General discussion

Locked

Linux on the Desktop at work and worth it

By David Mohring ·
This post is in response to the various naysayers in these forums who say Linux on the business desktop is either not possible or not worth it.

See
http://itheresies.blogspot.com/2004_04_01_itheresies_archive.html

* The Forces

Like many organizations around the world, the two former organizations that employed me suffered major blowouts in their IT budgets leading up to Y2K. As a result, the IT upgrades in 1998/1999 were expected to last five or six years after 2000. Windows 98SE was the latest stable platform available 1999. Keeping to budget and upgrading all the desktop *hardware* for Win2K and then XP would be difficult if not impossible.

After careful deliberation, the management at the larger organization decided to use some of its existing tech savy IT staff to evaluate Linux on the desktop as a stop gap measure and as a replacement for some of the desktops during the next upgrade round.

Neither organization operates in the IT industry and both prefer not to face direct scrutiny or suffer the hordes of Microsoft salesdroids who magically appear at the doorstep of any company publicizing Linux deployments. So both shall remain nameless for now.

* The Effort

Over the last four years I have deployed and supported almost ninety Linux desktops at my former employer. Not all of the desktops are running Linux, they still have around the same number of Win98 machines, half of which are scheduled for replacement with Linux ( either Xandros, Suse or a custom version of Fedora/Redhat ) in 2005/6. The other half will be upgraded to join the small number of current Win2K desktops and laptops.

We started out with a combination of Redhat 6.2 and Ximian Gnome. This was limited to call center and data entry. Later we put StarOffice/Linux a number of desktops for people who do not deal with incoming and outgoing Microsoft Office document formats on a regular basis.

It was a major effort. Two years ago, they could not have done it without serous expertise from the existing Unix administrators and knowledgeable folks such as myself. For example, it took myself around three weeks of hacking around with Redhat 8 to get it to the point where everything just worked and only the required functionality was exposed to the user.

* The Steps

First of all, on all PCs, Netscape ( and later Mozilla ) replaced Microsoft IE and Outlook, and since all the enterprise systems used web based interfaces, on Linux it looks very similar.

They started deploying some of the desktops HD partitions using Norton Ghost. Later they just created a small rescue partition hosting customized Linux system, that once installed, performed the same task. The administrator can set the default in the grub configure file for the next reboot. A second VFAT partition is kept on Win98 and dual boot systems. This is not overwritten by default and provides a persistent local file system.

Although they have chosen to deploy Linux using the traditional thick desktop/workstation model, they use a spare server that operates as an X11 application server. This is used on a regular basis by the helpdesk, IT support and a few Windows users that access both windows and remote X Linux. The rescue partition, that can be also network booted via PXE, is based on the Linux Terminal Server Project ( http://www.ltsp.org/ ). During an install or if a security violation is detected, the user of the desktop is booted into Linux thin client, and can access all their files though the Application server. Forensic examination, repairs and installs can take place in the background while the person uses the thin client.

Some individuals like to download and install software, either in the local filesystem or home directories, and get annoyed when the installed software is erased or overwritten. Unauthorized software installs remain a major problem in terms of both security and licensing. For those users we offered a choice, either stop installing software or buy and provision their own laptop with a loan from the organization. The individual owns the laptop but can only access the internal network if they allow the IT department to inspect the laptop on a regular basis.

We focused on getting the SAMBA services and NFS working correctly. Using pam the users have the same user name and password for each platform.

Each users networked Linux home directory contains a subdirectory that holds the SAMBA'ed share of the users networked Windows desktop and "My Documents". Any person can log in to either Linux or Windows and find their files with ease. In the same way, similar desktop icon/start menu entries and links to enterprise applications and directories on are on both Microsoft and Linux users desktop.

We handled peoples transitions from Windows to Linux in small groups. In each department, we targeted the friendly tech savvy users, some who were surprisingly quick learners, and set them up first. It's easier for people to turn to the tech savvy person at the next desk with questions than to call up the helpdesk. Once people were shown the Linux desktops in action, there was less resistance than expected. We never tried to force anyone to make the shift. Those who personally invested in complex scripted Microsoft Excel or Powerpoint documents remain free to run Microsoft Office and OpenOffice side by side on Win98se or Win2k. At least one of the scripting gurus has begun to build document scripting in OpenOffice, using Java.

