Slashdot Mirror
Linux Desktop Deployment Postmortems?
duffbeer703 asks: "My employer runs alot of desktop and laptop computers -- something in the neighborhood of 40,000 PCs. Currently they are all Windows 2000 & XP managed by Active Directory and other big, complicated enterprise management tools, all of which can support Linux in one form or another. I'm looking for ways of making Linux (and maybe Unix or even Apple desktops) an option as we replace or add PCs. The problem is, most of the resources that you find online about deploying Linux focuses on server environment, and the articles that I do find about desktop Linux focus on standalone developer workstations, the IBM conversion to Linux (which doesn't seem to have happened) or things like LTSP, that won't integrate well with our infrastructure. Is anyone out there successfully using Linux for regular users? How did it go, and how did your IT and user communities adapt to the new kid on the block?"
Your employer runs a pretty hefty workstation. Although I have worked for, or known people that made similiar switches the scale was not even close. So it worked pretty well as the community was close-nit and excited about the change.
In your case though, there will be more disruption, not everyone wants to use linux... Id suggest just inserting the new computers in one department, preferably one where the employees are already interested in linux. I would also suggest taking a workgroup poll to get interior feedback interest as well.
prof
You could just give Red Hat or Novell a call and either one will be more than happy to give you their dog-and-pony show for their desktop offerings. I mean, they do do this kind of thing for a living these days.
s p
Do you have must-keep Windows apps? Try CrossOver Office
http://www.eweek.com/article2/0,1895,1886920,00.a
or
Verasora/Win4Lin
http://www.versora.com/
I've used and deployed them all in small businesses with AD management, and they've all worked. There's no reason why they wouldn't work in larger businesses. After all, as IBM and Oracle are showing, they already do.
Steven
There's a few reasons why an IS department won't roll out Linux into an Active Directory environment.
:)
First, is that they cannot control the desktop using policy. This is the biggest selling point of using Windows in a workgroup domain, and especially to manage as many servers and end users as they have. Active Directory, while not perfect, is awesome in its capabilities -- all stolen mostly from Novell's NDS
Next, is expertise. Why would you introduce something into an environment that nobody really knows how to use? Your executives aren't 100% sure but they know 100% that they need to hire staff that can take on Linux servers/desktops and supporting them. That means paying a premium for that labor, and it's not necessary when you can get Windows guys on the cheap.
Lastly -- companies are hesistant to change. Financial companies in particular go with the mantra, if it works, don't touch it. You will see lots of these smaller shops on NT 4 still because to them... it works. Larger corporations that have to meet with SOX compliancy issues are forced into upgrading. That's what happened where I work.
Anyways.. best of luck trying to introduce Linux into your environment. I am going to say that you will crash and burn trying, because a company that large doesn't likely have a *need* for Linux. And if's not a necessity, a good business decision is not to let it happen. Again the mantra, if it ain't broke...don't fix it.
The price is always right if someone else is paying.
Let me state that I love Linux, and I am fortunate enough to be able to use it for my work.
In the past I've been responsible for switching a small company over (circa 150 desktops) from -- what was it now? -- DOS to WIN 3.1, or WIN 3.1 to WIN 95, I forget, I've burned it from my memory. And it was a nightmare. Not cuz it was Windows, cuz we were switching, period. Accounting gave us hell ("what are the cost benefits again?"), users gave me hell ("Time is Money, Y'Know!"), and Super Senior Mgt tweaked me more than once ("If you weren't switching us to this, um, upgrade thing, what is it that you would be doing, hmm?"). Learned an AWFUL lot about wacky boutique Accounting-Inventory-Shipping-Graphics-YouNameIt programs that all ran lovely on the OLD system but had to be bludgeoned into submission on the new.
Not saying you should not upgrade. Not saying Linux is not an upgrade from what you're using (not saying it IS, either; you really need to examine the apps). Just saying that you really need to look at this upgrade from every direction short of Sunday before you dive into the change. There's a large, cold room reserved in the House of Pain for Linux Evangelists who push their companies to make The Switch without having a whole pond worth of ducks in a row.
Good Luck, Bud, and God speed! And better you than me.
I have successfully deployed GNU/Linux networks, both servers and workstations. If you are at all serious about deploying a large amount of GNU/Linux Workstations the first thing you should do is replace the Windows Servers.
/home directories, especially when you use LDAP for the User Database. If you attempt to deploy Unix type workstations in a Windows Network enviornment you will ALWAYS be fighting with the servers.
It is much easier integrating a Unix type workstation if you use Unix type servers. It is trivial to have nfs mounted
Don't be stupid. Out of compliance means you have more installations than you can -show- that you have licenses for. It doesn't mean that you actually have pirated software, but that you didn't keep all the right certificates of authenticity in a secure place. If your process wasn't tightly controlled, you can easily be out of compliance when somebody cleans out a closet full of 'old junk that nobody needs' (aka, all those still shrink-wrapped windows manuals).
Furthermore, being out of compliance is not a criminal matter, it's a civil one, so even if they were in actual violation and not merely in a state of poor record-keeping, they still wouldn't be 'criminals'.
