Cisco IT Manager Targeting 70% Linux 312
RMX writes "LinuxWorld Australia has an
interesting article discussing Linux Desktop adoption in Cisco.
Cisco "already converted more than 2,000 of its engineers to Linux desktops...plans to move many laptop users to the platform over the next few years...the driver for Linux on the desktop is not cost savings, but easier support. Manning estimates that it takes a company approximately one desktop administrator to support 40 Windows PCs, while one administrator can support between 200 and 400 Linux desktops.'"
40:1 ? (Score:4, Insightful)
Re:40:1 ? (Score:3, Informative)
However, I do also support a number of Linux/FreeBSD servers and think they are much less trouble. Also, have heard admins on both systems who say they support thousands of systems.
Re:40:1 ? (Score:3, Interesting)
Re:40:1 ? (Score:3, Interesting)
They're also talking engineers' desktops at an embedded-hardware company, so most of the usual stories about "we'll give everyone a word processor and a web browser and that will be that" probably change a lot.
Our company is completely different to that of course. Every software engineer maintains their own machine. The amount of time we spend on application or OS problems easily exceeds 1/200 of working hours.
Re:40:1 ? (Score:3, Interesting)
A 'team' could probably support 200 windows PC's. An individual would run so far behind on updates and fixes to the updates that it would be far too unreasonable for a major firm that has major security expectations to do things that way.
Not to say linux doesnt have similar issues
Re:40:1 ? (Score:2)
Re:40:1 ? (Score:5, Insightful)
I used to work in an all-microsoft shop back when Nt4 was new and at that time the ratio for us was about 20-30 users to 1 support person. However we did more than just helpdesk support. But when I left to come to a NetWare shop I was amazed at how many more users were being supported per number of IT people. It was at least triple. And to top it off, at the NetWare shop we are responsible for much more than at the other place. In addition to data we also handle phone and security and support users at remote locations. So I think the ratio will differ from company to company depending on various things but I know from experience that Windows is support intensive.
Re:40:1 ? (Score:5, Insightful)
Regards,
Steve
Re:40:1 ? (Score:4, Interesting)
I know this is a bit offtopic, but... AFS [openafs.org]'s support for backup volumes provides basically this same thing as a feature built into the filesystem. Furthermore, it lets the administrator issue commands (from any node on the network) like "move this volume from partition 1 on file server A to partition 3 on file server B"; the data gets moved, and the clients are notified to use the new fileserver for files on that volume with no further work. You can also have read-only volumes be located on multiple fileservers, and the clients will automatically load-balance between them; further, updates to these read-only volumes can be made by an admin editing a read-write copy of the volume, and then pushed over to the read-only volume as a single transaction.
Making it performant can be a PITA, but from an administration perspective it's really neat stuff.
Re:40:1 ? (Score:5, Interesting)
Re:40:1 ? (Score:5, Interesting)
If the company can stomach the up front costs for locking down the systems - then yes their ok, and the engineers need more help, but for smaller companies that are more reactive, the AIM using, Arery form printing, spyware downloading secretaries are a pain in the butt.
Re:40:1 ? (Score:3, Insightful)
Different perspective... (Score:2)
I hear this secretary vs. technical staff argument all the time, but in truth it's the techies who think the are immune to virus and such, and head out on the net to surf willy-nilly,picking up communicable diseases and bringing them home to the network.
Re:Different perspective... (Score:5, Insightful)
Re:Different perspective... (Score:3, Informative)
Re:40:1 ? (Score:5, Insightful)
Every company is different, and I guarantee you most of the people at Cisco are doing a hell of a lot more interesting things that answering email, writing word documents, and scheduling meetings.
You really have to consider all the factors involved, of which we don't have many, so if the IT manager at Cisco says he need 1 support person for every 40 machines, he's probably not lying.
Maybe instead of merely slamming his numbers you could try to extrapolate and learn from.
Re:40:1 ? (Score:3, Insightful)
Because no manager ever fudges the staff numbers to make a case, right?
