Implementing Linux in Your IT Organization
To help determine whether Linux has a role in your organization, we sort through the areas where the OS excels and where you should exercise caution.
January 30, 2004
Where's Tux?
We wanted to delve into all the areas where Linux is a presence, but our editor said we had to leave room for other articles. So we've analyzed only those application areas that support core business processes. You can find information on utility items, such as file and print sharing, and security applications, like intrusion-detection systems and firewalls, at our sister site, Linux Pipeline.This is where Linux is strongest. Every major Web server--with the notable exception of Microsoft's Inter- net Information Server--supports Linux. Whether you're a Fortune 500 running an entire rack of SunOne Web servers or a local distributor with a single Apache box, you could be running on Linux. If you're an IIS shop, one benefit of moving your Web servers to Linux right now is that all the knowledge your developers had for ASP is more applicable to PHP than to ASP.Net. Because PHP is developed for Linux Web servers first and ported to IIS later, it makes sense to run on Linux.
As for management, most commercial Web servers for Linux, including Sun's SunOne and Zeus Technology's Zeus, have excellent management interfaces that let you control all facets of your Web server through a user interface. Apache has some similar tools, but they're not as refined. If you're willing to learn the Apache 2 config file formats, you can administer things fine, but you might be better off, dollars-wise, talking with your vendor about the value its management console brings to your Web servers. If you enjoy Apache and just want help managing it and other common open-source products, check out Covalent Technologies' CAM (Covalent Application Manager). It manages Apache, the OS, several application-server pieces and MySQL from a central interface.
Web server vendors and projects: Apache, www.apache.org; Covalent Technologies, www.covalent.com; IBM, www.ibm.com; Roxen Internet Software, www.roxen.com; Sun, www.sun.com; Zeus Technology, www.zeus.com
If your organization wants IM that works internally and can interface to any major IM program, a Jabber-compliant IM server is for you (a list of Jabber-compliant servers is maintained at the Jabber Web site, www.jabber.org). Because Jabber is developed on Linux and ported to Windows, this is another excellent place for Linux. As of press time, the Windows version had some serious bugs that the Linux versions didn't exhibit. And because IM servers are most safely deployed as semi-stand-alone servers with interfaces to only a very few other systems--say, some form of ID-management server--running Linux on your IM servers won't have a huge impact on the rest of the servers in your data center.
Jabber is a little difficult to configure correctly, but helpful documentation is available, and if you purchase a commercial product, you'll have support while setting up your system. Commercial Jabber-compliant servers are available from Antepo, FaceTime Communications, Jabber, Jive Software and Rhombus IM, among others. Note that a simple internal- or Jabber-only configuration is much more manageable than a full deployment that supports AIM, ICQ, MSN and Yahoo. That's because each "connector" to a service must be configured separately.
By the Numbersclick to enlarge
Why do we push Jabber compliance? A Jabber-compliant server will serve up IM locally in a normal fashion, like all IM servers do, and it will let you install "connectors" that will give your users access to international IM services. If you wish (or are required by law) to log traffic, there are tools, like the open-source Bandersnatch project (formerly Jabberwocky, www.jabberstudio.org/projects/bandersnatch), that will let you log all this traffic. And, assuming the simplified bandwidth management built into Jabber doesn't suit your needs, tools such as FaceTime's IM Director can help you regulate the amount of bandwidth IM may consume.
Instant messaging vendors and projects: Antepo, www.antepo.com; DeskNow, www.desknow.com; eJabberD, ejabberd.jabberstudio.org; FaceTime Communications, www.facetime.com; i3Connect, www.i3connect.com; Jabber, www.jabber.com; JabberD, jabberd.jabberstudio.org; Jive Software, www.jivesoftware.com; OpenIM, www.javajabber.net/en; Rhombus IM, www.rhombusim.com; WPJabber, wpjabber.jabberstudio.org
All the major application servers have long supported Linux. If you go with a commercial vendor, such as BEA Systems, Borland Software, IBM, Oracle or Sybase, you'll get support for your Linux installation. One word of caution, however: Before you start your installation, determine the level of support your vendor offers. If you run into an OS issue, will the vendor walk you through it? Not everyone will. Oracle's "We Make Linux Unbreakable" marketing campaign is aimed at supporting users of Oracle on Linux, no matter whether their problems are with the OS or Oracle's products. On the opposite end of the spectrum, commercial licensees of Borland's Enterprise Server are encouraged to use available open-source resources to resolve OS issues. This difference is reflected in price, and both are good models for different markets.
If you're looking for an inexpensive solution, several open-source application servers are being used in enterprises on Linux successfully, but be certain you know what you're getting into. Setting up Apache, the Tomcat Application Server and some form of a database is a daunting task if you don't have resources available, in person or online, to get you through problems. This is where a lower-priced bundle, consisting primarily of open-source software with value-added packaging and support, is useful. For example, Borland's Enterprise Server starts at $399 and includes enhanced versions of Apache Axis, Apache Web servers and the Tomcat Application Server.
Interestingly, most multiplatform application servers are Java-based. The upshot is that you can't swap out your existing application-server infrastructure with any one we mention here without consulting your application-development staff.
NWC Project: Linux A-List
NWC Project: Linux A-ListIf you're looking for the perfect Open-Source application for your data-center-centric Linux server, check out our Linux A-List, compiled and maintained with recommendations by Contributing Editor Don MacVittie.
