Red Hat Inc. recently announced a project to provide a centralized management solution for connected and disconnected users that provides administrators with tight control over the systems they manage, using the same tools for connected and disconnected users.
Redhat reinvents Windows’ Active Directory GPOs, Folder Redirection and Offline Folders. Must be some more of that oft-discussed Open Source innovation .
Cheekiness aside, it’s good to see some people in the Linux world understand the things the corporate world wants to see and are moving to remedy the situation.
Actually if you read Havoc Pennington’s previous document
http://people.redhat.com/~hp/stateless/
you’ll find that he for first states that these technologies are not revolutionary per se. Proof is that the stateless linux project mostly uses existent tools, tying them together in what I like to think is the real UNIX way of building from small simple blocks
As to the similarities with windows centralized application distribution and policy administration, I’m in no way an expert, but the redhat solution seems more flexible to me, as in working in an eteroeneous environment of thin and thick clients.
This is the point Linux!!
Why is Windows 2000/2003 Active Directory so popular among business? Event companies that rely on Linux/Unix for mission-critical application use AD for infraestructure management (users, printers, computers, appliation deployment, monitoring, etc.)
It is great to have a secure and stable computer enviroment, but sysadmins have to think bigger! It is not about 6-7 desktops and 1-2 servers, it is about _thousand_ of desktops and servers. It is not enought to have a great server/desktop platform, you need a to manage all that stuff from a centralized point. If I have to choose between a great platform that cannot be easily managed centrally and a no-so-great (say less secure, less stable, whatever) platform that can, I will choose the second.
Unless Linux start working on the Directory Services and Centralize Management arena, Windows will remain as a “must have” for the entreprise.
Hopefully this movement from Red Hat and the development of Novell Directory Services for Novell will change this situation.
David
It is called SSH is not it?
What is it good for? GUI? I beleive redhat-config-* are not very usable for serious tark anyway currently, so what is the point?..
“Unless Linux start working on the Directory Services and Centralize Management arena, Windows will remain as a “must have” for the entreprise.” – David
Novells Directory Services are a “must have”, not AD (a rip-off of one of Novells releases from way back). Novell is Multi-platform service whereas AD in not.
If you had done a proper comparison of the 2, technically Novell dumps on AD from a long way up. But i suspect most people go with AD just because is has a MS tag on it.
>Why is Windows 2000/2003 Active Directory so popular among
>business? Event companies that rely on Linux/Unix for
>mission-critical application use AD for infraestructure
>management (users, printers, computers, appliation
>deployment, monitoring, etc.)
Stateless Linux is not about an AD like operation.
But you have a point. We really, really should have something like it. All the infrastructure is there. OpenLdap+Kerberos+
pam_nss/pam_krb5. You can make a setup very AD like. Store
userinformation etc. in LDAP, use kerberos to authenticate, and as a single signon service for your network.
Unfortanly it’s a pain to set up. I know I’ve done that, and
works pretty cool. But set of a week to set it up, and get
all server software to play nice with kerberos.
We need a turnkey solution for this.
Here you go.
http://www.padl.com/Products/XAD.html
> http://www.padl.com/Products/XAD.html
That looks point on. Thanks.
It is called SSH is not it?
What is it good for? GUI? I beleive redhat-config-* are not very usable for serious tark anyway currently, so what is the point?..
Very true, SSH can do “centralized management”, more or less. With SSH+key-based authentication+some home-grown scripts, I can easily manage a dozen Unix servers from a slow dialup connection. I’m sure I can manage up to 100 or more this way.
But we have to think about these “more-challenged”, GUI-oriented, pointy-clicky sysadmins, which, unfortunately (or fortunately?) seems to dominate the population 🙂
Why is Windows 2000/2003 Active Directory so popular among business? Event companies that rely on Linux/Unix for mission-critical application use AD for infraestructure management (users, printers, computers, appliation deployment, monitoring, etc.)