Re:40:1 ? (Score:3, Insightful)
In order for a windows admin to support 200 pc's he has to be EXTREMELY overworked, and the setup has to be very simple and streamlined.
Now I'll grant that 40-1 is low, but that is about what it would take to be able to deliver IMMEDIATE response to technical problems without users being able to install/configure software themselves (meaning at any given moment the
Re:40:1 ? (Score:3, Interesting)
I suppose it's all about what level of service you want to provide to your users. The basic message that Linux is easier to admin still holds true though.
Re:40:1 ? (Score:2)
In all seriousness 40:1 doesn't sound too far off to me.
Re:40:1 ? (Score:2)
And who knows more about Cisco's usage patterns, and needs?
Cisco or you?
Re:40:1 ? (Score:2)
Re:40:1 ? (Score:3)
40:1 actually seems high if you take into account the time spent by informal power users.
Though I'm not (officially) an admin on this contract, I am pulled in frequently to handle problems with systems...nearly always Windows 2000 and XP. The Linux systems are almost(!) drop and forget. Not as ignorable as Netware, though much more adaptable.
Heh. Try nearly 2000:1 (Score:3, Interesting)
Re:Heh. Try nearly 2000:1 (Score:3, Informative)
Call it the Brittish spelling if you wish
1:40 ? (Score:4, Interesting)
Re:1:40 local support, ex. central IT admins (Score:4, Informative)
Including in-house bespoke application support (specialist programmers emplyed under an IT remit, rather than technically able and active users) and you're down to 1:6 in some areas. On the other hand we have specialist terminals (with high maintainence requirements as well as user training etc) which are more like 1:90.
Inefficiency abounds in some companies.
Re:1:40 ? (Score:2)
Re:1:40 ? (Score:3, Interesting)
Re:1:40 ? (Score:2)
Re:1:40 ? (Score:3, Insightful)
Re:1:40 ? (Score:3, Insightful)
Is it (Score:3, Interesting)
Get the Facts(TM)! (Score:5, Funny)
Re:Get the Facts(TM)! (Score:3, Funny)
Of course if that chimpanzee is an MCSE, it'll cost you twice as many bananas than if he isn't. Oh and never say "Get your hands off me, you damn dirty ape!" They hate that.
Re:Get the Facts(TM)! (Score:2)
Evidently the same refers to the MS CEO too....
"Developers! Developers! Developers!"
Re:Get the Facts(TM)! (Score:3, Insightful)
A couple of points:
1) I hold the following certs: MCSE, MCSA. LPIC-2, A+, Network+, Server+, Inet+
2) I spend at least as much time as a consultant working with Windows as I do helping my customers with Linux. I can design Windows networks and troubleshoot them with the best.
3) I used to work at Microsoft.
Ok...... Now for my opinions:
1) Windows sucks because it is TOO COMPLICATED.
2) Windows security sucks because Windows is
Wrong! (Score:3, Insightful)
And EVERYONE knows that easier support doesn't save any cost.
About time someone mentioned this.... (Score:4, Interesting)
Oh great (Score:5, Funny)
Critical mass... (Score:2, Interesting)
Re:Critical mass... (Score:2, Funny)
One reason is the better overall security in Linux. For example you actually need to mark a file executable before you can execute it on Linux.
Another reason is the diversity of Linux systems. Worms and virii thrive best in monocultures, and it is hard to write such a beast so it is able to thrive in a hundred different Linux variants.
Re:Critical mass... (Score:3, Insightful)
Considering that Linux is not monoculture and Linux machines never run as root the way Windows machines do, the support ratio will not change. Cisco's internal distribution might be monoculture but how do you suppose virus writers will figure out company changes? They won't.
Virus and general malicious software is difficult to write when
Re:Critical mass... (Score:2)
It will. Linux WILL be monoculture if it becomes mainstream. Most of Linux will come from a handful of vendors, who will eventually converge in respect to system configuration.
Also it doesn't matter if it's not run as root. All the damage can be done to the home directory. That's where all the important files are. Also the virii/wormii can put themselves into confi
Re:Critical mass... (Score:3, Insightful)
The key is that it's very hard to destroy a system with a Linux virus.
