Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Linux Business

Systems Management Server Equivalent for Linux? 52

Posted by Cliff from the preventing-a-major-network-overhaul dept.
em_tasol asks: "While tearing my hair out trying to manage an expanding network and keep the 'Standard' in 'Standard Operating Environment', someone suggested we use Microsoft's Systems Management Server for many tasks that we currently run around doing manually. We are using a Linux-based Samba PDC at the moment, and installing SMS would require a total infrastructure rethink, because it appears to require a Windows PDC to install itself and SQL Server. Does anyone know how I might put something together in the Linux environment that will be compatible with a Samba NT4 domain environment that will perform the same sort of functions as SMS?"
This discussion has been archived. No new comments can be posted.

Systems Management Server Equivalent for Linux? More

Systems Management Server Equivalent for Linux?

Comments Filter:
  • If you need software distribution, inventory collection, etc. Novadigm [novadigm.com]'s products are thoroughly cross-platform (Windows, Solaris, HP-UX, AIX, Linux, etc.) and best-of-breed. Kind of pricey though. How big is your installation?
  • Maybe you want more, but what you described (automating jobs) can be done with cron jobs and shell/perl scripts.
    Don't buy a horse from the next town over when you've already got one in the barn.

  • IBM Tivoli (Score:3, Informative)

    by spike666 ( 170947 ) on Wednesday October 09, 2002 @09:07AM (#4416100) Journal
    IBM Tivoli encompasses a suite of systems management products that work much like SMS.
    since you dont give us much to go on in terms of what you want to do, or how much you want to pay, tivoli should cover all the bases. otherwise have you checked sourceforge? or even google?
  • like the MCSE guys, but I don't have the money in my budget for SMS licenses. Can you help me?
    • In a perfect world (from the IT guy's POV), the IT department is in control of every aspect of the entire network all the way down to what mouse you use...

      Why is this good? It save the IT department a lot of time (typically the most expensive factor), and it means that when you break something we can have a part on-site to replace it. It also means everything works right because we don't have to deal with the fact that your machine has this little quirk in it...

      • Perhaps an investment in character-based dumb terminals is in order. It's the only thing that's going to provide that degree of control against anyone who knows anything, unless fiddling is a termination offense. And if fiddling's a termination offense, there's really no need to lock anything down, is there?

        Could it be that mainframe style attempts at control are a way for the (former) priesthood to take some of their power back? I think so.

        BTW, the best way to deal with the machines that have a "little quirk" is to say "We'll slick that machine down and Ghost it right up for you."

        • BTW, the best way to deal with the machines that have a "little quirk" is to say "We'll slick that machine down and Ghost it right up for you."
          Yeah, that's great - 1000 machines, 1000 ghost images. I'd LOVE to manage that.

          As for the whole "fiddling" thing - probably not worthy of termination. And I don't know if I could explain my view right now anyway - it's been a rough night. But control over a network is half the job of the admin...

        • What's the biggest network you've ever managed?
          • The fact that you're trying to turn this into some kind of dick measuring contest just proves the OP's point--power hunger is a personality flaw common in those insufficiently intelligent to program computers who end up "administering" or "managing" them.
            • I take it you're a programmer, then.

              Since you're a programmer, you realize that working on real projects with other people requires more structure then just noodling around with toy programming projects at home.

              It also takes more structure to keep a company full of machines working then it does to keep a home machine or two running.

              BTW, if you don't like dick-size-wars, what's with the "those insufficiently intelligent to program computers who end up "administering" or "managing" them" crack? I've seen a wide range of clue and experience among both programmers and sysadmins.

              • I take it you're a programmer, then.

                Was. Now I'm a manager, so I'm less intelligent and have time to post here :).

                Since you're a programmer, you realize that working on real projects with other people requires more structure then just noodling around with toy programming projects at home.

                "Structure" is not the same as intrusive, bureaucratic controls that get in the way of the machines actually being used--structure is good, and can be accomplished without excessive control. However, once IT sees an opportunity to gain power, it often uses a TCO argument to control everything.

                BTW, if you don't like dick-size-wars, what's with the "those insufficiently intelligent to program computers who end up "administering" or "managing" them" crack? I've seen a wide range of clue and experience among both programmers and sysadmins.

                Fair enough--I just felt like I was replying in the same spirit as your message.

                • >Fair enough--I just felt like I was replying in the
                  >same spirit as your message.

                  My original message wasn't intended to be pissy.

                  However, I often find that people who haven't managed large numbers of computers don't understand the issues as well as they'd like to think.

