Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Upgrades Software Operating Systems Windows

Updating Free Software in the Enterprise? 367

wallykeyster asks: "I'm an IT Director for a small private university in the U.S., and we are largely a Microsoft shop. We pay over $15,000 each year for our Campus Agreement so that we can upgrade the desktop OS to our version of choice, run Office, and have some Client Access Licenses. I would like to move to FOSS solutions, but I'm having trouble finding support for Enterprise management. For example, OpenOffice and Firefox (both of which I use personally) would be easy first steps, but IE is updated automatically via our SUS server (and settings pushed to clients via group policies) and Office updates will be included soon. How are other larger organizations (i.e. more than 200 desktops) dealing with software deployment and updates? Is anyone using Zen with Novell Desktop Linux?"
This discussion has been archived. No new comments can be posted.

Updating Free Software in the Enterprise?

Comments Filter:
  • Easy... (Score:5, Informative)

    by ivan256 ( 17499 ) * on Monday May 16, 2005 @04:00PM (#12546746)
    Run a local Debian package repository, only put updates you want in it, point your system's sources.list at the local repository, and add the following to the crontab for every system you deploy:

    0 3 * * * /usr/bin/apt-get update; /usr/bin/apt-get upgrade -yq
    • Re:Easy... (Score:3, Informative)

      Exactly, or chkconfig --levels 345 yum on if that's your distro's bent.

      You handle user settings with networked home directories and dot-files, which you can script modifications to if you so desire.
    • Yeah, this is pretty much the Proper Debian Way for handling this. I think there's actually a sub-package to do this more specifically, but all in all this is a good solution.
    • Re:Easy... (Score:5, Informative)

      by LiquidCoooled ( 634315 ) on Monday May 16, 2005 @04:06PM (#12546834) Homepage Journal
      I believe his intention is to keep with Windows as the OS.
      He does mention starting with the easy ones.

      How do you perform a Windows based rollout, and make sure your settings are updated.

      Is there possibly a portion of the group policy which would run an msi/executable update?
      • Re:Easy... (Score:5, Interesting)

        by wallykeyster ( 818978 ) on Monday May 16, 2005 @04:28PM (#12547140)
        Exactly. I am running Ubuntu on a machine on my desk, but moving the entire campus to a Debian distro doesn't seem feasible right now. We have programming classes that use Visutal Studio, psychology classes that use SPSS, and other similar issues. Our student information system uses a Windows client provided by the vendor (we've made it limp along under wine but it is not stable). Our Web site runs on a CMS that requires IE for the management side.

        I'm looking for help doing this in smaller steps without losing enterprise-level management I have with SUS, group policies, etc.

      • Is there possibly a portion of the group policy which would run an msi/executable update?

        I'd imagine that you can set a script/batch file to run at logon, and just put whatever you need in that.

        (That is, I *know* you can specify a logon batch script, just not whether or not that can be enforced or pushed out via group policy)
        • Re:Easy... (Score:3, Informative)

          You certainly can, but forcing the "click-through and select the appropriate options" install of Firefox 1.0.4 would be a step backwards for us because updates to Windows, IE, or Office are transparent to our end users. With a tiny help desk, we cannot afford to put more work back on poor Nathan.
      • Re:Easy... (Score:3, Insightful)

        by orin ( 113079 )
        Any MSI package can be deployed either to users or computers via Active Directory. There would be a bit of mucking about involved in creating new MSI packages for each update to software - but this is easier than manually patching a significant number of machines. I'm surprised that very few open source projects aiming to dominate the Windows desktop release their binaries in .msi format as this would simplify their distribution in AD environments.
    • Re:Easy... (Score:5, Informative)

      by El Cubano ( 631386 ) on Monday May 16, 2005 @04:11PM (#12546904)

      Run a local Debian package repository, only put updates you want in it, point your system's sources.list at the local repository, and add the following to the crontab for every system you deploy:

      That's good for professor and permanent student workstations. But for lab machines, what you want is systemimager. I used to admin a lab as an undergrad and it was great. I had two "golden clients" from which came the two images I used. Then if a machine got messed up or if I did an update of some kind, I just told all the machines to reboot and grab their new omages from the server. It also supports letting you specify certain parts of the directory to not send and/or receive. All in all, a very powerful piece of software.

