Slashdot Mirror

← Back to Stories (view on slashdot.org)

Updating Free Software in the Enterprise?

Posted by Cliff on from the one-is-easy-one-hundred-isn't dept.

wallykeyster asks: "I'm an IT Director for a small private university in the U.S., and we are largely a Microsoft shop. We pay over $15,000 each year for our Campus Agreement so that we can upgrade the desktop OS to our version of choice, run Office, and have some Client Access Licenses. I would like to move to FOSS solutions, but I'm having trouble finding support for Enterprise management. For example, OpenOffice and Firefox (both of which I use personally) would be easy first steps, but IE is updated automatically via our SUS server (and settings pushed to clients via group policies) and Office updates will be included soon. How are other larger organizations (i.e. more than 200 desktops) dealing with software deployment and updates? Is anyone using Zen with Novell Desktop Linux?"

30 of 367 comments (clear)

  1. Easy... by ivan256 · · Score: 5, Informative

    Run a local Debian package repository, only put updates you want in it, point your system's sources.list at the local repository, and add the following to the crontab for every system you deploy:

    0 3 * * * /usr/bin/apt-get update; /usr/bin/apt-get upgrade -yq

    1. Re:Easy... by LiquidCoooled · · Score: 5, Informative

      I believe his intention is to keep with Windows as the OS.
      He does mention starting with the easy ones.

      How do you perform a Windows based rollout, and make sure your settings are updated.

      Is there possibly a portion of the group policy which would run an msi/executable update?

      --
      liqbase :: faster than paper
    2. Re:Easy... by El+Cubano · · Score: 4, Informative

      Run a local Debian package repository, only put updates you want in it, point your system's sources.list at the local repository, and add the following to the crontab for every system you deploy:

      That's good for professor and permanent student workstations. But for lab machines, what you want is systemimager. I used to admin a lab as an undergrad and it was great. I had two "golden clients" from which came the two images I used. Then if a machine got messed up or if I did an update of some kind, I just told all the machines to reboot and grab their new omages from the server. It also supports letting you specify certain parts of the directory to not send and/or receive. All in all, a very powerful piece of software.

    3. Re:Easy... by RangerRick98 · · Score: 3, Informative

      You may be thinking of cron-apt. I use it on my system at home, and it does a pretty good job.

      --
      "You're older than you've ever been, and now you're even older."
    4. Re:Easy... by DaGoodBoy · · Score: 5, Interesting

      No No NO! Just say 'no' to imaging... Debian supports preseeded configured values to be passed to a blank system during its install and a very easy method to run a script before and after the second stage installer. Do yourself a favor and actually track the tweaks you perform on a client when you build a system. Document them and put them in the install scripts. Then you can rely on the hardware detection method built into the Debian installer to allow you a diverse hardware ecology, consistent packages and a sliding target going forward as the repository ages.

      Just my $0.02 from a fellow sysadmin who has left imaging and never looked back!

      DaGoodBoy

      --
      My God! It's full of Voids!
    5. Re:Easy... by wallykeyster · · Score: 4, Interesting
      Exactly. I am running Ubuntu on a machine on my desk, but moving the entire campus to a Debian distro doesn't seem feasible right now. We have programming classes that use Visutal Studio, psychology classes that use SPSS, and other similar issues. Our student information system uses a Windows client provided by the vendor (we've made it limp along under wine but it is not stable). Our Web site runs on a CMS that requires IE for the management side.

      I'm looking for help doing this in smaller steps without losing enterprise-level management I have with SUS, group policies, etc.

  2. Give up already! by Anonymous Coward · · Score: 5, Funny

    They cancelled the show people. Enterprise is not getting an update. Let's stop kicking the dead horse already!

  3. We use Altiris by nycsmart1 · · Score: 3, Interesting

    Very easy. Create Rapid install package and deploy. We updated firefox to 1.0.4 the other day to 80 clients in a matter of minutes.

  4. $15,000 a year... by duh_lime · · Score: 5, Funny

    would pay for a lot of students to do the work by hand.. And they'd learn something.

    OK.. there are better ways, but at least the money is not going to the Evil Empire.

    1. Re:$15,000 a year... by tekiegreg · · Score: 3, Insightful

      Not really, assuming: 1) You're paying students $8/hour 2) You work students 15 hours/week (they gotta study sometime) = $6240 I can do 2 students with room left over for a trained chimp (we'll assume $2,500 worth of bannanas and computer repair bill from feces thrown at computer). With 2 students you could probably upkeep a small university ok (say 150 computers per student) after that I'd put the students to work finding an automated solution.

      --
      ...in bed
    2. Re:$15,000 a year... by CAIMLAS · · Score: 3, Interesting

      No, no, no, definitively NO! This is NOT funny. This is insightful. What the hell do you think institutional education is there for, anyway? It's not to shovel money into a gaping corporate mouth; it's to teach students (IE, the future leaders of society) how to think.