Re:Critical mass... (Score:2, Insightful)
However, this is simply not the case. Windows is a very homogenous system. Every win2k box is a win2k box. The only differences are slight differences in configuration.
Linux is heterogenous. I mean even if you take a distribution like fedora core 3. Every FC3 box has the same kernel. And if they are u
Re:Critical mass... (Score:2)
Re:Critical mass... (Score:2)
Your point that more people will write worms/viruses for Linux once it reaches critical mass may be on target, but your assumption regarding the effect is offbase.
Because most people use Windows as a "root" user and most would not run Linux as a root user (Lindows being the exception) there are very big differences in the possible effects. The differences in Linux and Windows are much greater than the look of the desktop: Most of the security features in Linux are built dir
Re:Critical mass... (Score:2)
I'm not sure that's entirely true. In many cases the motivaiton for making malware is the intellectual challange. People want to make themselves noticed by others. In windows you have no way to make a differee other than by distroy for others. In the world of free software you can show off and make a difference by improving the software instead of destroying it.
Besides with things
Re:Critical mass... (Score:2)
Re:Critical mass... (Score:3, Interesting)
I have read many articles that say that this sort of testing is often not done with OSS projects prior to the patch being released.
Right, (Score:5, Insightful)
Look at a vulnerability (Score:4, Insightful)
In short: When you don't bundle fixes you typically have one-line fixes which don't break code which isn't already broken (by relying on buggy behavior). Hence, testing time is minimized.
Re:Look at a vulnerability (Score:3, Insightful)
The choice is between having a security hole in a deployed piece of software, and running the risk of breaking applications that depend on that security hole. It's your choice whether or not to install security updates. How is the community supposed to regression test against your buggy closed source in-house software? Obviously, they can't. That's one of the responsibilities that you took upon yourself by standardizing on a poorly-supported proprietary application in-house.
It's
Re:Critical mass... (Score:3, Interesting)
Re:Critical mass... (Score:2)
Re:Critical mass... (Score:3, Insightful)
Little if any functionality of most worms requires root privileges. They could run just fine as a user process.
about the worst thing that can happen is the home directory to be wiped out
Which is usually the only directory on a workstation that contains any information of value.
Delete all your home directories, rsync or rdiff your backup in and magically things just work.
You could restore the entire filesystem on any c
Re:Critical mass... (Score:2)
This is the main problem with the standard Unix access control, which is based on the idea of users and groups. There are people working on systems that allow finer-grained control, like SE-Linux. Hopefully, by the time Linux is the default desktop platform, those experiments will have produced something useful.
Re:Critical mass... (Score:2, Flamebait)
Oh lovely, so as long as only your personal files and work are wiped out. As long as the files which are identical to the ones on the installation disk survive.
Heh (Score:3, Informative)
TCO (Score:5, Insightful)
What i'm sure it doesn't show is that a linux engineer handling 200 computers can provide a much better service (due to the fact that more is "known and controllable" in linux than windows) than a windows sysadmin handling the same amount of computers, resulting in lower costs of security, less costs related to spywares, viruses, user support calls, etc.
Re:TCO (Score:2)
but microsoft.... (Score:2, Funny)
Handling Firefox (Score:5, Interesting)
Re:Handling Firefox (Score:2)
Re:Handling Firefox (Score:2)
Re:Handling Firefox (Score:5, Interesting)
In the corporate environment (ie when the PC isn't yours and the company doesn't want to spend ages fixing messes you've made 'personalizing' your PC) you need to lock down some preferences (eg proxy settings, security settings, mail account details if you're using thunderbird/moz suite). This used to be really easy under the old Netscape suite (there was a GUI tool), and although there's some support still left in firefox/mozilla (you can lock down prefs manually in the
Check out the Mozilla Enterprise [mozdev.org] project for more details and how some of us have hacked together lockdown and other 'enterprise' requirements.
Re:Handling Firefox (Score:2)
Too much time is spent on people who deviate from the norm and then expect the world to stop to help them fix their mistakes.
