Cisco IT Manager Targeting 70% Linux

RMX writes "LinuxWorld Australia has an interesting article discussing Linux Desktop adoption in Cisco. Cisco "already converted more than 2,000 of its engineers to Linux desktops...plans to move many laptop users to the platform over the next few years...the driver for Linux on the desktop is not cost savings, but easier support. Manning estimates that it takes a company approximately one desktop administrator to support 40 Windows PCs, while one administrator can support between 200 and 400 Linux desktops.'"

40:1 ?

[Heem]

Ha, 40:1 ratio for desktop support personell for windows? Tell that to alot of IT managers, in particular, my former employer. Try 200:1

Re:40:1 ?

I'll admit I am no fan of Windows, but 40:1 does sound off. I support users coast to coast at 24 different divisions, and we too are closer to 200:1.

However, I do also support a number of Linux/FreeBSD servers and think they are much less trouble. Also, have heard admins on both systems who say they support thousands of systems.

Re:40:1 ?

[Radical+Rad]

Ha, 40:1 ratio for desktop support personell for windows?

I used to work in an all-microsoft shop back when Nt4 was new and at that time the ratio for us was about 20-30 users to 1 support person. However we did more than just helpdesk support. But when I left to come to a NetWare shop I was amazed at how many more users were being supported per number of IT people. It was at least triple. And to top it off, at the NetWare shop we are responsible for much more than at the other place. In addition to data we also handle phone and security and support users at remote locations. So I think the ratio will differ from company to company depending on various things but I know from experience that Windows is support intensive.

Re:40:1 ?

[Wateshay]

It probably depends a lot on the type of user that you're supporting. Supporting secretaries who do nothing but type and send email is going to be a lot easier than supporting engineers who have use a wide variety of software requirements, push their computers hard, and often need new software products installed.

Re:40:1 ?

[flithm]

All of you people who are balking at the 40:1 ration need to grow up. No offense to you or your little piddly-ass companies, but this is an article about Cisco.

Every company is different, and I guarantee you most of the people at Cisco are doing a hell of a lot more interesting things that answering email, writing word documents, and scheduling meetings.

You really have to consider all the factors involved, of which we don't have many, so if the IT manager at Cisco says he need 1 support person for every 40 machines, he's probably not lying.

Maybe instead of merely slamming his numbers you could try to extrapolate and learn from.

Re:40:1 ?

[LnxAddct]

It really depends on the company and skill level of the admin. The typical person on slashdot is not the typical windows admin. I've seen plenty of shops where the ratio was as low as 1:12 and the admins were still freaking out and had no idea how to handle themselves. On a side note however, not only is the ratio of admin to user better for linux because of easy administration tools and things that just work(tm) but its also much easier to just say "okay here is your home directory, have fun" Lock them from the rest of the system (every distro I've seen does this by default more or less). Do an incremental rsync of their home directories everynight and if something ever goes wrong just delete their home and replace it with a good copy. The nice thing about linux is that once it gets running, it stays running. This is from experience of setting up shops with Fedora or Red Hat Enterprise Desktop depending on their needs and level of necessary suport etc...
Regards,
Steve

Re:40:1 ?

[zulux]

In my experience, the engineers are fine but it's the secretaries who cause all the fuss - getting viruses from their Hotmail account, clicking yes to popups etc...

If the company can stomach the up front costs for locking down the systems - then yes their ok, and the engineers need more help, but for smaller companies that are more reactive, the AIM using, Arery form printing, spyware downloading secretaries are a pain in the butt.

Re:40:1 ?

[captwheeler]

so if the IT manager at Cisco says he need 1 support person for every 40 machines, he's probably not lying.

Because no manager ever fudges the staff numbers to make a case, right?

Re:40:1 ?

[cduffy]

Do an incremental rsync of their home directories everynight and if something ever goes wrong just delete their home and replace it with a good copy.

I know this is a bit offtopic, but... AFS's support for backup volumes provides basically this same thing as a feature built into the filesystem. Furthermore, it lets the administrator issue commands (from any node on the network) like "move this volume from partition 1 on file server A to partition 3 on file server B"; the data gets moved, and the clients are notified to use the new fileserver for files on that volume with no further work. You can also have read-only volumes be located on multiple fileservers, and the clients will automatically load-balance between them; further, updates to these read-only volumes can be made by an admin editing a read-write copy of the volume, and then pushed over to the read-only volume as a single transaction.

Making it performant can be a PITA, but from an administration perspective it's really neat stuff.

1:40 ?

[flyman]

That is the worst support ratio in history. I hate Windoze, but no large support org has that bad of ratios. Mine are approx. 250:1 for a Win2k shop, which is pretty average.

Is it

[idono]

because Cisco is now a security company?

Get the Facts(TM)!

[cdavies]

So, Linux TCO is greater, eh?

Oh great

[Stevyn]

Now Balmer is going to get on a plane and install Ad-Aware and SP2 on their machines to help with tech support.

