Cisco IT Manager Targeting 70% Linux 312
RMX writes "LinuxWorld Australia has an
interesting article discussing Linux Desktop adoption in Cisco.
Cisco "already converted more than 2,000 of its engineers to Linux desktops...plans to move many laptop users to the platform over the next few years...the driver for Linux on the desktop is not cost savings, but easier support. Manning estimates that it takes a company approximately one desktop administrator to support 40 Windows PCs, while one administrator can support between 200 and 400 Linux desktops.'"
40:1 ? (Score:4, Insightful)
TCO (Score:5, Insightful)
What i'm sure it doesn't show is that a linux engineer handling 200 computers can provide a much better service (due to the fact that more is "known and controllable" in linux than windows) than a windows sysadmin handling the same amount of computers, resulting in lower costs of security, less costs related to spywares, viruses, user support calls, etc.
Cost Savings (Score:5, Insightful)
Isn't this still Cost Savings, when you don't need to hire as many admins?
Re:Critical mass... (Score:1, Insightful)
Frankly 2003 with SP1 and XP with SP2 is getting there, it only took them a while.
License management... (Score:5, Insightful)
My Windows co-workers often need a CD either because they need new software, or due to their computer requesting a CD due to some function not already installed. Finding the RIGHT CD (they are like 1000 cd's every month, and they are neatly marked in INVISIBLE, but very fancy, writing) is a total pain. Then, there is the issue of which key is used for this one (oh, you used the english version!) really turns this into a nightmare.
Folks running windows run all kinds of different versions of their software. Why, upgrading costs time and money. On my Slackware machines, swaret has done all upgrades for me, totally automatically! Just upgraded one PC from Slackware 9.0 to 10.1 - swaret --upgrade wait for a while (was a 200mhz...) and reboot when all is done. No keys, no CDs, no cost. Totally brilliant!
Re:Critical mass... (Score:3, Insightful)
Little if any functionality of most worms requires root privileges. They could run just fine as a user process.
about the worst thing that can happen is the home directory to be wiped out
Which is usually the only directory on a workstation that contains any information of value.
Delete all your home directories, rsync or rdiff your backup in and magically things just work.
You could restore the entire filesystem on any computer to achieve the same thing.
There are many factors that make Linux less worm-prone than windows. Taken together, they add up to a huge disparity in malware prevalence between the two OSes. However, no single factor is a magic bullet, and that includes the relative difficulty of running with root privileges. It's just one small piece of the puzzle.
Right, (Score:5, Insightful)
Linux on the Desktop will Accelerate (Score:3, Insightful)
Linux is easier to maintain than Windows, largely thanks to IBM. Linux is more reliable and is less prone to infection by viruses and malware (e.g. spyware) than Windows. IBM ensures that any OS (whether it is commercial or free) shipped to customers on its computer systems meets stringent requirements for reliability.
IBM has been vindicated. IBM initially tried to dethrone Microsoft by producing OS/2, but it was a failure. Now, IBM has thrown its weight behind a product (i.e. Linux) developed outside of IBM, and that product is succeeding in hurting Windows.
Re:Critical mass... (Score:3, Insightful)
Considering that Linux is not monoculture and Linux machines never run as root the way Windows machines do, the support ratio will not change. Cisco's internal distribution might be monoculture but how do you suppose virus writers will figure out company changes? They won't.
Virus and general malicious software is difficult to write when everyone is running Linux. People will continue to try but only the hardcore. Script kiddies, in contrast, would become extinct.
Look at a vulnerability (Score:4, Insightful)
In short: When you don't bundle fixes you typically have one-line fixes which don't break code which isn't already broken (by relying on buggy behavior). Hence, testing time is minimized.
Re:Critical mass... (Score:2, Insightful)
However, this is simply not the case. Windows is a very homogenous system. Every win2k box is a win2k box. The only differences are slight differences in configuration.
Linux is heterogenous. I mean even if you take a distribution like fedora core 3. Every FC3 box has the same kernel. And if they are up to date they all have the same versions of stuff like glibc. A linux box is a collection of many small pieces of software. Windows is one giant blob of software. So maybe you find a hole in a particular version of openssh. Lots of linux boxes have openssh of varying versions. So you might be able to hit a bunch of them. But it is very difficult to target linux the way you target windows because the number of systems that are similar enough is very small, even if the whole world used it.
