Slashdot Mirror
Linux Implementation For 2500 Workstations?
Jeff Kwiatkowski asks: "We are looking to roll out Linux to over 2500 desktops and could use any advice that we can get. We need security info, implementation suggestions and any other advice that you would care to offer. We are currently evaluating Debian, Caldera and Red Hat. I also want a minimalist desktop, so I have been leaning toward WindowMaker as the window manager. In addition, we currently have machines with 32 meg of RAM (fast processors, though) and would like to keep the upgrade to 64 meg, only, if possible. Lastly, do any of you have any thoughts on Word Perfect vs. Applixware?" For those of you who think that the claim 'Linux is not ready for the desktop' is a falsehood, then this story is for you. As you can see, people are looking at deploying Linux on the desktop, and suggestions from you guys could make this process a lot easier.
1. You do not want to keep /home on the local disk. It will be very difficult to make backups of 2500 disks. Instead, keep it on a central file server. That way, the workstations will not need any backups at all. AFS is a good distributed file system, if you can afford it. Otherwise, use Coda.
/etc/passwd for the whole site. Keep one central copy, and distribute it to all workstations every day or hour. That way, in combination with (1), everyone will be able to use every workstation and it will be very easy to create new accounts.
/etc/passwd, you can distribute all other configuration. It's even possible to upgrade the machines remotely.
/etc/inetd.conf going. fingerd isn't going to hurt you. You will definitely want to keep some remote login service going, like telnet or ssh. Believe me, if you cannot log in to all of your computers remotely, administratiing them will be a veritable hell.
2. Have one common
3. Centralize as much administration as possible. The same way you distribute
4. Keep some services in
5. Encrypt all sensitive communication. Sending passwords unencrypted over the network is a Bad Thing, especially in a court house. Use Kerberos authentication, it better, simpler and more flexible than ssh in the long run. You can use it for encrypted telnet, encrypted POP3 and IMAP, encrypted remote X, file system authentication and more. Don't forget to turn off cleartext logins, or people will use it anyway. (Don't let them get used to it!)
There are lots of other things you can do, but these are the basics. All this will save you a lot of work.
I'd go for fvwm2 as the standard window manager. I haven't tried WP, so I don't know if it's better that ApplixWare. I hate StarOffice because it one huge application with a completely nonstandard user interface, instead of a few smaller applications that works well together with each other and fits well into GNOME, KDE, all window managers and X in general.
There is a quite easy way to set up many boxes. Set up one, then make am image with e.g. Ghost. Then just put this image on the other boxes. Works quite well. Another way is to set up application servers with thin clients.
Actually, wasn't one of the motivations behind fvwm that twm was too heavy?
Just installed it here...doesn't seem to be too user-friendly. OTOH, it saves in standard file formats (rtf & html for the word processor). Also, it's GPL so maybe elements of other GPL office suites could be merged (like WordPerfect/MS Word filters).
I help admin a couple Irix labs and four Linux labs. For the Linux labs, we've been using VA's SystemImager.
We basically do a kickstart install of RedHat 6.x, then call 'updateclient' with the proper options to grab the image from our server. SystemImager is a big Perl script that uses rsync to pull files across the network. It's quick and it works 99% of the time. We've done quite a few machines, and we are doing a couple more labs worth in August. I am the 'image builder guy,' so I get to assemble and test an image, break it, bend it, and, when it's ready, I upload it for our labs to share. When the labs are ready, we pull the image down onto a few test machines, and if everything goes right, we do the rest. It's a simple process that is easily scriptable, and you only have to maintain one image for all of the machines.
All of our machines are EXACTLY the same, though, so if your machines are different, you could run into problems. We've had very good luck with it, and I would recommend it to anyone doing a big Linux rollout.
---
Ryan
By keeping all data and major apps on a remote server you are sacrificing performance and avaliability for convenience. Not the users convenience, mind you, but the sysdamin's. Such a strategy may work in smaller (where the network can handle it) non-mission critical environments (so when your file server and its backups or the network go south and no work is possible its no big deal) or where you lack skilled system administrators to devise better systems. However, the most scalable and robust method is the use a remote update facility, e,g, rdist, rsync, apt, rpm.
Word Perfect seemed slick, but querky. Font and printing problems alone were enough to make me stop using it. It was nice, but the little problems were a pain in the ***.
Applix seems so "out of date" to me, I almost tried to figure out if I could return it for my money back. But I ended up using it the most for about 1.5 years when I had at least 64M RAM. Honestly, with gnumeric and abiword, I think gnome has rendered Applix outdated (and they cost NOTHING!)
In the end, I've settled on the one solution I think was worthwhile, Star Office with at least 128M RAM. Once you get to like 160M or more, Star Office really is very useful. Of course, I couldn't afford to upgrade EVERY system to run Star Office, so I found another solution. Upgrade a couple systems as much as possable, and then just run them that way (X -query fast.system.net or export DISPLAY=workstation).
I still haven't got around to installing this Windows95 thing, I hear 98^H^H2000 is out now?
You may want to check out tagfiles with Slackware. With them you can create lists of the packages you want installed. The only problem is that Slackware does not include a network install. You may need to create your own network installation based on slackwares installation disks.
You have more choices here than you really want or need. here are a few of my favorites.
you can install Mandrake on a desktop, configuring the installation to taste then at the end of it you have the option of creating a boot diskette which will clone that installation. If that installation is from a server then you can make copies of the diskette and run around booting the PCs and letting rip.
This wouldn't give you Wordperfect Or Applix ( unless they are included in the App CDs for Mandrake ) but you can push that out with an FTP script from the server.
Another nice option is to install on one PC configure and tweak it to death then use DD and wget to create an image of the hard drive on the server ( this assumes the server has a better network connection than the workstations and includes a blazing fast RAID ( with 2500 workstations you need that anyway ).
you can then create a boot diskette with a script that simply partitions the hard drive and dumps that image off the server to it. This is easily the fastest way to clone an installation to a pile of PCs.
As for software I disagree about the Window manager but it's totally your choice. I would use KDE mostly because it comes with all the utilities you would want your users foundling and it has that familiar Windows 9x feel by default.
64 megs is more than enough to handle this stuff. One hint though is to use a 1 gig swap partition ( which you can likely afford on modern machines ). That way runaway leakware (caught) Netscape (cough) won't take your machines down too quickly.
The initial role out isn't that critical though. What is really fun is the latter updates. Trust me on this one, you *will* want to push KDE-2.0 and KOffice 1.0 ( despite plans to the contrary, I suspect they won't ship together ). Other cool things you will want to push to these desktops latter include Mozilla and the next generation of JVMs.
Fortunately you can likely live with the current Kernel for a few years.
Finally I would use Mandrake Update or something similar with your own server set as the mirror so you can butcher security holes as soon as they are discovered with little if any hassle.
All the best and tell me where to send my resume if you can't do this stuff by yourself.
--= Isn't it surprising how badly I spell ?
I'll be breif.
:)
Points:
1) Redhat's kickstart system is very usefull. Split a 'in house' tree of 6.2.
2) Create custom package lists in the base/comps file to reflect the type of machines you need.
3) Create/recreate rpm's in distro to reflect all the spicific setting changes/customizations you need. (And any comercial software you need on machines. Those RPMS are just kept inhouse.
4) Make sure all updates/systemconfig changes are done thru some type of package management system.. RPM is actually VERY good for this. Get familar with writing spec files..
5) Auth systems: Kerb5. NIS, only if necessary and on 'controled' network segments.
6) Home dir Fileserver: Network Appliance F760. Period. There is simply no other solution that works as nicely. Cost per megabyte is high, but its so damn reliable and easy to deal with.
7) Give all your machines hostnames based upon some location sceme, and use dhcp to give out addresses _based upon hostname_ so management of vlans can be a easier to keep track of.
Also.. Its not hard to hack together a web interface to pop out floppy images with all the necessary info in the kickstart config file. Have every machine with a nearby copy of its 'reinstal' floppy, so if the machine gets 'screwed', its easier to do a 20 min reinstall (thats all it takes) then send someone from IT to 'fix' the machine.
...
. ""The future masters of technology will have to be lighthearted and
. intelligent. The machine easily masters the grim and the dumb."
- My Blog - http://www.memestreams.net/users/rattle/
It is *much* easier to install a new application on a few servers, than it is to install it on a few workstations. In the long run.
When some bug is found in the application and it needs an update, who got the application ? You can use a database for keeping track of it of couse, but still...
Keeping everything homogenous when you can actually do so, is the clever thing to do. This is actually a special kind of setup, since they only need one architecture, and all the servers can be configured the same. IMO it would be stupid not to take advantage of that.
Also, by having the same applications on all servers or on all workstations (whichever approach is chosen), avoids the problem that someone using someone else's workstation is missing applications (and need to bother the admin with the problem).
And if you build Window Maker from source (and your X server is set up properly), you can use your mouse's scrollwheel to switch between workspaces by "scrolling" on the root window.
To do this:
:: "I am non-refutable." --Enik the Altrusian ::
I'm suprised that no one from RH has replied to this - but mkkickstart under 6.1 had some known issues. I will say that I've successfully used kickstart under 6.2 to load 6.1 on a station and that's a nice way to do an install. I'll also mention that I'm looking at a future install of a slightly larger number of stations - and that I *need* a fairly touchless way to install to some boxes that don't have floppy drives or cd-rom drives. kickstart + bootp/dhcp is pretty darn cool.
The Norton Anthology of English Literature, 4th Ed., Vol 2
I absolutely agree with the above comment. And I just want to point out a few more excellent points of this setup:
1. CPU power and memory requirements keep increasing year after year, forcing you to upgrade stand-alone PCs. In the case of terminals, however, they are used only for running the X server. All the applications would run remotely. Therefore, it would be irrelevant if the terminal is P-100 or a P3-1000 -- all it's used for is *display* of data. You would need to upgrade the terminals *only* if you decide that they need more video memory/faster video acceleration or something. And in general, since a terminal does no work wrt running applications, it is not subject to the usual upgrade cycle of stand-alone PCs and, therefore, can last *much* longer.
2. It is *much* more efficient to run applications on a single server than on a whole buch of stand-alone PCs. First of all, 99% of the time a stnad-alone PC is idle. How much CPU work does it take to type in a letter in Word or read a web page in Netscape? Since a single application server would run all the apps for a fairly large group of terminals, the CPU time would be used much more efficiently. Therefore, even a not-so-fast server would be able to easily serve a few dozen terminals. Further, how many people in the office would be running exactly the same apps? Say, 20 people are running netscape at the same time. On stand-alone PCs, each would need to have a copy of Netscape code in memory. On an app server, only *one* copy would be required for all 20 users, thanks to the shared memory. So, an app server is also more memory-efficient as well as CPU-efficient.
3. Windows apps. Yes, people need to run them too. (like Word for instance). You can set up a couple of NT servers to run wincenter or something. Then, the terminal users can run windows apps in almost the same way as remote X apps (windows apps appear inside a separate window that looks like a NT desktop window)
4. Another poster has already explained the virtues of storing all user data remotely on file servers, so I'm not gonna go into details
5. Upgrades. I already said why hardware upgrades would need to be very rare. Same with software. The terminals would run a very minimalist installation of Linux with all daemons off except for the X server. So you would neet to worry only about upgrading the servers. It sure is easier to upgrade a few dozen servers than 2500 individual workstations.
I could go on, but that should be enough to give you the idea. Just to let you know I'm not speaking out of my ass, my university (www.uwaterloo.ca) is using exactly the same setup, except the terminals also boot remotely (via bootp). It works very nicely. Only problem is that this being a cash-strapped university, the terminals have really crappy video cards in them, and really crapy monitors. Oh well.
___
___
If you think big enough, you'll never have to do it.
Actually, it is. My university is running 5 labs of diskless X terminals (20 - 30 terminals in each) over an unswitched half-duplex 10BaseT and it works great. Don't forget that X was designed for network. Why not use this feature then?
___
___
If you think big enough, you'll never have to do it.
uhhm, no. I'm in third year. Go away troll.
___
___
If you think big enough, you'll never have to do it.
You've never tried it yourself have you? My university is running exactly this setup and it works perfectly. Yes, netscape runs just fine remotely. There's no Applix or WordPerfect, but you can use MS Office 97 that runs over wincenter and it also runs just fine. Come back after you've seen this kind of thing in action. X was designed for network. The ability to run X apps remotely is there for a reason.
___
___
If you think big enough, you'll never have to do it.
I have never successfully gotten kickstart to work. I spent about a week trying with RH6.1. They may have gotten it fixed in 6.2, but 6.1 is absolutely unusable. Also, they need a validator, so you can check your kickstart syntax errors on the fly.
Engineering and the Ultimate
Corel defeats one of the primary benefits of Linux - vendor independence. Because of its closed nature, the only method of support/upgrades you will get for Corel Linux is Corel.
Engineering and the Ultimate
64MB is plenty for anything I've done. I'd use sawfish (formerly sawmill) as a WM. It's really easy on the resources, easy to config, etc. etc. As for distribution, it depends on your needs. What kind of upgrade path do you want to follow? As far as short-term, it doesn't really matter. The problems will occur in the long term. Considering this, you will want to use a distribution that is entirely free like RH/Debian/Slack, because 5 years down the road, if you get a vendor-specific distribution, you will be a slave to that vendor. I've never used Applix, but WP is very nice.
One thing you should really consider when choosing a dist is to make sure that _everything_ you install works properly. This is RH's big difficulty. All of the GUI tools and sysadmin tools work "half-way". If you look at them wrong, they break. For desktop users, this is unacceptable. Users can usually deal with strange environments surprisingly well, as long as the tools actually work. They get really frustrated when some buttons don't work, some right-click menus don't work, or a certain sequence of clicks crash a program. If you don't know what I'm talking about, try using the RedHat GNOME RPM manager in RH 6.1 (haven't really looked at 6.2). RH is nice on the server (without Linuxconf), because it has everything you need, and everything is integrated with PAM, and organized in a sane way. But on the desktop, it has too many half-done tools. So, either find a dist that doesn't have half-done tools, or don't install anything that doesn't work 99.99% right. I'd be happy to supply you with more advice (advice does come cheaply), but I'd have to know more about your requirements.
Engineering and the Ultimate
I've seen people above advocating centralizing your user data, and making the boxes all cookie-cutter installs. Excellent advice.
Once you have them up and running, however the question becomes. "How do I make changes to the environment en-masse?".
Thats where GNU cfEngine comes in. It's a great tool for maintaining heterogeneous networks. You should consider implementing this on the rollout, as it will allow you some means to "push out" changes to all of the hosts.
Check out:
http://www.iu.hioslo.no/cfengine/
Its a very powerful tool, so much forethought and planning is in order with it, but it pays off in the long run in being able to make changes to the machines in large chunks.
-- PoochieReds
Have you tried SIAG office?
It is available at www.siag.nu
Muchas Gracias, Señor Edward Snowden !
Try Mandrake 7.1, it is very easy to set up, and the easy-to-set-up thing is very important when you want to do the set-up thing some 2,500 times.
Muchas Gracias, Señor Edward Snowden !
Well, if you're looking for something to keep all 2500 machines up to date, then I'd advise debian. Debian's apt tool makes maintenance very easy, especially over a large number of computers.
:) *ducks*
If you have a debian cd, or if you wouldn't mind making your own ftp mirror of a debian ftp server, you can have one single computer that acts as the "syncronizer". Now this idea I've just heard about, never actually tried it. All the other computers can be configured through a crontab to run apt-get update, and if you point them to that single machine on the network or whatever, it'd be so much easier.
Each machine's software configuration in perfect sync. I guess this would work, in theory, but again, i've never tried it myself. Well, Cheers. See ya later. Hope I dont get flamed or anything
-- webfreak
webfreak@themes.org
http://e.themes.org
Window manager plug: icewm can easily be set up to be inimal but still functional (start menu, taskbar, nothing else).
-- Ed Avis ed@membled.com
Since for obvious cost reasons, you'll most probably use IDE on your deployed machines, I recommend that your replicator be a mostly SCSI machine, with an IDE rack, and IDE compiled as kernel modules; this way, you can hot-plug and hot-unplug your IDE racked disks as you replicate them, by modprobing the IDE modules in and out (be sure to use the right hdparm/ioctl calls to flush caches and shutdown disks, though): no reboot needed!
Even without a SCSI machine, I've installed a company's computer rooms with IDE racks, and it's been a pleasure to replicate, install, test, fix, and reinstall machines there. (I also used debian as the basic distribution, which isn't perfect in a NFS- and NIS- sharing environment, but is the least horrible thing I tried.)
