Slashdot Mirror
Updating Free Software in the Enterprise?
wallykeyster asks: "I'm an IT Director for a small private university in the U.S., and we are largely a Microsoft shop. We pay over $15,000 each year for our Campus Agreement so that we can upgrade the desktop OS to our version of choice, run Office, and have some Client Access Licenses. I would like to move to FOSS solutions, but I'm having trouble finding support for Enterprise management. For example, OpenOffice and Firefox (both of which I use personally) would be easy first steps, but IE is updated automatically via our SUS server (and settings pushed to clients via group policies) and Office updates will be included soon. How are other larger organizations (i.e. more than 200 desktops) dealing with software deployment and updates? Is anyone using Zen with Novell Desktop Linux?"
Run a local Debian package repository, only put updates you want in it, point your system's sources.list at the local repository, and add the following to the crontab for every system you deploy:
/usr/bin/apt-get update; /usr/bin/apt-get upgrade -yq
0 3 * * *
just use an RPM upgrade utility and crontab...?
They cancelled the show people. Enterprise is not getting an update. Let's stop kicking the dead horse already!
Unfortunatly I work for a small college in Maryland, our updates are all still done manually by hand. We still use norton ghost to do all of our mass deployments. Moving forward to something like this, that would ease my own burdon would definitly be a step in the right direction, however we have neither the budget or willingness to pay for such services. We make do with what we have, it works for us to this point, but things definitly could be better.
We have aproximatly 550 PC's on two completely differnt networks (facualty and students)
It's GNU/LCARS, dammit!
Very easy. Create Rapid install package and deploy. We updated firefox to 1.0.4 the other day to 80 clients in a matter of minutes.
Is any repackaging FOSS for distribution through "standard" tools on Windows? That's the conclusion I've come to in order to support distribution of updates.
would pay for a lot of students to do the work by hand.. And they'd learn something.
OK.. there are better ways, but at least the money is not going to the Evil Empire.
rsync, rdist, and yum. Well yum is not to standard.
What I did for other schools was having /usr/local mounted on a file server with all the Linux applications installed so we just installed it once and they were all uptodate. But that may not work for all casses. Companies such as IBM have tools that can help keep Linux systems uptodate as well as Windows systems. Like IBM Director. Or you can find an OSS project and see if you can get a contact with a smaller consulting firm to help keep your OSS up to date and well managed.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
......You're getting off EXTREMELY cheap. If you switch to a different OS, or OSS, you'll easily spend more than that (many times more) in hiring people to support the new infrastructure.
-Randy
I've used GNU cfengine for automated updates at a company I used to work for. Basically, you write rules about how the system shoudl look and cfengine enforces them.
However, we used to automate updates, apply system patches and rebuild the world if necessary. With about 5 lines changed to a single server, I could force all the workstations to re-install themselves overnight.
We also used this system to push out passwd file updates (poor-man's centralized auth).
http://www.cfengine.org/
Zenworks for Desktops (ie Windows) is now a pretty advanced and mature product. It works pretty damn well. Zenworks for Linux is pretty immature by comparison. I've seen Novell making LOTS of noise about it, but then again, they would. From what I've seen though, its the only enterprise-grade software from a major vendor to offer a central control system. Most others are very fragmented.
I'm in the same boat where I work. I'm trying to get Firefox officially supported, the biggest sticking point is the lack of an easy method to push updates. I think this is one of the biggest reasons Firefox isn't widely deployed in the corporate environment yet, sure it's easy to install it yourself and update it yourself - but that's not a solution in a controlled environment.
Pay 45K per year to hire someone to manage a homegrown house of cards "solution" based on rsync, rpm, apt-get, crontabs and other such industry stalwarts.
I think the choice is clear!
Befor you all start shouting about a Debian repository and mounting /usr/local/from-server, please consider:
The question is most probably about updating free software on Windows desktops!
We currently use Zenworks 6.6 to manage ~2000 NLD and SLES systems for system patching. It works great for that purpose. It doesn't offer more than very basic inventory management and reporting yet. I say yet because I'm on the beta for the next version and it is amazing. It makes managing Linux dekstops and servers ridiculously easy. If you've used Wen for Windows, they've basically pulled all the same functionality into the Linux realm. Imaging, patching, configuration management, security policies, reporting, inventory/asset management, remote access (vnc or ssh), everything is all wrapped into one bundle. Some of the other pieces we use are at our site if you're interested in other open source and commercial packages we use. It's not much more than basic marketing material at this point but feel free to ask any questions.
FirefoxADM is a way of allowing centrally managed locked and/or default settings in Firefox via Group Policy and Administrative Templates in Active Directory Latest news about FirefoxADM at http://spaces.msn.com/members/in-cider/
g htly/latest-trunk/ the nighlies are not ready for general use yet, but are availbe for testing.
http://sourceforge.net/projects/firefoxadm
Unoffical Firefox MSI builds can be found at
http://www.frontmotion.com/Firefox/
Official Firefox Msi installers will be avaible in the 1.1 release nightly msi builds can be found at http://ftp.mozilla.org/pub/mozilla.org/firefox/ni
These people look deep within my soul and assign me a number based upon the order I joined. -Homer Simpson
This website has downloadable MSI packages that will integrate Firefox into AD and GPO, as well as a howto.