You’ll find that that reality in the world today is that very, very few organisations deployed Active Directory fully. The main reason is that it is extra time and effort for little perceived benefit, and the fact that a lot of the time it just doesn’t work properly. Printing is as bad as it gets, and that’s with less than a hundred desktops. I really love the mission critical comment by the way .
The only way in which people use Active Directory is unwittingly when setting up a DNS server or similar, and they just use it because it’s recommended based on extremely thin evidence of it providing something more fault-tolerant.
Those who knew what directory services were used NDS, which coincidentally, runs on Netware in most organisations and will run on Linux from now on. AD is by no means a must have for organisations – people use it because it’s pre-installed and it’s there in the wizards.
Red Hat’s move for Netscape’s server software was a truly excellent move. They actually got software for a heck of a lot less than that incredibly ridiculous deal Sun struck with with AOL and Netscape all those years ago. They’ve also GPL’d (Sun’s execs don’t really like the GPL for ‘forking’ purposes) what is, in reality, an iterative improvement on the basis of Sun’s iPlanet suite. Sun’s antique comment shows just how much that really hurt.
As good as NDS, Groupwise and Novell’s global reach is, if I were at Suse I’d be having serious second thoughts about that deal with Novell. Red Hat have proven that Linux suits smaller and more agile companies such as Red Hat who can use GPL’d software to good effect. Red Hat’s move really puts Novell on the back foot, and it will be interesting to see what they respond with. All Red Hat need now is a full-frontal assault on Exchange and others with a groupware answer. It fits right into their directory services strategy and they would have pretty much a complete server suite. What pressure that would put on Novell, Groupwise and others is pretty obvious and it would all but finish Sun and Solaris off. Your platform is only as good as what you can run on it. The only threat to Red Hat is that someone else will use their software and undercut them, but it most certainly won’t be Sun or Novell.
Red Hat’s stateless Linux strategy also fits right into this, and it’s the first bit of concrete and intelligent thinking I’ve seen on the potential for thin, or progressively fatter, clients and how to manage them. I’ve heard HP and Novell talk a good game about thin clients, but zilch has happened and they clearly have no vision as to how they will make it work. Funny. Red Hat have the vision for this, Novell actually have the resources and software to pull it off but don’t realise it. The presentations I saw at Brainshare were the biggest meaningless and buzzword laden piles of steaming proverbial I have yet seen. Sun have good thin client technology, but there’s no marketing and nothing in any press release about how it fits into any given environment. It is clear that they haven’t thought about how they will apply it, like just about everything else. Sun seem to be concerned about other things these days…
Microsoft might ask ‘but how can you give it away for free?’. Red Hat paid basically nothing for the software in view of what it opens up for them, and they will make money out of it the way they have done with everything else. Unless Sun, and even Novell, understand that strategy quickly and learn how to use it they’re going to be in even bigger trouble. Novell are going to have some major trouble with their ‘both source’ strategy. Suse have experience of that with YaST and other software they’ve included, as users just don’t understand per-seat license restrictions on something that is ‘free’. “What is free and what isn’t?” a customer asks.
Many people criticise Red Hat, but they are certainly going to be no more expensive or restrictive than Novell’s Linux strategy turns out to be. Novell need to keep their ‘billion dollar’ status tag for a start, and even build on it, despite their new open source credentials. However, both Sun and Novell are now in a world where old billion dollar businesses act, think and move like old dinosaurs going into extinction.
I haven’t really given Red Hat much thought in the past, but I give them major kudos on how they are navigating the waters they are in. It takes many years and many teething troubles to build up a successful business and customer base. I think Suse should be slightly worried they took the easy, short-term way out and jumped in bed with Novell.
>You’ll find that that reality in the world today is that very, very few organisations deployed Active Directory fully.
>The main reason is that it is extra time and effort for little perceived benefit, and the fact that a lot of the time
>it just doesn’t work properly. Printing is as bad as it gets, and that’s with less than a hundred desktops. I really love the mission critical comment by the way .
This must be bullshit. At the now rather many large and small companies I’ve visited, most of those using win2k deployed AD.