Finally, if your machines are heavily networked, you can use such thing as the Linbox Network Architecture (web site currently down for recreation; contact the people at linbox.com), which is basically a lots of diskless linux clients (you buy a fast ethernet and RAM instead of lame IDE disks), and a few badass servers for files and applications. Ten times less disks to maintain and clients without persistent state means much less administration.
Yours freely,
-- Faré @ TUNES.org
-- Faré @ TUNES.org
Reflection & Cybernet
I'd go with WindowMaker. It may be personal bias (and I'm definitely *STEP biased) but I think it is the most solid and clean WM out there. It's especially better than all the Windows clones out there. It can use more resources than Blackbox or something, but it's a lot better than E.
If you are installing 2500 machines, you usually know better than your vendor. 1 hour maintenance per machine equals 1 man-year. You'd better have competent sysadmin(s) and automate as much as possible. You must be able to automate the system reinstallation, software upgrade, hardware upgrades, ..., of the machines.
If you do end up with workgroup application/mail/print/etc. servers, think about where they live in the heirarchy, and keep them close to the users.
You'll have to calculate your bandwidth needs, bu t I suspect that for that number of clients, you'll probably end up with a three tier network. Clients on the bottom, on 100MBit switches, connected via fiber to concentrator switches with the user servers, connected to the backbone.
-j, showing his biases
I forget what 8 was for.
which distribution you wish to use is which one
is easiest to customize. I have found Debian the easiest to customize to my needs. In most large environments, people don't upgrade machines, they wipe them out and migrate their server data. Debian gives you the choice of upgrading machines.
The real power of debian, is that you can customize one users machine and those customizations will continue across upgrades. Not everyone needs dia, but some subset of people do and they have dia and when the upgrade they still have dia and you don't have to do anything. That is powerfull and usefull. Yes you have to login to someones machine and give them dia the first time.
If you use debian you need dzinstall and you will need to customize the base install.
Another important strategy that has not been
discussed is how do you break this down to groups.
Identify groups of dependent people. The accounting department is all dependent on everyone else there so they should be made a unit. Give them their own server. I would aim for 1 server for every 20-100 users. Those users should be able to function with their server even if the "centralized" servers go down.
each "departmental" server should be backed up, should have a "network drive", a "name server", an "account server", a "network server", "OS Server", "print server"
NFS server
NIS slave
DHCP server
DNS server
Web server (Intranet)
LPD
should server as an apt server or as an rpm server
/net" otherwise it lets users corrupt it) Applixware is clean, fast, stable has
The machine configuration for the department should also live on your central server and should be pushed out to each department using rsync. But by distributing the neccesary services you reduce this risk of a catastrophic failure hitting all users.
NIS/NFS
NIS/NFS security I know it is impossible but they are very convienient and there are some precaustions you can take.
NFS -
users do not have root on NFS clients. IF they do they can be any user on the system.
you keep a static arp table for IP address and you
use static DHCP for clients. And you list every
client that is allowed to connect to your NFS server. Yes this can still be hacked!!!! but someone cannot just bring in a laptop and full control over your users files. Its keeps accidents from happening.
NIS
enforce use of good passwds. this is done by configuring the passwd program.
Make sure you have slave NIS servers!!!! Set the local slave to be the default NIS server for clients.
Don't use broadcast NIS, set the NIS server on each client. Yes someone can still spoof your NIS server, do not let the NIS from the outside internet in. It is worth it to trust your users, becuase it makes your computing environment better and you can trace down who caused problems and get them fired.
Automated Installs.
2500 user machines
assume 50 departmental server and 5 back end master servers.
Buy new equipment and do the master servers correctly.
Replication Strategy.
Make sure you can produce a departmental server from a blank box in 2 hours. Make sure anyone who can read instructions can produce a departmental server in 2 hours. And hopefully that won't be two hours of interactive time.
Given a departmental server, make sure you can build a new desktop from a blank machine in one hour. If cannot you have problems with your automation and your network fix!
USE SOURCE CONTROL all system infromation should be in source control! From the very beginning keep your management scripts, your NIS source files, your deployment descripters in Source control, I reccomend CVS! This will make your life easier.
DESKTOP
as for a desktop, I like windowmaker, I think it is very obvious for beginning users.
WP is substantially lighter than Star Office, and is fairly feature complete. Star office will be a pig, try it out, some users will require it as it is the most feature complete office swuite available on linux. (NOTE DO NOT INSTALL star office so it is user writable, even if there is just one user per machine install it as a net install "setup
strange user interface, and doesn't have the feature count that many people want. And what you see on the screen and what you see on the printer tend to be pretty far off.
I would reccomend avoiding net storage for applications and even all user data. Hard drives are cheap. It makes users less reliant on the network for performance issues. It also makes users for more in control at their workstation and it allows you to customize a workstation to an individuals tastes. (this is why debian is great, you get both customizations and easy upgrades). From a computing efficiency standard this does not make sense the net-slave computers are better. From an employee productivity standard this makes lots of sense.
When setting this up script everything, make sure
the that someone other than the person who solved the problem tries it and can do it.
This is a lot of work and requires formalizing a lot of things. I would reccomend start trying to build the departmental server. The build the things to build the departmental server, destroy it and verify that it can be automaticall built by someone else, using information stored in source control. After that then start doing the end user workstations.
Good LUCK! if you found any of these thoughts usefull do email me.
"His[Mankind's] heaven is like himself: strange, interesting, astonishing, grotesque." -Satan "Letters From Earth" Mar
Admin'ing would be easy. Hardware support would be the bitch.
1. Network 10/100 Switched network
2. DHCP
3. NIS+
4. NFS (Automounted)(hehe, CIFS?)
5. Kickstart, or some automated install.
6. IceWM (Very small, looks window'ish, FAST low mem,themeable, toolbar. Easy configs. I use it on all my Sun/Linux boxes)
7. Web Interface for Email w/ SSL
8. StarOffice.
9. PowerBroker.
10. SSH+SSHD.
11. FTPD. (OpenBSD Ftp Port? no exec command) 12. Xfree 4.0.1 (Need to upgrade mine this weekend)
13. Netscape. (Not sure which version is the most stable)
14. Lot of people been talking about ReiserFS. Might be a good idea.
15. Winframe clients maybe. (Dont know his setup)
16. ENskip? (We use SKIP/EFS on our Solaris boxes, thou with static IPs. Soon to use winskip on laptops via dhcp)
You could be real anal, and lock the basic install down. Dont want these 2500 boxes to be someones DoS jump point.
It also depends on what these 2500 computers are doing, Call Center, Trouble shooting NOC, Workstations...
Each has it own own little problems that need tweaks..
One of my jobs, I ran the helpdesk for a 500+ call/dispatch center. Adminstration was quite easy. Everyone ran Xterm's with menu driven apps. /. and surf pr0n. ;)
The largest amount of works for techs was repair the hardware or file systems.
I only had to fix some print que's, basic unix administration. Then read
Man O man, to be an SA again. :)
-IronWolve
Have you considered KDE? I know it's a desktop environment, but its office suite is (in my opinion) nicer than Wordperfect, or Star Office (I haven't tried Applixware). WP and Star Office eat a lot of resources on their own...I suspect this is because they first Windows apps, that have been ported over to Linux (I could be very wrong on this, but that's how they seem). KDE's Koffice is still in development, but what they have so far is very impressive. In addition, KDE has a very polished user interface...and once it hits 2.0 it should be quite stable, and be quite feature-rich. The stable version is quite solid.
As for distro, RedHat is easy to install, but Debian seems to be more complete, and the packages work! It is definately easier to upgrade. It will take more digging, and learning on the installer's side, but it should install easily over many machines once you've got it set up for replication.
Debian is refusing to distribute KDE over licensing issues, and this situation is likely to continue, but there's nothing to stop you from installing it yourself, and then propagating it out over your workstations. Try it out, and their Koffice and see what you think.
I believe 64meg of RAM will be plenty for your needs. While KDE is a big system, it runs very quickly.
Given the submitter's email address, this is for lawyers and the like to use, right? IIRC, Wordperfect is used in the courts a lot more than Word, or so I've heard.
--
I've heard others say this, but everyone seems to leave out exactly what they are doing over X.
X is a nasty remote protocol - it's very verbose, and generates lots of traffic for any X-related function. Using one of the X-protocol compressor setups helps this quite a bit (it reduces GUI-related X overhead traffic by about 60%).
Indeed, you can run many X-terminals over standard unswitched 10BaseT. But only if you're doing non-GUI-intensive apps. xterm, emacs, et al. Give the original post, I'm assuming that they are going to be running Netscape, Applix, WordPerfect, StarOffice, and stuff like Matlab. All generate lots and lots of GUI calls, which have to traverse the network. I think you'll find that 5 users writing a document in WorkPerfect generate more traffic than 20 users using Emacs to write the same document.
X is just not scalable to allow everyone to run GUI-intensive apps remotely.
-Erik
There are always four sides to every story: your side, their side, the truth, and what really happened.
Best solution - IMAP4 with a web gateway. Thus you can access mail without the not-so-ubiquitous IMAP client and you get a nice centralized server.
Scuttlemonkey is a troll
There is another CYA plus to this method:
If you need to, you can install the Citrix ICA Client on the terminals and/or have a product such as NCD Wincenter running on a Windows Terminal Server if some (or even all) users desperately must have one or more Windoze apps.
We've had Wincenter + Terminal Server + X terminals here for four years, and most users are hard-pressed to tell that they aren't running Windows on their desks.
Again, this is not quite what you're looking for, but it does provide a nice backdoor if it doesn't quite work out.
"Time flies like an arrow; fruit flies like a banana." --Groucho Marx
I'm just a user and no sys-expert, but at the university I'm at, until recently, the network I was on had at least 45 pure xterms over a 10 mbit network at it might not be great, but it's was OK. I don't know how many network cards the central hpux's had, but they were _definitely_ 10 mbit. Obviously, you want more than that, but I think I wouldn't worry too much if you're going to put only 25 machines over a 100 mbit connection onto your servers...
Under *nix, there is no appreciable difference between being at the machine and being remote beyond possible lag (because of bandwidth) and not being able to hit the power.
.. although I remember wanting to hit the power when I need to remotely shut down a machine that I thought would lose its power (bad storm in the area, knew the machine wasn't on a UPS and it was too far away to drive to turn off) .. I had to just do 'shutdown -h now' and if the power went it went.. prolly not too bad but it would have been nice to know it was all OFF before any glitches, you know?
Yes, I love that about Linux
I would have thought there would be a command by now to turn the machine off in the same way that windows 9x does when you shut it down on an ATX machine. Anyone know of one?
--
Delphis
There's no need to be butt-ugly and hard to use just because yu need to be compact. There are several WMs that are both compact AND well-designed. Window Maker, Sawfish (née Sawmill) and Black Box are all compact, good-looking, themeable, and easy to use. fvwm and other archaic ones are, by contrast, horribly, repulsively ugly, as well as hard to use.
Switch the . and the @ to email me.
First off, this is a reasonably well studied (or at least written about) area of system administration. LISA has papers on this sort of thing fairly often, and everyone can get at most of them for free at Usenix's web site. It's well worth your time to look over LISA proceedings for the last five years or so.
A prefacing note: much of the advice here assumes a fully networked environment, where the machines are not isolated and can contact some central point routinely. Without this it will be very hard to handle updates, and you will probably need to think quite hard about the administrative structure: for example, who will create accounts for a local group of users? At this point user-friendly GUI tools may become an important consideration.
The basic thing to do is to automate as much as possible. You want a system where you never touch individual machines by hand; you touch a master machine or place, and machines update themselves. With 2,500 machines you also want this to be a pull model, not a push model; the machines pulling changes deals much better with machines being down than a central point pushing out updates. One concrete suggestion: make sure that your update-applying system can run arbitrary shell scripts or programs, not just install updated distribution packages; you will need to do this sooner or later.
In order to automate as much as possible, machines need to be as similar as possible. Where they're not similar, you need to build automated tools to detect the differences and deal with them. With 2,500 machines you probably can't keep machines 100% homogenous over their entire lifetime, so planning up front (and having the mechanisms in place in the initial rollout) will save you time later. Unfortunately, I'm not aware of any good tools to determine hardware configuration information in good, scriptable form for Linux (hopefully other people will).
I don't think that the choice of distribution will make a huge difference. You will have to customize whatever distribution you pick in some way, either by making new install media or by creating a master machine that is then cloned. You are almost certainly going to be getting intimately involved in the details of your chosen distribution's package management system; pick one which you're knowledgeable about and comfortable with.
If you go with creating a master machine that is then cloned, you should still automate as much of the creation of the master as possible. Among other good things, this will significantly help when it comes time to upgrade the base distribution, and it helps insure that upgrades are more easily automated (by simply supplying a new version of one of your customization packages). And it is good to know you can easily recreate the customized setup from scratch and the bare metal.
I will echo other people's comments on keeping user data off the 2500 machines. If you allow important user data to live on the local machines, you will have to back it up somehow, and it is a lot harder to back up 2500 machines than a few data servers that everyone talks to. If you have to back up data on each machine, strongly consider a push model where the workstations push the data to be backed up to a central server or servers for the actual backing up to tape. Also, if no user data lives on machines, returning a broken machine to service is a relatively trivial thing; you just drop in another generic clone, which should be a fast operation.
To distribute the load on your update and other servers, you probably want to cluster the workstations into groups (probably based on the network topology). Group servers pull updates and other things from the central server; the workstations pull updates from their local group server. This way all of the servers involved can be relatively modest, because none of them ever have to deal with large numbers of clients.
I personally don't like NIS for password distribution. Locally, we use something called track (available at ftp.cs.utoronto.ca in /pub) to have the clients pull new password files from servers on a regular basis, but one can use something like rsync or the like as well. People change their passwords by using a script that ssh's off to a central password server to run the real password command. Similar things can be done for other files that need to be distributed frequently.
In terms of security, you should first identify what the threats you're guarding against. Outside crackers call for very different precautions than untrusted employees. You'll want to take all the usual steps: limit setuid programs and running daemons, filter and screen what you still have to run, use encrypted connections for as much as possible, and so on. It's hard to give more specific advice without knowing more details.
I personally think that NFS is the best way to go provided that you can trust the workstations not to be subverted; it's the most solid, proven, and well-developed technology at the moment. If you cannot trust this, then you will need to look at alternatives: either something like Coda, or having central application servers that you can control and having the workstations only used to display things from them.
I second most of your ideas, save the "major apps should be on fileservers".
If the hosts you're going to serve are "good enough" (that is, have enough disk space), I'd look into using rdist as an application distribution system. You set some software up on some "reference" workstation, then push it out at night.
I have never tried this, but it looks like a sensible solution...
Regards,
-BK
Chemical Blog
I've installed a few machines, and WindowMaker seems to be the most intuitive and flexible window manager around. It looks simple, which doesn't faze the beginners, but is flexible underneath and supports applets. It's also Gnome compatible for those who must.
:v)
Vik
No kidding. Fvwm2 is far from ugly. I ran it on a P133 w/ 32MB, loaded with tons of pixmaps back in '97-98, and I had it looking better and faster than AfterStep 1.0 with malda's cooltitlebars3 patch.
A look at some of the themes for FVWM at www.plig.org/xwinman will show how non-ugly it is.
"Unix is a proprietary operating system intended to compete against Microsoft Windows" --Patrick Reilly
It just so happens that Once Upon A Time, I worked for a major OEM of PC's that sold Red Hat on it's boxes, in the custom configuration department (yeah, it's not hard to guess which one, think Big, Blue, and Not IBM. I got your "E" right here) I have a few points, some of which have already been made. #1 Kickstarts do work, and work very well. mkkickstart was/is broken on 6.1, and it's not really too hard to fix. Kickstarts allow you to do some pretty serious magic on the installation however, and with bootp, nfs and some development time, you could install custom built machines with individual network settings ,etc... all from the get-go.With kickstart, I made systems build in the factory, on customer's sites, and so forth, so there's no reason that you can't get away with it in your situation. There are some tricks to getting kickstart to go, but you can email me if you want more info. Ghosting is fine, but you'll need a workaround if you intend to use lilo in the MBR, as ghost will break on that. Other imaging products also break lilo, so I'd recomment either sticking with a dos mbr and putting lilo in the first primary active partition, or doing that first, and have it fix it self on first boot. #2 Debian. Red Hat kickstarts (and mandrake, of course) are very nice and all, but apt beats the hell out of RPM, even auto-rpm. I'd recommend debian if you can get by without the gee-whizzery of Red Hat, as it's stable, and mass upgrades via cron would be simple (relatively) to implement. This could save you a great deal of pain. #3 Network Filesystems. Stay the hell away from NFS and especially (ESPECIALLY!!!) automounters of any sort. They suck. I agree with another poster to an extent, but modern package management lets you get away with having a lot more stuff local. Still, for home directories, shared storage, and other needs, I'd recommend you go with Coda, AFS, or even use samba. For printing, CUPS is great. #4 Wordperfect 8 works well. The new trash corel has spawned (wordperfect 9, etc) work poorly and would require more than the 64mb max memory you are looking to do. For these reasons, applix seems a better choice, or even Staroffice (no experience, I'm theorizing). There are a lot of parts that can make your unix network put the smack down on the windows world now too. LDAP, CUPS, Kerberos, do-dads like HP OpenMail, etc...can give you all the functionality that you could ever need. That's all folks!
