-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Null Ack wrote: | Im not sure about the software distribution aspetcs and group policy? | | Im curious about this. What I see happening is Linux being used for | app / web / DB servers but not alot in infrastructure for desktops - | maybe it just the places Ive worked at. | | Thoughts?
I contract sysadmin to a number of all-Linux or majority-Linux studios, primarily dealing with visual effects, film, TV, etc. I've built a number of LDAP-based systems that deal with all of the things you describe there. Indeed, scripting these sorts of things is far easier than you'd expect. Single sign on is handled by LDAP. You can tie SASL and Samba in to this as well if you want to authenticate MacOSX and Windows from the same system. Kerberos sits over the top nicely as well if you need that too. Tools are available in APT to configure your LDAP server for Samba, and Apple have the necessary LDAP schemas on their developer website for free download (licensed under the APSL, which allows use in your network). Network level services can be pushed by DHCP (even NTP servers and whatnot can be taken from DHCP). LDAP plugs intoa lmost anything with ease - it doubles as authentication services for Wikis, OpenVPN, database access, websites, mail, etc, etc. SSH public/private key pairs gives you all the remote control you could want. From here you can set up deployment of anything (scripts, applications, config files, whatever) via whatever means you like. From as trivial as a simple BASH script that reads in a list of workstations (or reads in workstation names from DNS/DHCP config files to ensure sanity), to as complex as using any of the free dispatch management systems out there (DrQueue, Sun Grid Engine, etc). Many of my clients already use the latter for render farm management and job dispatching on their clusters, so leveraging the setup and extending it for software rollouts is easy. As others have mentioned, machines are installed easily by etherboot net installs. A single script then gets them set up for LDAP auth, mounts NFS home and production directories, installs the current working set of production software, and runs all available system updates via APT. Laid over the top, I install GOsa for onsite junior admins or helpdesk staff to easily deal with user management for all available operating systems (UNIX, Linux, MacOSX, Windows): https://oss.gonicus.de/labs/gosa/ It provides a simple web interface that talks to the backend LDAP servers. Customisability is near infinite. You can build your own wrapper scripts that extract configs stored in GOsa/LDAP and build your DNS zones, DHCP config files, IMAP/SMTP config and authenitcation, OpenVPN authn and authz, Asterisk/VOIP configs and routing, application-level configs, .profile and .bash_profile settings, etc, etc. The flexibility to tailor it all to your own network and workflow is huge. One thing that bugs me enormously about Windows (and no, I'm not some raving Windows hater - I was a senior Windows sysadmin for many years) is the total laxk of flexibility. You need to do things the Microsoft way, or not at all. All of the tools above allow you to either go with a simple/generic setup, or customise the system from head to toe for your business. The level of complexity is entirely up to you. Linux/UNIX has a long history of being far more easily automated than Windows. Terms like "group policy" and whatnot are fairly redundant under Linux, where multi-user setups and per-user/group access is assumed from the ground up, rather than as an afterthought addon. Windows has come from a history of single user setups, and is now playing in the multi-user space. Linux is the opposite, and as such is far easier to deal with on the desktop on an enterprise scale than most people realise. One mistake I see most people make is that they try to treat Linux like Windows. If they can't control it with AD via Group Policy Manager, they immediately write it off as "not enterprise desktop ready". However few seem to realise that setting up ssh keys and some simple BASH scripts gives you near unlimited remote control and config of any scale of network you can imaging. The biggest I've set up to date is 2000 users covering 30 separate locations across the whole of Australia. ~ And when you consider all 2000 users cost $0 in software (both client and server side), and only required 2 system administrators to manage all security, network config, system config and application level support, you can see just how ready for large scale managed networks the Linux desktop is. - -Dan -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFIbYUteFJDv0P9Qb8RAm2KAKCGLhdm5DGfay6Jl08I4T/ZwxuoygCfTJyt 24FiYbpUEmtHJdua/Z3KvbE= =UX9F -----END PGP SIGNATURE----- -- ubuntu-au mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-au