Bullshit (Score:5, Informative)
Re:Bullshit (Score:3, Interesting)
The cool thing with C
Cost Savings (Score:5, Insightful)
Isn't this still Cost Savings, when you don't need to hire as many admins?
Re:Cost Savings (Score:2)
Isn't this still Cost Savings, when you don't need to hire as many admins?
If the only cost is the # of admins, yes. I'm curious what the other factors are. (I can guess, though I'd like to hear what Cisco says and the article is fairly short.)
Not cost driven? (Score:4, Funny)
And this does not represent a cost savings?
License management... (Score:5, Insightful)
My Windows co-workers often need a CD either because they need new software, or due to their computer requesting a CD due to some function not already installed. Finding the RIGHT CD (they are like 1000 cd's every month, and they are neatly marked in INVISIBLE, but very fancy, writing) is a total pain. Then, there is the issue of which key is used for this one (oh, you used the english version!) really turns this into a nightmare.
Folks running windows run all kinds of different versions of their software. Why, upgrading costs time and money. On my Slackware machines, swaret has done all upgrades for me, totally automatically! Just upgraded one PC from Slackware 9.0 to 10.1 - swaret --upgrade wait for a while (was a 200mhz...) and reboot when all is done. No keys, no CDs, no cost. Totally brilliant!
Re:License management... (Score:2)
If you let all the employees buy and install their own software you're in deep shit.
You install the OS and all the software from the network and you have no trouble with CD's.
Install the OS from an image or using RIS.
Don't buy retail software! Get a license plan and enterprise install CD's that let you create a network install point for MS Office. Installation takes place via group policies so there's zero user involvement in software installation.
When I have a new mach
Re:License management... (Score:2)
Sounds like your company is doing it wrong (Score:3, Interesting)
I'm using Linux thin clients for most of my basic needs users at work.
Re:License management... (Score:2)
Linux on the Desktop will Accelerate (Score:3, Insightful)
Linux is easier to maintain than Windows, largely thanks to IBM. Linux is more reliable and is less prone to infection by viruses and malware (e.g. spyware) than Windows. IBM ensures that any OS (whether it is commercial or free) shipped to customers on its computer systems meets stringent requirements for reliability.
IBM has been vindicated. IBM initially tried to dethrone Microsoft by producing OS/2, but it was a failure. Now, IBM has thrown its weight behind a product (i.e. Linux) developed outside of IBM, and that product is succeeding in hurting Windows.
Re:Linux on the Desktop will Accelerate (Score:3, Interesting)
Maybe the success of Firefox will force web programmers to develop for more than one browser, and then we can all more easily switch to Linux.
Re:Linux on the Desktop will Accelerate (Score:2)
But, as an executive of a medium-sized retail chain, I can tell you IBM retail have done a piss-poor job of selling Linux to me. And I want to use Linux!
They are basically forcing us to use IRES which provides nothing we need over the SLRS (Suse Linux Retail Solution). And they don't know what they are selling.
Notes (Score:2)
I work for Cisco... (Score:5, Informative)
Re:I work for Cisco... (Score:2, Insightful)
The requirements for supporting an engineer's windows desktop securely would be much higher, if you support them at all. Whereas on linux, p
Hey! maybe now we'll see open source drivers ... (Score:2, Funny)
Support cost less not due to windows per se... (Score:2, Insightful)
If a support tech can only support 40 windows PCs, but another support tech can support 200 Linux PCs, is the difference the amount of support or the intelligence of the tech.
Now I run windows, and have administered windows and I develop software for windows. However, Linux is not as straightforward to administer as windows. I think it requires someone with more skills to administer a Linux box than a windows box.
Someone with more skills will likely be better at administration in
If done right, Windows workstations aren't bad.. (Score:3, Insightful)
With the help of Active Directory, some really neat software (Marimba) and some planning, you can manage thousands of Windows workstations with a minimal staff.
You lock down the machines (no admin logins) you manage the software versions and patches (centralized software distribution) and you don't allow users to install software on their own.
Denying admin logins alone stops 95% of all spyware.
