Windows to Linux Migration in the Enterprise? 92
youngerpants asks: "There is a lot of talk at the moment about migrating applications from WIN32 to Linux. This certainly helps move the OSS movement along, however, the true test of Linux is in the enterprise. Whereas we can move applications, how can the enterprise itself (such as Active Directory to Open LDAP, Exchange Server to Sendmail and NTFS to Samba) be moved.
Have Slashdot readers used any applications or followed any strategies to migrate their enterprise? How would you tackle an obviously risky migration?"
Open source procedure (Score:2, Funny)
2. ???
3. Profit!
Re:Open source procedure (Score:2, Insightful)
Re:Open source procedure (Score:2)
That certainly has not been my experience.
Could you please explain what you were trying to say in the previous post?
Re:Open source procedure (Score:2, Insightful)
Re:Open source procedure (Score:1)
Wrong examples (Score:5, Insightful)
I understand the gist of your question, although I don't think you understand it yourself. None of your examples actually discuss the one thing the enterprise is interested in: "Functional Parity"
AD to OpenLDAP doesn't go, because OpenLDAP is just a directory protocol -- I wish people would start to understand that. There is no directly usable management interface, no business logic, no nothing. It is just a protocol....
Comparing Exchange Server and Sendmail earns you a good thwapping over the head in my team -- maybe Exchange Server vs. Open-Exchange, but again you are comparing the wrong things. Finally, go stand in the corner for comparing NTFS with Samba.
I usually don't complain about Ask Slashdot type stuff, but this takes the cake. Go learn something about IT before you ask stupid questions.
Re:Wrong examples (Score:3, Insightful)
Have a lot of Fun!
Re:Wrong examples (Score:1)
Re:Wrong examples (Score:2)
Re:Wrong examples (Score:2, Interesting)
by passthecrackpipe (598773)
Man, you need to chill a little. If you get the "gist", why not help instead of smacking the poor poster with technicalities? Maybe another hit of the crack pipe?
Re:Wrong examples (Score:5, Insightful)
As for "chilling a little", I met a customer last week, who simply did not want to talk open source, because some clueless critter of an "IR Consultant" came in some time ago shouting something similar. "Get rid of all your Microsoft products! They are EVIL!" now, this customer is a relaxed dude, so went like "okay, but I replace it with what?" and something similar to the above list came up. For most people that list is simply unacceptable -- they don't *care* what they run, as long as it works. So someone coming around that can't even tell the difference between Exchange and Sendmail, and states "rip out all your groupware, calendaring, forums, imap, mail, pop, webmail, and some CRM functionality, and instead I give you Sendmail....it's FREE!" does not really impress.
Customer now thinks Open Source people are clueless freaks, and any mention of this stuff is taboo. I see this *all the time* and it really gets me upset.
Getting the revolution because you downloaded OpenOffice.org and found Slashdot is one thing, making the whole community look bad is another....
Re:Wrong examples (Score:1)
Re:Wrong examples (Score:1, Funny)
Perhaps I could interest you in some Amway products then?
Re:Wrong examples (Score:1)
Re:Wrong examples (Score:2)
But, since there are several companies making anti-virus software for Windows, I think that this qualifies as a trend...
Re:Wrong examples (Score:2)
...and he's not paying YOU (Score:2)
Re:Wrong examples (Score:2)
It upsets me too. I'm reluctant to promote OSS until I've asked a few questions about what the other person needs, and I try to point out all the pitfalls too. That way, if a person tries Linux for example, and it's not as hard as I said it might be, they're impressed. Raising expectations and then not meeting them is not a good practice in the long run.
Re:Wrong examples (Score:2)
Now the NTFS/Samba was just dumb.
Re:Wrong examples (Score:3, Interesting)
Active Directory's primary feature is that it is an LDAP implementation. Also, OpenLDAP [openldap.org] is an open source implementation of LDAP--not the protocol itself. The compination of OpenLDAP and SAMBA can deliver a lot of the backend functionality of Active Directory, but you are correct th
Re:Wrong examples (Score:4, Interesting)
Re:Wrong examples (Score:2)
Ok. You sold me. Can you point me to the HOWTO?