      • Re:Easy... (Score:5, Interesting)

        by DaGoodBoy ( 8080 ) on Monday May 16, 2005 @04:21PM (#12547051) Homepage
        No No NO! Just say 'no' to imaging... Debian supports preseeded configured values to be passed to a blank system during its install and a very easy method to run a script before and after the second stage installer. Do yourself a favor and actually track the tweaks you perform on a client when you build a system. Document them and put them in the install scripts. Then you can rely on the hardware detection method built into the Debian installer to allow you a diverse hardware ecology, consistent packages and a sliding target going forward as the repository ages.

        Just my $0.02 from a fellow sysadmin who has left imaging and never looked back!

      • Re:Easy... (Score:3, Interesting)

        by swv3752 ( 187722 )
        Couple of ways to handle this:

        Thin Clients. Search Newsforge for how Largo, FL setup a the whole town's IT on Linux thin clients.

        Lock down. edit permissions and or wipe the home directory on logout and rebuild from /etc/skel directory. Set apt/urpmi/yum/red carpet as a cron job to update the computer.

        Build a Knoppix disk. but more of pain to make it so that say remote printers work, but on modern machines that only need limited functionality like saw web and a Office Suite, Knoppix will run acceptabl
    • Re:Easy... (Score:3, Informative)

      by shokk ( 187512 )
      Rolling out Mozilla 1.7.8 to a few hundred Windows clients tonight. We're using Symantec CCM (actually still labeled ON Technology CCM) for doing package rollouts. The thing basically scripts the whole install process and blasts the installs out to all the target clients. Very cool.
  • rpm upgrade (Score:2, Informative)

    by unk1911 ( 250141 )
    just use an RPM upgrade utility and crontab...?
  • by Anonymous Coward on Monday May 16, 2005 @04:01PM (#12546754)
    They cancelled the show people. Enterprise is not getting an update. Let's stop kicking the dead horse already!
  • small colleges (Score:2, Interesting)

    Unfortunatly I work for a small college in Maryland, our updates are all still done manually by hand. We still use norton ghost to do all of our mass deployments. Moving forward to something like this, that would ease my own burdon would definitly be a step in the right direction, however we have neither the budget or willingness to pay for such services. We make do with what we have, it works for us to this point, but things definitly could be better.

    We have aproximatly 550 PC's on two completely differnt
    • however we have neither the budget or willingness to pay for such services. We make do with what we have, it works for us to this point, but things definitly could be better.

      Do you have classes (in either IT, CS, MIS, or similar) that claim to teach real-world skills? If so, a project to automate such an effort would be a wonderful class project for you guys to undertake.

      Even if the class isn't about IT, this project can be used as a case study - for example, a class about software methodologies and s

    • By hand?

      I'm the IT Manager (nice job title for the only computer guy at the company) at a small print company (less than 50 PC's) and I simply use SUS on an old (OLD server 200MHz Pentium 1 MMX machine) to select updates that I think are needed and apply them to the windows machines.

      SUS is a free download from Microsoft. The downside to it at the moment is that it's Windows 2000/XP/2003 only at the moment. I hear MS is adding the ability to apply Office updates through it too in v2.

    • Re:small colleges (Score:4, Informative)

      by malraid ( 592373 ) on Monday May 16, 2005 @04:35PM (#12547224)
      Your IT director is an idiot. How much does it cost to do updates by hand? Ask him to quantify it. Ask him to quantify ZEN Works. I was able to get a high school I used to work for to buy it. The support guys couldn't be happier when patches were done with a couple of clicks in ConsoleOne and boom...the whole directory is updated on next reboot. Mass deployments? Use multicast. Aplications assigned to users that are installed automatically on the workstation when the user logs in? Check . The cost was about one month of my salary. But then I understand you, they changed the IT Director and put an ass kisser that stopped us from using ZEN Works (and backup exec, so backups were done with "copy /s", and saddly I'm not kidding) so it all went down the drain. ZEN Works is worth it, believe me.
  • It's GNU/LCARS, dammit!
  • We use Altiris (Score:3, Interesting)

    by nycsmart1 ( 654214 ) * on Monday May 16, 2005 @04:02PM (#12546779)
    Very easy. Create Rapid install package and deploy. We updated firefox to 1.0.4 the other day to 80 clients in a matter of minutes.
  • by ddkilzer ( 79953 ) on Monday May 16, 2005 @04:02PM (#12546780)
    Is any repackaging FOSS for distribution through "standard" tools on Windows? That's the conclusion I've come to in order to support distribution of updates.
    • We have some FOSS tools for Windows being packaged and pushed out through SMS/Active Directory etc. (I'm not in charge of that bit, so I'm only peripherally aware on what goes on). Generally, anything with an MSI is easy to package (for example, ActiveState Perl). We also use OpenSSH and Putty etc. which the IS department have packaged.