Ok, so they don’t use it “fully”, but they us it for more simple but important things.
e.g central storage and authentication of users. It’s really nice to have one box/domain where user log on to, and can thereby log in from many diffrent client machines without configuring them seperatly. With file sharing this is important as well, since you want to give certain rights to certain users on common storage. How the heck would you manage that if users weren’t managed centrally ?
Single signon is important as well. I know a lot of people here going crazy if they had to provide a password/username on every internal web site, file share, printer, etc. every time they’d use it.
>This must be bullshit. At the now rather many large and small
>companies I’ve visited, most of those using win2k deployed AD.
>Ok, so they don’t use it “fully”, but they us it for more simple but important things.
You would almost have a point if there wasnt such a thing as LDAP.
Linux/Unix has had this for years, read up on it, it will prevent you from embarrassing yourself further in public.
>You would almost have a point if there wasnt such a thing as >LDAP.
What about LDAP ? There are OpenLdap, eDirectory, AD and many more LDAP servers !??
>Linux/Unix has had this for years, read up on it, it will >prevent you from embarrassing yourself further in public.
I know, as stated in the “Directory Services” thread.
What about it ?
You’ll find that that reality in the world today is that very, very few organisations deployed Active Directory fully.
That has got to be the silliest thing I’ve heard in a long time. What are you basing this on? The one or two companies at which you’ve worked? I’d love to see your evidence of this.
I’ve worked for several companies with very large AD deployments that went almost end to end – RIS, roaming profiles, Windows (dynamic) DNS, policies, user/printer/device management, db, the whole shebang.
I’d also add that for a long time, I worked with NMCI, which is planned to be the largest AD domains in existence (2 to cover the whole country, millions of objects each).
You’re spot on that AD is not a prerequisite, but I don’t believe for even a milisecond that organizations who have fully transferred to 2000+ are not running AD. GPOs alone make it worth it.
This must be bullshit. At the now rather many large and small companies I’ve visited, most of those using win2k deployed AD.
They use AD because when they set up users, DNS and various other W2K components it’s hooked into these things anyway. They hardly knowingly go about deploying it and it’s hardly using directory services.
Like everything Microsoft related, the hype over AD was incredible. Suggestions that AD would be the only directory services infrastructure around were abound and NDS was supposedly being killed off. As is the way with such things, and as it will be with Longhorn, the hype gives way to stone-cold reality.
It’s really nice to have one box/domain where user log on to, and can thereby log in from many diffrent client machines without configuring them seperatly. With file sharing this is important as well, since you want to give certain rights to certain users on common storage.
My God, centralised management and logins. I just wonder where on Earth various Unixes, Linux and the BSDs were for all those years when you went from one Windows box to another and none of your stored settings transferred across. You couldn’t even get your web bookmarks to go from one machine to another until recently.
Windows is still set up so that when you log in it downloads all your settings and when you log out it uploads it all to the server again. Heaven help you if something happens in between, and seriously, you’ll need divine intervention if you’re considering roaming profiles – the whole point of centrally managing desktops in the first place.
With file sharing this is important as well, since you want to give certain rights to certain users on common storage. How the heck would you manage that if users weren’t managed centrally ? Single signon is important as well. I know a lot of people here going crazy if they had to provide a password/username on every internal web site, file share, printer, etc. every time they’d use it.
With respect, this is the basics and isn’t really what Directory Services are about, but then again, what is?
You’re also light years ahead (and on your way to another galaxy) of most companies with single-sign on. Many medium to even large companies I’ve seen have separate logins for custom applications they use for the remote database(!), in some cases every application they use(!), the mainframe (if any) and their Windows logins. I know not how, but the users put up with it. Why do they do this madness? Because getting something done is more important than getting it right.
This is the point Linux!!
Why is Windows 2000/2003 Active Directory so popular among business? Event companies that rely on Linux/Unix for mission-critical application use AD for infraestructure management (users, printers, computers, appliation deployment, monitoring, etc.)
