Hi.
If you would like help with installing Linux, please contact your local Linux Users Group.
http://www.linux.org/groups/
They frequently have what is called Installfests. Someone there could help you with an install, perhaps a dual boot between Win98se and GNU/Linux.
Not saying that patches shouldn't be applied, but anyone that follows BugTraq knows that there are exploits for fully patched systems that have yet to be addressed by Microsoft. This includes a couple of problems with the RPC service.
This isn't a good solution for home users, but perhaps something like Cisco Secure ACS Remote Agent. This is a kernel level shim that intercepts function calls and uses a ruleset and heuristics to decide whether to permit the activity. I've seen this software protect a Windows 2000 server directly connected to the 'net with no service packs or patches.
I deploy and support this type of environment for a living (until I can earn my living with Open Source). While the number of users per server depends largely on what applications that you are running, a good (conservative) average number is about 50 users per dual-processor server. I tend to deploy dual-processor machines as their are diminishing returns on quad-processor servers (For example going from dual- to quad- processor increases your user count per server from 50 to only about 75 or so). These rules of thumb are on your average Pentium III server with about 1.5 to 2 GB of RAM. The Office software and Groupwise will conform well to this rule of thumb. Not sure on the Oracle apps, but if they are well-behaved 32 bit applications (read no DOS, 16Bit) they will run fine. Obviously you will want to pilot this environment to bench mark your specific results. Servers with Pentium IV Xeons will probably scale much better.
You will definitely want Citrix here for the advanced management and capabilities over Terminal Services alone (application publishing, advanced load balancing, managment console, etc).
If you take the benchmark numbers I mentioned earlier and add 20% or so for redundancy, you are looking at a farm of about 24 servers vice 100. Using the management capabilities of Citrix and server cloning techniques, administration of this farm will be be pretty easy. A single, experienced Citrix administrator can handle most of the level 2 and 3 support for this farm. With server cloning, adding additional identical servers for growth/redundancy down the road is easy.
You have correctly identified users of AutoCad and ArcMap as poor candidates for this type of environment due to the heavy requirements and graphics of these applications.
I disagree with the consultant that full blown XP is the best solution for the client. He/she may be hedging their bet for any Windows based applications that would not run well under Terminal Services/Citrix. If this is not the case, there are several Linux-based thin clients that would work well and would have a lower cost.
I am an integrator that is currently rolling out the T5700 (1 GHz Crusoe running embedded Windows XP) to several dozen users at a local business. The strategic direction of the customer is to replace desktops with terminals wherever possible (their business apps all reside on a farm of Citrix servers). They liked this model terminal over the old ICA only terminals as it had more of a 'true' Windows look and feel with the Start Menu and Task Bar. Imagine my joy when I found out that these XP embedded devices are subject to both of the recent RPC critical vulnerabilities!
I can only dream of future without Windows, but stuff like this might hasten the day.
Unless you have a very large number of networks or hosts. Then the 10.0.0.0/8 private address range gives you more room to subnet for different locations. There is also the 172.16.0.0/12 network.
To those who admin Windows networks...
Please put an exit filter for TCP port 25 on your firewall so only your mail server can send SMTP and not infected workstations.
Citrix farm isn't open. My concern is laptop users getting it from home and then bringing it to the internal network. We were able to patch laptops this AM. So far, so good (knock on wood).
Thanks. I checked further based on your post. I did read on MS somewhere that it required SP3. I later did find the following and will begin testing immediately:
Is the patch supported on Windows 2000 Service Pack 2?
This security patch will install on Windows 2000 Service Pack 2. However, Microsoft no longer supports this version, according to the Microsoft Support Lifecycle policy found at http://support.microsoft.com/lifecycle. In addition, this security patch has only received minimal testing on Windows 2000 Service Pack 2. Customers are strongly advised to upgrade to a supported service pack as soon as possible. Microsoft Product Support Services will support customers who have installed this patch on Windows 2000 Service Pack 2 if a problem results from installation of the patch.
The specific scenario is that it is a farm of Citrix servers where each server may have 50 simultaneous users and 20 different apps are running. Examples of things that go wrong (not necessarily for this patch but real examples) are logon time mysteriously increasing to over 5 minutes, print spooler crashing, applications ending silently after launch. Sometimes a Microsoft patch then requires a hotfix or two from Citrix.