      It's Just Another Package as far as all that stuff is concerned.
    • by quantum bit ( 225091 ) on Monday May 16, 2005 @04:23PM (#12547072) Journal
      I repackage Firefox into an msi for group policy deployment. I used to use Winstall LE that came with Win2k server, but eventually I learned enough about how msi works to be dissatisfied with that (it often gets lots of unrelated registry changes since so much background crap always happens in windows). Now I just build them by hand.

      MakeMSI [] is a good tool for rolling your own, though it's best if you have some knowledge of how the tables work. Often I'll use Orca to tweak/double check things.

      Firefox was a bit of a pain to package the first time because of all the subdirs, but it's really light on the registry keys and for updates it's mostly a matter of just dropping in the new files.
    • Oh, I almost forgot to mention, I also repackaged GIMP (I did GTK separately as a merge module but so far nothing else uses it), TightVNC, VLC, and PDFCreator.

      PDFCreator was the worst of the bunch since I'm morally opposed to just wrapping installers and want a real MSI. I ended up having to write a custom DLL to install the printer driver as the MSI format doesn't include any provisions for that.
  • by duh_lime ( 583156 ) on Monday May 16, 2005 @04:02PM (#12546782)
    would pay for a lot of students to do the work by hand.. And they'd learn something.

    OK.. there are better ways, but at least the money is not going to the Evil Empire.
    • by capt.Hij ( 318203 )
      I actually tried this *once*. It seemed like a great idea on paper. I would train people to do something useful, and they could go to potential employers and pretend to have some sort of useful experience.

      It was awful, and I will never do it again. I ended up spending all my time fixing stupid mistakes, and it was more work than just doing it myself. Especially since the ultiumate solution was to convert to linux, and set up a server to dish out rpm's and schedule updates via crontabs.

      • by SamHill ( 9044 )

        When I started my latest academic sysadmin job, we were talking about hiring a couple of students, as that's what they'd always done in the past. I kept putting it off because the systems were so screwed up that I had to spend a huge amount of time trying to figure out what kind of crack people had been smoking when they set them up and didn't have the time or energy to train anyone.

        In the end, we bought a brand-new server (we needed the disk space, anyway) that I set up from scratch. I migrated the dat

    • by tekiegreg ( 674773 ) * <> on Monday May 16, 2005 @04:18PM (#12547007) Homepage Journal
      Not really, assuming: 1) You're paying students $8/hour 2) You work students 15 hours/week (they gotta study sometime) = $6240 I can do 2 students with room left over for a trained chimp (we'll assume $2,500 worth of bannanas and computer repair bill from feces thrown at computer). With 2 students you could probably upkeep a small university ok (say 150 computers per student) after that I'd put the students to work finding an automated solution.
    • Actually, assuming the $15000/yr maintenance system works for >200 desktops, it seems quite a reasonable cost, to me.
    • Re:$15,000 a year... (Score:4, Interesting)

      by CAIMLAS ( 41445 ) on Monday May 16, 2005 @06:50PM (#12548704) Homepage
      No, no, no, definitively NO! This is NOT funny. This is insightful. What the hell do you think institutional education is there for, anyway? It's not to shovel money into a gaping corporate mouth; it's to teach students (IE, the future leaders of society) how to think.

      Computers are just a tool. They help people get work done more quickly in all manners and fashions. They are also a wonderful tool for teaching - both specifics and general concepts. One of the excellent skills which will be gained by giving students the task of installing/updating/upgrading machines - and not just CS/IT students, though I'm sure many of them could use the hands-on experience as well - is that it will help them conceptually visualize abstract structures. This is basic common sense. If people can recognize abstract structures and work within these confines, they can then apply this information applicably in the rest of their life. They'll learn how to be more organized and more systematic in their every-day approach, potentially making them better citizens and employees in their future lives.

      This is very, very good advice, not "funny".

      Now, granted, this would probably end up with many lab systems unfunctional for a good period of time, but that might just get them to work more diligently on getting the systems up and running. :)
  • Stand *nix tools (Score:3, Informative)

    by rminsk ( 831757 ) on Monday May 16, 2005 @04:02PM (#12546786)
    rsync, rdist, and yum. Well yum is not to standard.
  • Network. (Score:5, Informative)

    by jellomizer ( 103300 ) * on Monday May 16, 2005 @04:04PM (#12546805)
    What I did for other schools was having /usr/local mounted on a file server with all the Linux applications installed so we just installed it once and they were all uptodate. But that may not work for all casses. Companies such as IBM have tools that can help keep Linux systems uptodate as well as Windows systems. Like IBM Director. Or you can find an OSS project and see if you can get a contact with a smaller consulting firm to help keep your OSS up to date and well managed.
    • This is a traditional approach which I've seen done successfully at a number of sites. Often, the remote filesystem contains the definitive software installation, while some alternate, possibly coarser, mechanism is used to maintain the installation locally.