                  >"Structure" is not the same as intrusive,
                  >bureaucratic controls that get in the way of the
                  >machines actually being used--structure is good,
                  >and can be accomplished without excessive control.
                  > However, once IT sees an opportunity to gain
                  >power, it often uses a TCO argument to control
                  >everything.

                  That will depend on where you work, i.e. the culture of the company and the personalities involved.

                  I've had a lot of jobs, and I've seen everything from concentration-camp style lockdown to utter anarchy.

                  Ridiculous amounts of central control- You couldn't install any software on the machines unless it was in the "magic install program". To get a piece of software into the "magic install program" took weeks or even months. (Oh, and the keepers of the install program might just tell you to fuck off, that technology wasn't "approved", and you'd have to find another way to get the task accomplished.) It took me over a month to find a politically correct way to get AS/400 connectivity for local users.

                  Complete anarchy- supporting University profs and their labs. Profs had their own research budgets, so they bought whatever they wanted. One gentleman had 3 computers on his desk - a PC, a Mac, and an Irix workstation. Some people used MSWord, some used WordPerfect (a couple of different versions, naturally) and some used good old vi+TEX. We had SunOS, Solaris, AIX, and Irix. We had NT, NetWare, and OS/2 file servers. The PCs ran DOS+Win3.1, OS/2, WinNT, or maybe NEXT/Step. We made one baby step towards reducing the variety - I finally pried the last dumb terminal away from a particularly stubborn prof.

                  Both of these are batshit crazy situations that you never, ever, want to work in.

                  If the "lets standardize EVERYTHING" people have complete control, then IT support becomes much easier. However, the whole point to having computers is to help people do their job - if the standards interfere with that, users suffer.

                  In an anarchy situation,support is almost impossible, and you have IT problems that just never get solved. In that case, users suffer.

                  A middle ground exists.

                  Calling someone a Nazi everytime they want to impose a little bit of organization or structure or standards doesn't change the fact that standardization makes things easier to support. Conversely, the people deciding on standards have to remember that the whole point of giving people computers is to help them do their job.

    • Keeping consistency (within reason) across an enterprise is both extremely difficult, but also has the potential to save an organization a whole lot of money. In my organization, we do enforce certain standards to make it possible for our business to be conducted efficiently. We do not allow users to install their own software, for example. Why, you ask? It's certainly not because we're "Nazis". We want to avoid potential legal (licensing) problems, potential security problems and want to keep as much stability as we can so that business can be conducted.

      This isn't completely about control -- this is about providing users with the tools that they need to do their jobs while at the same time protecting the company from legal liability and providing adequate security.
    • Two years ago I spent fifty percent of my time resolving "bad monitors" that were caused by users selecting bright pink fonts on bright pink backgrounds and explaining to pointy-hair types why our customers saw half naked women on the screens at our branches. Now I'm a network Nazi and spend that time applying security patches and combing Snort logs.

  • Novell's Zenworks (Score:3, Insightful)

    by Anonymous Coward on Wednesday October 09, 2002 @09:45AM (#4416283)

    Novell's Zenworks is the other big player on this field. Unlike Active Directory [which requires Microsoft PDCs & BDCs], Novell's underlying NDS [or eDirectory, or whatever they're calling it this week] can run on Linux. Last I checked, there were aspects of Zenworks that were NetWare specific [although I believe they are working to port the entire package to non-NetWare platforms], but with NDS, you can tie in all your Linux servers.

    • Novell's Zenworks for Servers and Zenworks for Desktops are awesome management packages. Sadly they focus their support on Novell servers (only natural) and Windows Desktops.

      While it is true that Zenworks for Servers does support Solaris and Linux servers, the support is fairly limited, pretty much just starting and stopping services. The Zenworks for Desktops package supports Windows destops and offers some limited support for PDAs but not for Linux.

      Now, if Zenwoks for Desktops fully supported Linux desktops, that would be perhaps the most amazing management app for Linux.

      I would kill to have Novell's Snapshot utility on Linux. With Snapshot, you scan a system, then you install and configure your application. Next you scan the system again and Snapshot identifies all configuration and file changes or changes in the registry and then builds them into a "package". This package can then be distributed and installed, repaired, or uninstalled on any and all specified systems by just a few clicks in NDS. M$ SMS offers a similar system but Snapshot from Novell is a lot easier to work with and seems a fair bit faster to me.