Users in transition could dual boot either Linux or Win98. Later, some users could access a remote Linux desktop from Win98/Win2k using a Windows based X11-server. If a person had a problem, they could just boot or switch back into a familiar environment, and preferably log the problem with the helpdesk.

We deployed VNC on all platforms ( For Linux http://www.karlrunge.com/x11vnc/ ). All the user had to do was to call in to the helpdesk and click on "ShowDesk/OK" to let the support person see/access their desktop. This can be a surprisingly effective teaching tool. The user can follow the actions required to fix a problem, in the context the user is working in.

The transition from Microsoft Office98 to Staroffice/OpenOffice is difficult. At first we had to go though all the Office templates the targeted users needed and rewrote them for StarOffice. Before 1997, the organization relied on a few complex template macros in Microsoft Word 6. These were abandoned before 1998 because (a) the hassle required to upgrade them to each major release of Microsoft Office and (b) the number of macro virus the organization suffered despite keeping Norton Antivirus up to date twice a day. Instead of Macros and document embedded VB, a few documents are generated on the in house developed server in RTF format. Fortunately, with a little tweaking, these generated document were fully import compatible with Microsoft Office and OpenOffice.

In terms of user education, for day to day usage, most people did not find it that difficult or frightening a change from Microsoft Office to StarOffice/OpenOffice. Those who regularly designed complex layouts or Visual Basic based scripting just stuck with Microsoft Office.

The organization keeps Microsoft Office97/98 as the standard document formats, with StarOffice and now OpenOffice defaulting to saving in that format. A few internally used documents are now being stored in OpenOffice formats, as it is becoming the prefered format when the final document is shipped in Adobe PDF format.

Each department has a couple of accessible Win2k machines that run Microsoft's Office2k and IE alongside Openoffice and Firefox. These are multimedia capable systems and serve as staff Internet access, plugin device compatibility and document conversion. All of these have network limited access to the servers. A public share on the file server is used to copy content from the normal desktops. This public share is scanned each time a file is added, and dispite the Win2k desktop having up to date antivirus protection, the server side scan still pick up a few cases of spyware/malware/worms. A large Linux partition contains a checksummed bit copy of the NTFS partition. Booting Linux on these systems sets up a background script that overwrites the NTFS partition from either the local copy or the file server.

The Payoffs

Since switching to Netscape Navigator in 1998, the organization has not been subjected to the multitude of scripted vulnerabilities that plague IE and Outlook users.

They have never suffered a successful incursion by any worm/virus/trojan malware on any of the Linux desktops. They run tripwire on the desktops and can perform remote inspections of processes. There is no need for any third party antivirus software on the Linux Desktops. They do use third party antivirus tools on the servers to scan the document directories and incoming and outgoing email.


In comparison to Win98,Win2k and XP, keeping the Linux desktops up to date is a breeze. We maintain a read-only NFS'ed public directory that, after testing, we drop RPMs packages into. A cron job on each desktop inspects the directory for new files and then runs yum and updates the system. We stagger the start times to prevent overloading the network or file server. In most cases, the update takes place entirely transparent to the user.

In terms of remote support, Linux Desktops **** Win9x to XP out of the water. Beside VNC users desktops, you can access the remote desktop though a ssh'ed command line, a web based interface (webmin), or use Xnest to access a separate instance of a desktop on the same machine. In all three of the latter cases, the access can be invisible to the user of the machine. The helpdesk can pass on the address to the support engineer who, with his laptop with VPN access, can track down problems literally anywhere in the world with an Internet connection.

Thick, slim or thin, Linux desktops are in. The organization is free to deploy future Linux desktops anyway they wish.

There is no part of this deployment of Linux which is Linux vendor dependent. With a little effort it could be translated to another Linux vendor's platform or even a community based distribution such as Debian.