      It scales better if you (a) automount the remote filesystems, and (b) use in conjunction with cachefs.

      If you notice performance problems, you may elect to deploy a set of workgroup servers, or you may find it worth the effort to switch to something

    • by Colin Smith ( 2679 ) on Monday May 16, 2005 @05:23PM (#12547794)
      No. Put it somewhere else.

      If you want to learn how to scale unix systems management a good start is You don't have to follow their ideas slavishly but it'll get you into the right mindset, and that's what matters.

      Keeping Unix boxes up to date is simple once you understand how, the effort required to manage 1000 machines is only marginally more than 100 which is only marginally more than required for 10.

  • by ARRRLovin ( 807926 ) on Monday May 16, 2005 @04:05PM (#12546825)
    ......You're getting off EXTREMELY cheap. If you switch to a different OS, or OSS, you'll easily spend more than that (many times more) in hiring people to support the new infrastructure.
    • I completely agree. Imagine the stress of changing and the downtime (something always goes wrong). My campus switched from Microsoft Windows/Office to Linux/OpenOffice in one faculty and the computers were down for over a week. After the change a massive education process had to be started. While everything is working now.. the transition was not easy and people are still having to adjust.
      • ---I completely agree. Imagine the stress of changing and the downtime (something always goes wrong). My campus switched from Microsoft Windows/Office to Linux/OpenOffice in one faculty and the computers were down for over a week. After the change a massive education process had to be started. While everything is working now.. the transition was not easy and people are still having to adjust.

        How in the hell could that happen? If you change slow, and with those users who WANT the change, it could go smooth.
    • On the other hand, you could hire a local linux company to create a distro that client computers would load on boot. Add a support contract with occational updates to your distro. If you have problems with a client machine, simply reboot it and it will re-image itself.

      This could be cheaper than $15,000.

    • Except that the 15k goes to MS, they still need to have administrators on hand to install the updates. It's not like MS sends out a guy to perform the upgrades.
      • That's SUS, Goober. (Score:4, Informative)

        by Anonymous Coward on Monday May 16, 2005 @04:47PM (#12547348)
        I just love you guys that spout off without knowing one thing about which you speak! He clearly stated that he presently uses SUS, as in System Update Server. You clearly know nothing about Microsoft systems newer than perhaps Windows 95.

        The SUS server, free from Microsoft, automatically downloads all of the updates from Microsoft's Windows Update server and stores them on a local server. The administrator, one only, then reviews the downloaded patches and authorizes which ones he wants to be installed on the workstations. Using Group Policies, the administrator reconfigures the Automatic Update service on all of the Windows 2000 or greater systems on his network and points it at the SUS server, rather than the default Windows Update site. The next morning, ALL SPECIFIED systems have been updated.

        It only needs ONE FRIGGING GUY to manage 10 machines or 50,000 machines and he doesn't have to leave his desk! The entire setup from start to finish can be setup and configured in an hour or less.

        Now, the next level is to do this with applications beyond the Windows Operating system. But, hey, they have solutions for that too. Microsoft Operations Manager(MOM) and Microsoft Systems Management Server(SMS) provide complete management control over the Windows systems on the network. MOM is for smaller scale operations while SMS is the full on enterprise package. No, they aren't free but, organizations that require them can easily afford them.
    • Agreed, for that kind of money you basically already have the best solution. Assuming your goal is to cut on the 15000 dollars and not push some idealist OSS agenda, you are not going to make any substantial cuts this way. Plus, your 'clients' (the students & staff) will probably complain loudly if you take away the software packages they are used to. At 15000$ the cost argument is ridiculous so you'll have a real hard time explaining why they have to use open office instead of ms office. Unless you rem
    • Dumb ass moderators.... Yes you may spend more, but the $15,000 figure quoted is only for software licensing. We don't know what the budget for special projects and staff currently is set at.

      Migrating may cost some money upfront but the software would be free, and will continu to be free. Chances are there is a budget for major projects, upgrades etc.

