Linux optimize

DIY: Replace a Windows Server with open source software to save money

Clients could save a lot of money by opting for open source solutions instead of Microsoft Windows Server. Jack Wallen discusses what is necessary to make this replacement.

During a recent conversation with a field engineer about a client who needed to replace their server, we discussed how the client was going to have a heart attack when he discovered how much the replacement was going to cost. The hardware cost was doable; the cost of the Client Access Licenses (CALs) is what would send the client into fibrillation. It didn't seem to matter which way the client went with the CALs, the cost was going to be astronomical ($30,000+). Fortunately for the client, he had the budget for the server and the CALs, so he went with that particular setup.

This particular client was not interested in an alternative solution, but the discussion lead to me talking about how clients could replace a Microsoft Windows Server environment with open source software. I know it is also possible to replace the Windows Server platform with a Linux platform like Red Hat Enterprise Linux, but the goal in DIY projects is to save serious cash, and with Red Hat Enterprise Linux, there will be a bigger cost than just the hardware. I'll explain what would be necessary to replace the Microsoft Windows Server platform with a Linux platform that could serve almost any need Windows Server could possibly fulfill.

Platform OS

For a server OS, I highly recommend CentOS, a free enterprise-grade Linux operating system. CentOS is based on the code from Red Hat Enterprise Linux and is 100% binary compatible with the Red Hat release.

Authentication

The Linux platform does not have an Active Directory; it does, however, have the system Active Directory was based on -- Lightweight Directory Access Protocol (LDAP). LDAP is a protocol for reading/editing directories over a network. This allows for such things as user authentication and records storage. When LDAP is set up properly, it can serve a business in a similar way that Active Directory does. Although LDAP is not the easiest system to get up and running, once you get it up and running, the service is solid and reliable.

Related resource: Five tips for managing your LDAP data.

DNS

The BIND name system is the most commonly used DNS system. Unlike LDAP, BIND is fairly straightforward to install and configure. It can be installed and configured in about six easy steps, so this portion of getting the Windows Server replacement shouldn't be much trouble. If you are sticking with CentOS as the platform, the installation and configuration of BIND will be even easier.

Web server

When using the Linux OS as a server platform, Apache is the web server of choice. Apache is incredibly reliable and scalable, and it's also amazingly simple to install on any platform. In fact, the installation of a full-blown Linux, Apache, MySQL, PHP (LAMP) server can be completed (once the Linux part is done) with the command tasksel. (The tasksel command only applies to Ubuntu and Ubuntu-derivative distributions. For the installation of Apache on CentOS, more than one command is necessary to install constituent pieces.)

Related resource: Quickly Install a LAMP server on Ubuntu.

Email server

For the longest time, Sendmail was the de facto standard for a Linux email server until it wound up being overly complicated and insecure. Postfix took its place. Postfix might be the easiest to install and configure email server available. It's also easy to manage, and it integrates well into many groupware servers.

Related resource: DIY: Email server on a shoestring budget.

Groupware server

A replacement for Microsoft Exchange will be necessary; the good news is there are plenty of groupware servers available for Linux. There is the incredibly powerful (but costly) Zimbra, and there is the free (and open source) EGroupware.There is also the Community edition of Open-Xchange, which offers numerous plugins to extend the functionality of the server. Most Linux groupware servers will add to the Linux server Exchange-like functionality (some come closer to mimicking the Exchange functions than others).

Related resources: DIY IT: Groupware on a shoestring budget, Installation guide for eGroupware on Ubuntu Server, and SolutionBase: Build an open source groupware solution with eGroupWare.

DHCP

The CentOS distribution should have everything necessary for a functioning DHCP server by default. The only necessary configuration changes will be in the /etc/dhcpd.conf. Once you make the fairly simple changes, the DHCP server is simple to restart. As with any good server, the DHCP configuration for the Linux DHCP server can set up some very complex networks. This will be dictated by the needs of the network.

File server

For file serving, Samba will be the server of choice. Although some might say that the Samba server is too challenging to configure, the latest combination of Samba and either GNOME or KDE (in the case of CentOS, GNOME), the sharing out of files with Samba is incredibly simple.

Related resource: 10 ways to make your Samba life easier.

Putting it all together

Now all you need to do is put all of these pieces of the puzzle together. In future DIY posts, I'll show you how to lay the pieces over a CentOS installation to create a fully-functioning replacement for a Windows Server environment.

About

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.

