Slashdot Mirror

← Back to Stories (view on slashdot.org)

Updating Free Software in the Enterprise?

Posted by Cliff on from the one-is-easy-one-hundred-isn't dept.

wallykeyster asks: "I'm an IT Director for a small private university in the U.S., and we are largely a Microsoft shop. We pay over $15,000 each year for our Campus Agreement so that we can upgrade the desktop OS to our version of choice, run Office, and have some Client Access Licenses. I would like to move to FOSS solutions, but I'm having trouble finding support for Enterprise management. For example, OpenOffice and Firefox (both of which I use personally) would be easy first steps, but IE is updated automatically via our SUS server (and settings pushed to clients via group policies) and Office updates will be included soon. How are other larger organizations (i.e. more than 200 desktops) dealing with software deployment and updates? Is anyone using Zen with Novell Desktop Linux?"

17 of 367 comments (clear)

  1. Easy... by ivan256 · · Score: 5, Informative

    Run a local Debian package repository, only put updates you want in it, point your system's sources.list at the local repository, and add the following to the crontab for every system you deploy:

    0 3 * * * /usr/bin/apt-get update; /usr/bin/apt-get upgrade -yq

    1. Re:Easy... by LiquidCoooled · · Score: 5, Informative

      I believe his intention is to keep with Windows as the OS.
      He does mention starting with the easy ones.

      How do you perform a Windows based rollout, and make sure your settings are updated.

      Is there possibly a portion of the group policy which would run an msi/executable update?

      --
      liqbase :: faster than paper
    2. Re:Easy... by El+Cubano · · Score: 4, Informative

      Run a local Debian package repository, only put updates you want in it, point your system's sources.list at the local repository, and add the following to the crontab for every system you deploy:

      That's good for professor and permanent student workstations. But for lab machines, what you want is systemimager. I used to admin a lab as an undergrad and it was great. I had two "golden clients" from which came the two images I used. Then if a machine got messed up or if I did an update of some kind, I just told all the machines to reboot and grab their new omages from the server. It also supports letting you specify certain parts of the directory to not send and/or receive. All in all, a very powerful piece of software.

    3. Re:Easy... by DaGoodBoy · · Score: 5, Interesting

      No No NO! Just say 'no' to imaging... Debian supports preseeded configured values to be passed to a blank system during its install and a very easy method to run a script before and after the second stage installer. Do yourself a favor and actually track the tweaks you perform on a client when you build a system. Document them and put them in the install scripts. Then you can rely on the hardware detection method built into the Debian installer to allow you a diverse hardware ecology, consistent packages and a sliding target going forward as the repository ages.

      Just my $0.02 from a fellow sysadmin who has left imaging and never looked back!

      DaGoodBoy

      --
      My God! It's full of Voids!
    4. Re:Easy... by wallykeyster · · Score: 4, Interesting
      Exactly. I am running Ubuntu on a machine on my desk, but moving the entire campus to a Debian distro doesn't seem feasible right now. We have programming classes that use Visutal Studio, psychology classes that use SPSS, and other similar issues. Our student information system uses a Windows client provided by the vendor (we've made it limp along under wine but it is not stable). Our Web site runs on a CMS that requires IE for the management side.

      I'm looking for help doing this in smaller steps without losing enterprise-level management I have with SUS, group policies, etc.

  2. Give up already! by Anonymous Coward · · Score: 5, Funny

    They cancelled the show people. Enterprise is not getting an update. Let's stop kicking the dead horse already!

  3. $15,000 a year... by duh_lime · · Score: 5, Funny

    would pay for a lot of students to do the work by hand.. And they'd learn something.

    OK.. there are better ways, but at least the money is not going to the Evil Empire.

  4. Re:rpm upgrade by pegr · · Score: 5, Funny

    Guys, he said he was an IT Director. Please don't go confusing him with crontab this or apt-get that...

    At least tell him to find his favorite geek to explain it to him...

  5. Network. by jellomizer · · Score: 4, Informative

    What I did for other schools was having /usr/local mounted on a file server with all the Linux applications installed so we just installed it once and they were all uptodate. But that may not work for all casses. Companies such as IBM have tools that can help keep Linux systems uptodate as well as Windows systems. Like IBM Director. Or you can find an OSS project and see if you can get a contact with a smaller consulting firm to help keep your OSS up to date and well managed.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  6. Zenworks for Linux/RedCarpet by KingDaveRa · · Score: 5, Interesting

    Zenworks for Desktops (ie Windows) is now a pretty advanced and mature product. It works pretty damn well. Zenworks for Linux is pretty immature by comparison. I've seen Novell making LOTS of noise about it, but then again, they would. From what I've seen though, its the only enterprise-grade software from a major vendor to offer a central control system. Most others are very fragmented.