      Also it is wel know that Linux/Unix systems are much cheaper per server/per machine to administer. One study I believe quoted aprox 1 admin to 30 machin
  • cfengine (Score:4, Informative)

    by ALecs ( 118703 ) on Monday May 16, 2005 @04:06PM (#12546836) Homepage
    I've used GNU cfengine for automated updates at a company I used to work for. Basically, you write rules about how the system shoudl look and cfengine enforces them.

    However, we used to automate updates, apply system patches and rebuild the world if necessary. With about 5 lines changed to a single server, I could force all the workstations to re-install themselves overnight.

    We also used this system to push out passwd file updates (poor-man's centralized auth). []
  • by KingDaveRa ( 620784 ) on Monday May 16, 2005 @04:06PM (#12546849) Homepage
    Zenworks for Desktops (ie Windows) is now a pretty advanced and mature product. It works pretty damn well. Zenworks for Linux is pretty immature by comparison. I've seen Novell making LOTS of noise about it, but then again, they would. From what I've seen though, its the only enterprise-grade software from a major vendor to offer a central control system. Most others are very fragmented.
    • by G Money ( 12364 ) * on Monday May 16, 2005 @06:04PM (#12548211) Homepage
      Unfortunately, the current version of Zenworks Linux Management really is just Red Carpet Enterprise with a little more polish. The next version which is due out in a few months if I'm not mistaken is worlds appart and is almost on par with the feature set currently available for Windows. Everything you could want is built in. I don't think there will really be a desktop and server line as Linux is Linux. The remote access via VNC and application security policies (Firefox must have x as it's home page, evolution can't change the smtp server, etc....) are more desktop oriented but the end result is the same. You have one tool to perform all your system management if you're a Linux shop.
      • Ok, but if you want people to use certain smtp server, force it at the network level, not app level. And why cant people change the homepage? If you have user accounts why not allow them to change it? If it's a public terminal you can make the config file read only to users. Windows does not help much to harden machines, Zen may work, but it's a work arround at best.
  • What about apt? apt-proxy []? apt torrent [], if you don't want to hammer your servers?

    Seriously, why would anyone *doubt* that delivering software is much better than linux? If there's something wrong in windows, is software packaging and delivery. Did you realized how you 3rd party programs don't have methods to update automatically? (hell, lots of programs even need to be uninstalled by hand before installing the new version, no "upgrade" support)

    In Linux, you have things like APT. With APT, you can upda
  • Same boat (Score:5, Insightful)

    by Jett ( 135113 ) on Monday May 16, 2005 @04:07PM (#12546859)
    I'm in the same boat where I work. I'm trying to get Firefox officially supported, the biggest sticking point is the lack of an easy method to push updates. I think this is one of the biggest reasons Firefox isn't widely deployed in the corporate environment yet, sure it's easy to install it yourself and update it yourself - but that's not a solution in a controlled environment.
    • I haven't tried this but I can't think of a reason why it would not work.

      Unzip firefox to some network drive.
      Create shortcuts on desktops to f:\apps\firefox ...
      That's it right? Firefox keeps profile information on the users profile so no problem there. When the time comes to upgrade just unzip the new firefox on top of the old one and you are done.

      Can anybody think of why this would not work?
  • At a former job, we were moving to an internal RPM server that updated itself via a trusted external could also run a local YUM [] server.
  • ...if you're talking about Linux desktops, Windows desktops or both.

    If Linux, then follow the advice of the poster who told you to use Debian -- its package management is, IMNSHO, The Best, Ever! (tm) for Unix. If you can't go with Debian, then look at using rsync. We use that here (maybe 50 FreeBSD workstations and servers), and it's great: add stuff to The One True Machine and it shows up the next morning. We synchronize the usual suspects this way: /usr/local, /usr/X11R6.

    If Windows...well, I pre

    • Thanks for the info on wpkg. It drives me nuts that I can install the new firefox on a server and rsynch it out to the linux machines, but I have to wander from machine to machine for the windows installs. I dunno if wpkg can automate this, but maybe it can automate some of our other installs.
  • Totally obvious (Score:2, Insightful)

    by The Bungi ( 221687 )
    Pay 15K per year to have a working supported enterprise management solution, or

    Pay 45K per year to hire someone to manage a homegrown house of cards "solution" based on rsync, rpm, apt-get, crontabs and other such industry stalwarts.

    I think the choice is clear!

    • Re:Totally obvious (Score:3, Insightful)

      by geomon ( 78680 )
      Pay 45K per year to hire someone to manage a homegrown house of cards "solution" based on rsync, rpm, apt-get, crontabs and other such industry stalwarts.

      While I agree that the 3X differential in cost may be too high for this person's institution just to migrate, the "house of cards" comment is laughable. Centralized software management has been done successfully for years on *nix platforms and is done for a much lower cost than what you cite in yorur comments.