Re:Wrong examples (Score:4, Informative)
Nssldap will have to be recompiled for schema mapping, since AD doesn't follow a standard LDAP schema. Last I checked FC2 and FC3 already had compiled nssldap this way, so no recompile was necessary.
MS Services for Unix is needed to modify the AD schema and for a couple of added screens in the admin tools for AD, to allow Unix attributes to be added.
If you want to be able to change passwords from *nix, you will need to setup SSL, since password changes can only occur over SSL in AD.
Just google on "AD nssldap". I have had my office running this way for almost 4 years, with no problems.
Re:Wrong examples (Score:2)
Re:Wrong examples (Score:3, Interesting)
I would be interested to hear your opinion on the use of Kerberos in a UNIX environment. Personally, I am impressed by the way that MS have integrated Kerberos and made it relatively easy for application developers to use. The picture seems weaker in a UNIX environment, because few applications take advantage of Kerberos authentication (so people do not use Kerberos, so there is no incentive to add Kerberos support to applications, and so on). It is unfortunate. My question is, do you do anything inte
Re:Wrong examples (Score:4, Informative)
My two cents on what you didn't ask about: I, like you, am impressed that you basically get kerb for free for most traffic from a windows server. However, I hate MS for the way they did this. They use non-standard, undocumented features that prevent non-MS systems from actually being interoperable with them. Even the MIT Kerberos team has accused them of trying to embrace & extinguish. I suspect that some (though certainly not all) of the lack of Kerberos on *NIX has to do with this.
Re:Wrong examples (Score:2)
I know about those, but they are not exactly impressive or widely deployed (at least, that's my perception) in comparison to the other achievements of the open source community.
I agree that the way that MS changed Kerberos to add authorization information is intensely frustrating, but I think that adding authorization information is the right thing to do. Trouble is, it's a hard problem to come up with a reasonable authorization infrastructure. MS had one already. The rest of the world doesn't agree on
Re:Wrong examples (Score:2)
OpenSSH is VERY impressive & is VERY widely deployed. Samba and OpenLDAP certainly have high deployment as well. I suppose a more interesting question would be to ask what impressive, wideley deployed software should have Kerberos but doesn't currently...
Re:Wrong examples (Score:2)
Of course I wasn't questioning the deployment of OpenSSH, Samba, or OpenLDAP! I use the first two every day. I meant deployed and using Kerberos. It wasn't clear from my post on its own, but I meant my comment in the context of the thread.
Re:Wrong examples (Score:2)
Yes--the major Linux vendors tend to compile most apps without Kerberos. I suppose to minimize dependencies & to prevent security holes from un(under?)-used featuers.
pam-krb is usually available enough & consquently (with the kerberized services on windows) I have seen a lot of kerberized samba deployments. Fewer kerberized OpenSSH/OpenLDAP servers. Institutions that use kerberized end-user apps (UW's pine email client, Evolution, etc.) do seem to be more l
Re:Wrong examples (Score:3, Insightful)
MS not only made it easy for appdev's to use Kerberos (I am personally not really bothered about appdev comfort, caring more for end-user experience), they made it transparent to the end-user i.e. the user will *never* h
Re:Wrong examples (Score:2)
Thanks.
So do you handle authorization on a per-application basis, or is it workable to store authorization for all applications in Novell/OpenLDAP or some other centralized server?
Re:Wrong examples (Score:2)
Re:Wrong examples (Score:2)
Yes--MS's products on the backend are general
Re:Wrong examples (Score:3, Informative)
BZZT... primary feature is a trio of functions, the AAA as it used to be called in Cisco materials: authentication, authorization, and access.
Authentication: Who is this? do the username, password, and option crypto token match?
Authorization: What resources are you allowed to use?
Access: Is the authorization for this resource still valid?
If you just want a directory, OpenLDAP is great. If you want an AD replacement, you need OpenL
Re:Wrong examples (Score:2)
First of all, I never said that AD was ONLY an LDAP implementation. Second of all, I said you needed samba & other services to replace AD & that it wouldn't be 1:1. Finally, many [wikipedia.org] others [microsoft.com] agree [answers.com] that a HUGE part of AD is the LDAP implementation.