24 comments
segnix
segnix

Very nice article, but they nevere release de DIY guide?, i wnat to test this, but i dont know how to do it, since i am a windows envorimient IT, can someone help me to find more details about this?, thanks

HereInOz
HereInOz

The client then tells you, after 12 months or so, that his business is moving to this new application, which will enhance his operations, and it needs to be installed on the server, and it runs with an MS-SQL database, and it is installed with a .exe file. That is the real roadblock here - server based apps which will only run on a Windows server. I work with small accounting firms (10 - 20 people), and every one of them runs Windows server based applications. As much as I like the idea of moving them to Linux, it is not going to happen while ever their software suppliers demand Windows. Happy to hear of a way around this one.

smclellan
smclellan

I am surprised to see that no one has mentioned ClearOS (http://www.clearfoundation.com/). While there is a charge for support, the software is free of charge. I believe that it is based on RH as well meaning that if you have a grasp on RH and the supporting software installed you could forego the cost of support packages. It's not perfect, but it does provide an easy to use web gui for administering nearly every aspect of the system. It can also be implemented as nearly transparent to end users.

ddreibelbies
ddreibelbies

Here where I am employed, we really wished to try this process. However, most ERP systems really rely heavily on MS products. How does a business needing an ERP solution escape this? We had explored open source ERP systems. However, none seem to provide the comprehensive solution needed. Hence, we become still more dependent upon Microsoft. I would certainly be pleased to end this financial bleeding in licensing fees.

lefty.crupps
lefty.crupps

> Now all you need to do is put all of these pieces of the puzzle together. In future > DIY posts, I???ll show you how to lay the pieces over a CentOS installation to create > a fully-functioning replacement for a Windows Server environment. Please please make these informative articles Comprehensive, down to the keystroke. I hate HowTos that expect the user to know everything. While I am pretty qualified, there are always things that I see which I don't know; a Windows admin who wants to use these guides is going to be even more lost than most of us. And, please make the HowTos reflect redundant setups. How to make LDAP data replicate between two (or more) machines? DNS? Email servers with different MX priorities? The basic setups are one thing but if you're promoting replacing a whole server stack in the back room, there are likely going to be needs for redundant setups.

bjswm
bjswm

First you recommend CentOS, and then tell us that LAMP can be setup with a single command in Ubuntu. This is irrelevantly misleading. Look, if you are selling CentOS, don't throw in something else, tell us what works with CentOS.

Tony Hopkinson
Tony Hopkinson

environments. The cost of moving everything that uses the server and only 'knows' windows could make 30k look like chump change. Got to look at the real costs, everything from training to disrupting operations, which could be turning teh server off and on, to open office doesn't understand the macros in my spreadsheet, to where are the log files.... Not saying it can't or shouldn't be done, but please don't sell it based on linux is free as in beer, you can be shot down way too easy.

CharlieSpencer
CharlieSpencer

Which is one of the reasons to spend that serious cash on RHEL. Aren't companies without large IT budgets the ones most likely to need assistance? Surely we're not still preaching the 'support via web community' as the support model for businesses? If saving money is the goal, wouldn't a small business be better served by looking at Internet-based (so-called 'cloud') services? Most ISPs can provide a lot of these services, and you're going to have to pay one of them anyway.

Jaqui
Jaqui

yup, GNOME Evolution server / client is supposed to be a groupware kit. so why not include it as an option. why Samba? why not NFS? and you missed many other excellent options for many things in that list.: Apache Software Foundation's httpd server [ what you called Apache ] can do authentication, via 6 different mechanisms. It can proxy to Apache Software Foundations TomKat Application Server for java apps, it can be used for a file server, ... [ the old vi > emacs line I have an os I don't need another one could almost be applied to it ] Then there are at least 6 different directory / file server options. Radiius authentication [ HTTPD can use this ] heck, you could automate a repo checkout and use cvs or subversion to push out files for the file/directory serving [ not meant for it, but it could work. ] which would even give to version control of the files used in the business operations. [ hmm and the "nightly tarball" would be a dead simple backup of the data for that requirement. ;) it's not just what a distro, or even you or I think is the best tool, it's what actually will work best for the business itself that should decide what is used.

Realvdude
Realvdude

I ask because it seems that you have a preference to a particular Linux distro depending on the server purpose. As a smaller company, we have a single MS 2000 SBS server as a "do all" server, including Exchange and SQL. We have a second server for IIS/SQL for a client application. Obviously it's time to replace the server, though it seems there is not a near turnkey open source solution for migration; not that MS has one for us either. Thanks for the info, and looking forward to more information in the comments.