      But we also manage large *nix server farms f
  • before venturing into the unknown with a system that currently works for the sake of saving a few thousand dollars. If the savings were greater or there was areadily accessible tried and test means then go for it. But for the sake of a few grand, if it works I would leave well enough alone.
  • by Heraklit ( 29346 ) on Monday May 16, 2005 @04:09PM (#12546888) Homepage Journal
    Befor you all start shouting about a Debian repository and mounting /usr/local/from-server, please consider:

    The question is most probably about updating free software on Windows desktops!
  • $15,000 for that many desktops seems....well...very reasonable. I can understand you wanting to move to a FOSS, but in the end most of your students and faculty are use to Microsoft crap (I mean software...) and the price seems fair as compared to headaches of users when they don't get it.
  • I gather what is being asked is how to manage updates of specific free software packages (firefox, openoffice) that are deployed on a microsoft windows platform. I see lots of people mentioning apt-get and such, but I don't believe that is what is being asked here.

  • Zenworks 7 (Score:5, Informative)

    by G Money ( 12364 ) * on Monday May 16, 2005 @04:13PM (#12546929) Homepage
    We currently use Zenworks 6.6 to manage ~2000 NLD and SLES systems for system patching. It works great for that purpose. It doesn't offer more than very basic inventory management and reporting yet. I say yet because I'm on the beta for the next version and it is amazing. It makes managing Linux dekstops and servers ridiculously easy. If you've used Wen for Windows, they've basically pulled all the same functionality into the Linux realm. Imaging, patching, configuration management, security policies, reporting, inventory/asset management, remote access (vnc or ssh), everything is all wrapped into one bundle. Some of the other pieces we use are at our site [] if you're interested in other open source and commercial packages we use. It's not much more than basic marketing material at this point but feel free to ask any questions.
  • FirefoxADM is a way of allowing centrally managed locked and/or default settings in Firefox via Group Policy and Administrative Templates in Active Directory Latest news about FirefoxADM at [] []

    Unoffical Firefox MSI builds can be found at []

    Official Firefox Msi installers will be avaible in the 1.1 release nightly msi builds can be found at h []
  • by NewbieV ( 568310 ) * <victor.abrahamse ... g m a i l . com> on Monday May 16, 2005 @04:15PM (#12546948)

    This website [] has downloadable MSI packages that will integrate Firefox into AD and GPO, as well as a howto.

    This thread [] will show you how to do the same for OO.o, but only for the 2.0 beta version.

  • > Is anyone using Zen with Novell Desktop Linux?

    Yes, I am. What I can say is that Zen on Linux, is kind-of slow, not as agile and feature rich as its Windows counterpart. All in all, it provides a good first step since improvements will always be done.

  • So I would say that you should either create MSI packages of OpenOffice and FireFox (and of course, whatever other FOSS apps you want to use), then deploy via GPO, or perhaps consider using SMS for app deployment.

    I know that my last two assignments have been large organizations and both have used SMS.

  • Visons of Picard beating the tar out of Data and the bridge screaming something about "Blue screen of death no more!....Compile me Kernel 18.2.3e!!!!! MAKE IT SO!"
  • This is only really a question in the Microsoft world. In the Unix world it's old hat. Possibilities:

    1. Have a central fileserver with all your software on it, have all the workstations mount that central store to a known location and add the appropriate directories to the PATH (or use them as the target of desktop menus and links). Then all you have to do is update the central server and all workstations automatically see the updates. Extra points for the small scripts to insure that each workstation is lo
  • I was about to suggest you use Zenworks right before I read you mention it in your question. I would advise you to give it a try: it was designed precissely to provide the functionality you seem to be looking for.

    Not only it lets you automatically update software (other posts have pointed out that you can trivially do this in Debian-based distributions with a cron job) but it will also help you easily define default settings for each application and group of users.

    Disclaimer: I work at Novell.
  • We really don't know what your network, servers or desktops look like. I know that Sharp in the US has a large installtion of Slackware based servers. IBM uses Linux, and so do a lot of universities I know that the SuSe Enterprise edition is really great and you can use a local repository for all the updates or use another site etc... Let's say you ahve 20% servers and 70% dekstops and 10% laptops. The servers can be updated by using something called CSM which can run comnads and do installs etc. It uses
  • If you want to continue to use windows and windows deployment tools, there is an msi package for firefox. []
  • by HermanAB ( 661181 ) on Monday May 16, 2005 @04:25PM (#12547093)
    Unix upgrades have been centrally managed since some time before the dinosaurs, using tools like rsync and NFS shares.