Hell--they even chose to call it active directory!
In short primary != only & I never said that it was.
Re:Wrong examples (Score:2, Interesting)
The sendmail point was a knee jerk reaction on my part - open exchange is a better alternative, which is why I ASKED SLASHDOT - but with the same valid points; getting from point A to point Z
oh, and AD uses LDAP, its a protocol. Th
Re:Wrong examples (Score:2)
It sounds like you could use this book: "Windows to Linux Migration Toolkit" by Allen, David.
Re:Wrong examples (Score:2, Interesting)
I get tired of reading crap like this from folks who "know better" than everyone else. I highly
Re:Wrong examples (Score:2)
That's why he is the doctor, and I'm the IT guy
I don't mind teaching people, and parting with my hard
Re:Wrong examples (Score:1)
Start Small - Start New (Score:5, Insightful)
Individual Pockets -> Workgroup -> Departmental -> Enterprise
As much as I love open source and think it provides tremendous value to organizations, I have to realistically evaluate any large migration and observe two obvious points:
1) It's different. There will be people who will not want to see it succeed. You will need to PROVE that the functionality provided is SUPERIOR and that the cost of migrating is overcome by the reduced ongoing TCO.
2) Is your organization ready to provide the level of support it has become accustomed too? Are you a MS Enterprise or Select customer? You need to prepare for the fact that to some extent the warm fuzzy blanket of misleading comfort is being pulled away from the organization.
I would NOT begin by migrating something. I would begin by looking for a new unit, group, or area of the business. New is much easier to accomplish than migrate.
Finally, if you are a hardcore MS shop, the financial pitch to MGT can be the leverage that doing something small can provide in price / service negotiations.
Re:Start Small - Start New (Score:2, Insightful)
The easiest migration to sell within a big company these days is probably browser choice. IE -> Firefox has a lot of momentum. Hardest is probably entrenched Exchange/Outlaw email software. Although Evolution is a pretty good client for compatibility.
Middleware and infrastructure stuff, like the web server, you just need to convince a small group of IT
Migration is never easy ... (Score:5, Insightful)
The point we should make clear is: Migrating from Windows to Unix Is a good decition (I Say Unix to make clear that i'm not talking about Freedom or ethical or monetary issues, just about the technical stuff) and it will make things just easier and safer in the long run. Technically, there is no possible discussion.
About non-technicall stuff: Microsoft insists in their "get the facts" bullshit that if you use windows you can hire incompetent sysadmins, and with Unix, you can't. It's just not a good idea to hire incompetent people. Hire a good sysadmin, and pay him well, what do you prefere, to pay thousands to a big monopoly for the right to copy, or pay a worker for actual honest work??
ALMAFUERTE
Re:Migration is never easy ... (Score:2)
Why ?
Technically, there is no possible discussion.
I disgree, there's a rather large "possible discussion", depending on what the client wants/needs.
Windows to Linux Migration Guide (Score:3, Informative)
Re:Windows to Linux Migration Guide (Score:2)
Good guide on Linux on Centrino
http://tuxmobil.org/centrino.html [tuxmobil.org]
Advice from someone who has done it. (Score:5, Informative)
LDAP is so useful, that you might as well start here. Remember that LDAP is a multipurpose directory. If you want to replace AD authentication and a windows PDC, IDEALX [idealx.org] has written some nice perl scripts and a tutorial on how to do this with OpenLDAP and Samba.
If you want to replace Exchange Server, use Openexchange [novell.com]. If you want to replace only your MTA, consider using postfix. On the server end, this isn't a ton of work. But you will likely have to change the way clients are connecting to your server & also what they can do with it. Sendmail/postfix will probably not be enough for you...
NTFS is a local file system. Samba is an open source SMB server/client. Big difference. See IDEALX for good Samba deployment.
