Linux on the Desktop at work and worth it - TechRepublic
General discussion
January 3, 2005 at 07:41 AM
david mohring

Linux on the Desktop at work and worth it

by david mohring . Updated 21 years, 5 months ago

This post is in response to the various naysayers in these forums who say Linux on the business desktop is either not possible or not worth it.

See
http://itheresies.blogspot.com/2004_04_01_itheresies_archive.html

* The Forces

Like many organizations around the world, the two former organizations that employed me suffered major blowouts in their IT budgets leading up to Y2K. As a result, the IT upgrades in 1998/1999 were expected to last five or six years after 2000. Windows 98SE was the latest stable platform available 1999. Keeping to budget and upgrading all the desktop *hardware* for Win2K and then XP would be difficult if not impossible.

After careful deliberation, the management at the larger organization decided to use some of its existing tech savy IT staff to evaluate Linux on the desktop as a stop gap measure and as a replacement for some of the desktops during the next upgrade round.

Neither organization operates in the IT industry and both prefer not to face direct scrutiny or suffer the hordes of Microsoft salesdroids who magically appear at the doorstep of any company publicizing Linux deployments. So both shall remain nameless for now.

* The Effort

Over the last four years I have deployed and supported almost ninety Linux desktops at my former employer. Not all of the desktops are running Linux, they still have around the same number of Win98 machines, half of which are scheduled for replacement with Linux ( either Xandros, Suse or a custom version of Fedora/Redhat ) in 2005/6. The other half will be upgraded to join the small number of current Win2K desktops and laptops.

We started out with a combination of Redhat 6.2 and Ximian Gnome. This was limited to call center and data entry. Later we put StarOffice/Linux a number of desktops for people who do not deal with incoming and outgoing Microsoft Office document formats on a regular basis.

It was a major effort. Two years ago, they could not have done it without serous expertise from the existing Unix administrators and knowledgeable folks such as myself. For example, it took myself around three weeks of hacking around with Redhat 8 to get it to the point where everything just worked and only the required functionality was exposed to the user.

* The Steps

First of all, on all PCs, Netscape ( and later Mozilla ) replaced Microsoft IE and Outlook, and since all the enterprise systems used web based interfaces, on Linux it looks very similar.

They started deploying some of the desktops HD partitions using Norton Ghost. Later they just created a small rescue partition hosting customized Linux system, that once installed, performed the same task. The administrator can set the default in the grub configure file for the next reboot. A second VFAT partition is kept on Win98 and dual boot systems. This is not overwritten by default and provides a persistent local file system.

Although they have chosen to deploy Linux using the traditional thick desktop/workstation model, they use a spare server that operates as an X11 application server. This is used on a regular basis by the helpdesk, IT support and a few Windows users that access both windows and remote X Linux. The rescue partition, that can be also network booted via PXE, is based on the Linux Terminal Server Project ( http://www.ltsp.org/ ). During an install or if a security violation is detected, the user of the desktop is booted into Linux thin client, and can access all their files though the Application server. Forensic examination, repairs and installs can take place in the background while the person uses the thin client.

Some individuals like to download and install software, either in the local filesystem or home directories, and get annoyed when the installed software is erased or overwritten. Unauthorized software installs remain a major problem in terms of both security and licensing. For those users we offered a choice, either stop installing software or buy and provision their own laptop with a loan from the organization. The individual owns the laptop but can only access the internal network if they allow the IT department to inspect the laptop on a regular basis.

We focused on getting the SAMBA services and NFS working correctly. Using pam the users have the same user name and password for each platform.

Each users networked Linux home directory contains a subdirectory that holds the SAMBA’ed share of the users networked Windows desktop and “My Documents”. Any person can log in to either Linux or Windows and find their files with ease. In the same way, similar desktop icon/start menu entries and links to enterprise applications and directories on are on both Microsoft and Linux users desktop.

We handled peoples transitions from Windows to Linux in small groups. In each department, we targeted the friendly tech savvy users, some who were surprisingly quick learners, and set them up first. It’s easier for people to turn to the tech savvy person at the next desk with questions than to call up the helpdesk. Once people were shown the Linux desktops in action, there was less resistance than expected. We never tried to force anyone to make the shift. Those who personally invested in complex scripted Microsoft Excel or Powerpoint documents remain free to run Microsoft Office and OpenOffice side by side on Win98se or Win2k. At least one of the scripting gurus has begun to build document scripting in OpenOffice, using Java.

Users in transition could dual boot either Linux or Win98. Later, some users could access a remote Linux desktop from Win98/Win2k using a Windows based X11-server. If a person had a problem, they could just boot or switch back into a familiar environment, and preferably log the problem with the helpdesk.

We deployed VNC on all platforms ( For Linux http://www.karlrunge.com/x11vnc/ ). All the user had to do was to call in to the helpdesk and click on “ShowDesk/OK” to let the support person see/access their desktop. This can be a surprisingly effective teaching tool. The user can follow the actions required to fix a problem, in the context the user is working in.

