Windows to Linux Migration in the Enterprise?

youngerpants asks: "There is a lot of talk at the moment about migrating applications from WIN32 to Linux. This certainly helps move the OSS movement along, however, the true test of Linux is in the enterprise. Whereas we can move applications, how can the enterprise itself (such as Active Directory to Open LDAP, Exchange Server to Sendmail and NTFS to Samba) be moved. Have Slashdot readers used any applications or followed any strategies to migrate their enterprise? How would you tackle an obviously risky migration?"

Wrong examples

[passthecrackpipe]

"Active Directory to Open LDAP, Exchange Server to Sendmail and NTFS to Samba"

I understand the gist of your question, although I don't think you understand it yourself. None of your examples actually discuss the one thing the enterprise is interested in: "Functional Parity"

AD to OpenLDAP doesn't go, because OpenLDAP is just a directory protocol -- I wish people would start to understand that. There is no directly usable management interface, no business logic, no nothing. It is just a protocol....

Comparing Exchange Server and Sendmail earns you a good thwapping over the head in my team -- maybe Exchange Server vs. Open-Exchange, but again you are comparing the wrong things. Finally, go stand in the corner for comparing NTFS with Samba.

I usually don't complain about Ask Slashdot type stuff, but this takes the cake. Go learn something about IT before you ask stupid questions.

Re:Wrong examples

[passthecrackpipe]

I did actually provide examples.

As for "chilling a little", I met a customer last week, who simply did not want to talk open source, because some clueless critter of an "IR Consultant" came in some time ago shouting something similar. "Get rid of all your Microsoft products! They are EVIL!" now, this customer is a relaxed dude, so went like "okay, but I replace it with what?" and something similar to the above list came up. For most people that list is simply unacceptable -- they don't *care* what they run, as long as it works. So someone coming around that can't even tell the difference between Exchange and Sendmail, and states "rip out all your groupware, calendaring, forums, imap, mail, pop, webmail, and some CRM functionality, and instead I give you Sendmail....it's FREE!" does not really impress.

Customer now thinks Open Source people are clueless freaks, and any mention of this stuff is taboo. I see this *all the time* and it really gets me upset.

Getting the revolution because you downloaded OpenOffice.org and found Slashdot is one thing, making the whole community look bad is another....

Re:Wrong examples

[passthecrackpipe]

Yeah, well, the NTFS to Samba thing was the final straw, athough I hear the AD to OpenLDAP thing all the time, and it pisses me right off. I do Enterprise Open Source Deployments for a living - primarily desktop and infrastructure (directory, groupware and file and print, heyhey, exactly his list!) and nothing is uglyer to an AD administrator then the mess that is the Kerberos/OpenLDAP/Samba mudheap that sort-of delivers something sort of similar, but really doesn't. Even the IDEALX stuff linked to elsewhere doesn't really make the grade. For all its warts, AD is actually pretty admin friendly, and what is more, many organisations have spent lots of money to get to AD in the first place. That is why my company specialises in integrating Linux infrastructures with existing AD and/or Novell eDirectory. (integrating linxu with AD actually works pretty well...)

Re:Wrong examples

[Undertaker43017]

nssldap, pamldap and MS Services for Unix...

Nssldap will have to be recompiled for schema mapping, since AD doesn't follow a standard LDAP schema. Last I checked FC2 and FC3 already had compiled nssldap this way, so no recompile was necessary.

MS Services for Unix is needed to modify the AD schema and for a couple of added screens in the admin tools for AD, to allow Unix attributes to be added.

If you want to be able to change passwords from *nix, you will need to setup SSL, since password changes can only occur over SSL in AD.

Just google on "AD nssldap". I have had my office running this way for almost 4 years, with no problems.

Re:Wrong examples

[Noksagt]

I disagree that few *nix apps take advantage of Kerberos. Indeed, Samba and OpenLDAP, both mentioend here, do. OpenSSH, Cyrus IMAP, Netatalk, fetchmail, and many popular others do too. But you are right that it is far from universally implemented & many now choose to just run most traffic over SSL instead.

My two cents on what you didn't ask about: I, like you, am impressed that you basically get kerb for free for most traffic from a windows server. However, I hate MS for the way they did this. They use non-standard, undocumented features that prevent non-MS systems from actually being interoperable with them. Even the MIT Kerberos team has accused them of trying to embrace & extinguish. I suspect that some (though certainly not all) of the lack of Kerberos on *NIX has to do with this.

Start Small - Start New

[vmcto]

Very small...

Individual Pockets -> Workgroup -> Departmental -> Enterprise

As much as I love open source and think it provides tremendous value to organizations, I have to realistically evaluate any large migration and observe two obvious points:

1) It's different. There will be people who will not want to see it succeed. You will need to PROVE that the functionality provided is SUPERIOR and that the cost of migrating is overcome by the reduced ongoing TCO.

2) Is your organization ready to provide the level of support it has become accustomed too? Are you a MS Enterprise or Select customer? You need to prepare for the fact that to some extent the warm fuzzy blanket of misleading comfort is being pulled away from the organization.


