Configuration Management Tools Can Ease the Migration From Microsoft to Linux @ JDJ

来源：互联网发布：ps美工基础知识编辑：程序博客网时间：2024/05/17 08:35

Here's a scenario. Among the systems administrators (SAs) in your company, you're the exception, not the rule. You cut your teeth on Unix, you keep up your Unix skills, and you still favor Unix in many respects.

But you're also a pragmatist, and probably a parent with mouths to feed, so as Microsoft has become more and more prevalent on the server side of the network, you have added to your skill set by joining the hundreds of thousands of other Microsoft-Certified Professionals worldwide. the reason why you're an exception at your company is because most of your SA peers have limited, if any, Unix experience - most are strictly Microsoft Certified.

One day your boss comes to you with a "special project." He's aware of your Unix background and of the similarity between Linux and Unix, and he noticed that you left the office before midnight two days in a row. Concluding that you have some spare time, he asks you to research and report back to him on the feasibility of migrating your company's network services From Microsoft to Linux. Most likely you answer with the following: "Boss, we Can definitely save money in licensing fees by moving these services to Linux, but there will be a signifiCant cost to train our team on Linux administration or to go out and hire some new people who already have these skills. And oh, by the way, finding these people may not be easy, since there are about 10 times as many Microsoft-Certified engineers as there are Linux-Certified engineers."

This scenario is validated by the major studies of IT infrastructure total cost of ownership. For example, IDC provides a good summary of the cost/benefit analysis IT executives face when considering migrating to Linux.

there are many reasons why Linux is an increasingly attractive choice for users. One is cost of acquisition: if hardware and software costs are critical decision factors, Linux solutions on Intel architecture Can offer attractive price points, particularly when compared with RISC/Unix system configurations.

On the other hand, if administration, operations, training, and other staffing costs are critical factors, Linux may or may not be mature enough for deployment. IDC notes that organizations having strong Unix expertise will be immediately comfortable with Linux and will likely find the cost of ongoing support to be similar to or less than that of a Unix platform. But organizations with deep experience in a Windows environment may not be as comfortable with the approaches used by Linux and may therefore face a steep learning curve.

"Expanding Linux Systems Configurations for Enterprise Deployment." An IDC White Paper Sponsored by Veritas and IBM, 2003.

While the results of this analysis will certainly vary From company to company depending on the number of services they plan to migrate to Linux and the depth of Linux/Unix experience on their IT bench, one conclusion that seems certain is this: in order for Linux server deployments to continue to grow at the pace set in 2003 and in 2004, Linux has to grow not just in lieu of Unix sales, but increasingly instead of Windows. to do this, new tools are needed so that IT groups with a predominantly Windows skill base Can quickly become comfortable managing a Linux infrastructure.

Got Linux Management tools?the need for new Linux administration and management tools is being addressed both by companies and by the Linux community. Most notable among the corporations attending to this problem are Novell and Red Hat, the two largest providers of Linux distributions. these companies offer tools that automate many of the manual tasks, which, even for the seasoned Linux/Unix administrator, Can be time-consuming and error-prone - tasks like patch and update distribution, bulk template provisioning, and dependency checking. What are time-consuming tasks for the experienced POSIX admin Can be downright alien tasks for the Windows administrator accustomed to tools like SMS and HFNetChk. From the Linux community, the BSD-like licensed Webmin (www.webmin.com) project is a strong tool for the configuration management of smaller Unix/Linux networks (see Figure 1), while Cacti (www.cacti.net) offers very nice server monitoring capabilities (see Figure 2). these corporate- and community-sponsored tools fill an important part of the need for greater Linux manageability.

Still, in medium, large, and/or distributed IT environments, there is a gap in functionality. Once the Linux server applications are deployed, the dependencies checked, and the patches applied, there is an ongoing need to provide SAs with an intuitive way to implement configuration changes to the services running on their Linux servers. Historically, the Linux space has lacked the tools that enable centralized, GUI-based configuration management with such features as the ability to group distributed servers and then apply configuration changes to one server, a group of servers, or all servers simultaneously. This functionality gap is depicted in Table 1.

today, for example, if an admin has a trusted GUI for Sendmail, any configuration change Can only be made to one server at a time. If the change must be made to multiple servers, as with clusters or with regional/global configuration changes, the exact same change must be made to each and every server. If the administrator does not use a GUI but rather edits the .conf/ file manually, this too must be done on all the servers to which the change is to be applied. Not only is this approach time-consuming, but if an error should be made, the process of finding and fixing it Can be equally, if not more, time-consuming.

