desktop operating system option, their sales numbers are minuscule.
That said, there are ways to begin integrating Linux systems into the desktop and laptop mix. Handled poorly, however, this effort will set back Linux integration across the enterprise.
Desktop areas to avoid
These types of situations will not give way to a Linux desktop within the next few years:
- Strong Exchange or Notes users
- Custom-written or highly customized applications for specific functions
- Users relying on cross-application macros (but these people will need virus help)
- Companies with heavy investment in Microsoft's client management server software
Emulators for Microsoft Office fans
Emulation software to enable Linux distributions to support Microsoft Windows applications, like Win4Lin, CrossOver Office, and WINE, are now showing success. Most high-profile Windows applications can be supported on a Linux desktop after configuration. The top 10 applications labeled critical by large companies work quite well under emulation. However, that will not spur a migration.
This attempt to integrate Linux desktops into a corporate environment will not provide large numbers of conversions. Users restricted to certain applications will have success, but users free to choose their own software will always find exceptions to the emulators.
Leveraging open source applications
Microsoft Office locked down the corporate desktop years ago, but some of their chains are slipping. Comparable office application suites from OpenOffice.org and Sun with StarOffice have won more advocates on Windows desktops than Linux desktops. After all, pricing and licensing terms for Office are more onerous than for Windows XP Professional, the corporate desktop of choice.
Both OpenOffice.org and StarOffice suites have Windows and Linux versions that perform exactly the same on corporate computers and Linux systems. Others joining the cross-application list include:
- Mozilla Firefox
browser
- Mozilla 7.53 browser
- GAIM's multi-protocol instant messaging client,
-
- The GIMP graphics editor
How pervasive have these cross-platform applications become in large companies? Forrester Research found the 61 percent of 140 North American companies used open source applications. OpenOffice.org, MySQL (a cross-platform database application), and JBOSS lead the open source parade.
Only companies with the most arcane Microsoft Office custom programming will not be able to switch to OpenOffice.org or StarOffice. MySQL database servers run on 20 different server platforms and have a well-earned enterprise network reputation.
Once companies see the quality of Mozilla, OpenOffice.org, MySQL and the other open source programs, Linux testing will be an easy next step.
Summary
Linux systems are rapidly becoming part of the approved mix of technologies used to provide business services securely and cost-effectively. Since Linux systems already exist in some corner of virtually every large enterprise network already, the integration process is underway. However, mishandling early projects could derail the integration in some companies. Build a foundation of Linux success this year and begin to reap the benefits of production Linux installations the next.
IT managers need cost-effective and secure platforms, and Linux provides both. Executive management needs to learn to trust Linux, and that will happen as more Linux products provide services for their company. Whether the company buys Linux "on purpose," or the Linux systems come through a more covert route, every company will learn they have Linux in place.
Integration, by definition, is not a conversion. Integration is the process of adding one technology to the existing corporate network and technology profile. Demonstrated competence for existing Linux systems will pave the way for an increasing number of Linux systems in every company over the next three years.