I would NOT begin by migrating something. I would begin by looking for a new unit, group, or area of the business. New is much easier to accomplish than migrate.

Finally, if you are a hardcore MS shop, the financial pitch to MGT can be the leverage that doing something small can provide in price / service negotiations.

Migration is never easy ...

[GNUALMAFUERTE]

Nowdays, with all this "Get the facts" FUD, the Free Software comunity reacts trying to show that it's not true that migration is a nightmare, and that it's not true that it costs money. The true is, Migration from ANY system to ANY other system, is a nightmare, and it does cost money.

The point we should make clear is: Migrating from Windows to Unix Is a good decition (I Say Unix to make clear that i'm not talking about Freedom or ethical or monetary issues, just about the technical stuff) and it will make things just easier and safer in the long run. Technically, there is no possible discussion.

About non-technicall stuff: Microsoft insists in their "get the facts" bullshit that if you use windows you can hire incompetent sysadmins, and with Unix, you can't. It's just not a good idea to hire incompetent people. Hire a good sysadmin, and pay him well, what do you prefere, to pay thousands to a big monopoly for the right to copy, or pay a worker for actual honest work??

ALMAFUERTE

Windows to Linux Migration Guide

Check out this link.

Advice from someone who has done it.

[Noksagt]

I have migrated to FreeBSD/Linux backed servers. The first key is to do it incrementally--migrate piece-by-piece.

(such as Active Directory to Open LDAP,

LDAP is so useful, that you might as well start here. Remember that LDAP is a multipurpose directory. If you want to replace AD authentication and a windows PDC, IDEALX has written some nice perl scripts and a tutorial on how to do this with OpenLDAP and Samba.

Exchange Server to Sendmail

If you want to replace Exchange Server, use Openexchange. If you want to replace only your MTA, consider using postfix. On the server end, this isn't a ton of work. But you will likely have to change the way clients are connecting to your server & also what they can do with it. Sendmail/postfix will probably not be enough for you...

and NTFS to Samba)

NTFS is a local file system. Samba is an open source SMB server/client. Big difference. See IDEALX for good Samba deployment.

do it step by step

[Pegasus]

If you want to do it all-in-one over-the-night type push, you're very likely to fail. Or at least your users will kill you.
Also, you may (or may not) hit many little annoying details that would make you belive m$ fud more and more.

I've been trough two migrations now and what i learned is this: go easy, keep the existing systems in place for their forseeable lifetime (dont fix if it's not broken approach), implement OSS stuff only for new services and gradually replace old systems with newer, running OSS. In a timeframe of 2-5 years or so.

Wow

[Quattro+Vezina]

Damn, the title of this article is just begging for someone to make a Star Trek joke, and no one's done so yet.

Ah, Slashdotters genuinely surprise me sometimes...

Re:Wow

[x00101010x]

Scotty:
She can'nah take much more'o this captain! Th' opensource drivers for the warp core containment controller card are only version 0.2.1 and the project hasn't seen an update for nearly a century! While the hardware is capable of running the engines at 110%, these incomplete kernel drivers can'nah hold her much longer than five minutes over 80%!

Kirk:
Bones! You've got Familiar Linux running on your tricorder, get online and see if you can find a patch for the warp core containment driver!

Bones:
Damnit Jim, I'm a doctor, not a kernel hacker.

Re:Alot of talk, little real activity

[chris_mahan]

>The only places that can really migrate to Linux en-masse are places like call-centers where computers are used for specific and rigid purposes.

Yes. And when 50% of the company is on linux, then what?

The key is to make your applications fully web-based and be os-agnostic. There are three main reasons companies even look to replace their existing systems:
* Cost, short term and long term.
* Increased functionality.
* Effective staffing.

Right now linux provides visible short-term cost. Also, it can provide some long-term cost saving but that's more fuzzy.

On functionality, the gaming world will tell you going away from windows is a step back. I think you gain some and you lose some, so wash.

Staffing: You need fewer people but you have to pay them more.
My horrible analogy: 400 day laborers with pickaxes or 1 highly paid driver in a Komatsu D575A-2SD.

> The places that have successfully transitioned to Linux (federal labs, Burlington Coat Factory, City of Largo, small companies) were either established Unix shops already or started with small or completely disorganized IT organizations.

Most companies have completely disorganized IT organizations, so that's actually good for future open-source adoption prospects :)

No REALLY!! How can I get NTFS-like permissions?

[clickster]

I've always been curious about this. I love Linux, but one of the areas where I think it is sorely lacking is in file system permissions flexibility. For example, if I had a folder and wanted the following in Linux, how could I do it?

MKTG group = rwx
DEV group = r
EXEC group = r
ADVERT group = rx
ADMINS group = rw

Is there a way to do this in Linux? I have no idea. It has always been my understanding that I'm stuck with UGO and sitcky bits for permissions. Is this entirely true or is there another way.