It just so happens that Once Upon A Time, I worked for a major OEM of PC's that sold Red Hat on it's boxes, in the custom configuration department (yeah, it's not hard to guess which one, think Big, Blue, and Not IBM. I got your "E" right here) I have a few points, some of which have already been made.
,etc... all from the get-go.With kickstart, I made systems build in the factory, on customer's sites, and so forth, so there's no reason that you can't get away with it in your situation. There are some tricks to getting kickstart to go, but you can email me if you want more info. Ghosting is fine, but you'll need a workaround if you intend to use lilo in the MBR, as ghost will break on that. Other imaging products also break lilo, so I'd recomment either sticking with a dos mbr and putting lilo in the first primary active partition, or doing that first, and have it fix it self on first boot.
#1 Kickstarts do work, and work very well. mkkickstart was/is broken on 6.1, and it's not really too hard to fix. Kickstarts allow you to do some pretty serious magic on the installation however, and with bootp, nfs and some development time, you could install custom built machines with individual network settings
#2 Debian. Red Hat kickstarts (and mandrake, of course) are very nice and all, but apt beats the hell out of RPM, even auto-rpm. I'd recommend debian if you can get by without the gee-whizzery of Red Hat, as it's stable, and mass upgrades via cron would be simple (relatively) to implement. This could save you a great deal of pain.
#3 Network Filesystems. Stay the hell away from NFS and especially (ESPECIALLY!!!) automounters of any sort. They suck. I agree with another poster to an extent, but modern package management lets you get away with having a lot more stuff local. Still, for home directories, shared storage, and other needs, I'd recommend you go with Coda, AFS, or even use samba. For printing, CUPS is great.
#4 Wordperfect 8 works well. The new trash corel has spawned (wordperfect 9, etc) work poorly and would require more than the 64mb max memory you are looking to do. For these reasons, applix seems a better choice, or even Staroffice (no experience, I'm theorizing). There are a lot of parts that can make your unix network put the smack down on the windows world now too. LDAP, CUPS, Kerberos, do-dads like HP OpenMail, etc...can give you all the functionality that you could ever need.
That's all folks!
Kickstart is a great way to install - expecially if you work in a DHCP environment.
:)
I recently discovered this intallation method when I went to the Red Hat fast track class (and passed the exam by the way, nothing like a little self-congratulations
As someone else pointed out, you just have to make sure to use the right disk imagine. Chances are you'll be doing a kickstart over the network, so you should use bootnet.img, BUT if you're using a laptop and need PCMCIA support to use the network card for instance, you need to use the pcmcia image.
Assuming you got that right, with all the options available on the kickstart file, and the fact that you can do anything you want at the end (add you own script of whatever) you should be able to do great with it.
Writing a good kickstart file might take a few tries though but it's defientely worth taking the time doing.
A posibly nice addon for this setup (for inclusion in the replication) is lm_sensors (search on freshmeat to find the package). This package monitors your onboard temperature monitors, and fan speeds. Write a small script that grabs the detectable values, and uploads/sends them to a central server (SQL DB is nice for this like mysql), and on the server make a quick php page to display the results. In 10 lines u can also make a php program (using the php cgi in #!/path/httpd/cgi/php instead of bash :P), that parses those values, and sends out alert emails when a work station gets overheated or one of the fans stop working.
:)
:)
Another nice tool to have then, is diskfree.pl (again freshmeat) which can alert you when your disks are to full, or you can script this using php or any other fav script language..
You can even write something that records the load averages, and see who needs the upgrades the most
What it all basicly comes down to, is making managing the computers a lil easier
-- Chris Chabot
"I dont suffer from insanity, i enjoy every minute of it!"
I agree with the rest of your post (Although I would personally recommend qmail, but that's neither here nor there) but I'm curious what the point of running inetd when you have essentially a blank inetd.conf file. Why not just not run inetd and be done with it?
When I was able to do my own spam-armoring, you got a chance to email me. Now you can only hope I see your reply.
First, we probably need to know what kind of work these desktops will be doing. For instance, if they'll just be running a word processor and a few other little apps, why not just make them all X terminals connected to departmental servers?
Second, even if you want local installs, you can still do it "remotely". Create a floppy that will do a remote boot/install. Send a copy of the floppy to every person. That instantly parallelizes the task, reducing the load on your IT people. Of course, this only works if the users are competent to put a floppy in the drive (and answer any questions you can't automate). That goes back to #1: Are these 2500 people engineers or typists?
Third, you need more than an install method. You also need to plan for machines that wig out (bad hardware, corrupt software, new users on old machines, etc). You also need to plan for hardware upgrades. That seems simple, but it isn't always. For instance, suppose your vendor suddenly started shipping USB mice? Sounds dumb, but I've seen dumber (from Gateway, anyway).
This is what I would do, given no other information about what kind of users they were:
A) Setup a server for each "group". Put all their apps and home dirs on the server.
B) Create a "kiosk image" of a linux machine that is essentially just an X terminal.
C) Send out floppies with a minimal Linux install and a script that auto-downloads a given HD image and writes it to disk. It may have to do a small amount of configuration. It may not, though. Consider: dhcp for networking, NIS for user auth. Put ALL servers in the fstab file and have the floppy just mount one of them.
D) As new machines enter the building, create images on them yourself. If people need new images, have them put the floppy back in (or get a new one).
E) You may have to have some kind of "autoupdater" for updated packages...but you may not too. If you don't install much on the desktop and can always just download a new image you don't have to worry about updating specific packages.
Well, that's enough until someone pays me....8^)
--
Linux MAPI Server!
http://www.openone.com/software/MailOne/
(Exchange Migration HOWTO coming soon)
Ice's project goals are
- Feel good and fast to use, be simple and don't get in the way
- Default configuration should be fully usable without tweaking
- Mouse is optional
- Combine the best features of other window managers and GUIs
- Themes can customize the look, user can customize the feel.
One of the really nice features I have noticed is the configuration files are not only very easy to read and customize, but the way it parses it's menu file is advanced enough so that when an exacutable is not in the users path that item is left off the menu.What hardware is necessary on the server to keep X terminals running at a reasonable speed? I ask because I set up a network of 5 486s being served off a K6 400, and when all of them were in use the systems were VERY slow.
You've missed off a zero there. Try $750,000 and things look more sensible.
Why don't you look at Star Office, in addition to the other office packages mentioned? The upside is that it is free and pretty good. The downside is that it's huge. You'd have to see if the performance with your "fast processors" and 64 meg is good enough.
Read the original Project Athena book. They did this once, long ago.
You definitely need some kind of network authentication thing, like NIS/yp, etc.
A single-sign-on for filesystem access would be nice (like Kerberized nfs.. don't know if CODA or AFS has this ootb).
There *are* going to be exceptions to the standard list of packages installed. If there aren't you'll end up with a larger package set that is the union of all requirements, or you'll end up with dissatisfied users.
Consider having a cron job that dumps a listing of installed packages into a directory on the admin server, so when that user's machine gets nuked you know what was installed there.
What "trim" said about directing all mail to a relay and disabling all unneeded daemons. But you might want to leave ssh on so you can install an extra package for someone without walking out there if need be.
Your choice is simeple in my opinion.
Use Corel Linux 1.1 and Wordperfect.
Corel is based on Debian which is really
easy to keep synchronised with a central
"image" you set up (look into apt-get).
As for wordprocessing, there is nothing
close to Wordperfect 2000 at the moment.
Huh? Shows up for me (Mandrake/KDE), before and after I crash it (there's a few java pages I visit that are sure to crash the Scraper on any platform... and IE, too). I've been rather pleased with KDE (after a few years of FVWM, experiments with blackbox, windowmaker (?!), icewm (nice), Gnome, CDE, Afterstep (nice but dog-slow), along with some others), and I certainly haven't seen anything like what you've described.
"It's tough to be bilingual when you get hit in the head."
IN KDE press Alt-F2 and type in 'killall -9 netscape-communicator' and press
Abracadabra! Netscape disappears!
Now, press Alt-F2 and type in 'rm ~/.netscape/lock' and press
then..
Alt-F2 and 'netscape &'
Yippeeee Netscape is back!
I really like Window Maker but I like IceWM better. A friend of mine who never used Linux before found it very straight-forward.
I would have to recomend Red Hat also, just because of the kick-start setup (however, this recomendation may be due to personal bias).
I would also have to recomend that you download the Nanno text editor. It is simple like Pico, but with better features. It would be a good thing to have in case users needed to do their own editing without having to bother other staff on the use of vi or Emacs.
I use Star Office, but people seem to really dig Applixware.
I've used in under 6.1 and 6.2 to install a lab of 40 PC's, it's a bit buggy but there's nothing that you can't work round, if you want to add your own packages you can either merge them with the distribution (rpm's only) or write install scripts for rpms or tar files, or even just run install on the files if there's a limited number of files to install. If you spend the time and get it right it should just be a matter of sticking in a floppy, switching the PC on and taking the disk out when it starts the install, possibly less if you have bootproms or PXE(?) compatible network cards.
:)).
If you ( or anyone else) want's copies of the ks.cfg files etc then e-mail me (just please don't laugh too much at my crappy shell scripting
I've used Applixware for the last 18 months or so and have been fairly impressed (the 5.0 beta was quite nice), perfect office is equally nice. If you are wanting to do anything complicated with networked printers consider lprng, http://www.lprng.org on your print servers, it's not the easiset thing to set up but it is very flexible and reliable.
He's not referring to DHCP (in fact way up he tells you to use it!) - he's talking about automatically handing out new hostnames (and any other info that is particular to that box) to machines as they are brought up - if you can do it automatically then you don't have to interact with the box after it's up which means (assuming you have a reliable installation routine) you can pop a floppy in, wait for it to boot to the point where you don't need it and WALK AWAY.
The less interaction and 'exceptions to the rule' you can have with 2500 workstations the better.
I've used Applix, WordPerfect and StarOffice to some extent for some time now.
Applix has been my favorite for interoperability with M$ stuff so far. I often hack on a document in Word by day at a customer site, then refine it under Applix at home. Despite multiple editing sessions in this 'ping pong' mode, I've never had one get flaked out. I'm using an older version of Applix (4.4.1), so I can only assume it's better in the latest version.
I'm also using WP8 which came with Corel Linux (Hey; it's not THAT bad...) WP looks and feels like a Windows app, so that might be and advantage if user training is a major issue. Interoperability with M$ has been less than perfect; I've had a few documents go weird in the process. I haven't tried WP2000 yet, but I presume this has been refined. (I understand that WP2000 is actually the Windows code base running under WINE. Whatever you may think of that maneuver, I'm sure that it aids consistency with their Windows product.)
I have tried StarOffice a few times but found that it loaded the slowest of the three and seemed a bit more sluggish. Interoperability with M$ was always excellent and has only improved over time.
For my own use, I seem to gravitate back to Applix despite using the other two from time to time.
It all comes down to requirements. If they will be exchanging documents with other systems (M$, WP on Windows, etc.), this should be a major consideration. If resource utilization is a major consideration, I've personally found Applix to be the 'lightest'. If Cost is a major issue, you clearly can't beat StarOffice. I would suggest trying them out on one of your target workstations and getting a feel for how they perform in that environment. It also wouldn't hurt to get a handful of users involved in such an evaluation; no matter how good the product, if they don't like it, it won't fly.
Free advice, all my own (possibly jaded) opinions, and worth slightly less than what you paid for it =:o)
2500 machines is a BIG rollout. If you get it wrong (which you will first time) users will hate you.
One career-saving idea is to first roll out 25 machines in a friendly department as a "beta-test", and when that works, roll out to 250 machines, then 2500 machines. Use the scaling technologies (LDAP, CODA, scripts, turnkey installation and more) that others have written about here. Also, set up web services for support tracking and help.
If you wanted to offer your users a very Windows-like environment, try the QVWM window manager (http://www.qvwm.org). It doesn't have the integration features of GNOME/KDE/E/Sawmill etc, but it is VERY light on resources, very fast, and Windows users will feel quite at home.
One of the reasons people are looking at Linux for installing on hundreds of machines (eg, Beowulf-style clusters) is that it reduces the capital software cost. The same is true for your office suite - Applixware or WordPerfect x2500 will cost heaps. I have used Star Office 5.1 (free from Sun) for some time with good results. Not resource-frugal or quirk-free, but pretty complete. I'm itching for SO 5.2....
And of course, this is just my 2c. YMMV. All the best!
The computer science dept at Edinburgh Uni has some very slick mass install stuff, for both Solaris and Linux - the CO's there publish papers on the subject.
IIRC the Linux setup is based on Red Hat, with their own custom rpm setups (not using the install tool).
http://www.dcs.ed.ac.uk/
At my university we had Windows computes in public access areas to just browse the web. They behaved misserably. They were cracked and they always crashed. My job at the time was to help design a Linux solution. We took the basic debian install and created a client/server approach via NFS. The workstations would run fvwm95 with Mozilla and some games. Mozilla was chosen because you can change everything via a text file and it supports most web pages. The server ran Debian.
The hardest part was the installation. Sure you can go around to 100 workstations and do an install, but that takes forever. So we modified the Debian Slink install disk and viola, a single disked network install.
The clients now run beautifuly and most people do not know the difference between fvwm95 and Windows 95.
---- aut viam inveniam aut faciam
For obvious reasons:
- every box could nightly do a 'apt-get upgrade', insuring that the current versions of packages were installed (including security fixes) while maintaining complete homogeneity.
Install vnc on all the workstations to help with support or get a golf cart to run around and fix user's screwups.
:)of servers to reduce downtime.
All apps should reside on the workstations to keep bandwidth requirements down. All data should reside on a server or probably better, on a cluster (I didn't say the b-word
Samba works pretty well for for sharing drive space and will let the occasional Windows box connect too. Subnet subnet subnet. Put as many nic's in the central server as possible, each with it's own subnet IE nic_0 = 10.0.0.0 nic_1=10.0.1.0 etc. This would allow you to assign user groups (accounting, sales engineering etc.) to their own subnet so as to increase security a bit.
XFCE is a nice little window manager too.
Web based email would be pretty easy to maintain and nice for the users.
Vmware running different operating systems on an OS server would allow your users access using VNC to office2000 for instance to fix the occasional word.doc or excel.xls that didn't convert into the Star Office format quite right.
ssh ssh ssh delete telnet right off the bat and use ssh. Create tunnels for ftp and vnc since ssh can compress the datastream.
Hope this helped.
I just realized you could just run vmware X to X and cut out vnc altogether. Probably works better too.
I don't have 2500 Linux boxes, but we deployed about 100 machines to a dozen locations within one year. And I believe very successfully :-). Those locations were our customers who run our own business software which was formerly used on ASCII terminals on a SCO server.
We used SuSE 6.2 and developed our own configuration that would allow diskless clients to boot from a server. We would manually install a stock SuSE Linux on the server first and then run our configuration script from the CD. This script would take a configuration file which describes the location (clients, users, printers, etc.) and would automatically setup the server according to those specifications.
After this you can immediately switch on the diskless clients, log on and start working.
Its easy to do this kind of configuration script yourself because in Unix/Linux you only have to change a couple of text files. Within several weeks of work we had our configuration script which would allow to setup a small company in about half a day. The installation/configuration of the Linux operating system would take about 2 hours (including setting up printers, users, mail, DNS, NFS, etc.).
We use SuSE Linux, KDE 1.1.2, Applixware Office and Netscape Communicator for browsing and mail and we built an intranet based on dial-on-demand ISDN. Our users are ordinary business users who used to work with ASCII terminals, some with Windows experience.
So what can I say about such an installation?
(1) the Linux configuration is really stable (uptime of the servers usually serveral months) and from what I hear it is well accepted. You can trust Linux for business critical application!
(2) the users have no major problems working with Linux. KDE together with applications like Applixware or Netscape is easy to use and rather similar to Windows. I don't understand why one other poster was commenting on high costs of user migration. The users shouldn't have to do any administration tasks and using an application like Netscape on Linux is not much different from using Netscape on Windows. OK, Applixware has different function keys from Microsoft Office, but the basic functions are the same.