Some experienced Linux/Unix administrators write custom scripts to lessen the time required to make changes across multiple servers. While this approach Can work well, one downside is that unless the scripts are widely understood across the company's IT department, the scripts designed to make the IT staff's job easier Can become a major disruption if/when the admin who wrote them leaves the company, gets sick, or goes hiking in the Himalayas for a week. In addition, while scripts Can be very useful for the SAs who write and use them, they generally don't provide IT management with the auditing, control, or rollback capabilities that are becoming increasingly important.

A new kind of tool that we refer to as enterprise-class configuration management Can satisfy the Linux, Unix, and Microsoft Administrators' need for a simple way to make changes across multiple Linux servers, while providing IT management with the control, auditing, and rollback capabilities they need. Granted - the term "enterprise class" is to IT solutions as "tough on crime" is to politicians - everyone says they are, but what does it really mean? Here's what we mean: flexible to adapt to your organization (not vice versa); secure so you Can control, audit, and rollback changes; and powerful to enable you to make configuration changes to one server, a group of servers, or all servers, and to let you implement the changes immediately or sometime later. As a result of these capabilities, enterprise-class configuration management tools deliver the following benefits:

Help reduce configuration errors

Help IT standardize on Linux for more services, faster

Ease the burden of regulatory compliance by offering detailed audit and control

Offer the flexibility to fit your organization with minimal workflow disruption

Reducing ErrorsConsider an error in DNS configuration, for example. Because it underpins so much of the Internet and corporate networks, a small error configuring DNS Can result in numerous, seemingly unrelated network problems. DNS configuration errors have been known to cause problems with directory services and e-mail, and Can even prevent users From accessing applications when these applications are set up to communicate with a database via the database's DNS name. An intuitive GUI-based system that implements changes to DNS servers would enable a relatively inexperienced Linux administrator to manage a corporate or ISP BIND network, and the logging and rollback capabilities would provide the safety net needed in the event that the most recent DNS configuration change happens to coincide with some funky e-mail errors.

Standardize on Linux for More Services, FasterAn additional benefit that accompanies simplifying the ongoing configuration management of Linux networks is that it enables an organization to more rapidly embrace Linux and open source for yet more services. For example, today most of the Internet is hosted using Apache, the open source Web server. Similarly popular is BIND (www.isc.org/index.pl?/sw/bind/), an open source application for Domain Name System servers. Without the tools to simplify management, staying on top of these two services may consume so much of your Linux administrator's time that moving more services to Linux may be difficult if not impossible to implement. Partly as a result of this, services like groupware, file and print sharing, and LDAP (www.openldap.org) are less frequently run on Linux. Once the Linux admins are made more efficient with the right tools, they'll have the bandwidth to oversee a move to Linux for additional services. Consider the potential savings, for example, if you could quickly implement a company-wide Linux-based groupware infrastructure.

Wade Olson, CIO of application integration and wireless data collection firm Core Function and long-time Linux user and advocate agrees, saying:

As strong proponents of the broader use of Linux and other open source technologies in corporate environments ourselves, we find the development of centralized configuration management solutions to be a very positive advancement. the lack of such configuration management solutions has been a major hurdle in achieving a broader level of corporate adoption for Linux. the fact that robust solutions of this type are now becoming available represents a huge step forward for Linux and for the open source movement on the whole.

Logging, Auditing, and RollbacksWhile important, Ease of use is clearly only one of the requirements for enterprise-class configuration management tools. As shown with the DNS example, such tools also need to give IT managers a clear view into their networks so they Can quickly see which servers are doing what, who made which changes when, and even provide such useful information as when server lEases expire.

When a particular configuration change causes or coincides with an undesired result, the ability to roll back to previous configurations must exist. In addition, as IT departments conform to new regulatory mandates, such as Sarbanes-Oxley and HIPPA, the auditing capabilities of configuration management tools take on even greater importance. In light of the new regulatory scrutiny of network operations, IT managers also need an easy way to ensure that administrators are only given permission to implement changes on the services and/or servers for which they are responsible. This capability is often referred to as role-based login, and it's vital for managing accountability and to Ease the establishment of audit trails.

