OPINION: Life after Windows XP – setting up a FOSS environment

On to the next challenge: once you've decided your organisation can be productive with a FOSS environment, you have to work out how to set-up and maintain it

In the second instalment of this series, I provided several options for organisations wanting to update their current Windows XP environment to a free and open source (FOSS) environment rather than a more recent Microsoft platform when Microsoft officially abandons its venerable Windows XP in April 2014.

On to the next challenge: once you've decided your organisation can be productive with a FOSS environment, you have to work out how to set-up and maintain it.

Enterprise FOSS

Many people think that Microsoft invented the idea of "enterprise computing": large deployments of computers managed in bulk by a small number of system administrators on behalf of users in an organisation. That credit should go to UNIX, a family of proprietary enterprise computer systems.

Linux, the most widely used FOSS operating system, was built on the same design philosophy as UNIX. The network models I describe below all assume a network of desktops built around one or more Linux servers.

Network storage and identity management

The traditional organisational network consisting of individual desktop computers using centralised authentication to manage access and centralised network storage for important data, is easy to set up in a FOSS world.

User management and authentication are generally achieved via either a system called Samba or OpenLDAP where

Network file storage is typically handled by the (network file system) NFS or by Samba as well. In this scenario, users log in with their user name and password on any desktop, and get their own desktop and files, and access to resources like printers, scanners, and email systems. All important data, both organisational and personal, is stored on the server, meaning only one system needs to be backed up.

This is the most flexible and highest performance model from the users' point of view, but requires that you maintain a large number of relatively powerful (and expensive) desktop computers. Since they focus resources at the desktop level, they're sometimes referred to as "fat" clients.

Network booting

To reduce your maintenance requirements, you can instead configure your desktops to boot from boot-images stored on your server rather than local hard disks. I call these "chubby clients" because they can be diskless, depending on centralised functionality on the network, but still running applications locally.

This approach simplifies configuration – upgrading the central boot-image means each computer will be "upgraded" the next time it boots. Similarly, you can ensure a uniform set of application is available to each user – none of the user's "personality" is stored on a specific machine. The only potential downside is that these desktops are dependent on a functioning network.

Thin clients

If you want to minimise maintenance requirements, you can go one step further towards centralisation by turning some desktops into "thin clients" which are a window into the capabilities of your central server. Linux supports thin clients out-of-the-box via LTSP.

With today's typically fast networks, these solutions are low cost, low maintenance and offer superb performance. A single commodity Linux server, comparably in price to a high-end desktop, can happily support dozens of thin clients where each consists of very low cost desktop terminal hardware, a screen, keyboard, and mouse.

FOSS Desktops

For those who haven't had the pleasure of seeing them in action, below are four widely used FOSS desktops, in their default configurations:

The General Image Manipulation Program (GIMP) and LibreCalc Spreadsheet on the Cinnamon desktop.
The General Image Manipulation Program (GIMP) and LibreCalc Spreadsheet on the Cinnamon desktop.

Firefox and the Ubuntu Software Centre on the K Desktop Environment
Firefox and the Ubuntu Software Centre on the K Desktop Environment

Firefox, System Settings, and the Nautilus filemanager Unity desktop
Firefox, System Settings, and the Nautilus filemanager Unity desktop

LibreWriter, Nautilus filemanager, and software updates Gnome 3 desktop
LibreWriter, Nautilus filemanager, and software updates Gnome 3 desktop

Next week I'll talk more about something at which FOSS excels: accommodating diversity. I'll talk about BYOD, geographically distributed organisations, and how businesses adopting FOSS can both retain control of their own computing destiny and gain the benefits of the cloud.

Dave Lane is a long-time FOSS exponent and developer. An ex-CRI research scientist he currently does software and business development and project management for FOSS development firm Catalyst IT. He volunteers with the NZ Open Source Society, currently in the role of president.

This article has been edited from the original. The full version can be found here.

This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Tags windows xpMicrosoftopinionfoss environmentsFOSS

More about CreativeLinuxMicrosoftUbuntu

11 Comments

Samual

1

How does a FOSS solution then provide for enterprise desktop management, patch management, application deployment, antivirus etc? Be interested to know those points too.

Dave Lane

2

Samual - thanks for the comment. In general, the issues you mention are less problematic in the FOSS world than the equivalent proprietary/MS approaches in my experience. For one thing, license management and anti-virus are not issues. Anti-virus it's simply unnessary (although solutions like ClamAV are available if organisations insist). Aplication deployment is straightforward, thanks to secure, verifiable software repositories for 99.99% of software you'd use in such an environment. Because of the segmentation of FOSS software projects, i.e. the way constituent parts (e.g. dependent libraries, etc.) are all free to incorporate and install, and each is made available via source, upgrades almost never cause issues, to the extent that it's common (although I wouldn't advise it for mission critical systems) for servers to automatically install any available updates. The software package management systems, FOSS developer culture, and software repositories are that reliable. I'll touch on these topics in the next instalment.

. Steven

3

Good to see creative commons on your story. However the IDG website has this in footer of every page:

"Copyright 2013 IDG Communications. ABN 14 001 592 650. All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited."

While not FOSS related can you share your views on this contradiction?