(3) the remote administration possibilities of Linux are great. At most locations we don't have system administrators and we are able to do most administration through the intranet. Last week we had 2 clients stolen at on of our customers. Because the server was in a secure back room we would send him 2 new boxes, edit the ethernet addresses in dhcpd.conf and he could continue his work without any loss of data.
(4) we considered using some simple window manager with a fixed configuration so users wouldn't be able to make unwanted changes to their desktop. But we decided against it and used KDE instead because we believe a simple but secure desktop would not get as much user acceptance as a configurable, Windows-like desktop like KDE. And it seems the users like KDE and its configuration options (they deliberately use themes I personally find outright ugly :-). And in a case of mis-configuration you could alway have a backup copy of .kderc and .kde.
(5) Applixware is a quite nice Office package. It has everything a normal user wants and is a very stable application too. You can also make connections between the applications like integrating a spreadsheet in a word document. And you have extensive programming possibilities with the ELF macro language. The compatibility with Microsoft Office documents is ok, but not great. If you don't have an extensive document exchange with Microsoft Office users you should be ok.
(6) If you plan a business setup, don't save by using too cheap hardware. I mean why shouldn't you bother to use cheaper hardware than a Windows solution would use. And you wouldn't deploy a Windows 2000/Office 2000 solution with less than 128MB RAM, would you? The Linux kernel might need less ressources than the Windows kernel, but modern applications (like Java applications) can use a lot of ressources on Linux too.
(7) the greatest problem in everyday use is, I believe, the printing subsystem. Tracking and deleting print jobs on the network isn't always easy. Everything else runs without much user or administrator interaction.
(8) even if you don't use diskless clients, I'd second another poster's advice that you should have all your important data on the server. This simplifies the backup and other administration tasks and is no performance problem on a 100MBit ethernet (NFS caches file access by default which NT 4.0 to my best knowledge does not).
(9) we also built a couple of scripts which are scheduled by cron and automatically scan the server for problems (like running out of disk speed, alarms from hardware sensors, etc.).
(10) I also think that we have a simple and cheap but effective backup scheme. Backup is always a trade off between useability and data security. We use dump(8) for backup and have a second hard disk for an automatic daily incremental backup. And each week we do a full dump on DAT tape. This one is also scheduled automatically so the local administrator only has to change the tape once a week.
All in all, Linux is a great solution even for business use. Administration even of large installations is rather simple, at least for someone knowing the Unix way of things.
Of course, there are downsides too:
(1) hardware support for Linux is still not good enough. We had bad results with ink jet printers and scanners. At CeBIT 2000 fair I asked all major ink jet manufacturers (HP, Epson, etc.) about Linux support and all said there is none at all. Of course I know that there are some drivers mostly for older models, but with our available hardware we couldn't get the kind of results as with Windows software (e.g. our scanner would get much worse results with rastered images).
(2) there still aren't enough applications available for Linux. You can have office applications, even financial applications, but not everything the users want.
(3) you might not want to hear this, but I believe for commercial use the Linux development cycles are too fast. I think there are 3-4 SuSE releases every year, but in a large company you can only upgrade your installation every few years (because you can bet that with every upgrade there will be tons of new problems with your applications). Unfortunately the dependencies on new library versions gets larger and larger and more and more applications won't run or compile on older systems without the appropriate libraries. But nonetheless, go with Linux (or any Unix) if you can :-) Michael
Since most of everything you will need has been already said I will atempt to talk about what has been overlooked. It's the little things that make life great. Consentrate on that. Rather the focusing on a feature rich distro, try one which has it's features worked out. I recomend customized to your environment Mandrake, your users will thank ReiserFS when they accidentaly turn their computer off. Although I believe the latest Manrake uses XFree 4.0 so, you might want to install the latest X 4.1 I think...? If you going to install Netscape use libc5 version it's not just more stable it's probably what netscape is supposed to run like. Ofcoarse if you are going to install after mozilla is reliased you can consider that also, remember netscape plugins are not compatible with mozilla so it will be a while before you can install them, so choose carefully, because you will have to install them later.
/etc/X11/xdm/Xservers add a dpi argument ":0 local /usr/X11R6/bin/X -dpi 100". I believe the standard for Windows is 96 dpi for X11 is 75 so if you don't change your users will complain about new glasses. If X11 will be started using `startx` the do this; edit startx file find line that says `serverargs="" ` put `-dpi your dpi value here` between quotes.
.doc filters, just about every feature your users will ever need. Plus since Sun uses it on their network, they would also have expirience to do tech-support, incase you want buy tech-support from them.
Which brings us to another point make sure you can upgrade these workstations with ease. Here is a idea just out of the top of my head.
When workstation boots up (or cron monthly, weekly, your choise) it checks a ftp site X, it downloads the rpms made by you, checks them agains another server, Y (your favorite method here: XOR files from X against Y to get the real rpms, or use md5 to check their checksums, or something else in this direction) then installs the upgrade files.
Don't forget to change the dpi settings in X, much overlooked problem. If your going to used xdm, kdm or something like it, change the following, in the file
Remember Windows and Linux are to different types of beats. Each has it's pluses and it's minuses. Don't setup Linux as you would Windows. Here is a feature idea just out of the top of my head. If your workstations have ssh servers installed on them, if a program freezes and user doesn't know what do to, he calls tech-support, they login to his machine as that user (no root!) and kill the offending process. Thus you will help tech-support people save on their psychatrist bills.
As for Office application I would have to go with StarOffice, installed on a server(s) much more efficient, espesialy for 32-64Mb range. StarOffice has good
I'd have to disagree. I deployed Corel into an office environment in hopes that Word Perfect 9 would run more smoothly and had nothing but problems. After a minor tweak of XF86Config, it would not boot anymore! I tried going into their custom console mode, and it just kept trying to start X. From my experience, it has been the least reliable linux distro. I'd go with debian if I were you.
A musician without the RIAA, is like a fish without a bicycle.
Mandrake is a terrific distribution. Our NOC uses it for their security applications which speaks for its stability and security. I go for a minimalist desktop too but I have been very happy with KDE. It is fast and stable. I have had GNOME hang me up too many times. KDE is quite accessible for people coming from Windows. Word Perfect is a mainstream standard. Considering that it is still the standard in law offices it would be a good choice. Add Applix if a user needs a spreadsheet or office productivity app. Star Office remains bloatware. Solaris is sloooooow on anything but an UltraSparc, in my experience.
If you haven't already, look at the blackbox window manager. It's very minimalist, yet with JUST enough features. I use it every day, and it uses just barely over ONE meg of RAM.
http://blackbox.alug.org
I have been using mandrake for the past year or so, and have been very impressed with it. It has the stability and easy to use rpm system found in redhat, but has more software bundled with it, and the tools actually work! I have modest desktop requirements on my machines. I basically use my desktop for the Gimp, star office, mp3 jukebox, and basic web surfing. It does more than I need it to, comes with compilers for languages I have never even heard of, more editors than you can shake a stick at, and a pentium optimised kernel. It is nice that you don't have to compile a custom kernel just to get the pentium optimizations.
If you would like more info on my scenario, you can e-mail me at raleighATracc2000.com
-Raleigh
del c:\micros~1\*.*
As a user, this kind of thinking bothers me. Its really difficult to gauge the intellectual capacity and self-motivation of a person. Sure, some people can't make use of additional software, either because their not smart enough or because they just don't have the desire to. But a bright, self-motivated employee will expand to his potential if his environment gives him enough room. Sure, a person may have been hired to do one job in one particular way, but that person may be capable of doing far greater things. If you cripple that person by restricting his resources, then he may never live up to his potential. That hurts both him and his employer. I say that unless giving everyone a particular tool (software or otherwise) is an undue burden, then go ahead and let them have it and maybe they'll do something usefull with it. If you then find that the costs of providing that particular tool outweigh the benefits, then you can be more selective regarding that tool. In the long run, I think thats the better approach.
----------
AbiWord: The BEST opensource word processor
Check out AbiWord.
Traditional NIS doesn't provide one of the nice things about NT: NT has a security model, but NIS isn't much of one. Kerberos is an excellent security model and scales well and can be used with distributed filesystems such as AFS and Coda to provide authentication. Also, IPSec would be very nice.
Second, more important for a roll out like this is to appreciate it will be a strange environment for users used to winduhs, so at the risk offending the religious devotee's of Linux (of which I'm one) - you might reduce the learning curve of new users, and your own support load, by choosing a windows like GUI. Can I suggest you use a test harness - setup a couple of different GUIs: fvw95, IceWM, WidowMaker, Sawmill and then grab half a dozen different representative sheep, sorry users, let 'em play and get their reactions. That may also give you a handle on their concerns.
Obviously with 32M Enlightenment is off the list IMHO as is KDE unless you can get to 64M.
As for office suites I suggest you add StarOffice to the list. The licence sucks but I guess thats of no interest to you.
Finally, if you have got 2500 installs to do speak to the DISTRIBUTORS! Im sure Red-Hat, SuSE, Corel would be more than keen to assist with thatt kinda scale.
-he who laughs last, is a bit slow.
journal
You said you were looking for a minimalist window manager. I think that blackbox would be ideal for you.
Blackbox home: http://blackbox.alug.org
I think this is kind of bogus. I believe the real issue here is how many different kinds of workstations you have. With a scripted automatic installation, who cares how many workstations you have? That's just time and network bandwidth, which is important but not critical in terms of upgrading. The effort put into scripting an installation of 25 machines versus the effort put into 1000 machines is exactly the same if the workstations are all identical. Hence, the real problem is how many different workstation "templates" you are going to have -- that's where the work is. In my experience, most servers are different -- it seems that people need servers to be flexible, strangely enough. That means that a scripted across-the-board server installation is more prone to failure, and you generally have more server templates than you do workstation templates (excepting some folks like ISPs). That's because it is easier to make the workstations generic -- an application that is installed but not used is just disk space, and we all know we've got plenty of that on anything that isn't a server. :)
This is where LDAP fits in -- not only can you go to someone else's workstation and log in, but you also get all of your personalizations, and can log into any of your applications just as easily as if you were at your own machine. At least in theory...
AetiusI'd add a third group, although it doesn't seem that there will be many it this installation -- technical users. These users need powerful, flexible machines, and tend to have more problems (and sometimes be able to fix them themselves) than the other user groups because they are pushing their machines to the limit.
This group is tough to deal with because scripted installations are hard to maintain for them (in some cases they are creating either the script or the software that is being scripted!). These users need access to individual scripted applications that can be installed if necessary, and removed just as easily (there's a CA product that does this, and Novell and Microsoft both have capability, as well as all the Unices through scripts). These users can be a source of help and good ideas, though, as they often have many talents in different areas.
AetiusThere are a couple of things you also need to consider here. We've had trouble finding a good project management package on Linux, as well as a good HR package. You need to seriously consider what you are rolling these desktops out for -- and have a solution built before the first desktop hits the production floor.
You basically have two choices when it comes to upgrading -- automated re-installation from a developed image (Ghost-type) or scripted installation of various products, with the script changing over time and modified to take into account all the older systems, so that by running the script you will bring all workstations to the same level (in that department at least). The scripting solution takes a little more maintenance but is a lot more flexible in terms of upgrading applications, while using the Ghost-type solution is low-maintenance, but means that your workstations will always be behind the curve and slow to respond to the user's needs.
AetiusI've used it in 6.2, it works like a charm.
AetiusI believe this would be a bad idea - 64 MB should be installed as it allows more applications to be run locally (you do not want people running netscape on a server - it is too memory hungry, and falls over a lot, consuming all the CPU it gets), the X server consumes a lot of memory anyway and you have some memory for caching.
I've used it quite a few times, with good results. Note that I made my own kickstart files instead of creating one from an installed workstation.
I use Linux all day at work and its all I have at home. Redhat 6.1, gnome (helix at work), Sawfish, and Staroffice. Helix is getting there but not fully ready yet. It required a great amount of disk to install. Sawfish is flawless; switched from windowmaker long ago. StarOffice works great, does well with word docs, but can be resource intensive. I have wordperfect at home- very "windows like" (easy to use), but I usually use Staroffice instead. Software management with RPM's should be a must.
If you are buying new machines, why not ask the vendor to install what you want?
The magnitude of the problem is why a big vendor might help. They've been putting configured images of Windows on thousands and millions of computers a year. You would think they have specialized equipment for this, like racks for their hard drive duplication. That's not something the average place has. A place that only hase 2,500 employees will have trouble finding a room that will fit more than a dozzen computers at a time.
Once Debian, perhaps with a chron job to update itself by ftp, is in it should be able to take care of itself. Keep your users from having root access, but give them a nice big home directory and everyone should be happy. If things change, you could change the chron job with a script of your own. Then all (hehe)all you will have to deal with is mechanical problems, a big enough task on it's own.
I'm not sure how you could automate hardware upgrades.
The question of a office environment becomes a little sticky in this situation. I've used both office suites extensively for my own testing purposes. I can tell you that WordPerfect is much better than Applix, but on the system configurations you've given, Applix will run much better. There are also a couple more factors which make this decision easier. I've found Applix to be very stable. WP, on the other hand, is exactly the opposite. It's completely written for windows, and WINE is what they used to make it work under Linux. Kind of a shoddy way for a commercial product to operate, in my humble opinion. Also, Applix doesn't interchange with other office suites very well. If you're just going to be using one suite across the entire company, you should be OK going with Applix. If interfacing with some windows machines is an issue, WordPerfect, or (god forbid) StarOffice would be a better choice. Although, StarOffice blows your current system config to bits. It would run kind of like Q3 on a 486 if you're going to just put 32 (or even 64)megabytes of RAM in the machine. I use Linux on the desktop every single day, but my machine is not in the least bit modest. If there ever was an argument that Linux isn't ready for the desktop, this would probably be the best example I've seen yet.
So I'm curious if maybe your old company were responsible.
---------///----------
--
I like to watch.
When I first started using WindowMaker I thought the lack of a pager was a glaring omission, but it's absence forced me to use the kbd shortcuts which are WAY faster than mouse clicks. While a pager is very intuitive, it just slows you down in the long run, something of a mis-feature to mind.
It would also be a little misleading since wmaker doesn't beleive in contiguous desktops, eg a window can only be on one desktop at a time.
But if you really want a pager, you could always use the pager applet for the gnome panel.
"StarOffice is a pig on memory.The only way it'd be usable on a 32 meg machine would be to skip using a window manager altogether, consider SO loading to be part of you boot process, and use SO for _everything_ (wp,ss,mail,news,web). " agreed SO is a mem pig, even on a 128meg machine. But the interface(at least the win32, haven't tried the *nix yet) is i nice interface. for a while i told explorer not to load and used as my default shell..
all office packages are big anyway...
--DV
"Kermit the frog, cuz he gets all the hos!"
--DV
In this day it is safer to be a ninja than a samurai
linuxnewbie has a good article on using tagfiles in Slackware. Make one tagfile and have fully automated custom installs on many machines.
Similar to msbatch
Lars -
Wow so now Microsoft innovated the displaying of a console on a remote machine!
Only a few decades after X !
Monopolies offer choice !
Lars -
That way you don't have to put that much traffic in network but administration is still easy. If harddrive fails you don't lose anything - workstation may crash but you can just replace HD to restrore swap area.
_________________________
_________________________
Spelling and grammar mistakes left as an exercise for the reader.
email clients on the desktop are a nightmare on any platform to support.
Im about bald from having to support 500+ installs of outlook lol.
Advantages of webmail...
=central point for scanning for viruses ect.
=central point for security.
=less support needed instead of having to run around to
each machine to fix things all the time you have =one point to manage
=ease of adding and removing users
=Users like the ability to bring up an email on another machine when
they are working in a group setting.
First, don't get me wrong, I'm not against the idea at all and I do think that Coda is really great (on paper).
Second, I'm also surveying Coda's enhancements for more than 2 years now and I really think it's a great software with lots of people behind but my question really is : "can Coda achieve enough scalability and stability in order to be installed for 1000+ clients ?" (the FAQ and the latest changelog doesn't help me think it could handle 2500 clients without any problem at all...)
Because frankly, when I hear all the feedback from different people using it 'in real life', it's not all so bright...
