Systems Management Server Equivalent for Linux?

em_tasol asks: "While tearing my hair out trying to manage an expanding network and keep the 'Standard' in 'Standard Operating Environment', someone suggested we use Microsoft's Systems Management Server for many tasks that we currently run around doing manually. We are using a Linux-based Samba PDC at the moment, and installing SMS would require a total infrastructure rethink, because it appears to require a Windows PDC to install itself and SQL Server. Does anyone know how I might put something together in the Linux environment that will be compatible with a Samba NT4 domain environment that will perform the same sort of functions as SMS?"

IBM Tivoli

[spike666]

IBM Tivoli encompasses a suite of systems management products that work much like SMS.
since you dont give us much to go on in terms of what you want to do, or how much you want to pay, tivoli should cover all the bases. otherwise have you checked sourceforge? or even google?

Novell's Zenworks

Novell's Zenworks is the other big player on this field. Unlike Active Directory [which requires Microsoft PDCs & BDCs], Novell's underlying NDS [or eDirectory, or whatever they're calling it this week] can run on Linux. Last I checked, there were aspects of Zenworks that were NetWare specific [although I believe they are working to port the entire package to non-NetWare platforms], but with NDS, you can tie in all your Linux servers.

Other option -- remote apps.

[forsetti]

SMS is costly and difficult. Depending on the size of your IT department, SMS is probably overkill. After investigating SMS, we went with Citrix, which provides an architecture for Windows which is similar (please forgive the gross generalization) to X (client-server remote apps).

Install the software once, and all users have remote access. Citrix allows for all sorts of OSs to connect, as well. There are Windows, Mac, Linux, Win CE, PocketPC, etc clients, so all of your users have access to a Windows Desktop with Windows apps.

If you have no need for non-Windows clients, check out Microsoft Terminal Server. Same thing, but only Windows clients. The benefit is cheaper licensing -- if you buy Citrix for Windows 2000, you have to pay Terminal Server licensing as well. (Sorta like paying the mob for "protection").

Citrix is much easier to manage than SMS, and does not require an entire Windows infrastructure -- just a few servers. Figure 50 users (Office, Internet, Custom Apps, NOT streaming media or video games) per server. An office of 150 people will need ~3 servers (give or take, depending on usage.)

Combo Citrix with a good Windows X server (Cygwin is free), and you have a great cross-platform solution for any desktop using apps for Windows and Unix, simultaneously!!!!

SMS? Login script?

[Bazzargh]

SMS's features are, according to MS:
- Software distribution
- Asset Management
- Remote Troubleshooting

Lets look at the software distribution bit first. Mainly this is used for os patches and virus scanner updates. If your people have access to WindowsUpdate.com they already can get the first lot, and for the second, you can often just copy the .dat file to the correct directory.

For asset management, microsoft's software inventory amounts to scanning for files with a given extension. Matching this to software versions is trivial with a perl script, and a bit of data capture to start with. Hardware inventory is barely more complex and its easy to write a script to do the job.

Remote troubleshooting amounts to the same functionality you get from VNC.

So to sum up, to emulate SMS you need a hook to run some scripts and copy files to & from the net when the user logs in, plus VNC. Your samba environment has a login script directive which you can use as the startup hook. Clearly you have file sharing down. So all thats left is to get some appropriate scripts to run.

This is partly a matter of your personal preference. SMS itself uses the WMI interface to gather info, which coincidentally is easily accessible via windows vbs/js scripting, and it should already be installed on all these machines. The WSH manual ( http://msdn.microsoft.com/library/default.asp?url= /library/en-us/script56/html/wsconwshwmi.asp ) describes this.

If your environment is small and reasonably well controlled you have other options available. Booting machines off the network, for example. Mounting a central apps drive is another, though crappy for laptop users - then you only need to manage the registries remotely, which regedit can already do. Manipulating multiple registries remotely, eg using perl, isnt difficult, and you can do this to set 'runonce' scripts up over the network to do installs.

Anyway hope this gives you some ideas.

Re:SMS? Login script?

[Kevster]

Mainly this is used for os patches and virus scanner updates.