(Yeah, yeah, IHBT, I dunno when I'll learn...)
--Parity
'Card carrying' member of the EFF.
Not if you live on a continent full of "criminals" with success stories.
There is no America. There is no democracy. There is only IBM and AT&T and DuPont, Dow, General Electric, and Exxon
I find it interesting that criminals are touted as a Linux success story.
A "few dozen" unlicensed apps on a network with 300 people shouldn't have warranted BSA-imposed pariahdom. A small fine and forcing them to fix their licensure status, yes. Disgracing them on the evening news and in an ad campaign, no.
Although it might count as blasphemy to say as much on Slashdot, Microsoft, of all companies, understands that, and except in really extreme situations will usually work with a company to get them in compliance, for NO fine (even offering a discount to "help them out" in some cases). The BSA, on the other hand... Absolute pure evil. It amazes me that anyone would allow them on-site without a warrant and a police escort.
You also have to wonder what "unlicensed" means, in context... For only a "few dozen" installations, does that mean they accidentally exceeded their number of VLKs? Shareware that had expired without buying the full version? Random programs that employees had brought in from home that the company didn't even know about? "Out-of-upgrade-path" upgrades (meaning, for example, that you can't take an OEM Win95 machine to XP via an upgrade copy - but you can upgrade it to NT4, which you can then upgrade to XP)? Plenty of situations to consider before calling them outright criminals. Oh, by the way, you need to fix that tail light, sir - I'll let you off with a $65K fine this time.
Yes, you can say that none of those situations should have occurred. But welcome to the real world, where even the most diligent IT department can't catch everything.
For a Gnome based desktop, Sabayon appears to be about the best thing I've found yet that allows you to create "profiles" for different users.
_ desktop_profiles which may be of some use as feedback/info)
I don't think it's anywhere as good as what I've heard group policy to be, but it's a start in the right direction. I've found it to be quite buggy and it took me a couple of days to get the desktop _as_I_wanted_it_.
(See http://www.codepoets.co.uk/sabayon_creating_linux
DG
The Ginger Dog
Especially in a company with that many desktops. When talking about a migration to Linux in a large environment like that means a bunch of things:
1. What do you do with ANY of the custom apps used on the desktop. Most large companies have at least a few apps their internal developers built for them, and I'll bet they weren't built with cross-platform use in mind. Sure, it may work for now in WINE, but what about when it throws a weird error? What about when a new feature is needed? Recoding the app isn't really an option for most places.
2. Time to fire and rehire your desktop support staff! And any IT group that is directly tied to desktop products, cause you're doing a complete 180 degree switch on them. You can argue that anyone worth paying should already know Linux, but the reality is a lot of people in IT are tied to MS, because that's what their company has bet the farm on. You would probably have to either rehire or retrain most of the desktop support group.
3. Your options are RedHat, or SuSE. A company that big is only going to switch if they can buy Linux from a vendor with the chops to support a large organization. Mom & Pop Linux Support Inc isn't going to be taken seriously since they may be in business today, but might not be tomorrow. Business wants a large company backing a product so they have someone to go back to when something goes really wrong.
4. Retraining Costs. Sure, there's adjustment when moving users from Windows Version X to Windows Version Y, but generally the user experience remains fairly consistent. Moving to Linux, unless you reskin it to look exactly like Windows and hide away anything that would hint that it wasn't Windows is going to require significant user retraining. Then there's all the new apps that they'll have to learn to use. You'll lost a LOT of time and money here.
5. What's the real benefit? Yeah, Microsoft is evil, vendor lock-in, security vulnerabilities blah blah blah and so on. But honestly, does Linux provide a real business value? Does it save money in the long run? Does it make the work easier to do? Don't answer these questions as techno-geeks who are already biased, look at it from a semi-objective standpoint.
I don't think you can make an effective case to begin the switch-over of 40,000 desktops to linux, even in much of a phased approach. Best you can probably hope for are a few pockets of Linux users within IT. The average user would probably never even get whif of its existance.
If you want to integrate Mac OS X computers into your existing Windows server infrastructure, be sure to check out http://macwindows.com/
This site is dedicated to enabling Mac OS X computers to coexist in the enterprise environment.
A year or two ago, I orchestrated an enterprise upgrade from Win 9x desktops with Banyan servers to WinXP with Win2K servers.
/etc/initab to customize the services running at a particular run level is a diverting amusement rather than an odious burden.
;-)
You would not believe how scared and panicky the users got. During the physical migration, users were given 4 hours of training on the changes from Win9X to WinXP. Then immediately went back to their desk to a newly converted workstation. It hardly helped at all. The shape of the MS Office icons changed, we got dozens of calls from users who said we had "taken away" MS Office. One department had their shared drive change from the P to the Q drive letter. Even after telling them verbally three times in class, and following it up with email, we still got dozens of calls from users who said their documents had been "deleted". We even got calls from people complaining that their spyware was missing! And some of them were PhD's.