Re:Advice from someone who has done it. (Score:2)
Re:Advice from someone who has done it. (Score:1)
Re:Advice from someone who has done it. (Score:2)
Alot of talk, little real activity (Score:1, Flamebait)
Larger enterprises look at and think about the "savings", but when you compare the training costs, hassle and resistance that most users will feel, you're not saving anything.
The places that have successfully transitioned to Linux (federal labs, Burlington Coat Factory, City of Largo, small companies) were either established Unix shops already or started with smal
Re:Alot of talk, little real activity (Score:4, Insightful)
Yes. And when 50% of the company is on linux, then what?
The key is to make your applications fully web-based and be os-agnostic. There are three main reasons companies even look to replace their existing systems:
* Cost, short term and long term.
* Increased functionality.
* Effective staffing.
Right now linux provides visible short-term cost. Also, it can provide some long-term cost saving but that's more fuzzy.
On functionality, the gaming world will tell you going away from windows is a step back. I think you gain some and you lose some, so wash.
Staffing: You need fewer people but you have to pay them more.
My horrible analogy: 400 day laborers with pickaxes or 1 highly paid driver in a Komatsu D575A-2SD [komatsuamerica.com].
> The places that have successfully transitioned to Linux (federal labs, Burlington Coat Factory, City of Largo, small companies) were either established Unix shops already or started with small or completely disorganized IT organizations.
Most companies have completely disorganized IT organizations, so that's actually good for future open-source adoption prospects
Re:Alot of talk, little real activity (Score:2)
Does your company require the need to play games in the office? If not, go to linux.
Re:Alot of talk, little real activity (Score:2)
Well, you should know, we play lots of games in the office.
Oh, you meant computer games?
hehe
Gotta love to Komatsu analogy... (Score:2)
The guy with the Komatsu (a WA1200, I'm sure, for the reach and flexibility) will be ripping around at full throttle, will top-dress your lawn in passing, fix the corporate toaster on his lunch break and be writing his own novel on the side as he works. And constantly thanking you for letting
do it step by step (Score:5, Insightful)
Also, you may (or may not) hit many little annoying details that would make you belive m$ fud more and more.
I've been trough two migrations now and what i learned is this: go easy, keep the existing systems in place for their forseeable lifetime (dont fix if it's not broken approach), implement OSS stuff only for new services and gradually replace old systems with newer, running OSS. In a timeframe of 2-5 years or so.
For these, you don't (Score:3, Insightful)
Sadly, Linux just isn't there yet when it comes to enterprise IT. Unless you're rolling your own core business applications, you're pretty much stuck with Windows. Want to run an integrated payroll/HRIS system from a shrinkwrapped package? No luck with Linux.
Further, IMO, while Suse's OpenExchange appears to be a compelling package (which I'd love to deploy in lieu of Exchange Server), I've had a very difficult time finding a local 3rd party vendor to support it.
The point of my post is not to denigrate Linux. I am generally a Linux advocate, and will still deploy it wherever it is practical (practical being the operant word here). The issue, however, is that much of these services are inside of niche markets where it doesn't make sense for the vendor to develop Linux support. Others are very bleeding edge and not commercially supported. If you don't have a very large IT department to support the services that you want to run, they're nearly useless -- that is, unless you've got gobs of free time on your hands.
OTOH; if you're rolling a custom app (and thus already have the staff you need), need a webserver, or a database backend, Linux may be an excellent choice. One way to look into it is to find out how Linux is most widely deployed and supported as a solution (ie web servers, database backends, etc). If you go the other way, choosing whatever solution you find that's "out there", you may find yourself in a heap of trouble -- looking for a new job. I supppose that this applies to all software, commercial or otherwise. Always ensure that you can support it...but it's something that one has to be especially cautious about when getting into a bleeding edge F/OSS package that is new enough where there is either no commercial support, or inadequate support for your needs...and unfortunately, there are currently quite a few of these out there.
Re:For these, you don't (Score:2, Troll)
Just want to go over what you didn't say, but implied:
1 - Windows is an exterprise class system.
2 - You can buy a shrinkwrapped package for Windows that does integrated payroll/HRIS for that aformentioned enterprise.