      • Re:I wish!! (Score:4, Insightful)

        by AndyDeck ( 29830 ) on Wednesday October 09, 2002 @12:30PM (#4417289) Homepage Journal
        Your info is out-of-date. The latest Zenworks for Servers, version 3.0, has full policy and distribution services support on Linux - you can distribute and install RPMs, for instance. Read the latest docs - Novell posts them for download at http://www.novell.com/documentation/lg/zfsi/index. html [novell.com].
        The supported platforms are Solaris 8 and Linux kernel 2.4.x (tested on RedHat 7.1/7.2, but others should work).

        Policy and Distribution services provides: (from the docs [novell.com]
        * Control the versions of software installed on servers throughout the network
        * Define and enforce a standard configuration on any given set of servers
        * Control the behavior of servers in given situations, such as downing a server, backing up volumes, managing thresholds exceeded, and so on

        It is still true, as far as I can see, that the Zen for Servers Management & Monitoring services, along with Inventory & Remote Control, do not extend natively to the Solaris or Linux platforms. Maybe there will be full support in the next version. In the meanwhile, SNMP management should still be available from a ZfS management console, and Remote Control can be handled through Telnet/SSH, VNC, etc.

        Utilities like Snapshot exist for Linux in many forms already - think Tripwire & its relatives.

      • Re:I wish!! (Score:2, Informative)

        by kelleher ( 29528 )
        You can get the Snapshot functionality for Linux from Moonlight Systems [moonlight.com]. See their Moonlight3 [moonlight.com] product. I was asked to do a quick evaluation of it last year, but company politics would have prevented us from properly taking advantage of it...

  • Other option -- remote apps. (Score:3, Informative)

    by forsetti ( 158019 ) on Wednesday October 09, 2002 @09:49AM (#4416310)
    SMS is costly and difficult. Depending on the size of your IT department, SMS is probably overkill. After investigating SMS, we went with Citrix [citrix.com], which provides an architecture for Windows which is similar (please forgive the gross generalization) to X (client-server remote apps).

    Install the software once, and all users have remote access. Citrix allows for all sorts of OSs to connect, as well. There are Windows, Mac, Linux, Win CE, PocketPC, etc clients, so all of your users have access to a Windows Desktop with Windows apps.

    If you have no need for non-Windows clients, check out Microsoft Terminal Server. Same thing, but only Windows clients. The benefit is cheaper licensing -- if you buy Citrix for Windows 2000, you have to pay Terminal Server licensing as well. (Sorta like paying the mob for "protection").

    Citrix is much easier to manage than SMS, and does not require an entire Windows infrastructure -- just a few servers. Figure 50 users (Office, Internet, Custom Apps, NOT streaming media or video games) per server. An office of 150 people will need ~3 servers (give or take, depending on usage.)

    Combo Citrix with a good Windows X server (Cygwin [cygwin.com] is free), and you have a great cross-platform solution for any desktop using apps for Windows and Unix, simultaneously!!!!

    • > If you have no need for non-Windows clients, check out Microsoft Terminal Server.
      > Same thing, but only Windows clients.


      No, this is not limited to windows clients. There is also a project for an OpenSource client, called rdesktop which works pretty well on many platforms (i have at least seen it running on Linux, FreeBSD and Irix workstations).

      And Microsoft Terminal Server is now an optionnal service on Windows 2000 Server (and probably the same for Windows XP -- I guess you can even use rdesktop with the remote control options of the workstation version of Windows XP).

      seb.
      • Your right of course -- I use rdesktop myself! However, my point was that if you are running a heterogeneous desktop environment, Citrix is worth the extra money for some extra functionality, plus more clients (including Mac, PocketPC, Windows CE), however, if you are only running Windows Desktops, the added cost of Citrix may not be worth it, over the cost of Terminal Services (TCO).
        If you are running X-based desktops, rdesktop will give you RDP access, but you will gain enough advantages (stronger ICA protocol, sound, cross-platform Web Access) to make Citrix worth the extra investment.

    • As part of the new Slash party line with regards to Mac OS X (which I use and love) you should note that there is a native RDP client for OSX that fully and properly supports connections to MS TermServers/2kS/XP. Check it out at: Microsoft

  • SMS? Login script? (Score:5, Informative)

    by Bazzargh ( 39195 ) on Wednesday October 09, 2002 @09:53AM (#4416329)
    SMS's features are, according to MS:
    - Software distribution
    - Asset Management
    - Remote Troubleshooting

    Lets look at the software distribution bit first. Mainly this is used for os patches and virus scanner updates. If your people have access to WindowsUpdate.com they already can get the first lot, and for the second, you can often just copy the .dat file to the correct directory.