  7. Same boat by Jett · · Score: 5, Insightful

    I'm in the same boat where I work. I'm trying to get Firefox officially supported, the biggest sticking point is the lack of an easy method to push updates. I think this is one of the biggest reasons Firefox isn't widely deployed in the corporate environment yet, sure it's easy to install it yourself and update it yourself - but that's not a solution in a controlled environment.

    1. Re:Same boat by Verteiron · · Score: 4, Insightful

      That gets it on the client systems, sure. But how do you keep a user from (for example) changing their proxy setting? With IE you can lock the user out via Group Policies. With Firefox, well.. I'm not aware of a way to implement similar restrictions.

      It sounds like a Windows Server Administrator Template Policy would go a long way towards Firefox acceptance in corporate environments. You'd need some kind of plugin for Firefox that makes it read values from the Windows registry, as well.

      Alternatively, a Firefox plugin could read the Group Policy restrictions targeted at IE, and "translate" them internally to the Firefox equivalents, but such a solution would be a sloppy hack at best.

      --
      End of lesson. You may press the button.
  8. Zenworks 7 by G+Money · · Score: 5, Informative

    We currently use Zenworks 6.6 to manage ~2000 NLD and SLES systems for system patching. It works great for that purpose. It doesn't offer more than very basic inventory management and reporting yet. I say yet because I'm on the beta for the next version and it is amazing. It makes managing Linux dekstops and servers ridiculously easy. If you've used Wen for Windows, they've basically pulled all the same functionality into the Linux realm. Imaging, patching, configuration management, security policies, reporting, inventory/asset management, remote access (vnc or ssh), everything is all wrapped into one bundle. Some of the other pieces we use are at our site if you're interested in other open source and commercial packages we use. It's not much more than basic marketing material at this point but feel free to ask any questions.

  9. Google is your friend by NewbieV · · Score: 4, Informative

    This website has downloadable MSI packages that will integrate Firefox into AD and GPO, as well as a howto.

    This thread will show you how to do the same for OO.o, but only for the 2.0 beta version.

    --


    "For every right, an equal responsibility..."
  10. Re:rpm upgrade by wallykeyster · · Score: 5, Funny

    Believe it or not, some IT management rises from within, some have undergrad degrees in Comp Sci, and some run FreeBSD, OS 10.3, Windows 2000, and Windows XP on boxes at home.

  11. Re:Is anyone repackaging FOSS for distribution? by quantum+bit · · Score: 4, Informative

    I repackage Firefox into an msi for group policy deployment. I used to use Winstall LE that came with Win2k server, but eventually I learned enough about how msi works to be dissatisfied with that (it often gets lots of unrelated registry changes since so much background crap always happens in windows). Now I just build them by hand.

    MakeMSI is a good tool for rolling your own, though it's best if you have some knowledge of how the tables work. Often I'll use Orca to tweak/double check things.

    Firefox was a bit of a pain to package the first time because of all the subdirs, but it's really light on the registry keys and for updates it's mostly a matter of just dropping in the new files.

  12. That's SUS, Goober. by Anonymous Coward · · Score: 4, Informative

    I just love you guys that spout off without knowing one thing about which you speak! He clearly stated that he presently uses SUS, as in System Update Server. You clearly know nothing about Microsoft systems newer than perhaps Windows 95.

    The SUS server, free from Microsoft, automatically downloads all of the updates from Microsoft's Windows Update server and stores them on a local server. The administrator, one only, then reviews the downloaded patches and authorizes which ones he wants to be installed on the workstations. Using Group Policies, the administrator reconfigures the Automatic Update service on all of the Windows 2000 or greater systems on his network and points it at the SUS server, rather than the default Windows Update site. The next morning, ALL SPECIFIED systems have been updated.

    It only needs ONE FRIGGING GUY to manage 10 machines or 50,000 machines and he doesn't have to leave his desk! The entire setup from start to finish can be setup and configured in an hour or less.

    Now, the next level is to do this with applications beyond the Windows Operating system. But, hey, they have solutions for that too. Microsoft Operations Manager(MOM) and Microsoft Systems Management Server(SMS) provide complete management control over the Windows systems on the network. MOM is for smaller scale operations while SMS is the full on enterprise package. No, they aren't free but, organizations that require them can easily afford them.