Besides, what about Intermezzo that is derived from Coda with most of it's features because of such "unforseen" scalability issue that were not planned back when the developement began... (appart from the fact that Intermezzo seems a little beta to me)
You can also find some good information concerning Coda/Intermezzo/NFSv4 here
As a conclusion, why not having one or more big editor (IBM, SGI, HP...) put some big bucks on the table in order to help any of these 2 projects being finalized through funds (SourceXchange, CoSource or any other way)
I say avoid Corel "Linux" like the plague... I did 2 separate installs of it, on two totally different setups and when we found that Corel had none of the functionality that we expected we attempted to remove it only to find that it corrupted the partition table on both computers causing a complete loss of data on each....
Big disks are so cheap these days, I don't see why you'd want to go diskless. Administration can be just as easy using other techniques.
Any of the distributions will give you most of what your users are going to need, right? With something like kickstart it's easy to install many identical clients.
You can rdist any third-party software that's needed, nightly perhaps.
Setup a trusted/secure machine that you can use as an entry point into all of you clients. Also setup a server to contain the distibution of your choice, and third-party RPMs. Then if you ever need to install somthing later on down the road, you can just ssh into each client, and install the RPM you need. This is very easily scriptable. Hopefully you have a nice NFS server, and autofs running on the clients.
This way everything is local to the client, and you eliminate a lot of network traffic. With 2500 linux clients, network bandwidth will become an issue.
I am a Unix Systems Admin. I have worked at a few different "BIG" Shops with lots of unix systems (Mostly Solaris, AIX, and IRIX) ... Motorola being one, and now American Express. The thing I see that you would need to pull it off is look toward ZERO-ADMINISTRATION.
..
.. The software to stay away from is CA Unicenter .. that thing is CRAP. So far everywhere I've been has payed a ton of money for CA and had it break tons of machines, the freeware monitoring softwares are the way to go, trust me! =)
.. PowerBroker is Glorified SUDO. It can get people root and log the entire sessions Input AND Output to a file for later playback or realtime playback. Also does a lot more things... goto http://www.symark.com to check it out..
.. it'll bite you in the butt..
You need 4 things to make it all work easily.
1. Centralized Authentication (ie, NIS+, NIS, or LDAP)
2. NFS/Automounting
3. Monitoring Software
4. PowerBroker (http://www.symark.com)
1. Centralized Authentication.
Ok, When I played with rolling out large portions of Linux the only CENTRALIZED authentication that I could find was NIS. Not NIS+. So far NIS+ Has been the winner for working with Solaris, but I'm not sure if Linux has NIS+ Support yet. I have a ton of NIS+ administration scripts to make my life easy.. NIS+ is great because everything is encrypted over the network and you can't just attach any unix box to the domain without authentication like you can with NIS. I've never worked with LDAP but everyone says LDAP is going to be the wave of the future.. but I haven't seen it installed anywhere yet nor played with it.. but that's me
2. NFS/Automounting
You need to setup two bigger boxes that will do the NFS for the whole place. (Two for redundency) We have had ours setup in the past configured with HA (High-Availibility) using EMC disks between the machines so if one failed, the other could assume the role of the other and continue with business as usual until we get the other machine online.
NFS with Automouting would be used for Home Directories, Tools, Apps. So that way when you need to change a revision of a software, you change it in ONE location and it's changed everywhere. Also home directories over NFS/AutoMounter so that the user could essentually log into ANY machine on the network and have feel EXACTLY like he was at his desk. Also so that if the users machine dies, there is NO important data on it, give him a new box, get it in NIS+ & on the network and all his apps, data, and home directory are already available to him.
3. Monitoring Software
You want to run some kind of monitoring software on all your servers and IMPORTANT desktops so that the problems find you instead of you finding the problems. In the past I have used "Big Brother" and "Net Saint". Both have been very good. Big Brother is written in all Bourne Shell / C while Net Saint is written in Perl / C
4. PowerBroker
PowerBroker is an expensive tool but if you're running a shop that is large, most likely you will require many people that will need "ROOT"
Well, that's about it.. basicly lay down the entire setup FIRST and then roll out the machines, don't play catchup
well maybe not NFS for linux, but under BSD and commercial unix its fine. A sun box can saturate ethernet with NFS, its quite efficient. Personally I would choose a FreeBSD, you can select packages in more detail and make a cleaner smaller install. Upgrading can be easily done with the make world script.
Only the State obtains its revenue by coercion. - Murray Rothbard
Whether you choose to use the desktops as actual application/file machines or as Xterminals, CDE will work out very nicely. One of CDE's main strengths is its ability to integrate limitless numbers of machines and platforms together simultaneously into one desktop, so that you can launch applications and interact with files regardless of where they are or what platform they're on.
CDE will allow you to set up centralised application and file servers on various UNIX (or linux) platforms and then serve those out to X users out there, all integrated with cut and paste, drag and drop, etc. It will also make it easy to not have to make the choice about whether to use those desktops as PCs or X terminals, as CDE seamlessly mixes local resources and remote ones--you can run CDE on a 'desktop server', your applications on an application server, and get your files locally--or you can get your files remotely and run ApplixWare locally, or whatever. It's all very easily configurable into limitless configurations.
CDE 2.1 is resource-friendly, and also very easy to use and simple interface, not an overbearing one. It's got a LOT of great features, despite what you may hear from people who don't really know how to use them.
I wouldn't recommend Xi Graphics CDE though--it's not fully working--so you might want to use a UNIX box as a CDE server. Alternatively, email me and I can give you some more information about CDE choices if you're interested.
I think your should consider Suse. (The German distro) I run it myself, and have had very good experiences with it.
But then the exact distro shouldn't matter that much, as you probably want to make your custum setup. In my university they have about a hundred dual boot boxes that run Red Hat and WinNT, but the Red Hat they are using doesn't look very much like any other Red Hat I have seen. Among other things they have put most of the configurationfiles in an NFS directory, and have links to them in /etc. This allows them to change setup on all the boxes at once, without having to sit down infront of every one of them. As far as I know the only real difference from setup to setup is the IP adress and the hostname.
As long as you have a network, and most of the hardware is the same this is the way for you to go, and as you have a lot of computers, and probably a lot of manhours you should be able to make a really good setup for the first box and then use it on all of them.
2500 X 100 = 250,000 2500 X 200 = 500,000 Maybe you need a calculator instead of a computer?
You know, I love linux, I use it everyday, but...Supporting that many desktop user is just scary. I assume we're not talking about programmers or sysadmins, and I wouldn't want to be desktop support those first few days...
Does anyone have any case studies of large installations of linux as a desktop system? I remember a while back Burlington supposedly roled out a large Linux installation.
Plenty of people have said 'do it this way' or 'do it like that', etc. For something as large as 2500 machines I think it would be better to have a few real-experiences. Maybe get in touch with Google, to see how they manage their thousands of machines. (granted they don't have the burden of endusers at each machine, but the task of administering thousands of seperate boxes has certainly given them knowledge that most of us do not have first hand.)
I imagine a lot of large univeristies use it in a deskto role as well. Anyway, some documented real-world installations would be very useful for many of us out there.
(I am in the pre-embronic stages of setting up a company to install Linux/BSD for small businesses. It would be very nice to have some success stories to show my first customers.)
-MS2k
Well if you're doing a major rollout, then you're not going to have to hack the kernel too much...i'd suggest corel, they seem to have a good lineup of linux products, although you can't really open up corel linux for hacking at it too much from what i hear...then again, you shouldn't need to. I'm sure if you need to, you could get a licencing deal with corel or somthing.
bottom line is, corel is stupid stupid easy to instal, and wouldn't hurt for user instals
moox. for a new generation.
That's the odd thing about fvwm...fvwm itself has about the same memory footprint on my system
as twm, but fvwm2 is much more a resource. I switch back and forth between twm and xfce typically,
but then again, I play around with others. twm and xfce have been the only ones that I stick with,
as most of the others are larger and less manageable.
twm reminds me of some of the embedded devices and kiosks I've run across over the past 15 years (:
Yes you can remote admin NT. But...
Under *nix with X you can run any graphical app on the remote machine.
With ssh and the like under *nix you can connect remotely and have a terminal window on the remote machine, which should allow you to perform any task you would normally be able to perform at the machine.
NT does not allow that kind of power at the command line, being mostly a GUI-only OS with limited command-line capabilities. Neither does it, AFAIK allow access as if one were at the machine beyond telnet and the remote admin tools. Under *nix, there is no appreciable difference between being at the machine and being remote beyond possible lag (because of bandwidth) and not being able to hit the power.
I love Corel's Perfect Office.
If you're at 32MB, upgrade a couple of servers to 512MB or so, and run WP/Quattro off them, and just display it locally.
Set up each box with lpd so they can print to their local printers if you do this.
Have fun!!!
I want to delete my account but Slashdot doesn't allow it.
Try killing netscape on a mandrake 7 box... running KDE (the crappiest of them all - I've no clue if it happens on the other windowmanagers. netscape doesn't even show up as a process in ps x - and there's a completely dead netscape window eating up your root window and probably grabbing your mouse as well... and you'll be getting your undies all in a bunch about putting that crap on 2500 workstations.
Has anyone sucessfully used kickstart?
I get Python script errors on boot trying to get kickstart to work on either RH6.1 or 6.2. After spending a days worth of time over a week, and seeing no hints on Deja or Google I admited defeat and moved on.
Even if it did work, you still have to deal with installing software from source or a non-RPM package binary. That's step two in a one step process -- unless you roll your own RPMs for the source/binary packages you need to add.
After all that hassle, why not just do it yourself with a script? A pain to keep together, but it's more likely to work.
A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
I personaly use WindowMaker myself with no KDE or GNOME. Both KDE and GNOME will suck up your memory. GNOME is generaly worse. Since you are at 32M, you'll want to be somewhat concious of usage. Those office applications will want to have all that they can get.
WindowMaker is a decently usable windowmanager that does not take up a lot of memory. Do NOT use Enlightenment. :) You might even want to look at fvwm2. That was a great window manager about 7 years ago. There are more flashy managers around, but fvwm2 was solid, just about bug free, and didnt bloat. And besides, most window managers now a days are based on fvwm2.
The distribution doesnt realy matter. As long as its an up to date distribution with the 2.2 kernel. RedHat is on 6.2 now. With them you always have to wait one or two minor versions after a new major version for them to work out the bugs.
RedShodan --------- Never underestimate the bandwidth of a station wagon full of tapes.
No one has mentioned Distributed.Net client for Linux. One wonders what type of keyrate he would generate!
Is this site connected to the net? If so, I strongly suggest using an RFC1918 address range and use NAT or PAT to keep things happy. IPChains or TCP Wrappers would be nice. A good generic /etc/hosts.deny and /etc/hosts.allow file would be:
/etc/hosts.deny ----------------- /bin/mail -s \ -
/etc/hosts.allow ------------------ .domain.blah x.y.z.q ) -
--------------
ALL: ALL : spawn (echo "%d from %a (%n) on `/bin/date` - output from \
reverse finger is `/usr/sbin/safe_finger -l @%h`." |
"Security Alert - `uname -n`/%d" USER@domain,USERID@another.domain ) &
-----------------------------------------------
------------
ALL : ( your_ip_address_range
-----------------------------------------------
Change "USERID@domain, USERID@another.domain" to addresses of your security/admin people
Solaris users can use the same by removing the word "spawn".
I believe the corporate desktop will eventually have linux as the market share leader.
.Net strategy even more so. However, IE, Media player, and Direct X are still compelling apps that make it better for consumers.
MS is pricing itself out of the market. Its
getting back on topic, I haven't seen the following recommendation for deploying to 2500 desktops. Is anything wrong with it?
1. Use whatever distribution is best at detecting hardware.
2. next, run a customizing script that sets network home directories for standard packages, and other centralizations of users, policies and data.
Is that possible/easy to have a mix of custom desktop settings, and standardized server based packages and user settings?
Although the distro may be set up insecurely a competent administrator can easily plug the holes in config files - each distro uses the same software - or upgrade if the software itself is faulty, in which case no distro will save you. I acknowledge that for cloned workstations this *is* a problem, but many suggestions point to 5-10 department servers - I agree with this. It's then no big deal to fix known holes, and the admin can spend the time he would spend fixing Windoze looking for other holes!
For what it's worth I'd suggest investigating the possibility of using Linux-Mandrake (7.1+) instead of Redhat.
Mandrake is redhat based so you get the same features and compatability but you also get a number of refinements. The ones that might interest you would probably include;
Better installer. You get more control and at the end you get the option to build a reinstall disk which can be used to automate subsequent installs on other identical machines. If your pool of 2500 workstations is made up from one or a few models this feature could save you a lot of time.
Better security. Mandrake lets you select a security level from "none" to "paranoid" and adjusts the host's configuration accordingly.
i586 optimisations instead of RH's i386 build. After using identical machines with RH and ML I think it's fair to say that this does seem to make a small but noticable difference in practice.
We run Dell servers that come with RH6 preinstalled and all of our workstations run Mandrake7. The combination works very well.
[ Blairism is the continuation of Thatcherism by other means. ]
Sorry but for 2500 desktops I'd be very very tempted to take a good look at star office.
Government of the people, by corporate executives, for corporate profits.
StarOffice is quite memory-consuming (but it is not a serious load on the processor... better than M$ in that sense).
But Star Office is efficient in a network environment, running in a server and displayed locally...
The first soffice session you open consumes about 30/40MB... then, each additional session is just 2MB more. (that means, with a 128MB server you can have several of users, with 512MB, a lot).
...then I suggest you try StarOffice 5.2 (the latest version). So isn't everyone's cup of Jolt, thanks to its silly insistence on using its own desktop in a window, but it's definitely a full-featured package, and it seems to support MS Office interoperability very well.
I should point out that this question is being asked by an IT guy for the Wisconsin state court systems. Let's consider the needs of a courthouse network before suggesting things like user-installs, openGL cards to buy, crap like that.
Basically, they could get away with vt100's and any OS running at the server...
But as to which distro, hmmm. You will just be running file sharing and word perfect? since every lawyer I've ever met swears by wordperfect 5, I would think you will want some compatability there. that clears that up, unless they do things different in Wisconsin (I'm in California, IIRC there are more atty's here than the rest of the country combined, including Washington DC!!!)
Also, you will probably be providing access to some very old DB's, which will just want for a terminal emulator, which are abundant and mature in every distro...
Are any of the users going to need www access? Judges, maybe? Still doesn't narrow it down to a specific distro...
In short, I can't see a single reason to sweat this question. There is no appreciable difference in distros considering the way they are going to lock down these machines. Unless there are details in server configuration or applications not mentioned, or user latitude is broad, just go with the best support plan.
:)Fudboy
:)Fudboy
I guess I'm only a Fudboy, looking for that real Transmeta
Yes, there must always be people on site of course, they just don't need to babysit every machine. As for NT's remote management, I know about it, I have used it, but how effective is it if you don't have the bandwidth?
Unix is Power? Well although I'm not the first to come up with it, you can blame me if you want to :)
Let me give you a real life example of why I can say so..
A while ago I was sitting on the corporate network of a financial institution. I was developing some PHP on a linux machine (A) which was sitting on the DMZ of their firewall. I connected to this machine through the only connection I was allowed, ssh. A few problems arose with some systems of other customers which was about 2000 km's away. The linux box was only allowed access to one IP (B) outside the institutions network. Thus I connected to box A with ssh, from there to B with ssh. B wasn't allowed to either of the final 2 customers network, so I had to go via box C to box D and E respectively. So from 2000 km's away and through 3 intermediate machines, I was developing code in C on box C, debugging communication with cryptographic hardware, etc.... while fixing some bugs in perl on box E as well as debugging a Postgres database, and all of the above communication was encrypted.
The only limit you have with Unix is your own skill and imagination....
Except for the slight miscalculation... With 2500 linux boxes you would need a third of the support staff at most, none of them will be idiots AND THEY CAN BE ANYWARE IN THE WORLD AND REACH ANY BOX ON THE NETWORK. I've worked for EDS and I you can easily spy a windows administrator running around from machine to machine, something us Linux oaks never do :) Unix is power, Windows lets your feet do the walking instead of your mind
The Corel distro is worth a look as a standard install already has Wordperfect and Samba ready to rumble. You may not want Samba but it's hard to avoid Micro$oft product on the network.
By definition, a government has no conscience. Sometimes it has a policy, but nothing more. - Albert Camus
WordPerfect 7.0 is, IMHO, one of the better-designed X word processors out there. I purchased 8.0, but in the end went back to 7.0 as it seemed tighter code.
The ApplixWare version I own--4.4.1--is very poor code. It takes large amounts of processing power (sluggish on my Dual PII333, still not a speed demon on my PIII500) and is not terribly X- or installation-friendly. Bugs are frequent, and the presentation software is totally useless on my P166 laptop due to speed issues. Something is wrong when PowerPoint requires fewer resources.