In my or the manager's opinion, the result was well worth the combined effort of the IT management, support staff, and users.

* That was the hard way

The effort that we put into developing our own solutions with the Linux software of the day was a major undertaking. Today, we would not have to undertake anything close to that same effort.

Xandros Desktop Management Server (xDMS)
http://www.xandros.com/products/business/xdms/xdms_intro.html
Xandros' xDMS is a close to turnkey solution for small organizations. When combined with their desktop offerings it does all that a small organization needs for the majority of its users.

Novell offers similar desktop management vary suitable for larger organizations
http://www.novell.com/products/desktop/index.html
You will find that organizations that currently deploy Novells directory services can very quickly deploy Linux along side.

Both above vendors require per seat licensing, and can lock the enterprise in at the IT management level. But both also offer many of the same advantages of Linux on the desktop for a fraction of the effort and inside knowledge required.

Is Linux in the desktop for everyone in the enterprise? Maybe not. But it's a matter of when Linux will be ready, not if Linux will be ready.
But does that mean your organization should not be investigate deploying Linux on the desktop where it makes sense now? No! Start investigating where deploying Linux makes sense.
http://www.novell.com/coolsolutions/nld/features/a_linux_switch_nld.html

* Lastly

Do not trust everything Microsoft and its supporters say about Linux. They selectively deceive and outright lie.
http://www.novell.com/linux/truth/index.html
http://www.theregister.co.uk/2004/09/09/ms_capgemini_newham_report/print.html
http://www.theregister.co.uk/security/security_report_windows_vs_linux/
http://www.opensource.org/halloween/halloween11.html
http://www.eweek.com/article2/0,4149,1426514,00.asp

This conversation is currently closed to new comments.

104 total posts (Page 1 of 11)   01 | 02 | 03 | 04 | 05   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by Jaqui In reply to Linux on the Desktop at w ...

gee, that's a lot of typing.

personally, I wouldn't use the non community distros, as the community ones offer the same abilities.

but I do agree with your comment.
about the only area that I have found linux lacking is in 3D graphics applications.
not something most companies or users are needing.
and for companies to drop several thousand on a "professional" 3d app isn't unusual, same price for windows or linux based apps, and often, exactly the same app from the same company.
( Softimage XSI, Maya. )
it's only the home, hobbyist 3d that is lacking in quality.

Collapse -

fine ..!!!

by secure_lockdown In reply to Linux on the Desktop at w ...

as i keep harping over and over again!!! ---> if you like linux so much - feel free to come by and train and hand hold 300 non-computer savvy users on how to use it. i will pay you minimum wage for the job - you shouldn't expect more than that - it's not like it's a level 2 or level 3 job.

lets see how long you last. i am sure linus will love you for it.

Collapse -

Training Costs

by Cactus Pete In reply to fine ..!!!

Just curious - do your users get training anyway? If so, what is the per user budget for training?

Collapse -

training

by secure_lockdown In reply to Training Costs

training does not come out of central IT budget. comes out of respective areas budgets. why should I not have enough money to upgrade a server just because joe **** user wants to learn photoshop better!!

it's not costs - thought as I stated before - you can't realistically expect to get paid the same amount for showing a user how to print from openoffce as does a level 3 support tech. working on a major RAID array problem. it's not the same level job.

it all comes down to, "who wants to do the grunt work for little money?" i sure as **** don't! do you? i bet mr. linux advocate also doesn't want to either. he would much rather play around with gentoo then put up with 300 stupid user questions a day for a McDonalds burger flipper pay!

you guys might want to put some thought and planning into your grand master linux conversion plan.

Collapse -

Could you describe some issues?

by Oz_Media In reply to training

Okay everyon eis talking about all these new issues that are ocmpletelty unique to a user havign a Suse9or linux) desktop as oppoed to a Winoze desktop.

Now lets give you some slack and first of all and agree that NO user has ever called you with stupid hangs and issues due to MS security problems (virus, malware, adware etc.) that are below your ability as a higly paid MS server engineer/guru guy.