      Computers are just a tool. They help people get work done more quickly in all manners and fashions. They are also a wonderful tool for teaching - both specifics and general concepts. One of the excellent skills which will be gained by giving students the task of installing/updating/upgrading machines - and not just CS/IT students, though I'm sure many of them could use the hands-on experience as well - is that it will help them conceptually visualize abstract structures. This is basic common sense. If people can recognize abstract structures and work within these confines, they can then apply this information applicably in the rest of their life. They'll learn how to be more organized and more systematic in their every-day approach, potentially making them better citizens and employees in their future lives.

      This is very, very good advice, not "funny".

      Now, granted, this would probably end up with many lab systems unfunctional for a good period of time, but that might just get them to work more diligently on getting the systems up and running. :)

      --
      ~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
  5. Stand *nix tools by rminsk · · Score: 3, Informative

    rsync, rdist, and yum. Well yum is not to standard.

  6. Re:rpm upgrade by pegr · · Score: 5, Funny

    Guys, he said he was an IT Director. Please don't go confusing him with crontab this or apt-get that...

    At least tell him to find his favorite geek to explain it to him...

  7. Network. by jellomizer · · Score: 4, Informative

    What I did for other schools was having /usr/local mounted on a file server with all the Linux applications installed so we just installed it once and they were all uptodate. But that may not work for all casses. Companies such as IBM have tools that can help keep Linux systems uptodate as well as Windows systems. Like IBM Director. Or you can find an OSS project and see if you can get a contact with a smaller consulting firm to help keep your OSS up to date and well managed.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  8. At $15,000 a year...... by ARRRLovin · · Score: 3, Insightful

    ......You're getting off EXTREMELY cheap. If you switch to a different OS, or OSS, you'll easily spend more than that (many times more) in hiring people to support the new infrastructure.

    --
    -Randy
  9. cfengine by ALecs · · Score: 3, Informative

    I've used GNU cfengine for automated updates at a company I used to work for. Basically, you write rules about how the system shoudl look and cfengine enforces them.

    However, we used to automate updates, apply system patches and rebuild the world if necessary. With about 5 lines changed to a single server, I could force all the workstations to re-install themselves overnight.

    We also used this system to push out passwd file updates (poor-man's centralized auth).

    http://www.cfengine.org/

  10. Zenworks for Linux/RedCarpet by KingDaveRa · · Score: 5, Interesting

    Zenworks for Desktops (ie Windows) is now a pretty advanced and mature product. It works pretty damn well. Zenworks for Linux is pretty immature by comparison. I've seen Novell making LOTS of noise about it, but then again, they would. From what I've seen though, its the only enterprise-grade software from a major vendor to offer a central control system. Most others are very fragmented.

    1. Re:Zenworks for Linux/RedCarpet by G+Money · · Score: 3, Informative

      Unfortunately, the current version of Zenworks Linux Management really is just Red Carpet Enterprise with a little more polish. The next version which is due out in a few months if I'm not mistaken is worlds appart and is almost on par with the feature set currently available for Windows. Everything you could want is built in. I don't think there will really be a desktop and server line as Linux is Linux. The remote access via VNC and application security policies (Firefox must have x as it's home page, evolution can't change the smtp server, etc....) are more desktop oriented but the end result is the same. You have one tool to perform all your system management if you're a Linux shop.

  11. Same boat by Jett · · Score: 5, Insightful

    I'm in the same boat where I work. I'm trying to get Firefox officially supported, the biggest sticking point is the lack of an easy method to push updates. I think this is one of the biggest reasons Firefox isn't widely deployed in the corporate environment yet, sure it's easy to install it yourself and update it yourself - but that's not a solution in a controlled environment.

    1. Re:Same boat by Verteiron · · Score: 4, Insightful

      That gets it on the client systems, sure. But how do you keep a user from (for example) changing their proxy setting? With IE you can lock the user out via Group Policies. With Firefox, well.. I'm not aware of a way to implement similar restrictions.

      It sounds like a Windows Server Administrator Template Policy would go a long way towards Firefox acceptance in corporate environments. You'd need some kind of plugin for Firefox that makes it read values from the Windows registry, as well.

      Alternatively, a Firefox plugin could read the Group Policy restrictions targeted at IE, and "translate" them internally to the Firefox equivalents, but such a solution would be a sloppy hack at best.

      --
      End of lesson. You may press the button.
    2. Re:Same boat by JonToycrafter · · Score: 3, Informative
      Mod parent up! Many people answering the question the original submitter asked haven't tried to tackle this themselves, or they'd know the problems they'd run into, which the parent post nailed down.

      Sadly, there isn't a perfect answer - yet. The Mozilla wiki covers this problem in more detail here.

      Firefox ADM partially covers this ground - here.

      There's another tool similar to Firefox ADM, but I can't find info on it at the moment.

      Summary: Firefox is almost there, but in most enterprise situations, there's still a few features (mostly in the lockdown, and setting default features department) that are lacking. I expect that will become a non-issue by the end of this year.