Dave Lane

4

Fair question, Steven - I don't know IDG's formal position, but they've published the article including the CC license, so I'm assuming that it supersedes the default copyright notice. If you'd like to make use of the article and have any concerns, then please just use the full version linked to in the article.

Samual

5

so your saying that if an organisation were to replace their desktop fleet with FOSS, that the IT team never have to mange the desktop again? I'm sorry but I find that a little hard to swallow. It is all left in the hands of the end user to ensure their machine is protected? And I, I mean my users, would simply install applications from where? And antivirus is a non-issue? Im sorry but it IS an issue regardless of platform.
How do I manage security and compliance in a centralised manner? I'm sure my management/board would not be too keen to know we have no governance over the desktop and applications.

Dave Lane

6

Sorry, Samual, that you find it difficult to believe, but antivirus simply is not necessary for Linux desktops. To answer you other questions: in a controlled FOSS environment, the average user does not have permission to install software. In such an environment, any software that is installed comes from a trusted source - no arbitrary "I'll just download this from the internet" type installs. There are no "IE toolbar" type-extensions that normal users can install willy-nilly or trojan laden cute cat animations they can install. That sort of security is designed in from the ground up.

If an application is installed for one user, by default it can be available for all - one of the beauties of the FOSS ecosystem - there're no license-based use restrictions or cost implications.

Any proprietary software that's install is sandboxed, like VMs running Win XP or Win 7, and access is controlled by other means, e.g. the ability for selected users to see a different network drive where they reside.

In my experience, people with a background in the Microsoft ecosystem find it difficult to grasp the advantages of FOSS, because it turns many of the incentives around. FOSS is simply a better model for both managers and users.

My experience commercially supporting both ecosystems shows them in stark contrast: FOSS simple, sensible, following consistent security policies; Microsoft with per-seat licensing the norm, anti-virus, anti-spamware, the tendency towards monolithic software design, software installed from multiple unregulated vendor sources, all create massive unnecessary complexity. Particularly along with the poor culture of security among Windows users (generations of bad habits, like common users often having admin rights on their PC) that complexity leads to insecurity. Also, due to cost and complexity contraints, corporations tend to stay well behind the latest versions of the MS platforms, thereby further increasing complexity, constantly trying to fix new bugs in old software, backporting fixes, testing across thousands of permutations of IE versions, Windows service packs, etc. etc. With FOSS there no incentive to retard progress - the change control mechanisms are fundamentally better because, unlike Microsoft, they've learned to deal with diversity the right way and there's no financial incentive to make things more complicated.

The biggest challenge when moving users to a FOSS desktop environment is retraining them not to assume that anything that behaves somehow different from their expectation requires them to reboot.

samual

7

I'm sorry but I really don't think you understand the needs of the enterprise. there is a lot more to this than a desktop. Oh and nothing is immune from virus/malware http://www.geekzone.co.nz/foobar/6229

Sideliner

8

Samual, I find your negative stance towards FOSS as pretty closed minded... theres only so much he can talk about in an article and on a comments section. I suggest you go and do some research and even a POC and see for yourself what benefits can be achieved from this. Myself coming from a 2000+ user based FOSS enterprise in banking...

Dave Lane

9

Thanks again for the challenges, Samual. Regarding my understanding of enterprise needs, you'll just have to ask my former customers (I no longer actively do Windows or Linux support, but did for 15 years).

Regarding your other challenge, I never said Linux was immune to viruses or malware (no software can "secure" especially if it's connected to a network and has users), I just said you don't need anti-virus. If you read the reference you sent me, you'll find that the author agrees. (That said, the post you cite was written in 2009, and that's an eternity in the FOSS world - posts like that insprire FOSS developers to fix problems like those identified.)

As a counter challenge, I gather you're sceptical of FOSS in an enterprise environment, particularly regarding security. There are certainly some challenges in making a transition to FOSS, for users who have to accept some change, but particularly for IT pros who may only have Microsoft experience. That said, how can an IT technician, in good conscience, encourage Win XP refugees to adopt Win 7, 8/8.1 in light of not only ongoing technological security vulnerabilities, but worse: known, active, and Microsoft-introduced backdoors for the NSA (and probably, given NSA's record for secrecy, also the Chinese among others): http://www.theregister.co.uk/2013/11/19/oz_gov_sysadmins_asleep_at_the_wheel

FOSS is far less corruptable, because of scrutiny and the incentives involved: http://falkvinge.net/2013/11/17/nsa-asked-linus-torvalds-to-install-backdoors-into-gnulinux/

enough already

10

now the NSA have backdoors into Windows ... now that's just plains scaremongering!!

Dave Lane

11

What makes you think they don't "enough already" - you place your trust in a multinational corporation for whom profit is the *only* priority?

A year ago, anyone suggesting the level of NSA (and other 5 Eyes) snooping would've been labelled a conspiracy theorist and laughed off. But now we have every indication it's happening, and is worse than we ever thought. I hope you're right, but I suspect you're being painfully naive if you think it's not there. Unfortunately, because it's proprietary software, we can't be sure either way (even if Microsoft show us their code, they won't let us build it for ourselves, so we can't ever know for sure).

Remember, we've shunned Huawei networking technology in most of the western world on the same basis. What's good for the goose...

Comments are now closed

Full speed ahead as Kiwi firm bags Queensland Rail contract

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]