I can't comment on the newest WordPerfect or ApplixWare packages, but based on my previous experience the choice for me would be WP.
Regarding Memory, a previous poster recommended 32MB RAM. I would strongly disagree. Today's users expect instant gratification, and I would not settle for anything less than 64MB. I would push hard for 128MB.
Slackware is easy to install... But if your using KDE, install GNOME anyway, a lot of apps need it.
Ron Paul 2012
Standardize hardware so you can have a reference box the admins can work with and then duplicate the settings on the server for download.
/usr/doc/HOWTO/Hardware-HOWTO". This isn't a joke, I'm dead serious. The linux standard is the kernel, so the sooner we convince manufacturers to provide modules for the KERNEL for their devices, the better we'll be. It could be worse.. they could be creating must-run-as-root daemons with closed-source APIs. I say we formalize an existing standard.. afterall, it's worked quite well so far.
We already have standards. You can get the latest version by typing "vi
--
You are a fucking moron.
My first reaction was:
2500 * 100 = $25,000 for system software, plus
2500 * 200 = $75,000 for an "office suite" equals
$75,000, which seems like a lot of money....until I compare it to the cost of a tech support salary. You could probably hire one and a half or two people for that money, which doesn't sound like enough to support the transition of 2500 users to Linux.
Again, it's not a rhetorical question. I assume you've found some more savings somewhere, but I also assume you're still thinking about it, or you wouldn't be asking for advice.
Design it properly from the start. Use bootprom PXE to boot from the network card theres a linux howto on this. Cached local system etc update just require the PC to be rebooted. New PCs just need to be plugged into the network. Use LDAP as a directory service so mail, userinfo and password file contents are managed centrally. Use Kerberos to manage key exchange and make local caches of this info. Minimise what is kept locally.
My biggest concern would be the result. Will the clients feel comfortable with their new computers? What kind of learning curve will there be before the clients are comfortable? Corel Wordperfect Office Suite will at least give a lot of them a familiar interface. There is already an established user base that can offer help to clients moving from Microsoft products. I would be concerned about hearing secretaries complaining about; the strange new software (Applixware, Star Office) they never heard of and don't know anyone who knows how to use. Many will think, "Well if it isn't Microsoft Office, at least it's something familiar." For the experienced Linux user, any word processor will work; but for the beginner KISS. The implementation is another question. My goal would be to minimize my work and effort while maximizing the returns. I would arrange to have all of the software preloaded on the computers by the vendor. Several Linux vendors are in bundling deals with computer manufacturers/assemblers. Corel recently refocused it's attention to bundling and licensing deals. Considering their recent money troubles Corel is probably willing to negotiate very favorable pricing. Having familiar software preinstalled with the manuals packed in the same boxes, is definately the way to go. It really boils down to: 1) Buy a familiar brand name. 2) Let someone else do the work. 222 www.acmecycle.com
Get a *big* server from Sun, and a whole lot of SunRays. These make very sweet desktops: 24 bit colour 1280x1024, stereo 44kHz audio, and no internal harddisk or fan. This will save you incredible amounts of money when it comes to supporting the setup. I'm using a SunRay every day, and they are great. Once it's set up, it is as close to zero admin as you can get.
Well, as far as distros go, I honestly think Caldera eDesktop is your best bet. You can do an unattended install via over the network, and still have lizard auto-detect your hardware, which as far as I know, RedHat doesn't do. Also, it doesn't shove gnome libs down your throat, which it sounds like you won't want. As for office suites, NOTHING is truly compatible with Microsoft Office, which is, quite unfortuntely, the standard these days. StarOffice 5.2 does come close in terms of functionality, and their filters are OK. I recently opened a complex word document that chocked SO 5.1, and it came out somewhat managable in SO 5.2, ymmv.
man, you know what you are talking about? i set up at a large (but smaller then yours) site a couple of hundreds linux servers and desktops. there are so much issues involved:
;-) CERN, we used SuSE, because they offered to
- how much manpower do you like to spend for a) installation b) maintainance c) user support d) additional (application) software support e) backup f) registry ?
- how do you plan to administer that number of systems in terms of security updates (you do them, don't u?), other updates and bugfixes?
- who is going to have the root password: some users can mess up the system very easily (and blame you afterwards for their mess)
- software distribution: central or local ? central is not easy (poor standard NFS implementation from Linux, there are other
possibility though), local is even more difficult: how to you wnat to do updates ?
ok, this is what we (at DESY did) for now something like 500 machines (as i left it was about 250):
unless our big sister
make us a network based "non-attended installation", which became
later part of the distribution (it isn't documented yet afaik). i
never checked out RH's kickstart, but the thing from SuSE is much akin
Solaris' jumpstart thing (booting is only from floppy because of the
dumb PC-bios #@$%#!) after the initial install via bootp,nfs from SuSE
i/we added our costumizations (security modifications, AFS, printer,
x11 and mail setup, admintools) the whole installation took 30-60minutes.
setting up profiles on the server and typing 2 times enter during the installation were
ideally the only tasks to do then.
we had AFS for software distribution, and users homedirectories which
resolved very good issues like registry, backup, application sw
distribution (the AFS cache initialization took ~one third of the install time)
updates (push methods) were done mostly with a home-grown tool, the
machines had to be on the net 24X7 with a fixed ip address. other
(better?) possibilties might be that you run pull updates from the
client either with a cronjob or upon startup (or both).
admin's time hogs are the rapid change of PC hardware, also if you
standardized on something which you certainly should do, any big
changes like major kernel or libc releases, and distro releases.
as an optimistic estimate: to keep that whole thing only running you need 1
admin per 100 PCs. for building up that thing definetely more. if you
have a larger number of small systems as you mentioned and don't wanna
spend >= 25 FTE maybe it's better then to degrade the PCs to
xterminals as others mentioned. which certainly might not satisfy some
users (they wnat to have local data, too)
you can do something like this with redhat kickstart installs. Once you get them working (fairly trivial, though mkkickstart doesn't really work out of the box) you can install software with about two minutes of human interaction, and then a varying amount for the rest, depending on how many packages are getting installed. You can also add any custom RPMs to the list, so as long as you know how to roll an RPM you're golden.
If you don't know how to roll an RPM then just check out www.rpm.org which includes a lot of helpful reference material, including the slightly outdated but exceedingly thorough Maximum RPM available in Postscript or LaTeX.
----------------------------
This demonstrates the problem with Ask Slashdot questions like this -- small town mentality. Yes, the method described above will work, but it simply isn't practical in an enterprise environment. If you need to put a CD in each machine to install it, it's going to be a very long and tedious process. Of course, I don't see a reason why the kickstart method couldn't be used for a network install, too, but I've never tried it myself...
"The invisible and the non-existent look very much alike." -- Delos B. McKown
Comparing this to my approach (running apps on servers):
Both:
*) Communication is not encrypted, so the network must be physically secure if you want secure communications between workstations and servers. This should be considered.
Your:
*) Apps run locally, taking advantage of the processing power in each workstation. But resources available to one user are those of one workstation, no more.
*) Each workstation must be powerfull enough to run the apps well
*) Requires a somewhat secure way of sharing user information between workstations (NIS is out)
*) A workstation is trusted - it is allowed to mount a filesystem, so NFS is out and Coda is in
*) Printing must be set up for each workstation - maybe not a concern, it depends on printing policies.
*) Upgrading applications should be automated, so that each workstation can be upgraded easily
*) The network is used for file transfers
Mine:
*) Apps run on servers, taking better advantage of shared information (shared libraries and loaded executables). The load is balanced on the servers because of the multiple users, so one user can use more than his share of the resources, if they don't all do it at once.
*) A workstation will only need to run the X server. If it can do more, we won't benefit from that.
*) Communication between servers is physically secure, so you can use NIS
*) Workstations are completely un-trusted. You can use the best performing technology to share filesystems between servers (PVFS/NFS/GFS)
*) Printing is set up on the servers only.
*) Upgrading applications is only a concern on the servers.
*) The network is used for X communications
Any thoughs Erik ?
Netscape can be killed, so it's not a big problem that it doesn't always die. It can be managed, as I've stated elsewhere.
Besides, you will be running a multi-cpu server, and one spinning netscape process will only bog down one CPU. The system doesn't slow _that_ much down in such a configuration, and if the process is killed within the next five minutes by the aforementioned cron job, I think it will be an acceptable solution.
I think you're guessing when it comes to the animated gifs. I'm _pretty_ sure that netscape will upload the images to the X server, and tell it to change the picture, not upload the new frame every time.
But sure, X will load the network. Put the applications on the workstations, and Coda/AFS/PVFS/NFS/GFS/whatever will load the network instead.
From my experience, X works extremely well even on a low-bandwidth high-latency line. Of course, if the network is *that* bad, users will notice, but all in all I wouldn't be so damn worried about X and network bandwidth. I don't think it's a problem compared to what you'll see with *file* transfers from running the apps locally on the workstations.
The risk is there of course, if you hack up a poor script, that you may once in a while kill a netscape process that shouldn't have been killed.
;) you can come up with a really good solution.
If you consider
*) CPU time spent (seconds)
*) Process state (running or sleeping)
*) Last 1-minute CPU time spent (percentage)
and of course the UID (don't kill root's netscape
And sure, once in a blue moon the script will fail. But hey, this is *netscape*, after all.
You will spot which processes tend to get stuck over time, and add them to the script. Been there done that, and it works.
Please, if you have a better approach tell me about it.
You want people to run netscape on the server for *exactly* the reasons you mention:
It's memory hungry, but quite a lot of memory is spent on the (huge bloated) executable itself, and this will be shared between all users.
Also, not everyone is running netscape all the time. So if you want 30 Megs for one netscape instance, you can probably do just fine with 10 Megs for each such instance on the server, and only half the users have a netscape active.
Besides, Netscape uses the X server to hold images etc. so the 32 megs on the desktops will be put to good use still. But the _real_ bloat can be nicely kept on the server.
Every five minutes or so, cron should run a small script to check for netscape processes that hog CPU (this would be a heuristic, but it can be done well - I know because I've done it). That way the server can kill dead netscape processes, and your users won't come back complaining about their workstation being slow everytime a local netscape process dies.
No. Our systems were only just starting to be deployed (however we had 2 or 3 contracts for 20,000 odd screens each that we had to fulfill). We had 20 or so in SE Asia and a heap spread around the USA - maybe 40 or so (I believe we had a demo box in Times Square, NY). All these boxes were running Linux so maybe you got the BSOD screen saver :). BTW, believe it or not, all the rendering software was written in Java. Worked surprisingly well too (decent performance when doing Video work etc).
Life is complete only for brief intervals in between toys or projects -- John Dalton
For this the installers decided to go with Debian for the customisability (can strip to minimal feature set easily compared to RH and others) and easy upgrade capabilities for very large installations.
As a personal workstation I prefer Mandrake over everything else. Have used RH (and a former Slackware devotee) at work for the development machines and decided to give Mandrake a burn on one of the home boxes. Much prefer the feel of the setup (even though it is sort of a recompiled RH). RH seems to install just about everything, even when trying to do minimal stuff, whereas madrake does everything nicely. As a bonus they compile everything with the pentium (-m586)options so if you have only pentiums and above then this should give that little extra boost in a small memory footprint environment.
Footnote: The reason I left was that due to some political bullshit the VC people decided that they really wanted to use Windows boxes as the display hardware right at the last minute (ie a month before we'd finished the software development). So, if you are walking through a train station or shopping mall and the screen gets a BSOD - blame the fscking VC's that don't have a bloody clue. They destroyed an extremely profitable business model and wouldn't surprise me (and the rest of the developers that left) if the company now went broke within 6 months.
Life is complete only for brief intervals in between toys or projects -- John Dalton
Keep program files local, data files global. With a package based distribution like Red Hat or Debian this shouldn't be a problem; just mount home directories over NFS, and find a tool (or write your own 5 line ssh-all script) to keep package installs consistent across all systems. And *only* do package installs; if there's a tarball you want to install (even a binary tarball), write your own spec file (or whatever the Debian equivalent is) for it and install it as a package. Sure, it makes the first install more of a pain, but by the 2400th install (or more importantly, the 2400th upgrade/uninstall) you'll be glad you did.
;-)
Oh, I can't stress NFS/NIS enough. You could use LDAP or Kerberos (or NT domain, I think) based authentication with Linux, too, but NIS is the easiest to set up, and may not be as sexy as LDAP but is just as good. Also, I'd suggest using autofs for all the NFS mounts. And splurge on the servers; NFS/NIS will make your desktops trivial to swap/repair without interrupting work if something goes wrong, but you want 99.999% uptime on the servers.
I don't like Caldera. To be fair, I haven't used it since 1998 or so; it may have improved.
NFS is a fine filesystem, by the way, as long as you have root on all the machines using it and don't have to worry about packet sniffers in between those machines.
Make sure you've got 10/100 NICs in all the machines. The cards aren't more expensive than plain 10baseT, really, and the hub prices are dropping quickly enough that if you don't start with a 100baseT network you'll want one soon. You'll definitely want 100baseT connections to the servers from the start.
32MB should be fine for WindowMaker (although you'll want lots of swap with an office suite and Netscape running); 64MB (still with 64+MB swap) would probably be perfect with any desktop. I've got 128MB on my home machine, but that's cause if I close Netscape I want it to reopen entirely from disk cache.
Why pick your users' desktop? It's not like you're going to have 1GB drives on the clients, so install 'em all, set whatever you prefer as the display manager default option, and make sure the desktops boot to kdm or gdm.
I assume you're worried about security? I would turn off most network services (on Linux boxes in front of the firewall at my work, there are no UDP ports and only the ssh TCP port open); you won't need them on clients, but most distros will default with them on anyway. Also, make sure you have the BIOS set to boot only from HDD, a BIOS administrator password, a LILO restricted password, and go-rw permissions on lilo.conf. It's shocking how few people do this; I'd say 99+% of Linux computers in the world let you get root with no password by simply rebooting.
check out redhat's kickstart. look into ldap or nis. with pam ldap might work for auths. look into mounting /home off a server - that way you can log into any workstation and get your desktop. someone said to avoid nfs, but i've used it with success quite well. avoid smb though because smbmount is not well liked by either linux kernel or samba folks. coda could be nice but i'm not sure where it's at.
US Citizen living abroad? Register to vote!
If you really wanted to, you _could_ run diskless X terminals. That would make system administration really easy. And, those who really do need their own computer (not sure why), could have one, and just run an X server on it. If your requirements allow it, it is an excellent choice. See
http://www.ltsp.org/
http://www.solucorp.qc.ca/xterminals/
for more details.
Engineering and the Ultimate
You can make kickstart work over NFS. The problem is updating each machine automatically. For that you can use autorpm.
-- Ed Avis ed@membled.com
Here is the idea.
Have your own apt server, and have each desktop regularly fetch updates from it. Then when you want to roll out a new update, all you need to do is test it, put it on the apt server, and all of the desktops that are using it will update themselves.
This is very convenient for getting rid of any need to visit individual desktops to figure out who is using what custom packages. If they are using it, it gets updated. If they are not, it ignores the update.
:-)
Cheers,
Ben
My usual seat in the cluetrain is at A HREF="http://pub4.ezboard.com/biwethey.ht
When someone's job involves accessing mainframe data on a terminal emulator and dashing off brief e-mails and faxes, you do not want that person to use a word processor in the course of their work. A word processor, with its font choices, advanced formatting tools and endless options is a huge productivity drain when it's used for short notes and memos, just as pick-and-pack staff in a warehouse shouldn't have a spreadhseet or presentation package available on shop-floor terminals, but the warehouse managers should.
Everyone seems to be taking a different view from what I had in mind when I said:
First off, you don't want any data locally. That's right. I don't care who has the workstation, the only thing sitting on the local disk should be the OS. All user files, and major applications should be sitting on a remote filesystem.
Obviously, this means I wasn't clear in my wording, since everyone seems to miss what my intention was.
I'm not in favor of remote execution of applications. For reasons I stated later, running X over a LAN isn't a scalable choice.
Rather, what I was trying to suggest was this: only the OS should be stored on the workstations' local disks, while all applications should be stored on a remotely-mounted network file system. Such apps directories would be mounted on the workstation, then the apps in them run locally.
I don't care how slick apt-get or rsync or rdist setups you can make. It's still far more complicated than having all commonly-used applications stored on a central file server. It's then much easier to do upgrades, and also much simpler to make multiple versions of the same app available (this is extraordinarily difficult (and/or clunky) to do locally).
I hope I'm a bit clearer this time.
Thanks for the feedback, folks!
