Linux mass deployment and client OS choice
-
One of my clients would like to have a linux environment for a very controlled setup. He wanted to have Linux OS as clients, mainly to avoid license costs, and needs to have only few things on the machine- a browser, pdf reader, mail client, excel (Openoffice/Libre) and an image viewer. Everything else should be locked for the end user. Plus needs to set a password policy to update password every 90 days and should be able to do a centralised inventory.
There is also a plan to have a Windows network with AD but that is only for very limited users. Has specific business requirement to have these mixed environments. Both OS will share/should have central inventory, helpdesk ticketing system and KB.
So my requirements are:
An image management system where I can create a master image with the standard software and push it to all machines, (around 40 linux machines)- Use WDS with this guide or FOG (haven't seen any guide for Linux deployment yet)
A good linux desktop OS- Thinking of Ubuntu, there are users with dual core machines.
Central inventory system- Spiceworks? (I know it supports both Win & Linux- using SSH, and also takes care of helpdesk and KB)
-
You might look at ZorinOS or Arch Linux.
Keep in mind if you use them with AD you then need CALs for all of the linux machines or users. You could do a linux based directory services & file server.
-
Zorin is a good place to start, and Mint, of course.
-
Linux machines are rarely imaged because they are so easy to build compared to Windows. Use something like Chef or Puppet to control the fleet.
-
@thecreativeone91 said:
ZorinOS- seems to be a good option. Both Win & Linux will be using a central storage (still thinking between QNAP & Synology), but I assume both can be used to share files, and no need to be added to the AD.
@scottalanmiller I need to deploy the OS to multiple machines rather than doing it manually, with the packages required as mentioned earlier. I haven't tested puppet/chef yet, which would be an easy and one to setup and free?
-
@Ambarishrh said:
@scottalanmiller I need to deploy the OS to multiple machines rather than doing it manually, with the packages required as mentioned earlier. I haven't tested puppet/chef yet, which would be an easy and one to setup and free?
I understand, but there is no need for imaging to do that. Imaging is one solution but one that requires continuous updating. It's not how the Linux world typically handles this stuff as the Chef/Puppet approach does this via script and does so much more than an image does - like also keeping those systems updated, automatically deploying new packages when needed, etc.
Neither is super easy, sadly. That's the downside, major learning curve. But once you learn one or the other, you have a lot of power.
Simpler solution is just to script what you need. But that is less powerful for the future.
-
@scottalanmiller So If I need to choose between Chef and Puppet, what do you recommend? I think Chef is free and Puppet is paid if you need advance options
-
I keep being in a position that uses Chef. Haven't used Puppet. Chef's unlimited free option is pretty important in a case like this. So likely I would go Chef.
-
So chef can be used to customise a Zorin OS with the softwares required and deploy on multiple machines? And probably the password reset and other things can be updated via chef and push it back to the machines I guess!
-
Chef allows for custom scripting so there is very little that you can't do.
-
Checking on chef now, seems like a good project integrating all. Once succesfully completed, I would probably write about the whole setup if time permits.
-
Also thinking on using Windows AD with centrify to get the users login from a central system, thus managing user password policies too. But just wondering, if I use AD via centrify, do I still need to get the CALs? Or to reduce the CAL cost may be I could do an open LDAP server for Linux and AD for Windows and split the network drive share authentication (Windows users will be accessing a share dedicated and controlled via AD, and Linux users via openldap?) Just ideas as of now, need to see how practical those are!
-
CALs are per user, they don't care what the technology of the connecting device is. So if you have an account in AD, you need a CAL for that account.
-
Hmm. I Don't know if you could join both a Linux file server to both a windows domain and Openldap. But I bet there is a way.