    For asset management, microsoft's software inventory amounts to scanning for files with a given extension. Matching this to software versions is trivial with a perl script, and a bit of data capture to start with. Hardware inventory is barely more complex and its easy to write a script to do the job.

    Remote troubleshooting amounts to the same functionality you get from VNC.

    So to sum up, to emulate SMS you need a hook to run some scripts and copy files to & from the net when the user logs in, plus VNC. Your samba environment has a login script directive which you can use as the startup hook. Clearly you have file sharing down. So all thats left is to get some appropriate scripts to run.

    This is partly a matter of your personal preference. SMS itself uses the WMI interface to gather info, which coincidentally is easily accessible via windows vbs/js scripting, and it should already be installed on all these machines. The WSH manual ( http://msdn.microsoft.com/library/default.asp?url= /library/en-us/script56/html/wsconwshwmi.asp ) describes this.

    If your environment is small and reasonably well controlled you have other options available. Booting machines off the network, for example. Mounting a central apps drive is another, though crappy for laptop users - then you only need to manage the registries remotely, which regedit can already do. Manipulating multiple registries remotely, eg using perl, isnt difficult, and you can do this to set 'runonce' scripts up over the network to do installs.

    Anyway hope this gives you some ideas.

    • For Antivirus management, I prefer Norton AV Corporate. Its a little pricey, but does automatic updates without a reboot, and can be set up with a central server to distribute updates (good for lowbandwidth sites) and keep track of infections and other information on all the client machines.

    • Re:SMS? Login script? (Score:4, Informative)

      by Kevster ( 102318 ) on Wednesday October 09, 2002 @10:28AM (#4416521)
      Mainly this is used for os patches and virus scanner updates.

      Bah. I worked in a large WAN environment with ~200 servers and ~7,000 desktops (a mix of Windows 95 and NT) and believe me, OS patches and virus scanner updates were the least of it. The provincial government, with numerous Departments and Branches within those departments, has a huge number of diverse applications, both off-the-shelf and custom-written. They use MS SMS, and for good reason!

      One of the main reasons, as I see it, for using SMS is distributing applications to Windows NT (or newer) users. Install applications at logon, you say? Do you know that this requires Administrator privs for most apps and updates? Do you also know that the logon script executes with the privs of the user who is logging on? Do you really want all of your users to have administrative access to their PCs? I thought not.

      One of the key benefits is SMS can install apps in the background using a service running with elevated privs on Windows NT. No user interaction is required. This gets around that major issue.

      • Diversity=pain. If you have a 'huge number of diverse applications', it sounds like your organisation's IT policy is out of control. The vast majority of corporate users use very little beyond the core of OS, browser, mail, office and their groupware/CRM app.

        The large corporate I used to work for (~110 thousand desktops - not a typo! with a very broad mix of OS) did use an SMS-a-like (at the time MS themselves wouldnt recommend SMS at that scale, and their system also handled the Unix boxen), but also mandated a narrowing of the apps supported, and that new internal apps should be web-based if at all possible. By working this way, much of the reason for installing apps remotely disappears. The main use for this /was/ OS patches and virus scanner updates, as I said.

        Anyway, the guy asked how you can do things /without/ SMS; he's going to have to put up with some pain for swimming upstream.

        • Government... (Score:3, Informative)

          by crisco ( 4669 )
          The typical provincial or county government has departments that span 50 different vertical markets, each with their own specialty software vendors competing for a chunk of the budget. I don't doubt that it is an IT nightmare but the diverse demands of government go a step or two beyond the typical corporate user.
        • Diversity=pain. If you have a 'huge number of diverse applications', it sounds like your organisation's IT policy is out of control. The vast majority of corporate users use very little beyond the core of OS, browser, mail, office and their groupware/CRM app.

          I concur with Crisco. For a typical example, see the Government of Manitoba Department directory [gov.mb.ca]. Tell me again it's "out of control", and all they need is OS/browser/mail/office/groupware!

          Anyway, the point is if he has Windows NT/2K/XP users and they aren't Administrators, software distribution is going to require a local software installation Windows service running, most likely. I'm interested, too, since where I work now will be migrating from Netware to Windows 2000, and we can't afford MS SMS. Sigh.