-Erik
There are always four sides to every story: your side, their side, the truth, and what really happened.
its only 80 machines, but im doing desktop
/etc, and somethings like a "group config file" is not known to most applications.
for 5000 students here. the distribution does not matter much, since realy want your own install
mechanism for roll outs.
the easiest, pre-packaged way is useing drive
image, a tool designed for yust that. if there is
also windows on these machines, you realy want
this.
but if its only linux you can create your own
auto install process.
many networkc cards like the 3c905C have a network boot rom, but you can also work with a boot disk.
the install mechanism can be very simple:
boot a kernel with the necessary drivers, get ip via dhcp, filesystem via nfs-root, partition the hard disk, create filesystems + swap, put your "image" (can be a tar ball) of the software you want on the hard disk, change some things like hostname, install the bootloader, done.
manageing hostnames could be done via a small
cleint/server system: some server gives out the hostnames, the clients aquires one from this cental resource. its realy easy to do this with
a cgi script and GET or wget, its scriptable.
if your hardware is not all the same, you can detect some stuff by parsing the kernel log
from the boot process. lspci (and some grep commands) is a big help with pci cards, e.g. vga.
building a base system to install on all machines
is "easy": install your favorite distributions
and the software you want, and tune everything till you are sattisfied. then build a tar.gz of everythign and put it on the server. grab the partition table with sfdisk -d (sfdisk can use this output to create the same partition table on a different system), and you are fine.
you could also install some hooks in the image,
that will run at the next boot, and delete themself. these hooks can fire up X11 and ask
stuff like hostname, dhcp/manual ip, and all this.
gtk/perl/glade is a big help, or tcl/tk or whatever you use.
a roll out, a mere installation of everything is very very easy. the mechanisms are widespread known for more than 10 years, and they do not differ very much from a windows rollout.
but realy hard is the maintaince. software updates on linux dont go that easy. you cant use the distribution mechanisms, sind the might fuck up
(like some debian packages asking for [ENTER]).
i found a big friend in rsync. so, the software update/installation side needs some work, most important if you have lots of different combinations of software on the machines.
its getting harder with the hardware: after some time hardware will fail, and people will replace it with different hardware. all the distriibutions know how to do autodetection for installation, but there is no tool to do it everytime the machine boots. you dont want someone to edit some config file, because a serial mouse was replaced with a
ps2 one.
but the hardest part is a good configuration for lots of users, if they have different backgrounds.
sure you can use skell like mechanisms, but face it: they suck, they are very ugly hacks. but lots of applications dont have good config files in
it would be realy nice to have some windows features for people who want them, like hardware detection at boot time, or a "run this the next time linux boots, but only once" mechanism,
or some automatic configuration of IPsec
(like the windows "add to domain"), and lots
of other stuff.
i looked at bit at some windows software, where the user can pick the software he wants, and gets
it installed. if there are updates, they are listed, and installed when he wants them. admins
can create and configure these software packages
and updates and can put a lot of magic in it.
and it all works, without the user having
(root|administrator) rights. linux could need some of this stuff for big desktop users.
2500 workstations is quite a load but in terms of TCO you'll be a little more pleased with Linux than with Windows. I hope all your machines are pretty similar, installing on many different system configurations is a bitch. For every hardware configuration set up a reference box that you can set up and configure until things work, once thats done export the config files and compiled binaries to an NFS server and have a cron job get the files off the server every night (or whenever you feel is prudent) that way everyone is always up to date. A good business distro is SuSE's Office Suite. It comes with SuSE 6.3 and a full version of Applix Office as well as several other good office apps. SuSE is a rather easy distro to install and keep updates due to YaST, it's also got default security measures (no remote root logins permitted by default). It's hard to impress that you need way more than 32 megs of ram for Linux. Having only 32 megs might work decently but for real speed on the boxes upgrade to 64 or 96 with your swap set to 192 or 256 megs. This will give you plenty of room to work and to run large projects, especially if any of the boxes are going to be used for graphics. Think centralization:
1. Standardize hardware so you can have a reference box the admins can work with and then duplicate the settings on the server for download.
2. Set up an NFS server to store the user's personal files with a cron job on each client sending to a particular server so you've always have online backups of user data.
3. For security on the workstations disable everything except needed remote access permissions and services. Let users log into the main server to get personal files using FTP or HTTP rather than their personal box at the office.
4. Set up an office wide intranet with lots of online help files and HOWTOs, make your admins rewrite or write HOWTOs that pertain to the hardware and software you're going to use. Being able to fire up netscape to get help rather than call the IT department will save everyone a few headaches.
For actual software on the workstations you ought to probably use the most stable version of XFree you can get away with, 3.3.6 and 4.0.1 are both pretty stable although 3.3.6 is a bit more documented and security related bugs are documented a bit more. Use IceWM instead of a fancy shmancy one, its both stable and fast. You don't need a bunch of extra stuff in the background. I personally feel that GNOME makes the most efficient use of the space on your screen but KDE works just as well. If you really want to be hardcore, load up KDE's widget libraries (or GNOME's if you're using KDE) so you have better range of choices for graphical apps. Applix Office 4.x is a very good suite that has the best file compatibility I've seen. I hope that helps a bit.
I'm a loner Dottie, a Rebel.
You can grab some Snap! servers from quantum to make a bunch of diskless clients, the only problem is that is very slow even with a switched network. You also run into problems is a large number (even if you've got small segments) of people try to access the same thing or all write files at once unless of course you have NFS servers with >256 megs of RAM and you cache everything into RAM rather than write it to disk.
I'm a loner Dottie, a Rebel.
As far as debian, caldera, or redhat goes, it depends on your admins. All have package management, and rpm vs dpkg could be debaited till the univers collapses and the truth is it depends on what you prefer. I personally found installing debian to be tough cause the last version I tried did the dependency checking at each step where redhat does it after you select the packages. At least that was my experience. 64 Meg of RAM is plenty for Linux boxes.
alien will convert packages between the two systems, and gnorpm and kpackage will handle rpms and kpackage also handles debs as well.
My personal feeling on teh deb vs RH debate is that many companies look at RH because there is a company behind it where debian there is not. Yes there is storm and corel which are based on debian, but if you look at the different software ports that are done to Linux many large companies go with RH first. Just look at IBM. IBM released there via voice technology for Linux (you can buy the software for 59.95 or so) and they recommend RH 6.0 or later.
Others may feel different and they can, but this is my opinion and experience. Incidentally I have been enjoying RH since I first tried 5.1
send flames > /dev/null
Only 'flamers' flame!
I use StarOffice. I could afford Windows and MS-Office. I don't like Windows, I don't like MS-Office, I don't want Windows, I don't want MS-Office.
I do like Word Perfect a little better than the word processor in StarOffice, but StarOffice is more than usable.
At any rate, how many people actually use more than 10% of the features in their office suite? The argument that you have to pick the absolutely most feature bloated office suite just doesn't make much sense when you consider that most people won't ever need half of it.
Most people could get everything done they need to using something as spartan as Applixware... Maybe faster, since they wouldn't be tempted to twiddle with as many frills or have to wade through so much extraneous junk.
Regards,
-BK
Chemical Blog
I think that Red Hat Kickstart is exactly that. It lets you script the answers to all the questions and choices in the installer and perform a fully automated install. Basically, you put the script on a boot diskette and put the cdrom in the cd drive and off you go...
GNU/Linux. The Freshmaker.
Agreed. My recent frustration is that I am one of these technical users, trying to convert myself to a business user. I have always administered my own machine and knew everything that was on it. I enjoyed it.
Now, I'm more into development and integration and my time isn't worth doing administrative level tasks. So, I fall behind in knowledge, but still think I can fix things, usually just making it worse. Add to that that my workstation is running *shudder* NT and I have always had Linux on my workstation. I'm trying to learn to trust the support group to solve my problems and get my real work done instead of spending hours breaking my workstation.
It sucks because I feel like those jerky kids in the support group know something that I don't. Oh, well. I'm getting paid more than them.
This is both totally correct and totally, utterly wrong, because you forgot the most important part of making this work, which is caching. X-terminals and diskless workstations were tried for a while, and they sucked. They sucked because they were slow, and they were slow because getting their data off the server. That hasn't changed, either. Available bandwidth has increased, but so has appetite for bandwidth. The solution now, as it has always been, is to cache at the clients for performance, which means that the clients should and will have data - just not authoritative copies of data.
The problem is that, to make this work, you need to use a protocol that maintains all the semantics of local file access, most inportantly cache coherency but also things like locking. This is hard to do efficiently, especially when you have to consider things like recovery and failover, and so you don't often see it done well (or at all). NFS just punted on cache coherency, which is why everyone but a few people who've made careers out of implementing NFS agree that NFS blows chunks. AFS/DFS/Coda were at least designed to do this stuff right, but IMO - I'm a distributed and shared-storage FS designer/implementer - don't do it as well as they should and have suffered acceptance problems because of second-order technical (and some non-technical) issues. Sprite at Berkeley and Plan9 at AT&T have shown that this kind of thing can be done, but it has yet to be done in the context of a commodity OS. Some might argue that it can't be done in such a context, but I disagree. It is in fact one of my goals to create just such a filesystem...if I can ever convince an employer to let me, or find the means to do it on my own.
Slashdot - News for Herds. Stuff that Splatters.
Debain has all sorts of sexy tools for this kind of thing in thier distro. dpkg-repack can repack an installed system into a distribution cd that installs exactly that system. Debian can be a little more work for one system but you can automate your whole show with the tools provided... thats worth it.
Look here.
-- http://thegirlorthecar.com funny dating game for guys
$300 * 2500 = $750,000
Yeah, I would really use Windows 2000 here, with the expensive support contracts, tendancy for users to save their files unsafely on the local machines, etc. Linux, or FreeBSD even, will allow the sysadmin to tightly control what can be done on each machine, and all the users will save automatically to a backed-up server all the time, without knowing it. Add on the cost for a few Win2000 Servers, and licenses for Windows Terminal Servers, and more, and you could be doubling the cost, for no appreciable reason.
Each machine will be stripped down, FreeBSD is great for this, and I am surprised that no-one has mentioned it! Install only what you need, and it runs great on 32Mb. Try out the different window managers on the users, although Window Maker should be good enough - make sure that the WordPerfect icon is on the right hand side! Lawyers use WordPerfect, so use WordPerfect Office, the only real cost to the system, and still cheaper than 2,500 user license for Office 2000.
I assume most machines are different in configuration in some way, so the disk image system isn't going to work too well, unless you can easily classify machines into large groups with the same config. Tie down the security, obviously, and make sure that printing will work fine, and you should be set.
Make sure that there are some decent fonts on the systems. Most Unixes still don't know what a font is barely, so Freetype or xfstt are a necessity.
Also install some desktop games! Sokoban and Mahjong would be good (more intellectual), as opposed to Solitaire and Minesweeper (for middle managers) :-)
I have to take exception to applications on central servers. As you point out yourself - you'll be able to run 1-2 IF you have local app servers serving just 25 workstations.
:-)
It's sounds tempting - put everything on servers, it's much easier to maintain. It's true - from the admin point of view, having everything on the server is much easier. It's also much easier from that point of view to lie down and go sleepytime and forget about the users....
Problems with central apps:
Software needs unique to small groups - they are often left out in the cold. typically, fighting starts about putting special need apps on the central servers. End result - they can't do their work.
And, network delays - as has already been pointed out, employees will sit staring at useless screens waiting for stuff to happen.
Given good cloning/replication/remote admin, you shouldn't need to put apps on a central server just so going from version 2.5 to 2.6 is easier. You ought to be able to set up a script that remotely updates the necessary applications across many workstations.
Don't ask me how though - I'm just a "user".
First, make it work, then make it right, then make it fast, then, make it bloated!
This is less about Linux, and more about how to
roll out 2500 secure Linux boxes (or any other OS) at the same time.
Norton Ghost (Originally writen by Binary Research, a Canadian company) is a pretty sweet piece of software that will let you "clone" a disk partition, even over a network to multiple clients simultaneously using IP multicast. This means you can set up Linux on one workstation, install all your software and security patches, link up all 2500 machines by network, insert a Ghost boot disk in the other 2499 machines, then copy your complete installation - software and all - to all 2500 machines at once.
If you are actually using machines designed as workstations (thin clients), I agree. But if you are using PCs, then isn't this a huge waste of the processor power, hard drive capacity, etc.. of a desktop. I'm a user not an administrator, so of course my main concern is that is that I have the apps I need to get my work done. This means that I don't want to wait on a slow network while I'm using an app. I also don't want to sit and stare at a useless pile of parts if the network is down (this has happended quite a bit where I work).
I realize that having apps installed on 2500 hardrives might be a nightmare, but you shouldn't lose sight of why you have those apps in the first place. Those apps are there to support the needs of the end user, not to make the admin's job easier. After all, that's why you get paid the big bucks right? :)
Is there a way to remotely manage apps on the hard drives, if not maybe there should be. How about remote power on. I mean as long as those PCs are turned on, you should have remote access to their hard drives and you shouldn't have to go around and turn on every one manually. Actually, I think this would be a great idea anyway. I'd love for my computer to be on and ready to go when I walk in at 8:10, er I mean 8:00. But then again, if your network never goes down, and those apps will run from the server as fast as they would run from a desktop, then sure, I agree, buy thin clients and put everything on the server. But if you work were I do, that's the last thing you want.
----------
AbiWord: The BEST opensource word processor
Check out AbiWord.
Whenever I change something on the "master client" I fire up a script I wrote to rsync all the other machines. For 40 machines, this takes about 2min per machine (unloaded 100MBit network).
So:
- Pick your distro of choice
- Get to know the configuration things (this is probably easiest with Debian, as they use raw
/etc maintenance anyway) and create your exclude file - Use five or something hosts to get rsync parameters right (I use rsync -vae ssh --exclude-from=$exfile / $IP:/)
- Do a couple updates and try them out
This works perfectly for us. We haven't tried a distro upgrade though. and of course it only works if all machines have at least SIMILAR hardware, and should be installed identically.I have begun to document this at www.linuxfaq.de (German, though). Please tell us what you decide to do.
Have fun! :)
Home Page
Very little of the memory used by netscape is used by the binary - it is mostly data, pixmaps etc. Trust me, running netscape on a shared server is a bad idea. Environments I've been working in typically allows you to run most programs but netscape on the server - memory is one issue, CPU is another (netscape doesn't always die when you want it to) - and confining netscape to the desktops is by far the safest way. Also, animated gifs (I hate them, but they are present) can present a strain on the network.
Disadvantage: requires a modicum of shell scripting knowledge.
Advantage: free.
It's rare that you're presented with a knob whose only two positions are Make History and Flee Your Glorious Destiny.
This lets you keep the coolness and control of having linux on the desktop but lets you run a "thin client" to a Windows machine to run all your windows only apps. It can also be the thing that keeps the Pointy Haired Boss from deep-sixing your linux project because of some particular app.
The client protocol is also very bandwidth-lean and depending on the app you can get 40-60 users on a dual proc PIII-800 WTS machine. The licensing for a Windows Terminal Server is nightmarish but it might be the only solution to some real business problems .
This is an honest question, I'd like to know. I'm a big fan of the client-server approach... However, till now my only experience has been with a very underpowered SGI/Irix server serving way too many dumb terminals and a Sunray lab designed for 30 stations but with only a few concurrent users. Two extremes.
--
I'd suggest using IceWM. It's FAST, only requires about 1.5MB (my current usage is 1.3MB) and by default it looks and feels like Windows. You're switching from Win, right? Using a WM that looks and feels the same helps a lot. And with only 32/64 megs, you'll want something that doesn't use half of if just to give you pretty icons.
...you're already on the wrong track.
I strongly suggest you get a Unix/Linux consultant (perhaps from SCO) to come in and write something up, or even better, hire a good Unix/Linux admin.
That being said, I'd go with RedHat, since it's pretty well supported and has a large presence on the web for QA sessions.
I'm rolling out about 300 desktops "soon". I'd love to do it with my preferred destop -- HelixCode's gnome and debian -- but the install is just a little over the top.
try replacing Enlightenment with Sawmill/Sawfish.
32 MB. might not be too good if you plan on running any real apps.
Treatment, not tyranny. End the drug war and free our American POWs.
See my user info for links.
For an installation even one-tenth of this size, X terminals and big servers are the way to go. And no, the terminals don't need to be fast. We use P133s with 32MB just fine. Administering two, or even ten servers is a whole lot easier than administering 2500 independent workstations, even with the slickest use of NIS and NFS to pull off centralized configuration and management.