Bah. I worked in a large WAN environment with ~200 servers and ~7,000 desktops (a mix of Windows 95 and NT) and believe me, OS patches and virus scanner updates were the least of it. The provincial government, with numerous Departments and Branches within those departments, has a huge number of diverse applications, both off-the-shelf and custom-written. They use MS SMS, and for good reason!

One of the main reasons, as I see it, for using SMS is distributing applications to Windows NT (or newer) users. Install applications at logon, you say? Do you know that this requires Administrator privs for most apps and updates? Do you also know that the logon script executes with the privs of the user who is logging on? Do you really want all of your users to have administrative access to their PCs? I thought not.

One of the key benefits is SMS can install apps in the background using a service running with elevated privs on Windows NT. No user interaction is required. This gets around that major issue.

Re:SMS? Login script?

[forsetti]

I think you'll find software distribution involves more than patches and updates. Installation of any piece of software (say, Office, or a custom app) across thousands of desktops by hand is a nightmare. There are three options:
1 - Package deployment software
2 - Remote app access (X or Terminal Services/Citrix)
3 - Lotsa IT monkeys running around with CDs.

1 is usually expensive and difficult.
2 is expensive (for Windows Apps) but easy to maintain
3 is pretty cool to watch, but ineffecient (hence, more expensive)

How would you handle software distribution? Log-in scripts? Central App store doesn't usually work -- have you tried concurrent access to the same app? Don't forget users with Roaming profiles -- does an app get installed once per machine or once per user?

Re:SMS? Login script?

[AndyDeck]

Even if your enterprise feels that it must migrate away from Netware (a separate, debatable topic) - why not stay with Zenworks? Zen for Desktops 4 can run with NO Client32 (new feature, requiring a new workstation agent) and NO Netware - since 3.x, you can run ALL ZfD components, including eDirectory, from a NT or W2K server.

AND the price isn't too bad (list for Zen for Desktops 4 alone is on the order of $59/user, and it's hard to NOT qualify for a quantity discount).

AND it now includes the DirXML pieces necessary to synchronize the eDirectory IDs with your NT domain or Active Directory.

AND it will manage your W2K workstations, including MSIs, better than SMS.

Just what you're looking for.

[FreeLinux]

I'd suggest that you take a look at Caldera's (now SCO, again) Volution Manager. It offers the same features for Unix systems, that M$ SMS offers for Windows. Plus, it can be integrated into larger enterprise management platforms like Unicenter and Tivoli should your needs grow so large. Also, if you are a Compaq/HP shop, Volution Manager integrates with Compaq's Insight Manager which is fabulous for hardware management.

Re:Dave Roth

[gruntvald]

I have his books, and they are great, but dated. What worked excellently for NT4 no longer holds together for W2K. I have no end of problems with Win32:: on W2K, when you dig into some of them, the comments at the top immediately declare themselves to be obsolete. After a period of great stability and usability, Perl on windows is currently a giant mess.

Government...

[crisco]

The typical provincial or county government has departments that span 50 different vertical markets, each with their own specialty software vendors competing for a chunk of the budget. I don't doubt that it is an IT nightmare but the diverse demands of government go a step or two beyond the typical corporate user.

Re:I wish!!

[AndyDeck]

Your info is out-of-date. The latest Zenworks for Servers, version 3.0, has full policy and distribution services support on Linux - you can distribute and install RPMs, for instance. Read the latest docs - Novell posts them for download at http://www.novell.com/documentation/lg/zfsi/index. html.
The supported platforms are Solaris 8 and Linux kernel 2.4.x (tested on RedHat 7.1/7.2, but others should work).

Policy and Distribution services provides: (from the docs
* Control the versions of software installed on servers throughout the network
* Define and enforce a standard configuration on any given set of servers
* Control the behavior of servers in given situations, such as downing a server, backing up volumes, managing thresholds exceeded, and so on

It is still true, as far as I can see, that the Zen for Servers Management & Monitoring services, along with Inventory & Remote Control, do not extend natively to the Solaris or Linux platforms. Maybe there will be full support in the next version. In the meanwhile, SNMP management should still be available from a ZfS management console, and Remote Control can be handled through Telnet/SSH, VNC, etc.

Utilities like Snapshot exist for Linux in many forms already - think Tripwire & its relatives.