Humans in general are dumb, easily panicked sheep. They fear and loathe change as if it were physically painful. They don't like Windows - in fact it is one of the favorite topics of water-cooler derision. But they would rather run their nuts through a clothes-wringer than have their toolbar move to the top of their screen.
Linux enthusiasts are generally highly intelligent malcontents. People who desire frequent chaotic change because it soothes the agony of their ADHD induced boredom. They love having to follow up the latest installation of Fedaro by trying to figure out where to download a multi-media player from because *someone* got pissy with the old player's authors and left it out of the distro. Tweaking
And Linux enthusiasts suffer from a terrible conceit, believeing that the rest of the world "wants" to be like them, but just doesn't know how. So if they can make the Linux desktop look 75% the same as windows, then they can lure the sheep in for a closer look. The implicit assumption being that once a sheep gets a good look at the "freedom" offered by vi and shell scripting, they'll have an epiphany and never want to go back to a point-and-click GUI.
Here's a clue for all the cult-of-linux followers out there. Most people HATE change. Flexibility is spelled c-o-n-f-u-s-i-o-n. Powerful tools are d-a-n-g-e-r-o-u-s. Configuration options are a t-a-r-p-i-t.
Memorize this commandment:
EASE OF USE is ***all*** that matters!
Until conversion to Linux represents LESS change for the average user to deal with than an upgrade to the next version of Windows, 90+ percent of the population won't touch it.
Or, you could go for an even lower common denominator, and develop XXX-windows with built-in pr0n. After all, it was x-rated content that created the market for VCRs and cable TV
"Sic Semper Path of Least Resistance"
All of my new deployments utilise RIS (Remote Install Services) which greatly reduces client installation times.
/home folders to a central server.
Roaming Profiles and publishing applications via Active Directory also greatly reduces on site time.
RIS helps greatly under Windows because you can't just install everything you want and then image the drive (unless you plan to put it on 100% identical hardware, and even then you need to sysprep it). With Linux, you can do an absolute base install in about thirty seconds more than it takes to format the HDD, then just do a normal copy from a CD (or networked) image to a live system. Or if you trust the drive, you can even skip the install, and just dd an image directly onto the HDD.
As for roaming profiles - Just put home directories on a network share. Simple as that.
Not to say that one should try to force Linux onto otherwise unwilling companies and users... But most of the reasons I've heard not to switch simply don't hold true.
I'm sure it can be done, perhaps by remotely mounting common application and
For apps, include them in the base image you put on each machine. For home dirs, you apparently already understand the easy and obvious solution.
I think the key is to make the transition process as smooth as possible.
One department at a time is a good strategy, but I'd go even further:
Your users will gonna have to learn to use a lot of new softwares and they won't be happy with that. If all those changes appends all at once, there will be a perception that Linux is hard and complicated. And it will fail.
I'd replace one aplication at a time for as long as I can. Internet explorer would be the first (replaced by firefox), then maybe Outlook (by Thunderbird), and then I'd go with MS-Office (one component at a time, replaced by OpenOffice2).
The idea is to make them learn while they are using there "confortable Windows environment". That way they will be able to go back to there old software (for a while) if something doesn't work as expeceted or if they are in a rush.
And make sure some of the IT staff makes the changes before everyone elses, so they can offer some supports.
Anyway, I which you good luck !
Sounds like you're perfectly positioned to get top-down approval now considering you've already demonstrated a clear need, know what kind of improvement you can expect, and have the support of the people who will be using the system.
Try it again and let us know how it goes.
*sigh* back to work...
-AT
Working in a DevOps shop is like playing in a band made up entirely of keytarists.
That's just the US, though. Off the top of my head; Europe has the Extremadura (sp?) project in Spain, the postal service in Poland, and Munich. South America has OSS projects going in Peru and Argentina. In Asia,there's a relatively large OSS effort going on in China.
:)
So. Just because us North Americans haven't moved off the dime doesn't mean that the rest of the world is sitting still.
Pop Quiz: Name a place where you can ask a question of a couple hundred thousand UNIX, Linux, Windows, and other IT/IS pros all in one place, many of whom may have experience relevant to your company's situation. In addition, this place cannot charge a fee for their services, and the answers must be diverse and rapid.
...
I don't know about you, but the only place that comes to mind is Slashdot. Vendors and consulting firms often have a bias to whatever products/services they feel they can offer at greatest advantage to themselves, and not necessarily to your best interest. With all that in mind, I think Slashdot is a pretty good place to start, like bouncing an idea off of a skilled friend except on a much larger scale. That's not to say they shouldn't do their own homework from that point onward, but a company doesn't often get to the point of having 40,000 workstations by sheer guesswork.
-AT
Working in a DevOps shop is like playing in a band made up entirely of keytarists.
In a managed environment, the users shouldn't be doing that anyway. It should be a crontab installed on their machines, immutable, that checks to see if you've added anything to the repository nightly.
That's the part you seem to be missing. Users shouldn't need or have to update their own machines in a managed environment -- you should be in control of that from start to finish.
+++OK ATH