How much document sharing will there be with organizations that use other (read: Microsoft or Corel) office software? For interoperability and the shallowest learning curve for MS Office users, Corel WordPerfect Office and StarOffice are the best choices. Both will read existing MS Office files well enough, and will export new files in that format well enough, too. Neither is up to the task of heavy back-and-forth collaboration with MS Office users, but that's true of any office suite on any platform. StarOffice can't deal with most WordPerfect Office files. This would be a non-issue under 98% of circumstances, as so little of the world really uses WordPerfect anymore. However, as a state court system, you're part of the 2%: WordPerfect still has a strong presence at law offices, so interview a representative sample of users and managers to find out whether they currently do receive a notable number of WordPerfect files via e-mail or on disk. Frankly, they probably don't, instead getting them via fax or in hardcopy. So it may well not be an issue.
This answered and all other things being equal, I'd opt for StarOffice; Sun is in better financial shape these days than Corel, and bulky though StarOffice is, it's also natively written for Unix/Linux. It's also got more features that suit it for network and large-environment use. Both Corel and StarOffice are available in identical versions for Windows, so the laptop brigade can work seamlessly withe the terminal crowd.
For another thing, many job functions don't require an office suite at all. Don't assume everyone needs one, and don't just reflexively give one out, even if it's free of license fees like StarOffice. If someone just sends simple faxes and email, that's all they should be able to do. If someone simply accesses an AS/400 or mainframe and works with e-mail, they need access to nothing more than a web browser for e-mail (or perhaps Netscape Communicator with its IMAP mail support), and a tn5250 emulator. For sending faxes, use email-to-fax and fax-to-email gateways. Hylafax is your friend. And incidentally, StarOffice has nice hooks for printing and "emailing" through networked Hylafax servers. It can also sync with Palm gizmos.
For more complex environments, StarOffice has some further advantages. Enterprise-caliber support contracts are available, as are user and administration courses. Macros and scripts for it can be written in Javascript or in VBA. MS Office VBA scripts themselves won't work, but the skills some users and managers may have can be leveraged very easily. For another thing, it can be scripted with and interact with Java. So what? Ah, here's the nifty enterprise-caliber part: not only can StarOffice 5.2 access ODBC databases. It can also access any JDBC data source--which means pretty much any database on the planet, regardless of OS. In addition, you can take advantage of Java toolkits and SDKs for all sorts of things. For example, IBM has a toolkit for Java access for AS/400 client APIs. Want to add a menu item to StarOffice for retrieving data directly from a mainframe into a spreadsheet? Or linking calendar items (have I mentioned StarOffice's Outlook-like group calendaring?) dirtectly to AS/400 screens? You can. In ways that can be reused on other platforms and environments.
What Linux distribution you use is the least important piece of this. Choose something that offers easy creation of kickstart disks, to ease installation on new machines, and that offers good, reliable security upgrades. Me, I'd go with something that offers decent commercial support contracts. The terminals won't need any such nonsense, but it sure is nice to know you can get an engineer on the phone if a $50,000 server has a memory leak you can't squash. There are several ways to do this: you can go with a Linux vendor that offers contracts, like RedHat, or with a hardware vendor that sells Linux OS support on its hardware, like an IBM or VA Linux. For this reason, Mandrake comes out weaker than RedHat. It's not about the quality of the default installer or the number of "extras" on the CD. It's about maintainability going forward and the quality of support you can buy for those times when Usenet and online documentation cost too much downtime.
Depending on what you need in the way of file storage or backend applications, you may well want to look into a commercial Unix (say, Solaris, which runs StarOffice splendidly) on the backend. Linux is great, but if your needs really call for a SAN (and it doesn't sound like they do), or you want to go with one gigantic 24-CPU server instead of several 4-CPU ones, Linux may not cut it. Don't compromise your implementation for politics. Keep in mind that at this level, Linux is Unix is Unix, and that things like data and email and so forth can move fluidly between flavors without a moment's thought. Linux can certainly support 2500 users well; it can support tens of thousands of users well, as most large universities can tell you. There are also things it can do that something like Solaris can't, such as attach seamlessly to Windows file shares. But plan your applications and your network before you make the final OS decision, so the OS doesn't force compromises.
And another nice thing about these Linux X terminals is their flexibility. Just need green-screen VT102/3270/5250 access in the mailroom? Can do. Need to mix in some Windows-only applications after all? Set up a Metaframe server and give the X terminals access to an ICA client. Want users to be able to save to floppy, or attach a barcode reader? You can. With no changes on the terminals themselves.
On the question of distributions...
I use Suse on the desktop and found it to be *very* practical. But mostly, the question "what distribution shall I use?" comes down to "that's a matter of taste".
There are differences in their target audience, of course. Corel Linux is targeted mainly at beginners, while RedHat, Suse, Mandrake and Caldera try to be useful "for everyone" (they all can be installed and used by dummies but they all offer features for the pros, too). Debian is a little different because unlike the previous distributions, it doesn't offer automated configuration scripts. Again, it is solely a matter of taste if you like Suse's "yast" to mangle your configuration files for you (I do) or if you prefer to edit them by hand. Those people using Debian tell me that they are very happy with it (especially with its easy upgrade process and its security model).
Installing on auto-pilot...
BTW, if your machines are 2500 identical hardware setups, you could easily create one reference linux setup and copy the entire harddisk across the network, using a simple custom bootdisk and the "dd" command. Also, all distributions offer automated install features (ask their support about it) so that you just put in the CD and they auto-install your custom setup.
Centralization...
Reading from your requirement list, you may want to hire a Unix (semi-)professional for the setup. I mean, 2500 machines!
There are a number of Unix features that can make life easier in such a situation, so it's good to have someone who knows how to setup things like that...
Here are a few ways of centralizing things in the Unix world. Each step means a bit more centralization and means that the server must be more powerful and vice versa that the client doesn't have to be a powerful, fast machine anymore.
- You can use a centralized NIS/YP server for the user and password administration, which will make life a lot easier for your admin. I have never done this myself, but I worked with such a setup at University and it was incredibly practical.
- How about setting up a central file server for the user's home directories? If all user-related information is mounted via NFS, your workstations can easily be replaced and employees can easily move offices. Just login on someone else's machine and your personal files are right there.
- Next, you could setup a central file server that contains all the application binaries. This makes updates easy and avoids the need to upgrade your workstations' harddisks.
- And the final step would be to make all those machines pure X-Terminals that only run the X-Server and a local window manager, while the applications run on a central server. I don't know if this is for you, since this requires buying new powerful servers. On the other hand, since 32 MB is more than enough for an X-Terminal, you can avoid buying RAM for 2500 machines.
Some more thoughts on memory...
If you want all the applications to run locally, you should choose a minimalistic window manager (not KDE and not Gnome, both work with 32 MB, but ask for more) and Applixware. I have tried Applixware and it runs fine on a small machine, but I mostly use StarOffice now. StarOffice is a memory hog, though, so it isn't an alternative for you. (I have not tried Word Perfect, so I cannot judge about it.)
Finally...
Good luck for your project, but please expect a few weeks, possibly even months of time before everything works smoothly. The sheer size of your network is a true challenge.
------------------
------------------
You may like my a cappella music
Mandrake 7.1 has an option at the end that asks "Make a boot floppy for Linux replication?" which allows you to just pop the disk in to clone the install on another machine, getting rid of all of the interactive stuff. I haven't tried it yet, but I have used redhat's version, mkkickstart, and it required alot of messing around with the options in the config file before it would work. This was in Redhat 6.1 that I had problems.
:)
Mandrake 7.1 seems to be a bit more user friendly than redhat, and comes with more tools. It will download and install crypto packages like ssh, pgp, gpg, openssl, and mod_ssl during the install if you have it plugged into a network with internet access too. On login, the user can select what windowmanager he wants to use, they have a choice of about 8 or 10 of them, KDE and Windowmaker included. I use windowmaker and the only thing I don't like about it is it's lack of a decent pager/virtual desktop system. I want to be able to scroll between my desktops with the mouse instead of having to click on something.
Probably the easiest way to do this is buy the Mandrake box set so you get all of the goodies CD's, copy them to an NFS or FTP server on you network, do a network install with all of the programs options that you want, make sure you set it up to get an address via dhcp, answer yes to the "make boot floppy for linux replication" question at the end, and start replicating. With the Redhat version, all of your machine have to be EXACTLY alike, including the exact same hard disk because the floppy stores how big each partition is and the start and ending block, so if you install on a machine with a different size disk, you're out of luck.
Need Free Juniper/NetScreen Support? JuniperForum
The type of user community that you are supporting is very important. I am guessing at two different types of groups: operations and business users.
As for Operations, here are my tips:
- Automate the install, completely. I think you will find plenty of support for this out there now. Either scripted network installs or blowing an image onto a hard disk. Worse case, you end up with a boot disk that runs a script to make the filesystems, mount a NFS image, copy the image locally, run a script to patch up local info (like IP address and hostname), run lilo, and reboot. Since everything is tangible in Linux (e.g. no stinking registry!), this shouldn't be too bad.
- Make all of the machines rubber stamps of each other. If one dies, you should be able to plop another down, power it on, log in the user, and they are home. To do this, make sure all of their non-transient data goes into their home directory. Anything that goes into
/tmp better not be needed. This is one area that Linux sings in. It should be a no-brainer to make this happen. - Come up with some sort of diagnostics test that you can run to help determine what part of a workstation is failing (e.g. memory, video, etc.). Otherwise, just lease the computers and let someone else fix the hardware.
For Business Users, good luck. I would first worry about whether you can solve the compatibility issue. From there, try to do as much of the above as possible. Mobile users will make it more interesting. Keep a replicated copy of their home directory local and a boot option/script to pick Mobile/Office.Have fun.
My suggestion: Leave the terminals with 32 meg, as that is plenty for the X server. Your standard terminal should have one single harddrive with a minimal installation of some distribution. You will want to have a standard way of setting up such a machine when a disk dies and gets replaced, but backups aren't needed (as there is no user data on the terminal) and you won't have to care much about updates either (as there should be no daemons running on the terminals).
One big benefit: As the terminals do not hold data, it doesn't matter if they are stolen. Terminals are not trusted.
The X protocol is made for networks, and a 10 MBit/s hose to each terminal would be just great. However, it's not encrypted, so you should at least consider how physically secure your network is, and what the requirements would be.
Then set up one server for each N users. If they are doing web access and text editing, your average ``high end but not that high'' server should be able to run 15-40 users. Maybe more, but I haven't tried this type of workload myself so I can't say. Anyone ?
You will end up with a server farm. Each server should hold a home filesystem locally, and preferrably the users with the homes on that local fs should log in on that server. You can choose to let the server export their home fs'es to the other servers as well and share user accounts with NIS, which would let any user log in anywhere. If a terminal is tied to a user and vice versa, there should be no need for a terminal to be able to choose other servers, but if they're not, then the need will be there.
I've done a few such setups, but at a *much* smaller scale. I can tell you that it is a relief to _only_ have to update software on the server(s).
Back at University, we had a very hacked up Slackware distribution which did nothing special, expect on bootup where it would download and install any packages that sat on the upgrade server.
The same principle is absolutely essential for anything more than 100 or so machines (even if upgrades aren't a priority, bug fixes and security fixes will be).
In truth, I can't imagine any distribution would be better suited than any another here, especially if you are willing to write a boot up script which can download any new RPMs or DEBs and install them. The only problem is making sure they are not "interactively installed". Lots of Debian packages are but this is easily remedied. In fact, if you used Debian, adding apt-get update && apt-get dist-upgrade to your boot script and setting up your own packages repository (a simple FTP folder) would do that for you. You may need to tweak the odd package to force some settings but that's what your network of 5 machines reserved for testing are for right...
I'd also go with Sawfish/Sawmill instead of Window Maker. While I'm a huge fan of WM, I think sawfish has a much more desktop friendly future ahead. It can also look pretty identical to WM, and some of the other themes are very practical for desktop use. Its memory footprint on my machine is just under 4MB with half of that as shared libs which lots of other programs are using. Perhaps a choice at login would be useful, especially if offered with something pretty like GDM.
The major issue will probably be support, although that's more likely to be for specific applications than the whole system. I take it that to be entrusted to install 2500 desktops, you know your greps from your seds and are pretty capable of writing some scripts to manage upgrades. If not, find someone who is and pick their brains.
Rather than bogging down the network with remote X apps, *please* investigate Debian's apt-get tool. In some ways, the Debian distribution is a 10,000+ distributed cluster of homogenous systems.
For my home Debian box, all I have to do is run apt-get update; apt-get upgrade once a day, and then my system is homogenous with the official Debian distribution.
If you put those two commands into your user's init scripts (probably with the --force option), then lock down the /etc/apt/sources.list, then...
The biggest disadvantage of using apt-get is that your network will probably get bogged down after you change a large package. The next morning, at 8am, when 1000 people turn on their computers, they'll all be trying to download the same package at the same time, which could be a mini nightmare. If you're a good sysadmin, you'll figure out a good way around it.
The other big advantages:
If you don't need to roll out this installation tomorrow, I'd recommend that you install a copy of Debian (Debian 2.1 is stable, but out of date, Debian 2.2 is not quite released yet).
Once you install Debian 2.1, hang out for a while talking to people on the irc channels (irc.debian.org), and get all your stuff configured, then run the command apt-get update; apt-get dist-upgrade, and your distribution will automatically be upgraded from 2.1 to 2.2 (hopefully with almost no user intervention).
This message turned out to be a lot longer than I expected, but there's a lot to consider in your situation. Good luck!
--Robert
Debian is easy to install and update through the network. And there is a package replicator available to replicate an machine installation through the network. It's really great. The replicator maintainer is also very responsive. I had lots of mail exchange with him and he helped me if I needed. got to http://www.ens-lyon.fr/~schaumat/replicator/
For a rollout of that size, I'd say that you need two key things: first, either a network or CDR-based install from a cut-down release tailored to your business environment, with all options pre-selected, and secondly, the seemingly trivial but massively important separation of system and user areas, each in their own filestore.
The first is important because one of your major costs is going to be support --- this will skyrocket if you use standard distro CDs because they're all based on interactive user choice in varying degrees, and corporate handholding costs money.
The second is important because without the separation, upgrading will become a nightmare over time --- again, this will increase your support costs. In fact, consider seriously the possibility of not holding any user data on the workstations at all, but on a central filestore instead. That simplifies data backup as well as workstation upgrading, because then you can regard workstation state as throwaway.
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
... I'm a Sys/Net Architect, so guess where my biases are? :-)
Anyway, what you have on the desktop matters (esp the mechanism you use for clone workstations (you are planning to clone workstations, right?)), but I'll concentrate on something else equally important, and which will affect how you set up the desktops: Network and Backend System Design
First off, you don't want any data locally. That's right. I don't care who has the workstation, the only thing sitting on the local disk should be the OS. All user files, and major applications should be sitting on a remote filesystem. Otherwise, you end up with a completely intractible backup and upgrade problem. Trust me on this.
As a correllary to the last statement, you don't want to use NFS as your file sharing method. Hell, even SMB would be better. You want to look at either AFS or Coda. I would recommend the latter, as it's nowhere near as nasty to set up.
As part of Coda/AFS, you are going to have to think about how you design your file server setup. A central bank of servers is tempting, but this tends to be really harsh on the campus backbone, as it puts the workstation relatively "far" from the server, and all traffic has to traverse the backbone. Consider local file servers which may cache user data for replication back to the master server(s) later.
Printing is also a bit of a problem. I heartily recommend the CUPS system talked about here a couple of days ago. Have all your workstations spool to dedicated print servers. They don't have to be powerful, but make them dedicated. You won't regret it.
As far as security and other mishmash goes, do the usual /etc/inetd.conf edit, and comment EVERYTHING out. Don't run ANY daemons on the clients (other than what is absolutely necessary for Coda). Have all mail blindly forwarded to a central mail server. As a correllary, use IMAP (preferably IMAP-over-SSL) as your mail server. Stay away from local UNIX mail, and POP. And look at running postfix or exim instead of sendmail.
You can think about using application servers (i.e. run X apps remotely) if you want, but realize that this will up the bandwidth requirement, and honestly, you probably can't run more than two dozen major X apps over a LAN before it bogs down completely. That is, you need a local app server with 100Mbit connections to about 25 machines so each can run 1 or 2 X apps remotely.
If you can afford it, and have the time, use LDAP as your user info directory - avoid NIS and NIS+ (the first is horribly insecure, and the second is nasty).
This is a first approximation of what you might do. If you want a serious proposal, I'm available nights and weekends (for a modest fee, of course... heehee)
Good luck!
-Erik
There are always four sides to every story: your side, their side, the truth, and what really happened.
There's been about 80 posts already and not one refers to a Beowulf cluster. Come on! He has 2500 machines here. Keep on your toes!