    Nowadays, with RPM and DEB package managers, you also have the option to put all packages on a central FTP server and then schedule an update using the native update utility eg. apt, rpm or urpmi.

    So, my reaction to anyone claiming that there is 'no support' for Unix, or that Unix is 'hard to manage' or that Unix 'doesn't have enterprise tools'. Is one of incredulity - like where have you been the past 500 years, man??? Sleeping???

  • This has been solved so many ways...

    Debian uses apt-get, which can be scripted to feed off a (group of) particular server(s). I don't use Debian, so I can't speak specifically to its strengths and weaknesses, but I'm sure someone else will.

    Fedora/Red Hat systems have RPM and yum, both of which are network aware (Though no one uses the network functionality in RPM that I can find). I have smaller networks (40 machines in one, and 12 machines in another) that feed off of one yum server, which is a box tha
  • I mean, really, what's the deal here? Most apps can be easily kept up to date by an easy-peasy daily xcopy command. What's up with all this "enterprise management" bullcrap? An application is a bunch of files, they change, you copy the new version over them.

    Just because this won't work for spectacularly ill designed applications such as the likes of internet explorer doesn't mean you should become a drooling idiot if an app doesn't come with an MSI or a SUS server.

    I mean fer cryin out loud, on most well-m
  • Stick with Windows (Score:3, Insightful)

    by Anonymous Coward on Monday May 16, 2005 @04:35PM (#12547227)
    You're getting Windows and Office on 200+ desktops for only $15,000 and you consider that too much? Are you on CRACK? That's like quibbling over whether you'll pay three peanuts here or walk 1000 miles to pay two peanuts.
  • by Knara ( 9377 )

    This question was very poorly phrased, as it's not easy to tell if the goal is to go entirely FOSS for OS and applications, or just for some applications and leaving the underlying MS Windows platform in place.

  • Unattended (Score:3, Informative)

    by SuperQ ( 431 ) * on Monday May 16, 2005 @04:41PM (#12547303) Homepage []

    This is a great way to script installation of windows machines. You can put any applications you want into the system and use it to push machine upgrades out.
  • Use cfengine (Score:4, Informative)

    by starfishsystems ( 834319 ) on Monday May 16, 2005 @04:42PM (#12547309) Homepage
    Software deployment is part of a more general subject sometimes known as software configuration management.

    Since it's impossible to reason about security except with respect to a given configuration, this is a subject which deserves close attention, especially at larger sites where economies of scale are most effective.

    Mark Burgess at the University of Oslo developed a mechanism called cfengine [] as a solution to the configuration management problem. It's multiplatform, mature, stable, comprehensive, secure, and it scales very well. I recommend it.

    • Re:Use cfengine (Score:3, Informative)

      by drsmithy ( 35869 )
      It's also a freakin' nightmare to setup and configure.

      (But once you get your head around the weirdness, quite capable - although I only concur with the recommendation due to a dearth of alternative options.)

  • by ezs ( 444264 ) on Monday May 16, 2005 @04:45PM (#12547332) Homepage
    Novell [] showed the next version of ZENworks Linux Management [] at BrainShare [] this year - it got a /. post or three: here []

    Key things - this is not just software distribution anymore - it's full stack management of Linux - server and workstation; Red Hat as well as SuSE/Novell.

    As for customers - yes it's in use; yes Novell use it internally to manage their desktop and server machines. Usual disclaimers.

  • by guanxi ( 216397 ) on Monday May 16, 2005 @04:49PM (#12547374)
    ... at least, according to some articles they do. See my post on Mozillazine: 10 []

    It would be very helpful if they would release them, even in some incomplete, unsupported state.
  • by sybarite ( 566454 ) on Monday May 16, 2005 @05:06PM (#12547595) Homepage
    Hi Wally,
    There are many softwares available that can repackage an install as an MSI. You can than repackage your updates to Firefox, etc and apply using Group Policy as you are used to. There are even some OS efforts ( [])

    I hope that you don't let software distribution be a stickler here. The benefits to rolling out Firefox, etc are many.
  • by KagatoLNX ( 141673 ) <> on Monday May 16, 2005 @05:26PM (#12547814) Homepage
    A lot of people have seemed to think this question was about going totally Linux (and many claiming that the MS deal was a good "value").

    In case the question was about using FOSS on a Windows network (for the time being), the following might help.