My point is that we can't keep up with the patch load. Each has to be tested and validated in our environment. Life would obviously be better if there were better QA from Microsoft.
The patch requires at least Windows 2000 SP3. We run in a Citrix environment. We have had serious issues with the stability of certain applications and SP3 and SP4.
Windows security vulnerabilities come out a couple of times a week. Its damn near impossible to test and apply all the hotfixes, especially when they have a tendancy to break something else.
I'd love to choose another platform, but that isn't happening anytime soon. I think we will have to look at host based security/IDS solutions outside of Microsoft to keep our servers secure.
Largemouth and smallmouth bass fishing in Western/Northern Michigan is great. Nothing like relaxing on a nice quite morning on a scenic lake while smoking a fine cigar.
Re:not gnu
on
RMS Turns 50
·
· Score: 5, Informative
Show the guy some respect.
How much of your favorite distribution is from FSF/GNU? He devised the GPL without which Linux wouldn't be where it is today. He doesn't ask people to use the term GNU\Linux out of ego, but to remind them about the ideals of Free Software.
Read this book and give it some thought:
Free as in Freedom
Multihome to a single ISP that has multiple redundant backbone connections and do IBGP with them. His summarized aggregate routes will be multihomed on his backbone. You can then peer with him for your smaller subnet.
I know it isn't as good as peering with two independant ISP's. Maybe you can connect to the same ISP at two different POPs to alleviate this somewhat.
Could someone confirm this? This sounds a little too good to be true. I don't think that 50 concurrent Windows Terminal Server users can use 1 license for Office even though it is on the same machine. This has to stand up legally for system integrators to recommend this kind of solution.
I had a friend who experienced the same thing over the past year. He eventually found out it was because he always booked his air travel about a day before departure. Apparently this is a marker that causes you to be searched.
Slashdot Mirror
Hi. If you would like help with installing Linux, please contact your local Linux Users Group. http://www.linux.org/groups/ They frequently have what is called Installfests. Someone there could help you with an install, perhaps a dual boot between Win98se and GNU/Linux.
Not saying that patches shouldn't be applied, but anyone that follows BugTraq knows that there are exploits for fully patched systems that have yet to be addressed by Microsoft. This includes a couple of problems with the RPC service.
This isn't a good solution for home users, but perhaps something like Cisco Secure ACS Remote Agent. This is a kernel level shim that intercepts function calls and uses a ruleset and heuristics to decide whether to permit the activity. I've seen this software protect a Windows 2000 server directly connected to the 'net with no service packs or patches.
I deploy and support this type of environment for a living (until I can earn my living with Open Source). While the number of users per server depends largely on what applications that you are running, a good (conservative) average number is about 50 users per dual-processor server. I tend to deploy dual-processor machines as their are diminishing returns on quad-processor servers (For example going from dual- to quad- processor increases your user count per server from 50 to only about 75 or so). These rules of thumb are on your average Pentium III server with about 1.5 to 2 GB of RAM. The Office software and Groupwise will conform well to this rule of thumb. Not sure on the Oracle apps, but if they are well-behaved 32 bit applications (read no DOS, 16Bit) they will run fine. Obviously you will want to pilot this environment to bench mark your specific results. Servers with Pentium IV Xeons will probably scale much better.
You will definitely want Citrix here for the advanced management and capabilities over Terminal Services alone (application publishing, advanced load balancing, managment console, etc).
If you take the benchmark numbers I mentioned earlier and add 20% or so for redundancy, you are looking at a farm of about 24 servers vice 100. Using the management capabilities of Citrix and server cloning techniques, administration of this farm will be be pretty easy. A single, experienced Citrix administrator can handle most of the level 2 and 3 support for this farm. With server cloning, adding additional identical servers for growth/redundancy down the road is easy.
You have correctly identified users of AutoCad and ArcMap as poor candidates for this type of environment due to the heavy requirements and graphics of these applications.