  12. Zenworks 7 by G+Money · · Score: 5, Informative

    We currently use Zenworks 6.6 to manage ~2000 NLD and SLES systems for system patching. It works great for that purpose. It doesn't offer more than very basic inventory management and reporting yet. I say yet because I'm on the beta for the next version and it is amazing. It makes managing Linux dekstops and servers ridiculously easy. If you've used Wen for Windows, they've basically pulled all the same functionality into the Linux realm. Imaging, patching, configuration management, security policies, reporting, inventory/asset management, remote access (vnc or ssh), everything is all wrapped into one bundle. Some of the other pieces we use are at our site if you're interested in other open source and commercial packages we use. It's not much more than basic marketing material at this point but feel free to ask any questions.

  13. Google is your friend by NewbieV · · Score: 4, Informative

    This website has downloadable MSI packages that will integrate Firefox into AD and GPO, as well as a howto.

    This thread will show you how to do the same for OO.o, but only for the 2.0 beta version.

    --


    "For every right, an equal responsibility..."
  14. Re:rpm upgrade by wallykeyster · · Score: 5, Funny

    Believe it or not, some IT management rises from within, some have undergrad degrees in Comp Sci, and some run FreeBSD, OS 10.3, Windows 2000, and Windows XP on boxes at home.

  15. Re:Is anyone repackaging FOSS for distribution? by quantum+bit · · Score: 4, Informative

    I repackage Firefox into an msi for group policy deployment. I used to use Winstall LE that came with Win2k server, but eventually I learned enough about how msi works to be dissatisfied with that (it often gets lots of unrelated registry changes since so much background crap always happens in windows). Now I just build them by hand.

    MakeMSI is a good tool for rolling your own, though it's best if you have some knowledge of how the tables work. Often I'll use Orca to tweak/double check things.

    Firefox was a bit of a pain to package the first time because of all the subdirs, but it's really light on the registry keys and for updates it's mostly a matter of just dropping in the new files.

  16. Re:small colleges by malraid · · Score: 3, Informative

    Your IT director is an idiot. How much does it cost to do updates by hand? Ask him to quantify it. Ask him to quantify ZEN Works. I was able to get a high school I used to work for to buy it. The support guys couldn't be happier when patches were done with a couple of clicks in ConsoleOne and boom...the whole directory is updated on next reboot. Mass deployments? Use multicast. Aplications assigned to users that are installed automatically on the workstation when the user logs in? Check . The cost was about one month of my salary. But then I understand you, they changed the IT Director and put an ass kisser that stopped us from using ZEN Works (and backup exec, so backups were done with "copy /s", and saddly I'm not kidding) so it all went down the drain. ZEN Works is worth it, believe me.

    --
    please excuse my apathy
  17. Stick with Windows by Anonymous Coward · · Score: 3, Insightful

    You're getting Windows and Office on 200+ desktops for only $15,000 and you consider that too much? Are you on CRACK? That's like quibbling over whether you'll pay three peanuts here or walk 1000 miles to pay two peanuts.

  18. Use cfengine by starfishsystems · · Score: 3, Informative
    Software deployment is part of a more general subject sometimes known as software configuration management.

    Since it's impossible to reason about security except with respect to a given configuration, this is a subject which deserves close attention, especially at larger sites where economies of scale are most effective.

    Mark Burgess at the University of Oslo developed a mechanism called cfengine as a solution to the configuration management problem. It's multiplatform, mature, stable, comprehensive, secure, and it scales very well. I recommend it.

    --
    Parity: What to do when the weekend comes.
  19. That's SUS, Goober. by Anonymous Coward · · Score: 4, Informative

    I just love you guys that spout off without knowing one thing about which you speak! He clearly stated that he presently uses SUS, as in System Update Server. You clearly know nothing about Microsoft systems newer than perhaps Windows 95.

    The SUS server, free from Microsoft, automatically downloads all of the updates from Microsoft's Windows Update server and stores them on a local server. The administrator, one only, then reviews the downloaded patches and authorizes which ones he wants to be installed on the workstations. Using Group Policies, the administrator reconfigures the Automatic Update service on all of the Windows 2000 or greater systems on his network and points it at the SUS server, rather than the default Windows Update site. The next morning, ALL SPECIFIED systems have been updated.

    It only needs ONE FRIGGING GUY to manage 10 machines or 50,000 machines and he doesn't have to leave his desk! The entire setup from start to finish can be setup and configured in an hour or less.

    Now, the next level is to do this with applications beyond the Windows Operating system. But, hey, they have solutions for that too. Microsoft Operations Manager(MOM) and Microsoft Systems Management Server(SMS) provide complete management control over the Windows systems on the network. MOM is for smaller scale operations while SMS is the full on enterprise package. No, they aren't free but, organizations that require them can easily afford them.

  20. Network filesystems, yes. NFS mount /usr/*LOCAL*? by Colin+Smith · · Score: 3, Informative

    No. Put it somewhere else.

    If you want to learn how to scale unix systems management a good start is infrastructures.org. You don't have to follow their ideas slavishly but it'll get you into the right mindset, and that's what matters.

    Keeping Unix boxes up to date is simple once you understand how, the effort required to manage 1000 machines is only marginally more than 100 which is only marginally more than required for 10.

    --
    Deleted