40 workstations without any control WOULD be all an admin could handle, but when you deploy them correctly you can support over 10x that - just like any other system.
most damaging aspect of all about this... (Score:2)
I think the most damage to the reputation and progress of linux is that this comparison gets the imprimatur of syndication and publication in "respected" newspapers. (Of course, nestled in the byline, one may notice the AP reporter is from Seattle, hmmmmmmm). For those who may not have read the article, it is worth the read.... an
A pipe dream? (Score:3, Insightful)
There are rumors that the CallManager software (Cisco's IP PBX) will be ported from Windows 2000 to Linux. As it is, to run this box safely today requires having the box on its own subnet with access lists, running anti-virus software on the box(es), running Cisco Security Agent (looks for anamolous behavior of running programs), and running the boxes in a redundant fashion. Not that porting to Linux would solve all problems, but a box that runs a web server, SQL2000, and Windows 2000 has a fair number of issues that could r0x the b0x. Not the least is that if you download a patch from Microsoft that Cisco hasn't approved, and it breaks the box, Cisco TAC will wash its hands of you.
However, Cisco and Microsoft are not only in bed with each other, they are spooning. Part of Cisco's new security initiative involves running Cisco software on desktops to check if the anti-virus and CSA software are up to date, and not allow them to join the network until they are. This is part of those Cisco commercials where the "Self-defending Network" comes in and stops attacks. Getting Cisco software to use the Microsoft API in a world where MS could simply roll their own software just like it for free is a tricky business. Cisco needs to know what Microsoft is doing, and Microsoft could just as easily start doing more business with Juniper should they want to.
What I'm saying is that Cisco uses Linux today for a good number of its products (Content Networking, CallManager, etc) because of its stability. However, the aims of this guy to publically change internal desktops to Linux would be nullified by just one phone call from Gates to Chambers (Cisco CEO).
Re:A pipe dream? (Score:2)
TCO: Michael Tiemann, Red Hat (Score:2)
The video covers Linux specifically, though the ideas can be used on just about any project. Very slick.
Re:TCO: Michael Tiemann, Red Hat (Score:2)
BTW, thats a great sig. I've lots count of the number of times people have asked me how they got spyware (usually browser "search" toolbars) when their firewall is meant to protect them. But can you turn off what you don't need in Windows?
Cisco, while you are at it... (Score:2)
Firefox seems to be working fine but i don't take risks and use IE when taking the exams.
Linux Laptops (Score:2)
For how he uses a laptop (email, browsing, serial terminal emulation), it suits him just fine. And it's cool.
un-American, that's what it is (Score:3, Funny)
I think that if we bought products from the company of every CEO that has slept in the Lincoln Bedroom, we'd have more prosperity, fewer terrorists, better return on our investment dollars, and higher executive bonuses that would trickle down to all layers of our economy, especially at American-staffed Mercedes and Lexus auto dealerships. So stay away from that Linux corruption. It's bad, very BAD!!!
DT
Cisco hardware deployment with non-Winders (Score:5, Interesting)
Guess I'll continue to stick to CLI and console cables for configuration and management.
Re:Offtopic? (Score:3, Funny)
Of course, when Microsoft releases the Linux client, I'm sure Cisco would be willing to evaluate it as a solution...
Bob
Not correct-- different problem (Score:2)
Actually, you can use AD as a single signon with Linux by authenticating against Kerberos, extending AD to include the LDAP-NIS data, and configuring nsswitch to use LDAP for information. It
Re:more like 1700:5 (Score:2, Funny)
Hi! This is your manager here!
Thanks for that great and timely information.
Starting Monday, your team will comprise 4 persons instead of 5.
Have a nice weekend, and don't bother coming in on Monday.
Re:admin ratio (Score:2)
1. AD with group policies can deploy necessary security configurations to as many machines as wanted as well as applications.
2. SUS server will ensure the patches needed and approved will get applied
3. Properly configured images using your favourite image software (update as needed).
4. Lock down the machine so the user can't save to the local workstation and redirect their folders to a network shar