You would literally have to find a hole that is present in all 2.4 an 2.6 kernels regardless of patches applied in order to get enough of the linux boxen. And some people still use 2.2. 2.0?
Re:40:1 ? (Score:5, Insightful)
I used to work in an all-microsoft shop back when Nt4 was new and at that time the ratio for us was about 20-30 users to 1 support person. However we did more than just helpdesk support. But when I left to come to a NetWare shop I was amazed at how many more users were being supported per number of IT people. It was at least triple. And to top it off, at the NetWare shop we are responsible for much more than at the other place. In addition to data we also handle phone and security and support users at remote locations. So I think the ratio will differ from company to company depending on various things but I know from experience that Windows is support intensive.
Support cost less not due to windows per se... (Score:2, Insightful)
If a support tech can only support 40 windows PCs, but another support tech can support 200 Linux PCs, is the difference the amount of support or the intelligence of the tech.
Now I run windows, and have administered windows and I develop software for windows. However, Linux is not as straightforward to administer as windows. I think it requires someone with more skills to administer a Linux box than a windows box.
Someone with more skills will likely be better at administration in general, regardless of which OS. So it is kind of a split problem. To administer linux boxes, you need someone with a good skill set, but they can administer more boxes, but probably at a higher salary. To administer windows boxes, you may not have to pay as much but each tech supports fewer boxes.
If done right, Windows workstations aren't bad.. (Score:3, Insightful)
With the help of Active Directory, some really neat software (Marimba) and some planning, you can manage thousands of Windows workstations with a minimal staff.
You lock down the machines (no admin logins) you manage the software versions and patches (centralized software distribution) and you don't allow users to install software on their own.
Denying admin logins alone stops 95% of all spyware.
40 workstations without any control WOULD be all an admin could handle, but when you deploy them correctly you can support over 10x that - just like any other system.
Re:but microsoft.... (Score:1, Insightful)
Re:40:1 ? (Score:5, Insightful)
Every company is different, and I guarantee you most of the people at Cisco are doing a hell of a lot more interesting things that answering email, writing word documents, and scheduling meetings.
You really have to consider all the factors involved, of which we don't have many, so if the IT manager at Cisco says he need 1 support person for every 40 machines, he's probably not lying.
Maybe instead of merely slamming his numbers you could try to extrapolate and learn from.
A pipe dream? (Score:3, Insightful)
There are rumors that the CallManager software (Cisco's IP PBX) will be ported from Windows 2000 to Linux. As it is, to run this box safely today requires having the box on its own subnet with access lists, running anti-virus software on the box(es), running Cisco Security Agent (looks for anamolous behavior of running programs), and running the boxes in a redundant fashion. Not that porting to Linux would solve all problems, but a box that runs a web server, SQL2000, and Windows 2000 has a fair number of issues that could r0x the b0x. Not the least is that if you download a patch from Microsoft that Cisco hasn't approved, and it breaks the box, Cisco TAC will wash its hands of you.
However, Cisco and Microsoft are not only in bed with each other, they are spooning. Part of Cisco's new security initiative involves running Cisco software on desktops to check if the anti-virus and CSA software are up to date, and not allow them to join the network until they are. This is part of those Cisco commercials where the "Self-defending Network" comes in and stops attacks. Getting Cisco software to use the Microsoft API in a world where MS could simply roll their own software just like it for free is a tricky business. Cisco needs to know what Microsoft is doing, and Microsoft could just as easily start doing more business with Juniper should they want to.
What I'm saying is that Cisco uses Linux today for a good number of its products (Content Networking, CallManager, etc) because of its stability. However, the aims of this guy to publically change internal desktops to Linux would be nullified by just one phone call from Gates to Chambers (Cisco CEO).
Re:I work for Cisco... (Score:2, Insightful)
The requirements for supporting an engineer's windows desktop securely would be much higher, if you support them at all. Whereas on linux, package management that actually works (.msi exists, but it's a whole lot worse than
Re:1:40 ? (Score:3, Insightful)
Re:If done right, Windows workstations aren't bad. (Score:1, Insightful)
Hmm. Are you sure that wouldn't be 96.3% or 93.7%, or did you just pluck that percentage out of thin air?