Heh

What gets me is that what they describe could be done with Active Directory and group policies.

TCO

[Docrates]

I wonder if those microsoft studies that show Windows' TCO better than Linux's account for the "productivity" of a linux engineer...

What i'm sure it doesn't show is that a linux engineer handling 200 computers can provide a much better service (due to the fact that more is "known and controllable" in linux than windows) than a windows sysadmin handling the same amount of computers, resulting in lower costs of security, less costs related to spywares, viruses, user support calls, etc.

Handling Firefox

[bogaboga]

I am sure they (CISCO) have some Mozilla/Firefox on these PCs. Question is: How have they decided o manage it? Central managing of Mozilla/Firefox is still not [officially] possible now. Any ideas?

Re:Handling Firefox

[illtud]

Am I missing something? What is there to manage for a browser besides installation?

In the corporate environment (ie when the PC isn't yours and the company doesn't want to spend ages fixing messes you've made 'personalizing' your PC) you need to lock down some preferences (eg proxy settings, security settings, mail account details if you're using thunderbird/moz suite). This used to be really easy under the old Netscape suite (there was a GUI tool), and although there's some support still left in firefox/mozilla (you can lock down prefs manually in the .js files) it's not half as good as it used to be. Other stuff is rollout support with pre-populated profiles etc.

Check out the Mozilla Enterprise project for more details and how some of us have hacked together lockdown and other 'enterprise' requirements.

Bullshit

[afidel]

They obviously don't know their own department. I worked as a contractor for them a couple years ago. I was the only onsite tech support person for two sites with a total of 250 users, with 99% of those being windows. I was also part of the support teams initial Linux push, and I can tell you that the biggest driver from a customer (end user) perspective was the idea of using cheap Opteron workstations instead of uber expensive Sun stations. A Sun dual CPU workstation at the time with 12GB of ram was over $50k dollars, whereas an Opteron station with more cpu power and the same amount of ram was under $10K. That is a huge difference in price. The biggest factor stopping it from becoming a reality was the fact that at the time the Clearcase tool chain and support tools weren't fully functional under Linux. So I doubt the driver was so much lower desktop support costs as it was lower equipment costs.

Re:Bullshit

I was a Cisco employee several years ago. I worked at the Corp. HQ in San Jose. My cube started with a Sun workstation and a Win2k laptop. The laptop was soon converted to dual boot Windows / Linux. And as one of my projects ended up demanding a test Linux system, I ended up with another desktop that was also converted to dual Windows / Linux. I never sought out tech support for my machines. And I doubt anyone but my immediate management had any clue what was going on in my cube.

The cool thing with Cisco was that this wasn't uncommon. There are some generalities - most PMs, management, marketing, etc. I met had a single Windows laptop. But when you met someone in a technical role, there was no telling what tools they had aquired to do their work. Cisco took providing their employees the desired tools seriously - "no technology religion". And as far as I could see, it created a very diverse IT environment (and very effective despite the fears of monoculuture IT fans).

This touches on another reason Cisco went this direction. Their employees demanded it. Cisco aquired quite a few startups that were heavily using Linux already. Linux was working its way in to the engineering corp. at Cisco even without these aquisitions. It was very much a part of Cisco's corporate culture to find a way to support any tool their employees needed (which explains the hell they went through to move to Exchange :).

Cost Savings

[p0rnking]

"... the driver for Linux on the desktop is not cost savings, but easier support. Manning estimates that it takes a company approximately one desktop administrator to support 40 Windows PCs, while one administrator can support between 200 and 400 Linux desktops."

Isn't this still Cost Savings, when you don't need to hire as many admins?

Re:1:40 local support, ex. central IT admins

[Uber+Banker]

We're typically 1:30 for local areas which is basically admin of the LAN, user applications, etc. Add to that central security, networking, hardware support, and we're down to 1:15.

Including in-house bespoke application support (specialist programmers emplyed under an IT remit, rather than technically able and active users) and you're down to 1:6 in some areas. On the other hand we have specialist terminals (with high maintainence requirements as well as user training etc) which are more like 1:90.

Inefficiency abounds in some companies.

Not cost driven?

[Junior+J.+Junior+III]

the driver for Linux on the desktop is not cost savings, but easier support. Manning estimates that it takes a company approximately one desktop administrator to support 40 Windows PCs, while one administrator can support between 200 and 400 Linux desktops.'

And this does not represent a cost savings?

License management...

[DrDribble]

Apart from the ease of creating a company software update ftp (apt-get, yeast, swaret, slapt-get, etc), I really think the license and CD administration to be a pain in the Windows admin's butt.

My Windows co-workers often need a CD either because they need new software, or due to their computer requesting a CD due to some function not already installed. Finding the RIGHT CD (they are like 1000 cd's every month, and they are neatly marked in INVISIBLE, but very fancy, writing) is a total pain. Then, there is the issue of which key is used for this one (oh, you used the english version!) really turns this into a nightmare.

