Business Desktop proposal, Any takers???

[Darryl Moore]

Corey Burger wrote:
> Now, as for the rest:
> 
> A small business wants dependability. Everything else is kind of
> secondary. If you are trying to migrate desktops from an XP/Vista & AD
> environment to Ubuntu, here are the moving pieces you will need:
> 
> 1. An LDAP server. Ubuntu's preferred one is OpenLDAP (single
> sign-on). The big gotchas here are access to local devices. The old
> method was to use groups, the new method involves udev rules. Look
> this up or ask somebody.
> 

I've been using OpenLDAP for my home and test networks. It works great.
I honestly haven't put much thought into devices yet. Using groups would
certainly been the way I'd have thought. I'll have to put more thought
into this issue. Thanks.

> 2. A kerberos server (this allows seamless, password-less
> communication within the network)
> 

Yes, that has been my plan also. I still have not implemented it yet though.

> 3. A backup or NFS server. There are a number of different ways to
> deal with this. Be aware that if you run the whole home directory on
> NFS, GNOME will freeze if it loses its connect to the NFS server.
> Another option is rsync or unison, but that has the issue that it is
> done once per day, rather than all the time, plus users end up having
> diffent home folders and thus different settings on each machine they
> move to. Lastly, you could investigate using iFolder to hold some
> portion of a users home dir, either a specific folder ala dropbox or
> the whole home dir. I have never tried this, so buyer beware.
> 

I have set up a High Availabilty NFS server with DRBD running on two
machines. It works really well. LDAP, DNS and DHCP also require
redundency or the network is useless. Those services could all run
together on the same pair of machines.

I think centralized home directories is far preferable to rsyncing for a
great many reasons.

> Anything beyond that is pure gravy. A few other points:
> 
> 1. Stay away from default "in the cloud". A lot of businesses either
> will not or cannot put their data into the cloud, due to privacy
> concerns/laws. There is also the reliability issue.

That has been my thinking as well.


> 2. Avoid Asterisk like the plague, unless you are an expert. If you
> have to use it, avoid going to copper at any point. Trust me on this.

I'm not convinced yet. I have had no troubles setting up Asterisk
myself. Also a dedicated Asterisk machine could be imaged to a CD so
that if the machine where to go down, any other one could take over
simply by booting from the backup CD.


> 3. Be conservative. This means use an LTS release. They are tested and
> supported. You can piggy-back off all the contracts that Canonical has
> to support desktops/servers and the people that they have working on
> non-security fixes.

This makes a lot of sense.


> 4. Accept that maybe only a few desktops are going to move. Thus
> figure out how to auth to AD as well.
> 

Now this I don't agree with. It wont just be using AD for authorization.
It will also be having samba for file and printer sharing, and still
having to deal with viruses. If you do accept this, then you are giving
up a lot of the benefit of a Linux network. All you've really done is
add another network (Linux) to an existing Windows network. Increasing,
rather than decreasing the work involved to maintain it.

I think a better solution is to use VirtualBox or other VM package to
allow a handful of windows sessions to run off a server. The windows
sessions can be accessible from any Linux Desktop you want to allow, but
they can also be quarantined. I.E. SMB only runs on a virtual network
between the VM client and host; Windows get internet access to
updates.microsoft.com and no where else. This has other benefits as
well. For example, if the particular software they need access to is
tied to a dongle, then it is still accessable across the network as long
as that dongle is on the server.

If the potential customers have need for more than a small handful of
Windows computers, then I would say this solution is not a good fit for
them and they should stick with Microsoft.


> Lastly, avoid anything resembling a custom script as much as possible.
> It is highly likely that your problem is also somebody elses problem.
> If you really want to help Ubuntu on the desktop, start working with
> the global Ubuntu community on solving some of these issues. Jorge
> Castro, Canonical Upstream Developer Relations and a good friend, is a
> good place to start. He use to run a lot of Ubuntu using LTSP authing
> against AD at the Uni he used to work at.
> 


The scripts I have written so far have been largely based on what I've
found on the Ubuntu website for setting up LDAP, LTSP, DNS, etc....

Unfortunately none of those are presented on the Ubuntu site as scripts
instead they are presented as tutorials. Sometimes out of date tutorials.


I agree with your comment on Puppet. It looks very good, but at the same
times somewhat complicated. It has been my plan to use Puppet, but I'm
only just getting my head around it.



Does it make sense to start a small organization. Say the "Small
Business Linux Standards Group", write a detailed set of specifications,
then the scripts we need to take a standard Ubuntu install and add those
services and configurations to make it meet the spec? It wouldn't
necessarily just be for small business, but it would be a recognition
that small business and the IT consultants that support them, would be
the most likely ones to take advantage of it. As the group grows, and
bigger businesses start to pay attention (or the small businesses grow
into bigger ones) we can drop the "Small" in the name.