OF COURSE no sysadmin worth the name (and its not much of a name in the first place seeing as how they are the bottom feeders of the IT world) would allow admin privileges for standard logins.
Re:40:1 ? (Score:5, Insightful)
Regards,
Steve
Re:40:1 ? (Score:3, Insightful)
Wrong! (Score:3, Insightful)
And EVERYONE knows that easier support doesn't save any cost.
Re:Critical mass... (Score:3, Insightful)
The key is that it's very hard to destroy a system with a Linux virus.
Re:Support cost less not due to windows per se... (Score:2, Insightful)
Re:40:1 ? (Score:3, Insightful)
Because no manager ever fudges the staff numbers to make a case, right?
Re:Different perspective... (Score:2, Insightful)
"Linux is easy because we set up proper polcies and enforce them. Windows is hard because we haven't bothered to do so."
In other words, you guys are proposing a technological solution (Linux) to a political problem (user desktop control, admin saavy).
Re:Different perspective... (Score:5, Insightful)
Re:40:1 ? (Score:2, Insightful)
Regards,
Steve
Re:Look at a vulnerability (Score:3, Insightful)
The choice is between having a security hole in a deployed piece of software, and running the risk of breaking applications that depend on that security hole. It's your choice whether or not to install security updates. How is the community supposed to regression test against your buggy closed source in-house software? Obviously, they can't. That's one of the responsibilities that you took upon yourself by standardizing on a poorly-supported proprietary application in-house.
It's ridiculous to blame the community for not having a magic wand to detect how every deployed site is using the software internally. If you want to do more regression testing than the community is able to do, then you are free to do it yourself before you deploy the fix.
Re:40:1 ? (Score:3, Insightful)
In order for a windows admin to support 200 pc's he has to be EXTREMELY overworked, and the setup has to be very simple and streamlined.
Now I'll grant that 40-1 is low, but that is about what it would take to be able to deliver IMMEDIATE response to technical problems without users being able to install/configure software themselves (meaning at any given moment there will be someone sitting around waiting for a call) which is probably what cisco is looking for when it comes to its Engineers. The higher the ratio goes, the more it becomes about setting up a queue of tasks, the admin's ability to juggle tasks, and reasonable rather than immediate response times.
Cisco admins are probably making 40k/year and the engineers are making 250+k/year each... they probably figure this is worthwhile to minimize downtime.
At 400-1 a linux admin will probably have reasonable idle time, but you can't guarantee that two problems will come at once. This is where having 5 admins who administer 2000 pcs come in, ONE of them will be more likely have idle time when that second problem comes in. Of course those 5 admins are probably making $80k/year rather than $40k/year like the windows admins were but the salary of 10 admins with only 5 sets of benefits is a great deal less than 50 salaries and 50 sets of benefits.
"His poor admins who now have to support linux with inadequate training..."
Keeping the same admins would be categorically stupid. You simply get rid of the windows admins (they did not have the knowledge needed to perform their job function, no unemployment for you!) and hire in real linux admins. Or maybe discover that some of your windows admins were really linux admins who took the job to get Cisco on their resume.
Since the support costs of linux ARE lower than the support costs of windows I doubt he is fudging the data.
Re:1:40 ? (Score:3, Insightful)
Re:Get the Facts(TM)! (Score:3, Insightful)
A couple of points:
1) I hold the following certs: MCSE, MCSA. LPIC-2, A+, Network+, Server+, Inet+
2) I spend at least as much time as a consultant working with Windows as I do helping my customers with Linux. I can design Windows networks and troubleshoot them with the best.
3) I used to work at Microsoft.
Ok...... Now for my opinions:
1) Windows sucks because it is TOO COMPLICATED.
2) Windows security sucks because Windows is too complicated and interdependent.
3) Windows is getting more technician/admin friendly but it is still full of braindead dependencies. This ensures a Sendmail-like security record on both the server and the desktop.
4) Linux costs less to support because it is simpler.
5) Training costs for corporate workstations is less with Linux than Windows because it is less complicated.
6) Linux is more predictable due to better quality code and more simplicity. This makes it easier than Windows for a newbie to learn.
The above comparisons assume that one can readily run similar programs on both operating systems. In areas where this is not the case, YMMV.
Sometimes I think that MS shills are invading slashdot!