This thread will show you how to do the same for OO.o, but only for the 2.0 beta version.
"For every right, an equal responsibility..."
Visons of Picard beating the tar out of Data and the bridge screaming something about "Blue screen of death no more!....Compile me Kernel 18.2.3e!!!!! MAKE IT SO!"
Julius Caesar - Act I, Scene i: "What mean'st thou by that? Mend me, thou saucy fellow!"
Unix upgrades have been centrally managed since some time before the dinosaurs, using tools like rsync and NFS shares.
Nowadays, with RPM and DEB package managers, you also have the option to put all packages on a central FTP server and then schedule an update using the native update utility eg. apt, rpm or urpmi.
So, my reaction to anyone claiming that there is 'no support' for Unix, or that Unix is 'hard to manage' or that Unix 'doesn't have enterprise tools'. Is one of incredulity - like where have you been the past 500 years, man??? Sleeping???
Oh well, what the hell...
You're getting Windows and Office on 200+ desktops for only $15,000 and you consider that too much? Are you on CRACK? That's like quibbling over whether you'll pay three peanuts here or walk 1000 miles to pay two peanuts.
http://unattended.sourceforge.net/
This is a great way to script installation of windows machines. You can put any applications you want into the system and use it to push machine upgrades out.
Since it's impossible to reason about security except with respect to a given configuration, this is a subject which deserves close attention, especially at larger sites where economies of scale are most effective.
Mark Burgess at the University of Oslo developed a mechanism called cfengine as a solution to the configuration management problem. It's multiplatform, mature, stable, comprehensive, secure, and it scales very well. I recommend it.
Parity: What to do when the weekend comes.
Key things - this is not just software distribution anymore - it's full stack management of Linux - server and workstation; Red Hat as well as SuSE/Novell.
As for customers - yes it's in use; yes Novell use it internally to manage their desktop and server machines. Usual disclaimers.
Evil ZEN Scientist
I just love you guys that spout off without knowing one thing about which you speak! He clearly stated that he presently uses SUS, as in System Update Server. You clearly know nothing about Microsoft systems newer than perhaps Windows 95.
The SUS server, free from Microsoft, automatically downloads all of the updates from Microsoft's Windows Update server and stores them on a local server. The administrator, one only, then reviews the downloaded patches and authorizes which ones he wants to be installed on the workstations. Using Group Policies, the administrator reconfigures the Automatic Update service on all of the Windows 2000 or greater systems on his network and points it at the SUS server, rather than the default Windows Update site. The next morning, ALL SPECIFIED systems have been updated.
It only needs ONE FRIGGING GUY to manage 10 machines or 50,000 machines and he doesn't have to leave his desk! The entire setup from start to finish can be setup and configured in an hour or less.
Now, the next level is to do this with applications beyond the Windows Operating system. But, hey, they have solutions for that too. Microsoft Operations Manager(MOM) and Microsoft Systems Management Server(SMS) provide complete management control over the Windows systems on the network. MOM is for smaller scale operations while SMS is the full on enterprise package. No, they aren't free but, organizations that require them can easily afford them.
... at least, according to some articles they do. See my post on Mozillazine:# 10
http://mozillazine.org/talkback.html?article=6602
It would be very helpful if they would release them, even in some incomplete, unsupported state.
Our company has evaluated alot of different packages lately. The two top contenders have been Radia and Marimba. Marimba is expensive but does everything you can imagine for both Windows and Linux. Radia is much cheaper but not as mature. When you look at how many man hours Marimba saves, the price becomes far more resonable (I would never be able to call it cheap)!
Hi Wally,
There are many softwares available that can repackage an install as an MSI. You can than repackage your updates to Firefox, etc and apply using Group Policy as you are used to. There are even some OS efforts (http://msi-repackaging.sourceforge.net/)
I hope that you don't let software distribution be a stickler here. The benefits to rolling out Firefox, etc are many.
Radmind is exactly what you're looking for. It makes managing lab, office and kiosk machines a snap. It works on Linux, Solaris and OS X. I've been using it for years as have many other schools that use these operating systems. It's pretty easy to use (I had no real command line experience coming to use it on OS X, but do it all via command line now), fast and actively developed. Essentially it is a filesystem manager, but works with transcripts (essentially lists) of files and there is a priority system for what can override what. It gives you lots of control and is very scriptable. I highly suggest you check it out.
Better to help fund or contribute work toward the programming of PSPP, a free software replacement for SPSS. The questioner did ask specifically about free software.
Digital Citizen
No. Put it somewhere else.
If you want to learn how to scale unix systems management a good start is infrastructures.org. You don't have to follow their ideas slavishly but it'll get you into the right mindset, and that's what matters.
Keeping Unix boxes up to date is simple once you understand how, the effort required to manage 1000 machines is only marginally more than 100 which is only marginally more than required for 10.