    This tool is fairly useful for deploying Firefox on a network: []

    As for OpenOffice, I use central network location, see the setup guide (I think you have to run setup.exe with the -net option). I'm not sure what must be done from there to automate installation, we usually do it manually because Workstation installs of OOo (from a central network location) take seconds.

    As for the question of whether the MS deal was a "good value". First, let me say that there's more to "value" than cost. Also realize that $50000 per year might be cheaper than MS's $15000. Once you figure in MSCE training for an IT team and the increased labor it takes to run a Windows network you might be surprised. Believe me, once configured, Linux machines can be dead reliable and reimaged lightning fast, I do it for a living. That said, Firefox has saved me 8 hours per week at one client that only has 10 computers.

    Well, ask your purchasing department how many suppliers it has for, say, light bulbs. While more than a few places say "just one", I find universities in particular tend to have four or five suppliers solely for the purpose of leveraging one against the other for good pricing.

    What's the point of my story? The point is that MS as a single supplier means you will pay as much as they want you to. Of course it will always be "a little cheaper". In a software world with real competition, that will change.

    Regardless, it's worth pointing out that increasingly it is the case that people are choosing FOSS for reasons other than price: 92929216 []
  • BigFix? (Score:3, Informative)

    by AstroDrabb ( 534369 ) * on Monday May 16, 2005 @09:31PM (#12550159)
    We use BigFix []. It is a _very_ nice program. We dumped SUS for it because BigFix is so much better. BigFix handles MS Windows as well as other platforms. BigFix can download SRPM files for our Linux servers, compile the source RPM and then deploy it. It handles our Solaris servers as well.

    If you are on a small budget, you can just go with simple scripting. Pick a Debian based distro or an RPM based one (SuSE or RedHat only) and you can script all you need. Enable SSH for every system you deploy, desktop and server. Then you just write a few simple scripts _once_ and you can push down any update you need.

    Red Hat has their own update stuff and you can pay them extra and run your own update server on your local network. However, where I work we have found Red Hat to be _way_, _way_ overpriced (I work for a multi-billion fortune 500). We are starting to look toward Novell SuSE for our Linux needs. Novell SuSE is _way_ better priced. If you look at a Red Hat Linux solution and an MS Windows Solution, MS will usually be less expensive! I personally don't know what Red Hat is thinking. However, if you go with Novell SuSE, you will see that Novell SuSE is far less expensive than MS. Also, Novell SuSE has some very nice tech that they got from Ximian. As you pointed out, Ximian, now Novell, Red Carpet, is a very nice corporate update client. That is the whole design of the product. You have one local update server and put the client on all your deployed systems and Novell Redcarpet handles the rest.

    With Linux you have tons of options. If you have a really bare-bones budget, I would personally recommend a nice Debian solution. I have been using Ubuntu [] on my desktops at work and at home and have been very pleased with how easy it is to upgrade with out dependency problems. I originally used Fedora Core, however I would run into repository conflicts often because every Fedora repository out there tried to be "The" repository for Fedora. So you would have 3 or 4 versions of every package and they would all conflict. You won't run into that with a Debian based distro.

    If you have a bigger budget, look into Novell SuSE (which is still very cheep) and their Red Carpet client/server to handle updates. If your budget is even bigger, you can look into BigFix. However, I think BigFix is priced more as a bigger corporate product, though for our budget, BigFix was still priced nicely per/client.

    As I said, you have _tons_ of options with a GNU/Linux deployment. Build yourself a seperate subnet and spend a few days testing to see what level of support you want. Obviously, the less support you or your staff want to do, the more you will pay for your solution. You could spend 10's of thousands if not 100's of thousands (or millions like us) for a complete MS software "assurance" package or you can go very lowlevel and build your own GNU/Linux system like Linux From Scratch [] (which was very fun for a personal project but _way_ too much work for a professional solution for more than 5 systems).

    I persoanlly think your best bet is a hybrid system of Linux and MS Windows. As I said, get a test lab/network. Then use the right tool for the right job. Try to build a lab that is all or almost all Linux servers with mostly MS Windows XP desktops. On your MS Windows desktops try to use OSS software. For example, deploy Firefox and Maybe for some more tech users you could even get some Linux desktops in that mix. For your development needs, use OSS tech such as Tomcat or PHP.

    Honestly, I would personally love to be in your position. It sounds like you have the ability to use the "right tool for the right job" without all the PHB crap or extreme OS bias. Where I work we have 140,000 employees and changing technology is like the changing of the North pole ; )

"The number of Unix installations has grown to 10, with more expected." -- The Unix Programmer's Manual, 2nd Edition, June, 1972