Shoudl those same users have thier desktops switched to Suse with an XP interface, what specific problems do you forsee them calling you for every day? Again, given that you don't already waste this time removing Windoze garbage form insecure workstations.

Collapse -

Issues

by house In reply to Could you describe some i ...

Issues...

1) A simple task like folder and file creation and management might be difficult to a user - as funny as it may sound.

2) Some people won't even try anything but IE. They are afraid. Imagine a full turnover?

3) Familiarity with policies and permissions in NT based operating systems (learning curve).

4) Location of common utilities.

5) Terminology - they can hardly understand Windows.

6) Once again... MS based appz and internal appz that have been years in development.

7) Some people say that for every Microsoft application, there is a Linux counterpart. I don't buy into that.

The good side...

1) We would all be paid a fortune in initial support influx.

2) MS can suck it.

3) Stability, security, and a nice GUI.

* Keep in mind that we are talking about workstations here.

:)

Collapse -

A few good points I must agree

by Oz_Media In reply to Issues

1 and 2, sorry but I don't think I've met able bodied employees that wouldn't be able to figure that out, they would definitely be far too embarassed to ask me as opposed to a coworker.

3, well, that would depend on the network and the rights changes, I haven't had such user issues so far. Plus I have mixed server environments in two locations.

4, too self explanatory in Suse, throw the windows GUI on it and they have o problem, again just from the swapouts I've done.

5) I'll give you that for th emost part but most shops with custom apps would retain those servers which in my experience have not been MS based to begin with. Usually custom Unix/Linux software created by the client's own engineers. And many of them are already far ahead on the Linux curve than I.

6, covered that.

7, There are linux counterparts, many do not have the stabliity or are as robust as MS. Novell has basic MySQL, PHP etc. included with the NOS now though and is becoming more and more MS complaint all the time.

8. oh there is no 8.
Good side
1) Salaried remote net admin, no extra dough, but no extra calls either (other than simple first week stuff)

2) MS sucked it

3) Stability, security and a nice GUI.

*well it covered some server issues but yeah mostly workstations.

I suppose it is dependant on the bitchability of users. Users here wouldn't bother bitching, they seem to just quietly ask about issues and thank you when you help out. Maybe I put the fear of God into them or something but they always seem polite and courteous towards me and thier support.

Perhaps it is because I work remotely, I am not a daily face in the office politics, I dunno, but it's been a cakewalk on my end and I though Novell with Windoze desktops was a breeze!

Especially when I came here or to Tech Q&A and read all the horror stories people were having, PATCHING ON WEEKENDS and working overtime to get thier MS servers running, damn I'd never had an unexpected 'outage' more than twice in four or five years I think!

No thanks, I camp and burn about on the bikes on weekends and like to kayak in the evenings (well when it's not ZERO degrees anyway!).

I have spent too many years working my *** off for people and getting nothoing out of it before almost dying.

Now it's music and mayhem, \m/ ]:)

Collapse -

Re: 1 & 2 - and dumb users

by house In reply to A few good points I must ...

When there is an internal helpdesk in place, users do not hesitate to call for stupid crap.

PS - Any wicked rapids out there?

* spyware alert. This is a link for a stand up helpdesk comedy act. I thought you might enjoy this. Make sure your PC is protected from simple spyware (not maliscious).

http://www.kontraband.com/show/popup.asp?ID=1780&TTVAL=2

One of my favourite novelty sites for jokes. :)

Collapse -

i use Linux for a reason....

by secure_lockdown In reply to A few good points I must ...

so i can see how plausable it is in deployement to users perhaps someday.

i use the project mgtm and visio linux counter parts to MS Project and MS Visio.

Sorry - but the MS products above are far FAR superior in functionality and quality than the opensource counterparts. if i deply this to my users who are used to using the MS products - i will be the lauging stock of the company.

Collapse -

Agreed

by dafe2 In reply to fine ..!!!
Back to Networks Forum
104 total posts (Page 1 of 11)   01 | 02 | 03 | 04 | 05   Next

Related Discussions

Related Forums