FlexibilityEnterprise-class configuration management tools are flexible enough to adapt to the various organization models in use by different IT departments. Many IT departments are organized according to service, with centralized corporate e-mail administrators, Web administrators, database administrators, etc. Others are organized regionally, with administrators responsible for all the services running in their region. Still others are a hybrid of these two models and the possible permutations are nearly endless. the job of enterprise-class configuration management tools is not to tell IT how to do its job by enforcing a new workflow model. Rather, as with any good tool, the job of a configuration management tool is to help IT staff do their jobs better. therefore, admins must be able to customize these tools to the unique environments in which they are implemented. For example, if a subset of a bank's servers are allocated to and managed by branches, the tool needs to let IT represent and manage the servers in this way.

Part of the flexibility requirement is also satisfied through extensibility. Take this typical situation: a university IT manager would like to leverage more of his staff in the beginning of each semester to add new students to the network. Unfortunately, he has no way to abstract the complexity of LDAP, e-mail, DHCP, Samba, and Apache in order to enable his less experienced administrators to contribute to the twice-a-year onslaught. An extensible configuration management solution with open APIs would let him write a custom interface that would largely mask the complexities associated with providing the Class of 200x with e-mail, file and print permissions, Internet and intranet access, and so on. With this interface in place, more of his IT staff could help out with the biannual New Student Network Access Add-athon, thereby saving the expertise and sanity of his senior systems administrators for more strategic activities.

Parting ThoughtsBe Wary of Labels

An important item to be mindful of when evaluating configuration management tools is the difference between management and monitoring. Although these two capabilities are highly related and indeed highly complementary, they are different. As an example of just how confusing labels Can be in this market, consider the seemingly unambiguous term "configuration management." to the systems administrator, this term means all the stuff we've been discussing in this article, while to the software developer, it means a tool or process that helps her ensure that the code she's writing doesn't conflict with other processes and doesn't violate any protected intellectual property.

Obviously, these two meanings are oceans apart, even though they're being applied to exactly the same term. Though we probably have a long time to wait before the industry settles on a common set of terms and definitions, the important thing is to get past labels and really understand what the tools you're considering actually do.

A Word on Price

When looking at tools to help you manage a Linux network, make sure the tools aren't so expensive as to undo the savings gained From adopting Linux and open source in the first place. On this point, price is clearly of primary importance, but you also want to look closely at the tool's licensing model to make sure it's simple. A simple licensing model is always preferred over a complex one, but it takes on special importance here since one of the major soft cost advantages of Linux and open source is the freedom they give you From having to count users. Don't undo this benefit by purchasing a tool that imposes a complicated or otherwise onerous licensing scheme on you.

Conclusionthe availability of enterprise-class configuration management tools for Linux may well have changed our hypothetical administrator's response referenced at the beginning of the article. Instead of striking a cautious tone, he could have been more confident and aggressive in responding to his boss's interest in migrating their network services From Microsoft to Linux.

SIDEBAR

About Emu Software, Inc.Emu Software was founded to make the management of Linux networks easier and more robust, so that more companies and organizations Can do more with Linux. the founders and senior leaders of the company bring a unique combination of technical expertise derived From the management of mission-critical enterprise and service provider IP networks, as well as the authoring and coauthoring of several IETF drafts.

Emu Software's NetDirector centralizes, simplifies, and secures the configuration management of Linux servers running open source applications for HTTP, DNS, DHCP, Samba, e-mail, and FTP. Future relEases will add management support for databases, OpenLDAP, NFS, and Cups. the tool, which is based on a scalable and secure client/server model, has three primary components: server agents that reside on each server under management and are responsible for receiving and implementing configuration changes, a server manager that maintains the status of each server agent and receives and relays user commands for configuration changes, an intuitive GUI that allows the grouping of servers according to virtually any organizational criteria (e.g., geography, service, or workgroup), and the simultaneous editing of configurations across any number of servers and/or groups of servers.

For example, a system administrator may need to decrEase the default lEase time-outs for their DHCP servers in the Northeast in response to a recent corporate acquisition and the resulting surge of clients requiring IP addresses. With NetDirector, this is a simple three-step process. First the administrator selects DHCP From the service list. NetDirector then displays only the DHCP servers in the server list, where he selects the server group Northeast. the administrator Can now reduce the default lEase time-outs to the desired new setting and when he hits apply, the change or changes will be implemented across all the DHCP servers in the Northeast network segment. In the event of a misconfiguration, NetDirector logs all changes and enables rollback to the last known good one.