Neon Samurai
Neon Samurai

I started with the postfix/dovecot/procmail/sasl combination and have since moved to Courier for MTA and connectivity. Postfix seems a very conveluted configuration by comparison to courier and having to wire in sasl all the time was a nightmare. I'd recommend considering Courier if doing a mail setup. postfix/procmail/dovcot/sasl - the traditional way to do things. it can be very light weight but can also be a pain to deal with config wise; especially with sasl in the mix. Exim - seems to be the new prefered default but far from my own preferences. Courier - a great blance of managability and light weight. config makes sense and courierwebadmin does a great job if you need a GUI front end for the config. My preference currently. Citadel - this one is very interesting though on the automagical-does-everything side of the fence. If you want GUI management, simple spamassassin/clamd integration and all the mail related expected services in one package; well, in the word's of Doc Holiday "I'll be your Huckleberry" (with finger tapping his pistol but). My dream team setup for a dedicated groupware box would be this: - Citadel - for mail management and Administrator's groupware area (not open the browser interface up to regular users). You get a seporate calendar, todo, IM chat between admins.. very intersting. - Egroupware - for regular user groupware providing standard calendar, todo, project management, file sharing and the rest of it. Groupware user accounts reside in Egroupware's database, email accounts reside in Citidel's database and the only system level user accounts are the minimum required. The problem though is that imap is not stanard across mail servers. It seems they all have there own flavour of imap and Citadel's protocol flavor does not work with Egroupware. I was stunned to run into this blatantly stupid limitation which is why I do Egroupware on top of Courier instead. Which brings us to Egroupware. It's lovely and the Debian native repository provided keeps your Deb boxes up to date with the latest version which I thank the folks for doing. The problems I find with it though; calendar management can be fiddly. Responsability for what could be better managed by the groupware is left to the user; add events as user, view calendars as group. It's far to easy to make a mess of the calendar due to how users and groups are display when trying to emulate a shared calendar. Syncronization is also sadly lacking. Egroupware provides xml and ical sync methods but I'll be damned if I can get osX apps to sync directly to my egroupware at home, Kontact is 75% there but still fiddly and I won't even bother discussion how Evolution does. Outlook will require a proprietary software purchase before it'll talk to Egroupware so I can't comment on how well it actually works once baught and installed. In the end, I use Kontact for fetching email and viewing other information but use the browser if I'm going to do anything productive with Egroupware and it's useless for the osX user in the house as she's not taking the extra step of opening a browser or getting any interoperability from the osX native apps. Boooo! (this may be more to do with the app developers than egroupeware developers but it's still limiting) And Samba.. that little thing needs to die or be properly updated more frequently. Ideally I'd like to see non-CIFS options in Windows for network storage. I'm still seeing consistent "resource unavailable" errors from mount.cifs which present as "password incorrect" errors in Dolphin and smb4k when neither error is true. And here's the kicker, a second machine built from the exact same package list and config script; works just fine. The inability to get a proper logging of the error details combined with the blatant inconsistancy between duplicate machines; Samba needs to be taken behind the barn and shot in the face. (sadly, it remains a requirement if you deal with Windows machines though) So, mail servers; consider Courier if Postfix gives you grief even if it means diverging from tradition. Groupware; be sure to confirm that it interoperates and syncs with your client applications unless your going to make browsers the standard interface. Samba; Baud how I wish someone would fix that misserable pile of steaming cow patty. Oh, and LDAP. Other than the complexity of setup I hear about, my only issue there would be the lack of extended controls. MS-LDAP claims to be able to fully config my client nodes (and mostly does so) but non-MS LDAP is going to only provide authentication isn't it? This one I put mostly on the shoulder's of the Windows distribution maintainer and the intended design to only work well with that same vendor's brand of LDAP but it's still something to keep in mind. Hm.. maybe I should do a CentOS install and see how much of my grief is caused by Debian versus the comodity components.

Alpha_Dog
Alpha_Dog

Started 5 years ago and was completed 2 years later. Never looked back. The last 3 years have been trouble free with the exception of hardware issues.

Jaqui
Jaqui

he's selling the idea of Linux, not a specific distro. yes, he should have linked to centos example for the install. [ su [ENTER] ($admin_password)[ENTER] rpmi phpmyadmin*[ENTER] { follow prompts } exit [ENTER] exit{ENTER] { twice to close terminal window } ] *used as example package, not likely the way it is in their repository. that one package will force via dependency resolution, Apache, Mysql, PHP to be installed. so it completely sets the lamp stack up by installing it.

Alpha_Dog
Alpha_Dog

...have you ever called Microsoft, Red Hat, or any other major company for support? My experience is that this course of action is a waste of time, and you can generally find a Linux geek to support you locally for a fair price. The upshot is a personal relationship with a tech and supporting your local economy. Everyone worth talking about has extensive guides and a support forum that do not cost money, and this source will usually solve the issue before you get off hold on the support call.