Deleted
A lot of people have seemed to think this question was about going totally Linux (and many claiming that the MS deal was a good "value").
0 92929216
In case the question was about using FOSS on a Windows network (for the time being), the following might help.
This tool is fairly useful for deploying Firefox on a network:
http://firefox.dbltree.com/
As for OpenOffice, I use central network location, see the setup guide (I think you have to run setup.exe with the -net option). I'm not sure what must be done from there to automate installation, we usually do it manually because Workstation installs of OOo (from a central network location) take seconds.
As for the question of whether the MS deal was a "good value". First, let me say that there's more to "value" than cost. Also realize that $50000 per year might be cheaper than MS's $15000. Once you figure in MSCE training for an IT team and the increased labor it takes to run a Windows network you might be surprised. Believe me, once configured, Linux machines can be dead reliable and reimaged lightning fast, I do it for a living. That said, Firefox has saved me 8 hours per week at one client that only has 10 computers.
Well, ask your purchasing department how many suppliers it has for, say, light bulbs. While more than a few places say "just one", I find universities in particular tend to have four or five suppliers solely for the purpose of leveraging one against the other for good pricing.
What's the point of my story? The point is that MS as a single supplier means you will pay as much as they want you to. Of course it will always be "a little cheaper". In a software world with real competition, that will change.
Regardless, it's worth pointing out that increasingly it is the case that people are choosing FOSS for reasons other than price:
http://www.groklaw.net/article.php?story=20050426
I think Mauve has the most RAM. --PHB (Dilbert Comic)
As I mentioned, you need a silent install. For F., there's different ways to do that:
- Use FrontMotion's MSI for Firefox
- Follow the instructions and created your own MSI using MakeMSI (which is free as in beer, not speech)
- Follow the instructions on Unattended's wiki and roll a silent install from the
.exe
I've tested the first and last w/o any problems.Carousel is a lie!
If you are on a small budget, you can just go with simple scripting. Pick a Debian based distro or an RPM based one (SuSE or RedHat only) and you can script all you need. Enable SSH for every system you deploy, desktop and server. Then you just write a few simple scripts _once_ and you can push down any update you need.
Red Hat has their own update stuff and you can pay them extra and run your own update server on your local network. However, where I work we have found Red Hat to be _way_, _way_ overpriced (I work for a multi-billion fortune 500). We are starting to look toward Novell SuSE for our Linux needs. Novell SuSE is _way_ better priced. If you look at a Red Hat Linux solution and an MS Windows Solution, MS will usually be less expensive! I personally don't know what Red Hat is thinking. However, if you go with Novell SuSE, you will see that Novell SuSE is far less expensive than MS. Also, Novell SuSE has some very nice tech that they got from Ximian. As you pointed out, Ximian, now Novell, Red Carpet, is a very nice corporate update client. That is the whole design of the product. You have one local update server and put the client on all your deployed systems and Novell Redcarpet handles the rest.
With Linux you have tons of options. If you have a really bare-bones budget, I would personally recommend a nice Debian solution. I have been using Ubuntu on my desktops at work and at home and have been very pleased with how easy it is to upgrade with out dependency problems. I originally used Fedora Core, however I would run into repository conflicts often because every Fedora repository out there tried to be "The" repository for Fedora. So you would have 3 or 4 versions of every package and they would all conflict. You won't run into that with a Debian based distro.
If you have a bigger budget, look into Novell SuSE (which is still very cheep) and their Red Carpet client/server to handle updates. If your budget is even bigger, you can look into BigFix. However, I think BigFix is priced more as a bigger corporate product, though for our budget, BigFix was still priced nicely per/client.
As I said, you have _tons_ of options with a GNU/Linux deployment. Build yourself a seperate subnet and spend a few days testing to see what level of support you want. Obviously, the less support you or your staff want to do, the more you will pay for your solution. You could spend 10's of thousands if not 100's of thousands (or millions like us) for a complete MS software "assurance" package or you can go very lowlevel and build your own GNU/Linux system like Linux From Scratch (which was very fun for a personal project but _way_ too much work for a professional solution for more than 5 systems).
I persoanlly think your best bet is a hybrid system of Linux and MS Windows. As I said, get a test lab/network. Then use the right tool for the right job. Try to build a lab that is all or almost all Linux servers with mostly MS Windows XP desktops. On your MS Windows desktops try to use OSS software. For example, deploy Firefox and OOo.org. Maybe for some more tech users you could even get some Linux desktops in that mix. For your development needs, use OSS tech such as Tomcat or PHP.
Honestly, I would personally love to be in your position. It sounds like you have the ability to use the "right tool for the right job" without all the PHB crap or extreme OS bias. Where I work we have 140,000 employees and changing technology is like the changing of the North pole ; )
If Tyranny and Oppression come to this land,
it will be in the guise of fighting a foreign enemy. -James Madison
I'm planning to push some hardware upgrades via Group Policies. All cd-r's are now cd-rw! Cool! I'll dictate that all workstations now have more memory, too.