Linux Servers for Infrastructure
Null Ack
might have been done using Linux servers (Ubuntu). In this example the
desktops have to remain the approved XP SOE. To give an outline of the
environment:
* 1450 desktops running Windows XP on a SOE in three buildings
separated via fibre connections
* Beyond the SOE applications are packaged into MSI's and controlled
via group policy
* AD is used throughout
The services for the servers are:
* File serving over the fibre connection to the large replicated SANs
(there is two) that stores all data
* Authentication
* Software distribution for patches and MSI packages to be installed
into the desktops as allowed by group policy
* DNS
* Mail
* NTP
* Intranet and Internet web serving
* Print serving
* Monitoring and alert system
* Single sign on
* Security auditing of desktops
Two eight way servers (for scalability) were depoyed in seperate
physical locations and setup in a cluster for all services to allow
for online maintenance of one node. The servers had no internal
storage and they booted off a LUN in the SAN.
Im not sure about the software distribution aspetcs and group policy?
Im curious about this. What I see happening is Linux being used for
app / web / DB servers but not alot in infrastructure for desktops -
maybe it just the places Ive worked at.
Thoughts?
--
ubuntu-au mailing list
ubun...@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-au
Kim Hawtin
> Im reflecting on a infrastructure project I did recently and how this
> might have been done using Linux servers (Ubuntu). In this example the
> desktops have to remain the approved XP SOE. To give an outline of the
> environment:
>
> * 1450 desktops running Windows XP on a SOE in three buildings
> separated via fibre connections
You mean your WAN/internet connectivity by 'fibre' ?
> * Beyond the SOE applications are packaged into MSI's and controlled
> via group policy
A single decent terminal server with apps managed in one location.
Linux desktop with rDesktop clients...
> * AD is used throughout
use LDAP/802.1X/Radius/DHCP/Dynamic DNS ; see below
> The services for the servers are:
>
> * File serving over the fibre connection to the large replicated SANs
> (there is two) that stores all data
We use Samba sharing via CIFS connected via SAN to our Arrays.
Last count we're exporting 20TB in different file systems to thousands of users.
> * Authentication
You can use LDAP(OpenLDAP or Fedora Directory Server), with Radius (FreeRadius)
connecting back via PAM on linux servers and desktops.
> * Software distribution for patches and MSI packages to be installed
> into the desktops as allowed by group policy
hmmm windows desktop land ... no idea.
> * DNS
Bind 9.3
Exim 4 or Sendmail 9.*
> * NTP
ISC NTPd
> * Intranet and Internet web serving
Apache 2, what ever apps you had in mind,
your CMS could be Zope 3
or any number of other CMS tools, there are too many to mention.
> * Print serving
Samba + CUPS + ((pykota + ldap or mysql ) for print quota)
> * Monitoring and alert system
Nagios or Groundwork
> * Single sign on
LDAP + PAM
> * Security auditing of desktops
> Two eight way servers (for scalability) were depoyed in seperate
> physical locations and setup in a cluster for all services to allow
> for online maintenance of one node. The servers had no internal
> storage and they booted off a LUN in the SAN.
Only two?
We do similar SAN boot from Blades.
> Im not sure about the software distribution aspetcs and group policy?
You could run Ubuntu server, or Centos if you were averse to paying for
you linux distro or go the whole hog and do the Redhat thing and get support.
We have ~150 Redhat servers and use Satellite to roll out
updates/security/patches/config
> Im curious about this. What I see happening is Linux being used for
> app / web / DB servers but not alot in infrastructure for desktops -
> maybe it just the places Ive worked at.
Linux excels at internet facing services. It is creeping into the desktop
space. We've deployed 250 Redhat desktops in the last year and then the
server infrastructure to support them.