Jaqui
Jaqui

399 us for the basic level package from Red Hat. [ dual socket server, 1 virtual guest install, self support ] 799 for their extended support [ 3 years of updates and tech support ] if you get into the larger business requirements, it's getting pricey, they doing the same barbaric pricing style as oracle and microsoft, charging extra for extra sockets. mandriva, their prices are euros, 299 euros for their server version. 599 gets you 3 years support but the crazy thing is, for Mandriva at least, their "powerpack" desktop version for 49 euros gets you exactly what you need. server software, desktop software, and the support from Mandriva. [ 69 euros gets you the support subscription, which is the 2 next releases of the distro. ] then the maintenance subscription, which is 3 years of updates and bugfixes etc. for 69 euros right now, normally 165.59 euros. [ better to wait until sale ends, when the next release happens, get longest support that way ] Suse is actually a better price range Per Server Subscription - 1 Year Basic Support - $349.00 Per Server Subscription - 1 Year Standard Support - $799.00 Per Server Subscription - 1 Year Priority Support - $1,499.00 note, that is SERVER not SOCKET, makes Suse half the cost of Red Hat.

Neon Samurai
Neon Samurai

NFS isn't well supported by Windows but may be fine if your only working with *nix clients. personally, my NAS didn't provide great NFS options; I think security was lacking a and encryption was a no-go. I think the latest NFS improves on this or is due to but we'll see. Evolution Server could be interesting; I didn't know it had a branded server side component. The question is, does the server side require a GUI installed or does it run as a stand alone daemon and/or a browser front end? SVN hosted config files is rather interesting. That is somethign I have to look at to see if it makes more sense than sed/echo and prefab config files copied from my build scripts into relevant locations.

Alpha_Dog
Alpha_Dog

I have had excellent results from CentOS as well as Ubuntu Server in replacing any Windows server role with the exception of BDC, though this is a pretty depreciated role these days. Want a mail server? install Ubuntu 10.10 server, then apt-get citadel mail server. Get updated to the OS while you are at it. Configure the server to work like you want it to (web configuration), and you are ready to begin importing the mail stores. If the process took you more than 30 minutes to this point with modern hardware, you probably took lunch expecting a 2-4 hour installation. Once the mail stores import, and you check the user list for sanity, you are done. Odds are you have time to look at the other parts of the windows infrastructure with a critical eye.

Jaqui
Jaqui

CENTOS [ Community ENterprise Operating System ] is literally a GNU-GPL leveraged version of Red Hat Enterprise Linux, which is and always has been the gold standard for business use distros. :/ and CENTOS is 100% free of cost [ unless you choose to donate to the project ] I wouldn't recommend using Cannonical's Ubuntu/Kubuntu .... or the respins, but any other distro would work fairly well. the cli tools are the same across distros, the differences tend to be gui tool kits. [ and really, why use server cpu cycles for a gui when they are better used doing the serving you need? ]

Justin James
Justin James

In all honesty, every time I take a look at the mail situation on *Nix, it seems to either be a royal hassle (or maintenance nightmare... don't get me started on my qmail setup...) or involve a pricey package like Zimbra or Scallix. :( J.Ja

Jaqui
Jaqui

it's the core of the evolution groupware, and actually is a required part for a fair bit of gnome software. it doesn't depend on a gui itself, but it is designed to integrate into gnome. not just config files in a version control how about all the letters, reports etc you have for the daily business operations? using a login time checkout to get latest versions, and an auto checkin at logout as well might be a pain to script, but it would give you a central location with ALL relevant files easily backed up for safekeeping. and a tarball [ zip archive, rar archive, whatever is picked ] is less dependent on a specific toolkit to restore if needed. and yeah, NFS isn't well supported, by windows, there are other options also. just picked NFS as an example.

Alpha_Dog
Alpha_Dog

Citadel vs. Exchange? 20 min vs. 20 hours. Neither was fun, but the Ubuntu Citadel install allowed me to move on to something fun much quicker.

rmerchberger
rmerchberger

I've been using qmail for 15 years (ever meddle with a sendmail.cf file??? Blech!); and if _all_ you need is basic, stable "Mail goes where it's supposed to" it's the best. My issue with qmail isn't with qmail -- it's with spam & it's associated filters... I eventually wrote my own spam filters which worked well, but did take a lot of maintenance. Mind you, I don't use calendars, groupware, etc. When you bring those into the mix, there are much better packages that need to be considered.

Neon Samurai
Neon Samurai

A week with five of the mail setups taught me quite a bit. More recently, I also had a head scratching hour with Courier when setting up hosted domains; it ended with a "well duh" moment making hosted domains and user aliases a no brainer. Granted, I've not set it up against a databse user list so if your going that route I can guess at some of the issues. With Citadel, it was just the odd imap implementation that refused to work with Egroupware. They are both competitive products outside of the mail transport though too but I'd still not complain if that was fixed. Have you had grief with either of them specifically or have you mostly had other MTA to work with?

lefty.crupps
lefty.crupps

> "Mail goes where it's supposed to" My issue is exactly with QMail and it not getting emails where they need to go. A client has QMail and any recieving domain with an MX record over 512 KB makes QMail give up on its delivery. Their recommended fix? Install a different DNS resolver stack on the server. Not going to happen; qmail support is difficult enough and replacing other standard components isn't going to help me nor this company. Replacing QMail would, however.