Application server vendors and projects: BEA Systems, www.bea.com; Borland Software Corp., www.borland.com; Enhydra, www.enhydra.org; IBM, www.ibm.com; JBoss, www.jboss.org; Novell, www.novell.com; Oracle Corp., www.oracle.com; Sun Microsystems, www.sun.com; Sybase, www.sybase.com; Tomcat, jakarta.apache.org/tomcat
LDAP has been around a long time. Most application-server, EAI (enterprise application integration) and portal vendors support it. There are some excellent products, most notably Novell's eDirectory, that implement LDAP on Linux. But there's a problem with setting up a pure LDAP server: Many applications require Active Directory Services. Some support both, but anything from Microsoft will require ADS or a PDC (Primary Domain Controller); products from vendors that support only Microsoft will be the same. There are even products that run on non-Windows platforms but require ADS to work!
Although LDAP has been characterized as difficult to set up, many commercial versions have useful interfaces to make configuration easier. Because of its roots, if you have Novell staffers in-house, LDAP will feel much like home to them given a decent user interface. There's a lot of support for LDAP in the open-source world as well, but the user interfaces for configuration and the import/export toolsets just don't measure up to those offered as "value adds" by some vendors. You can do the job with a purely open-source product, but again, make certain your staff is prepared for the work involved. That said, don't let us scare you off: Open-source projects like OpenLDAP have come a long way in the past couple of years.
LDAP vendors and projects: Computer Associates International, www.ca.com; IBM, www.ibm.com; Novell, www.novell.com; OpenLDAP, www.openldap.org; Oracle, www.oracle.com; Siemens, www.innosoft.com/ldap_survey/vendor/sni; Sun Microsystems, www.sun.com
Although many e-mail servers run on Linux, things could be better in this area. Maybe it's a marketing failure on the part of vendors, or maybe it's a support issue, but there just aren't many e-mail servers that can be managed by mere mortals. We list the commercial ones, and these work well on Linux. If you're looking to move your e-mail to Linux and your vendor is on our list, you should be good to go.
However, if you're looking for an inexpensive, noncommercial solution, we have some bad news: Most popular open-source e-mail servers are devilishly difficult to configure--so difficult that people with computer science degrees combined with years of e-mail and Linux experience have walked away from them. Modifying rules in both Sendmail and Qmail, arguably the two most popular open-source alternatives, is tricky, and anyone who has delved into sendmail.cf can tell you it's not where your average IT person wants to be. We've heard of people spending weeks trying to modify rules for filtering and blocking.
On the other hand, we spoke with one Fortune 1000 that's using Sendmail on an IBM AIX machine to filter out e-mail viruses and worms before mail touches a Windows computer. Judging by the slew of Windows-specific attacks over the past few years, this is a good plan, but check with your spam-filtering vendors about support and pricing before you commit to it. If you configure your own Linux-filtering machine, ensure that at your volume, you wouldn't be better off purchasing a service like Postini or SingleFin to do this for you.
IT Minute: Linux in the Enterprise
Grab your RealPlayer and get the inside scoop on which applications you'll need to put Linux to work in your organization.
Mail server vendors and projects: Lotus, www.lotus.com; Novell, www.novell.com; QMail, www.qmail.org/top.html; Sendmail, www.sendmail.org; Stalker, www.stalker.com; Sun Microsystems, www.sun.com
Once again, we have to start with the statement: "All major vendors except Microsoft support Linux." Add to that the "Unbreakable Linux" pledge from Oracle, and you get quite the Linux hotspot. All the vendors that sell Linux versions of their databases offer decent Linux support, but Oracle has gone so far as to say: "If you run into a problem, we'll help you fix it." That's a huge commitment. Moreover, the vendors that support Linux own more than 50 percent of the database market among them, by any measure. That's reassuring in the long run.
But it's not all roses. Although these vendors will help get their databases up and running, and will even offer you support for getting ODBC started, generic ODBC support is still lacking. This is problematic because most applications designed to access databases use ODBC. Sure, you can get IBM DB2 ODBC support, for example, and IBM will even help you configure it so your Windows applications have access. But that's just for DB2. If ever you decide to leave IBM, you must work through the whole ODBC issue with another vendor before the move can take place. This is a serious problem for those who want to run databases from multiple vendors, and it throws a wrench in the strategic plan to move to Linux as a way to provide an exit strategy in case vendors don't live up to support needs.
In the open-source space, some very good databases are available--MaxDB, mSQL, MySQL, Postgres and many others. Most of these also support ODBC in each particular database, but again, we face the issue of separate configuration and maintenance for each. If you have the chops to set up and configure FreeTDS, you'll get some ODBC functionality out of your database, but it's not nearly as complete as that offered by vendors.
Again, remember that if your organization has a preferred database vendor, the ODBC issue probably won't affect you. If your vendor supports Linux, it's a safe bet that it supports ODBC for Linux-hosted databases. This support was lacking in MySQL, but the integration of MaxDB is addressing this issue.
Database server vendors and projects: IBM, www.ibm.com; mSQL, www.hughes.com.au; MySQL, www.mysql.com; Oracle, www.oracle.com; Postgres, www.postgresql.org; Sybase, www.sybase.com
The product areas listed here are just a sample of what's available to you on Linux. Plenty of viable Linux-based software is out there to support your needs, and now that you know where the OS' strengths and weaknesses lie, you can choose with confidence. The question then becomes: Is your IT staff ready to support Linux? If not, you should address that in your training budget soon.
Don MacVittie is an application engineer at WPS Resources and a contributing editor to NETWORK COMPUTING. Write to him at [email protected].
You May Also Like