The transition from Microsoft Office98 to Staroffice/OpenOffice is difficult. At first we had to go though all the Office templates the targeted users needed and rewrote them for StarOffice. Before 1997, the organization relied on a few complex template macros in Microsoft Word 6. These were abandoned before 1998 because (a) the hassle required to upgrade them to each major release of Microsoft Office and (b) the number of macro virus the organization suffered despite keeping Norton Antivirus up to date twice a day. Instead of Macros and document embedded VB, a few documents are generated on the in house developed server in RTF format. Fortunately, with a little tweaking, these generated document were fully import compatible with Microsoft Office and OpenOffice.

In terms of user education, for day to day usage, most people did not find it that difficult or frightening a change from Microsoft Office to StarOffice/OpenOffice. Those who regularly designed complex layouts or Visual Basic based scripting just stuck with Microsoft Office.

The organization keeps Microsoft Office97/98 as the standard document formats, with StarOffice and now OpenOffice defaulting to saving in that format. A few internally used documents are now being stored in OpenOffice formats, as it is becoming the prefered format when the final document is shipped in Adobe PDF format.

Each department has a couple of accessible Win2k machines that run Microsoft’s Office2k and IE alongside Openoffice and Firefox. These are multimedia capable systems and serve as staff Internet access, plugin device compatibility and document conversion. All of these have network limited access to the servers. A public share on the file server is used to copy content from the normal desktops. This public share is scanned each time a file is added, and dispite the Win2k desktop having up to date antivirus protection, the server side scan still pick up a few cases of spyware/malware/worms. A large Linux partition contains a checksummed bit copy of the NTFS partition. Booting Linux on these systems sets up a background script that overwrites the NTFS partition from either the local copy or the file server.

The Payoffs

Since switching to Netscape Navigator in 1998, the organization has not been subjected to the multitude of scripted vulnerabilities that plague IE and Outlook users.

They have never suffered a successful incursion by any worm/virus/trojan malware on any of the Linux desktops. They run tripwire on the desktops and can perform remote inspections of processes. There is no need for any third party antivirus software on the Linux Desktops. They do use third party antivirus tools on the servers to scan the document directories and incoming and outgoing email.

In comparison to Win98,Win2k and XP, keeping the Linux desktops up to date is a breeze. We maintain a read-only NFS’ed public directory that, after testing, we drop RPMs packages into. A cron job on each desktop inspects the directory for new files and then runs yum and updates the system. We stagger the start times to prevent overloading the network or file server. In most cases, the update takes place entirely transparent to the user.

In terms of remote support, Linux Desktops blow Win9x to XP out of the water. Beside VNC users desktops, you can access the remote desktop though a ssh’ed command line, a web based interface (webmin), or use Xnest to access a separate instance of a desktop on the same machine. In all three of the latter cases, the access can be invisible to the user of the machine. The helpdesk can pass on the address to the support engineer who, with his laptop with VPN access, can track down problems literally anywhere in the world with an Internet connection.

Thick, slim or thin, Linux desktops are in. The organization is free to deploy future Linux desktops anyway they wish.

There is no part of this deployment of Linux which is Linux vendor dependent. With a little effort it could be translated to another Linux vendor’s platform or even a community based distribution such as Debian.

In my or the manager’s opinion, the result was well worth the combined effort of the IT management, support staff, and users.

* That was the hard way

The effort that we put into developing our own solutions with the Linux software of the day was a major undertaking. Today, we would not have to undertake anything close to that same effort.

Xandros Desktop Management Server (xDMS)
http://www.xandros.com/products/business/xdms/xdms_intro.html
Xandros’ xDMS is a close to turnkey solution for small organizations. When combined with their desktop offerings it does all that a small organization needs for the majority of its users.

Novell offers similar desktop management vary suitable for larger organizations
http://www.novell.com/products/desktop/index.html
You will find that organizations that currently deploy Novells directory services can very quickly deploy Linux along side.

Both above vendors require per seat licensing, and can lock the enterprise in at the IT management level. But both also offer many of the same advantages of Linux on the desktop for a fraction of the effort and inside knowledge required.

Is Linux in the desktop for everyone in the enterprise? Maybe not. But it’s a matter of when Linux will be ready, not if Linux will be ready.
But does that mean your organization should not be investigate deploying Linux on the desktop where it makes sense now? No! Start investigating where deploying Linux makes sense.
http://www.novell.com/coolsolutions/nld/features/a_linux_switch_nld.html

* Lastly

Do not trust everything Microsoft and its supporters say about Linux. They selectively deceive and outright lie.
http://www.novell.com/linux/truth/index.html
http://www.theregister.co.uk/2004/09/09/ms_capgemini_newham_report/print.html
http://www.theregister.co.uk/security/security_report_windows_vs_linux/
http://www.opensource.org/halloween/halloween11.html
http://www.eweek.com/article2/0,4149,1426514,00.asp

This discussion is locked

All Comments