> Thoughts?
many ... where do you want to start ;)
cheers,
Kim
--
Operating Systems, Services and Operations
Information Technology Services, The University of Adelaide
kim.h...@adelaide.edu.au
Dave Hall
Can I start by asking that you use your real name when posting to this
list. I think it is polite for us to be able to identify you properly.
On Fri, 2008-07-04 at 04:21 +1000, Null Ack wrote:
> Im reflecting on a infrastructure project I did recently and how this
> might have been done using Linux servers (Ubuntu). In this example the
> desktops have to remain the approved XP SOE. To give an outline of the
> environment:
...
> Im not sure about the software distribution aspetcs and group policy?
Last year I was working at SGI on their NAS product. I was involved in
adding HA support to it. These systems can support petabytes of data,
if your budget can. Most network services running under Linux support
distribution/replication/fail over.
Samba 4 will offer native support for AD and group policy. AFAIK
packaging up MSIs is pretty easy on a Windows desktop, but debs are
easier :P
> Im curious about this. What I see happening is Linux being used for
> app / web / DB servers but not alot in infrastructure for desktops -
> maybe it just the places Ive worked at.
I think you will find it is the places you have worked. For example,
yesterday I was contacted to discuss an Australian based ubuntu desktop
roll out project involving thousands of desktop and no, I can't provide
more info at this stage. The client already runs a Linux based back
office with some desktops tux powered.
Cheers
Dave
Morgan Storey
Using PXE and a customised image you could network boot and install all the machines as well, same as MS's RIS or WDS.
you could stay with AD if you want or move to straight LDAP as others have said. I have done deployments of Linux Workstations into an already established AD domain. The first one is hard, but once it is done, I had made some scripts to do the rest, 15 minutes to manually deploy a workstation, but PXE boot would take that to 15minutes install time but no interaction.
Regards
Morgan Storey,A+, MCSE:Security.
Senior Network and Security Consultant.
Daniel Mons
Hash: SHA1
Null Ack wrote:
| Im not sure about the software distribution aspetcs and group policy?
|
| Im curious about this. What I see happening is Linux being used for
| app / web / DB servers but not alot in infrastructure for desktops -
| maybe it just the places Ive worked at.
|
| Thoughts?
I contract sysadmin to a number of all-Linux or majority-Linux studios,
primarily dealing with visual effects, film, TV, etc.
I've built a number of LDAP-based systems that deal with all of the
things you describe there. Indeed, scripting these sorts of things is
far easier than you'd expect.
Single sign on is handled by LDAP. You can tie SASL and Samba in to
this as well if you want to authenticate MacOSX and Windows from the
same system. Kerberos sits over the top nicely as well if you need that
too. Tools are available in APT to configure your LDAP server for
Samba, and Apple have the necessary LDAP schemas on their developer
website for free download (licensed under the APSL, which allows use in
your network). Network level services can be pushed by DHCP (even NTP
servers and whatnot can be taken from DHCP). LDAP plugs intoa lmost
anything with ease - it doubles as authentication services for Wikis,
OpenVPN, database access, websites, mail, etc, etc.
SSH public/private key pairs gives you all the remote control you could
want. From here you can set up deployment of anything (scripts,
applications, config files, whatever) via whatever means you like. From
as trivial as a simple BASH script that reads in a list of workstations
(or reads in workstation names from DNS/DHCP config files to ensure
sanity), to as complex as using any of the free dispatch management
systems out there (DrQueue, Sun Grid Engine, etc). Many of my clients
already use the latter for render farm management and job dispatching on
their clusters, so leveraging the setup and extending it for software
rollouts is easy.
As others have mentioned, machines are installed easily by etherboot net
installs. A single script then gets them set up for LDAP auth, mounts
NFS home and production directories, installs the current working set of
production software, and runs all available system updates via APT.
Laid over the top, I install GOsa for onsite junior admins or helpdesk
staff to easily deal with user management for all available operating
systems (UNIX, Linux, MacOSX, Windows):
https://oss.gonicus.de/labs/gosa/
It provides a simple web interface that talks to the backend LDAP servers.