It is great to have a secure and stable computer enviroment, but sysadmins have to think bigger! It is not about 6-7 desktops and 1-2 servers, it is about _thousand_ of desktops and servers. It is not enought to have a great server/desktop platform, you need a to manage all that stuff from a centralized point. If I have to choose between a great platform that cannot be easily managed centrally and a no-so-great (say less secure, less stable, whatever) platform that can, I will choose the second.
Unless Linux start working on the Directory Services and Centralize Management arena, Windows will remain as a “must have” for the entreprise.
Hopefully this movement from Red Hat and the development of Novell Directory Services for Novell will change this situation.
David
http://www.samba.org
That has got to be the silliest thing I’ve heard in a long time. What are you basing this on? The one or two companies at which you’ve worked? I’d love to see your evidence of this.
Unfortunately, nothing works in quite the same way as a case study from an MCSE book . That’s what I am trying to get over here. There’s a difference between rolling out something like Active Directory and an organisation actually using it. Of course, I’m sure it works exactly the way it says in the handbook every time.
I’ve worked for several companies with very large AD deployments that went almost end to end – RIS, roaming profiles, Windows (dynamic) DNS, policies, user/printer/device management, db, the whole shebang.
The operative word here is worked, in the past tense. The process and its success doesn’t finish when the roll-out is finished and you have left.
How long did they spend on those deployments? I bet they just get it all settled down and stable with users just about getting comfortable, and then Microsoft gradually removes support for it all and they’re off on to the next big thing before any sort of return on investment can be realised.
GPOs alone make it worth it.
With respect, formulating GPOs and their success, are entirely dependant on the organisational structure being worked out and analysed properly before any technical work is done. If that structure changes every ten seconds or there are disagreements (as is prone to happen in any organisation) your roll-out will fail miserably, bog down in politics or be finished and just not get used. Change is a big killer in such roll-outs, as the IT people are the last to be told and the first to be blamed when things don’t work. The success (or lack) of GPOs (and everything else) almost entirely depends on your ability to understand and deal with non-technical (and sometimes petty and political) matters.
However, you’re right. Rolling out new software or functionality to certain groups of users, certainly in large organisations, definitely requires the use of such technology. Doing it is another matter though.
I’d also add that for a long time, I worked with NMCI, which is planned to be the largest AD domains in existence (2 to cover the whole country, millions of objects each).
Way, way, way too large – at least in one or two whole chunks. Change happens all the time in organisations and if the domains don’t change with it, in no time at all the system structure itself will not reflect what is actually going on and be totally inflexible. Workarounds will then be sought, which will then bypass the initially agreed infrastructure like a Christmas tree.
I hope there is clear accountability and measures in place as to how changes are applied to that structure. The technology and how many millions of objects it holds is only of interest to people who simply want to know how great Active Directory is, and it’s a big red warning sign as to its manageability.
You’re spot on that AD is not a prerequisite, but I don’t believe for even a milisecond that organizations who have fully transferred to 2000+ are not running AD.
Of course they’re running AD if they’re running 2000 – without realising it in many cases. Please, stop to consider that the vast majority of businesses are SMEs and medium sized organisations, not fantastic MCSE case studies with deployments in twenty countries.
I have worked with Samba in production and I honestly think it is a _great and incredible_ piece of software. The progress these group of developers (and the “Community”) is doing into Samba project is amazing.
Unfortunately Samba is not the “panacea”, specially when we are talking about Companies with many locations around the globe and thousands of desktops to manage. Samba heavely relies on a Windows NT 4.0 PDC/BDC schema that is now clearly surpassed by AD structure. In addition, Samba does not provide a way to support GPOs -afaik, I can be wrong here- and this acronym is the “key” to desktop/server management in the Windows world.
I’m not trying to convince anyone about AD advantages, each one is free to do whatever fits best with his/her business. Windows AD can or cannot be the best Directory Services infraestructure on the market but it 100% desinged with business needs in mind.
Don not get me wrong, but I do not see myself trying to modify 25.000 user desktop settings (or whatever) from S.W.A.T.