Folks running windows run all kinds of different versions of their software. Why, upgrading costs time and money. On my Slackware machines, swaret has done all upgrades for me, totally automatically! Just upgraded one PC from Slackware 9.0 to 10.1 - swaret --upgrade wait for a while (was a 200mhz...) and reboot when all is done. No keys, no CDs, no cost. Totally brilliant!

Re:Critical mass...

[Waffle+Iron]

and what exactly is going to happen when a non rooted user executes that worm?

Little if any functionality of most worms requires root privileges. They could run just fine as a user process.

about the worst thing that can happen is the home directory to be wiped out

Which is usually the only directory on a workstation that contains any information of value.

Delete all your home directories, rsync or rdiff your backup in and magically things just work.

You could restore the entire filesystem on any computer to achieve the same thing.

There are many factors that make Linux less worm-prone than windows. Taken together, they add up to a huge disparity in malware prevalence between the two OSes. However, no single factor is a magic bullet, and that includes the relative difficulty of running with root privileges. It's just one small piece of the puzzle.

Right,

[warrax_666]

but usually patches for OSS vulnerabilities are not bundled along with all sorts of other updates. This means that far less testing is usually needed for OSS security patches. (Or, that's the theory, anyway.)

I work for Cisco...

.. and I have to say that their Linux Workstations are extremely well deployed and managed. The desktops themselves are Dual-CPU 3G boxes running a customized version of Red Hat Enterprise Linux. Red Carpet is used to manage packages, supported by really nice internal mirrors providing fast access to everything you need to get the job done. The default install even includes acess to Microsoft Office and Internet Explorer. Not sure if this is through Crossover or something -- it is so well integrated that I've never had to look under the covers to see how it is done. Having worked at other networking companies where Linux is the default engineering desktop, I have to say that Cisco really gets it when it comes to desktop linux.

Look at a vulnerability

[warrax_666]

lists and you'll find that most vulnerabilities are either buffer overflows or string format vulnerabilities. There are very few circumstances where fixing those with a one-liner patch would change behavior in a way that other code depends on. If there were any such code then that in itself indicate possible data corruption bugs in the currently running software.

In short: When you don't bundle fixes you typically have one-line fixes which don't break code which isn't already broken (by relying on buggy behavior). Hence, testing time is minimized.

About time someone mentioned this....

[Fallen+Kell]

I work on the Unix/Linux side of one of the IT departments at my work. We have about 25 admins for 180+ servers and 900+ workstations, plus a beowulf cluster and associated SAN/NAS devices. And we actually have free time to work on other projects (like in-house software development/support, training, and learning/developing new technologies to roll-out). The PC group has about 80 people to support ~700 PC's and 70 servers. Do the math...

Re:Different perspective...

[cduffy]

"Windows is hard because we haven't bothered to do so."

More akin to: Windows is hard because users have expectations, gained based on home use, which are broken by proper security policies, and IT doesn't have the political clout to transitions those users to an environment that breaks their expectations. There are also cost issues -- getting Windows equivalents to some of the functionality we use for managing our Linux systems would imply going to Windows Server 2003, buying a bunch of Windows licenses, buying a bunch of 3rd-party tools with licenses for those, etc. For the time being, we're a fairly low-budget operation.

In other words, you guys are proposing a technological solution (Linux) to a political problem (user desktop control, admin saavy).

Damn straight, but it works! We sit the user down in front of a Linux desktop, and they don't expect to have administrative rights, so the political issue is entirely circumvented.

un-American, that's what it is

[DuctTape]

I think that it's positively un-American that they're switching to Linux and taking jobs away from the hard-working deserving American citiziens that work at Microsoft, and subsequently at American anti-virus companies like Symantec. I've heard that there's French and Russian types that have spies in America that have worked on Linux, and it's only because Linux is free that companies are switching. Well, it's NOT FREE!!! Every copy of Linux that gets installed means one laid-off American worker from American companies that support our president and our just wars overseas. This has got to stop! If just every red-blooded American citizen would go out and buy a copy of Microsoft Windows at the suggested retail price, our lives would be so much better off for those of us that have invested our American dollars in MSFT.

I think that if we bought products from the company of every CEO that has slept in the Lincoln Bedroom, we'd have more prosperity, fewer terrorists, better return on our investment dollars, and higher executive bonuses that would trickle down to all layers of our economy, especially at American-staffed Mercedes and Lexus auto dealerships. So stay away from that Linux corruption. It's bad, very BAD!!!

DT

Cisco hardware deployment with non-Winders

[Scutter]

Ok, so someone explain to me why Cisco's web-based and desktop-based management tools are almost always Windows-only? Not only Windows-only, but frequently don't run right under anything but Internet Explorer.

Guess I'll continue to stick to CLI and console cables for configuration and management.