Excuse me, I have to wipe the te
Re:For these, you don't (Score:2)
It is. The original poster also implied that Windows is "enterprise class". This seems to just be generally implicit. You and I may or may not like Microsoft operating systems, but it doesn't change the fact that this is what they're in place for. You can see past your own agenda, right?
Yep...ADP'll sell you two different packages th
Re:For these, you don't (Score:3, Informative)
Seriously, the concept of "shrinkwrapped" software doesn't go with Enterprise -- a lot of customization and integration will need to be done. "QuickBooks" and its kin won't cut it. That's what I think of when "shrinkwrap" is mentioned. You are not going to find ADP software at your local computer store!
Now, if you are ARE talking enterprise accounting, the same number of solutions are going to be available on UNIX based platforms.
As to Windows "Enterprise" use... Micro
Oracle, IBM(websphere/UDB/Domino), Peoplesoft, SAP (Score:2)
AD is hard to migrate because it is very proprietary. (Mind you SAMBA can authenticate users).
For free software I would use
1) Linux as a firewall
2) Linux as a file and print server
3) Linux as a database server (Oracle, UDB, Postgresql)
4) Linux as an Application Server (Oracle/SAP/Peoplesoft)
5) Linux as a web server - Apache/Tux
6) Linux as a J2EE server (Websphere/JBOSS/BEA)
7) Linux as workstation (limited use) OpenOffice/etc
Enterprise software means different things to different peo
Wow (Score:5, Funny)
Ah, Slashdotters genuinely surprise me sometimes...
Re:Wow (Score:4, Funny)
She can'nah take much more'o this captain! Th' opensource drivers for the warp core containment controller card are only version 0.2.1 and the project hasn't seen an update for nearly a century! While the hardware is capable of running the engines at 110%, these incomplete kernel drivers can'nah hold her much longer than five minutes over 80%!
Kirk:
Bones! You've got Familiar Linux running on your tricorder, get online and see if you can find a patch for the warp core containment driver!
Bones:
Damnit Jim, I'm a doctor, not a kernel hacker.
Re:Wow (Score:2)
I gotta say it never even occurred to me, and I certainly used to be a Trekkie.
No REALLY!! How can I get NTFS-like permissions? (Score:4, Insightful)
MKTG group = rwx
DEV group = r
EXEC group = r
ADVERT group = rx
ADMINS group = rw
Is there a way to do this in Linux? I have no idea. It has always been my understanding that I'm stuck with UGO and sitcky bits for permissions. Is this entirely true or is there another way.
Re:No REALLY!! How can I get NTFS-like permissions (Score:3, Informative)
I'm hoping that one of the things that you love about Linux is its flexibility...most distributions can grow far beyond their packaging. :)
I believe that you're looking for ACL support (Access Control Lists). Check this [sourceforge.net] out. Also, just do a google search for Linux ACL's. There are lots of projects in development, and considering how long these have bee
Re:No REALLY!! How can I get NTFS-like permissions (Score:2)
Exaclty what I was referring to
Re:No REALLY!! How can I get NTFS-like permissions (Score:2)
Re:No REALLY!! How can I get NTFS-like permissions (Score:1)
Re:No REALLY!! How can I get NTFS-like permissions (Score:2)
It's really really really easy (Score:3, Informative)
The HOWTO that I linked to has a more detailed explanation of how to do it.
Re:No REALLY!! How can I get NTFS-like permissions (Score:2)
This is slightly off-topic, but (Score:2)
It's situational (Score:2)
Now she still misses the odd PS feature but also sorely misses GIMP features when on PS, the convenience of Konqueror and Firefox when stuck with MSIE and Windows Explorer, and really hates the constant crashing (I swapped her CD burner for a DVD burner yesterday and her machine had been up for 183 days since the last power failure - she never saves, with obvious consequences after five hours' typing
Hard or risky migrations (Score:2)
Samba for me has been a very good file server, performing seemingly much faster than I've seen with Windows servers, with the flexibility to do some very interesting and unusual setups.
try this, makes ur life easier (Score:1)