          • Re:SMS? Login script? (Score:3, Insightful)

            by AndyDeck ( 29830 )
            Even if your enterprise feels that it must migrate away from Netware (a separate, debatable topic) - why not stay with Zenworks? Zen for Desktops 4 can run with NO Client32 (new feature, requiring a new workstation agent) and NO Netware - since 3.x, you can run ALL ZfD components, including eDirectory, from a NT or W2K server.

            AND the price isn't too bad (list for Zen for Desktops 4 alone is on the order of $59/user, and it's hard to NOT qualify for a quantity discount).

            AND it now includes the DirXML pieces necessary to synchronize the eDirectory IDs with your NT domain or Active Directory.

            AND it will manage your W2K workstations, including MSIs, better than SMS.
      • One of the key benefits is SMS can install apps in the background using a service running with elevated privs on Windows NT. No user interaction is required.

        Sounds like BackOrifice ought to do the trick!

    • Re:SMS? Login script? (Score:3, Interesting)

      by forsetti ( 158019 )
      I think you'll find software distribution involves more than patches and updates. Installation of any piece of software (say, Office, or a custom app) across thousands of desktops by hand is a nightmare. There are three options:
      1 - Package deployment software
      2 - Remote app access (X or Terminal Services/Citrix)
      3 - Lotsa IT monkeys running around with CDs.

      1 is usually expensive and difficult.
      2 is expensive (for Windows Apps) but easy to maintain
      3 is pretty cool to watch, but ineffecient (hence, more expensive)

      How would you handle software distribution? Log-in scripts? Central App store doesn't usually work -- have you tried concurrent access to the same app? Don't forget users with Roaming profiles -- does an app get installed once per machine or once per user?
    • Remote troubleshooting amounts to the same functionality you get from VNC.

      A bit of an overstatement. If the remote PC is NT4 or Win2000, performance is dog-slow. It also uses the keyboard map on the remote PC, so you have to be a touch-typist on whatever is being used remotely. Eg., I'm using a QWERTY layout, and the remote user uses DVORAK. Makes for some difficulties typing. I find that actually walking to the PC in question is preferable to SMS remote control, and we have VNC installed on those PCs I can't reach physically.

  • Just what you're looking for. (Score:3, Insightful)

    by FreeLinux ( 555387 ) on Wednesday October 09, 2002 @10:02AM (#4416378)
    I'd suggest that you take a look at Caldera's (now SCO, again) Volution Manager [caldera.com]. It offers the same features for Unix systems, that M$ SMS offers for Windows. Plus, it can be integrated into larger enterprise management platforms like Unicenter [ca.com] and Tivoli [tivoli.com] should your needs grow so large. Also, if you are a Compaq/HP shop, Volution Manager integrates with Compaq's Insight Manager [compaq.com] which is fabulous for hardware management.

  • Dave Roth (Score:2, Informative)

    by Cyrano_De ( 2992 )
    Arguably the king of Perl programming in the windows environment, Dave Roth a few years ago wrote a perl and SQL based solution that provides much of what SMS can do. I don't know if he still has it anywhere on his site [roth.net] anylonger. If he does the full code that he used as well as a lengthy description of how to configure it was provided. You might want to have a look there. Dave is the author of some of the most essential Perl Modules for any Witendoze systems administrator's toolbox. Good Luck.

    • Re:Dave Roth (Score:2, Informative)

      by Cyrano_De ( 2992 )
      Ok, I'm going to reply to my own comment but I wanted to give the exact link [roth.net] to Dave's management system.

    • Re:Dave Roth (Score:3, Informative)

      by gruntvald ( 22203 )
      I have his books, and they are great, but dated. What worked excellently for NT4 no longer holds together for W2K. I have no end of problems with Win32:: on W2K, when you dig into some of them, the comments at the top immediately declare themselves to be obsolete. After a period of great stability and usability, Perl on windows is currently a giant mess.
  • This might seem every so slightly off topic, but can anyone explain what features are missing in an "NT-style" domain controller? Last I checked, this was all the Samba could provide, and while we've considered moving to Samba, I need to know what we'd give up by doing so.

  • There are a large number of other products that perform similar functions to SMS without requiring NT domains (althought most do need a WinNT/2k server to run on).

    We use Altiris Deployment Solution [altiris.com] at work, and while I do run it on a Win2k AD domain and SQL Server, it's not a requirement. You just need a WinNT/2k server. We use it to deploy hard drive images, software packages and patches, PC settings migrations, and remote control. There are also plug-in packages that allow for inventory and helpdesk solutions integrated into the same database.

Slashdot Top Deals

Crazee Edeee, his prices are INSANE!!!

Close