>>This must be bullshit. At the now rather many large and small
>>companies I’ve visited, most of those using win2k deployed AD.
>>Ok, so they don’t use it “fully”, but they us it for more simple but important things.
>You would almost have a point if there wasnt such a thing as LDAP.
>Linux/Unix has had this for years, read up on it, it will prevent you from embarrassing yourself further in public.
True, but the tools to admin things like OpenLDAP have been very crude. However, I’m happy to see that KDE in its latest release have very nice LDAP-aware admin tools.
While I’m sure I agree with a lot of what you’re saying (sorry your posts are long and I’m at work) I thought the part about this putting Novell on the defensive was overstated.
Redhat: We’re developing this cool stuff that does all these cool things
Novell / Suse: We have all this cool stuff that does all these cool things.
Big difference. At this point, what Novell can add on top of Linux in the way of services outdoes Redhat by far. Novell has the directory services, centralized administration, and all the tools in place. Certain pieces are still being put together but they’ll all be there by the end of this year. That’s a big statement. The reality is, if I had my guess, is this is Redhat being on the defensive.
On the other hand I always appreciate that Redhat gives back to the community (open sources pretty much all their technolgy). That said, since Novell has taken the reins at both Suse and Ximian they have made a lot of generous moves (Yast, Connector).
Hello people. Ever heard of NIS and NFS? I mean if you want to play the who had it first pissing contest… there you go.
you really need to learn some history, you know. *nix systems have been running in deployments for thousands (and tens of thousands) of users since both you and I were in nappies…
er, do you *really* think Windows is the only operating system where you can sign in remotely?!
You’ll find that that reality in the world today is that very, very few organisations deployed Active Directory fully.
Any organisation with domain logons and Windows >=2000 is using Active Directory. I’d propose to you that’s the vast majority of organisations with Windows based networks.
If course, with your “fully” qualifier on the end of that statement, it’s quite possible for you to be completely wrong in meaning while still be semantically correct. Nice dodge.
The main reason is that it is extra time and effort for little perceived benefit, and the fact that a lot of the time it just doesn’t work properly.
Yep, central management sure is overrated. No benefits at all. Can’t see that going anywhere…
The only way in which people use Active Directory is unwittingly when setting up a DNS server or similar, and they just use it because it’s recommended based on extremely thin evidence of it providing something more fault-tolerant.
Just about anyone – even the dumb ones – setting up a Windows network with more than a handful of machines will set up a domain. That’s Active Directory.
AD is by no means a must have for organisations – people use it because it’s pre-installed and it’s there in the wizards.
People use it because it makes centralised management of Windows networks easier.
You would almost have a point if there wasnt such a thing as LDAP.
Linux/Unix has had this for years, read up on it, it will prevent you from embarrassing yourself further in public.
Main difference being that setting up – and benefitting from – a basic Active Directory infrastructure is trivially simple, even for people who barely know what they’re doing, whereas setting up, say, OpenLDAP on Linux is a lot of work.
There’s a difference between rolling out something like Active Directory and an organisation actually using it.
It’s very easy to write a lot of words without actually saying anything. Before any useful discussion can develop on this point, you need to define what you mean by “actually using it”.
With respect, formulating GPOs and their success, are entirely dependant on the organisational structure being worked out and analysed properly before any technical work is done. If that structure changes every ten seconds or there are disagreements (as is prone to happen in any organisation) your roll-out will fail miserably, bog down in politics or be finished and just not get used. Change is a big killer in such roll-outs, as the IT people are the last to be told and the first to be blamed when things don’t work. The success (or lack) of GPOs (and everything else) almost entirely depends on your ability to understand and deal with non-technical (and sometimes petty and political) matters.
This is just wrong. GPOs can deliver significant advantages even with a completely flat organisational structure (ie: all the users, computers, etc in their default OUs).
This is just wrong. GPOs can deliver significant advantages even with a completely flat organisational structure (ie: all the users, computers, etc in their default OUs).
Organisational structures are never flat. Look at Windows NT domains…….