Customisability is near infinite. You can build your own wrapper
scripts that extract configs stored in GOsa/LDAP and build your DNS
zones, DHCP config files, IMAP/SMTP config and authenitcation, OpenVPN
authn and authz, Asterisk/VOIP configs and routing, application-level
configs, .profile and .bash_profile settings, etc, etc. The flexibility
to tailor it all to your own network and workflow is huge.
One thing that bugs me enormously about Windows (and no, I'm not some
raving Windows hater - I was a senior Windows sysadmin for many years)
is the total laxk of flexibility. You need to do things the Microsoft
way, or not at all. All of the tools above allow you to either go with
a simple/generic setup, or customise the system from head to toe for
your business. The level of complexity is entirely up to you.
Linux/UNIX has a long history of being far more easily automated than
Windows. Terms like "group policy" and whatnot are fairly redundant
under Linux, where multi-user setups and per-user/group access is
assumed from the ground up, rather than as an afterthought addon.
Windows has come from a history of single user setups, and is now
playing in the multi-user space. Linux is the opposite, and as such is
far easier to deal with on the desktop on an enterprise scale than most
people realise.
One mistake I see most people make is that they try to treat Linux like
Windows. If they can't control it with AD via Group Policy Manager,
they immediately write it off as "not enterprise desktop ready".
However few seem to realise that setting up ssh keys and some simple
BASH scripts gives you near unlimited remote control and config of any
scale of network you can imaging. The biggest I've set up to date is
2000 users covering 30 separate locations across the whole of Australia.
~ And when you consider all 2000 users cost $0 in software (both client
and server side), and only required 2 system administrators to manage
all security, network config, system config and application level
support, you can see just how ready for large scale managed networks the
Linux desktop is.
- -Dan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFIbYUteFJDv0P9Qb8RAm2KAKCGLhdm5DGfay6Jl08I4T/ZwxuoygCfTJyt
24FiYbpUEmtHJdua/Z3KvbE=
=UX9F
-----END PGP SIGNATURE-----
Slawek Drabot
Error message:
This kernel requires the following features not present on the CPU: 0:0
Unable to boot - please use a kernel appropriate for your CPU.
any insights into the error code "0:0"?
I'm guessing it has to do with math emulation and fpu emulation being required in the PXE image. Been looking for instructions on how to build a bootable image for PXE (onto an LTSP server) where I can enable both emulations but nothing simple enough for me to understand thus far.
Any help appreciated.
"You can just use cron-apt and your own apt-repo to deploy applications and
manage updates, like Microsofts SMS but better.
Using PXE and a customised image you could network boot and install all the
machines as well, same as MS's RIS or WDS."
Daniel Mons
Hash: SHA1
Slawek Drabot wrote:
| I'm trying to PXE boot a thin client that has a Vortex86SX processor
(no math co processor or fpu)
|
| Error message:
| This kernel requires the following features not present on the CPU: 0:0
| Unable to boot - please use a kernel appropriate for your CPU.
Which kernel are you using? The "linux-image-generic" kernel supplied
with Ubuntu requires a 686 equivalent processor (first appearing with
the "Pentium Pro" CPUs).
You might need to switch to the "linux-image-386" for support on your
processor.
- -Dan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFIby2teFJDv0P9Qb8RAgndAJ9WGwtI40C3PQmvkqXLjVdLJQ0nuwCdFPs6
nvHUC+ZyvkUqgm97d7s8ttQ=
=OmQe
-----END PGP SIGNATURE-----
Null Ack
more of an in depth understanding from a forum post I did here:
http://ubuntuforums.org/showthread.php?t=848194
It would be great if you shared your views on that
I thought there was a generic 386 only, other than the AMD64, server
kernels, IA build etcetc
Thanks again
2008/7/5 Daniel Mons <danie...@iinet.net.au>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>