I disagree with the consultant that full blown XP is the best solution for the client. He/she may be hedging their bet for any Windows based applications that would not run well under Terminal Services/Citrix. If this is not the case, there are several Linux-based thin clients that would work well and would have a lower cost.
I am an integrator that is currently rolling out the T5700 (1 GHz Crusoe running embedded Windows XP) to several dozen users at a local business. The strategic direction of the customer is to replace desktops with terminals wherever possible (their business apps all reside on a farm of Citrix servers). They liked this model terminal over the old ICA only terminals as it had more of a 'true' Windows look and feel with the Start Menu and Task Bar. Imagine my joy when I found out that these XP embedded devices are subject to both of the recent RPC critical vulnerabilities! I can only dream of future without Windows, but stuff like this might hasten the day.
Unless you have a very large number of networks or hosts. Then the 10.0.0.0/8 private address range gives you more room to subnet for different locations. There is also the 172.16.0.0/12 network.
To those who admin Windows networks... Please put an exit filter for TCP port 25 on your firewall so only your mail server can send SMTP and not infected workstations.
In case you are reading /. - just wanted to say thanks for all your work. Good luck and have fun with the MBA.
Citrix farm isn't open. My concern is laptop users getting it from home and then bringing it to the internal network. We were able to patch laptops this AM. So far, so good (knock on wood).
Thanks. I checked further based on your post. I did read on MS somewhere that it required SP3. I later did find the following and will begin testing immediately: Is the patch supported on Windows 2000 Service Pack 2? This security patch will install on Windows 2000 Service Pack 2. However, Microsoft no longer supports this version, according to the Microsoft Support Lifecycle policy found at http://support.microsoft.com/lifecycle. In addition, this security patch has only received minimal testing on Windows 2000 Service Pack 2. Customers are strongly advised to upgrade to a supported service pack as soon as possible. Microsoft Product Support Services will support customers who have installed this patch on Windows 2000 Service Pack 2 if a problem results from installation of the patch.
The specific scenario is that it is a farm of Citrix servers where each server may have 50 simultaneous users and 20 different apps are running. Examples of things that go wrong (not necessarily for this patch but real examples) are logon time mysteriously increasing to over 5 minutes, print spooler crashing, applications ending silently after launch. Sometimes a Microsoft patch then requires a hotfix or two from Citrix. My point is that we can't keep up with the patch load. Each has to be tested and validated in our environment. Life would obviously be better if there were better QA from Microsoft.
The patch requires at least Windows 2000 SP3. We run in a Citrix environment. We have had serious issues with the stability of certain applications and SP3 and SP4. Windows security vulnerabilities come out a couple of times a week. Its damn near impossible to test and apply all the hotfixes, especially when they have a tendancy to break something else. I'd love to choose another platform, but that isn't happening anytime soon. I think we will have to look at host based security/IDS solutions outside of Microsoft to keep our servers secure.
Largemouth and smallmouth bass fishing in Western/Northern Michigan is great. Nothing like relaxing on a nice quite morning on a scenic lake while smoking a fine cigar.
Show the guy some respect.
How much of your favorite distribution is from FSF/GNU? He devised the GPL without which Linux wouldn't be where it is today. He doesn't ask people to use the term GNU\Linux out of ego, but to remind them about the ideals of Free Software. Read this book and give it some thought: Free as in Freedom
To expand on the parent, research something like the Fatpipe WARP: http://www.fatpipeinc.com/warp/index.htm
Multihome to a single ISP that has multiple redundant backbone connections and do IBGP with them. His summarized aggregate routes will be multihomed on his backbone. You can then peer with him for your smaller subnet. I know it isn't as good as peering with two independant ISP's. Maybe you can connect to the same ISP at two different POPs to alleviate this somewhat.
Although it is written about Linux specifically, I think it applies to the topic at large. HOWTO Encourage Women in Linux
Could someone confirm this? This sounds a little too good to be true. I don't think that 50 concurrent Windows Terminal Server users can use 1 license for Office even though it is on the same machine. This has to stand up legally for system integrators to recommend this kind of solution.
I had a friend who experienced the same thing over the past year. He eventually found out it was because he always booked his air travel about a day before departure. Apparently this is a marker that causes you to be searched.
I Think This Pretty Much Says It....