Transition from Windows-based network to Linux-based

I am looking to make the switch from a Windows based network to a Linux based one. Currently the network includes a Windows 2003 server which acts as a domain controller and file server, a network shared printer (Canon 2300N) and 7 clients running Windows. Several other Windows-based clients connect remotely via RDP.

I would like to setup a server to act as a domain controller, file server, and (if possible) terminal server. The clients should be authenticated via the server and have access to the files stored on it (via ssh?).

Here are several points that I was wondering about:

  • All the clients use Outlook, some of the clients run Quickbooks Pro and another program called Tentant File Pro. I was thinking about replacing Outlook with Thunderbird (I contact, calendar, and tasks) and I know that Wine can’t run Quickbooks and Tenant File Pro so I may have to use VirtualBox/VMWare because these applications can’t be replaced by native Linux versions.
  • I need an adequate backup solution for the files on the server running as a daily backup.
  • Should I use webmin to administer the server?
  • What antivirus / firewall solution should I use for the server and the clients?
  • How can I allow remote clients the login to the server to be able to run applications (Outlook, Browser, Tenant File Pro, etc.) remotely on the server?

What is the best solution for this? And what would be the least painful way of making the transition for the users?

I know this is a lot, but any feedback would be appreciated.

Thanks.

Welcome to the forums.

There are lots of possible paths. I would recommend a staged migration side by side so that you are not overwhelmed by a huge amount of change.

Read swerdna’s tutes on running Samba for file serving and domain mastering.

Lots of solutions for backups. Consider using portable HDs as backup media with rsync.

YaST should be adequate, you shouldn’t need webmin.

If you are on a LAN and clients have private addresses inside a firewall perimeter, then Linux has firewalls already. You might want a firewall on the Windows clients if you have a hostile LAN. You want a combination of antivirus on the client and perhaps antivirus on the server to scan mail and shared filesystems. Remember that USB flash keys are still a viable source of infection. Others can better advise you on this.

I suggest you don’t allow non-admin logins to the server and run the Windows applications on the clients.

Good luck with the project.

Besides ken_yap’s observations,

IMO sounds like you are looking to migrate client Desktop machines to Linux but keep running Windows Server, particularly for email (since you talk about “running Outlook on the Server”). If that’s the case, you should know that you <must> run Windows Active Directory with an Exchange Server. If you migrate to another mail server, then its capabilities and features will then determine which mail clients you can use.

You should also know that at the moment Samba can do network authentication and CIFS file sharing (similar to Windows network shares) but it can’t manage hosts in the same way AD can. If you’re using AD in that way, consider whether you might want to keep a Windows Domain controller running and simply join your Linux clients to the AD. There are various products that extend AD to do limited management of your Linux hosts as well.

The backup question can be answered many ways depending on what you decide needs backing up and how often. You can backup entire systems, only essential data, only changing data and using the standard full, differential and incremental types. Time, need and available resources like disk space enter into the equation.

YAST is very good, but I do recommend Webmin as an easy option if you intend to administer your Linux Server remotely.

As ken says, the local firewall is good for basic network protection, but the sky’s the limit if your needs are greater. AV is a never-ending question without a simple answer.

Don’t know exactly what you mean by running remote apps on your Server, I suspect you don’t really mean what you said. Taken literally, remote Users can SSH in or login to virtualized instances. If instead you mean running an application on your client host accessing a resource on your Server, you’ll need to specify the exact resource on the Server.

Bottom line probably is that if you’re considering a migration but are unsure what it involves I would strongly recommend you hire a consultant to at least inspect your current network and provide recommendations, possibly even assist in the migration to either an entire Linux or hybrid network. Properly setup, you might be able to maintain your network yourself thereafter.

HTH,
Tony

On Sat February 12 2011 11:36 am, tsu2 wrote:

>
> Besides ken_yap’s observations,
>

> You should also know that at the moment Samba can do network
> authentication and CIFS file sharing (similar to Windows network shares)
> but it can’t manage hosts in the same way AD can. If you’re using AD in
> that way, consider whether you might want to keep a Windows Domain
> controller running and simply join your Linux clients to the AD. There
> are various products that extend AD to do limited management of your
> Linux hosts as well.
>
larynx1962;

To be more specific, Samba3 can emulate an NT domain but not an AD domain.
Samba4 can emulate an AD domain, but is still considered experimental and not
yet recommended for a production server.


P. V.
“We’re all in this together, I’m pulling for you.” Red Green

You might want to checkout FreeNas on an otherwise useless box as an automated backup solution… Freenas works well for me running in a mixed lan.

IMO sounds like you are looking to migrate client Desktop machines to Linux but keep running Windows Server, particularly for email (since you talk about “running Outlook on the Server”). If that’s the case, you should know that you <must> run Windows Active Directory with an Exchange Server. If you migrate to another mail server, then its capabilities and features will then determine which mail clients you can use.

I’m planning to move the entire network (server and clients) to Linux. I was talking about replacing Outlook with Thunderbird.

You should also know that at the moment Samba can do network authentication and CIFS file sharing (similar to Windows network shares) but it can’t manage hosts in the same way AD can. If you’re using AD in that way, consider whether you might want to keep a Windows Domain controller running and simply join your Linux clients to the AD. There are various products that extend AD to do limited management of your Linux hosts as well.

I’m thinking of using OpenLDAP and Samba for an Active Directory replacement. Does anyone have any experience with it?

The backup question can be answered many ways depending on what you decide needs backing up and how often. You can backup entire systems, only essential data, only changing data and using the standard full, differential and incremental types. Time, need and available resources like disk space enter into the equation.

I think I’m going to use a cron job to rsync for an easy backup solution, I think this should be sufficient.

As ken says, the local firewall is good for basic network protection, but the sky’s the limit if your needs are greater. AV is a never-ending question without a simple answer.

I’ll use the local firewall but does anyone have any recommendations for a good Server/Client Anti-Virus?

Don’t know exactly what you mean by running remote apps on your Server, I suspect you don’t really mean what you said. Taken literally, remote Users can SSH in or login to virtualized instances. If instead you mean running an application on your client host accessing a resource on your Server, you’ll need to specify the exact resource on the Server.

I was planning on having the users login remotely via SSH into a virtualized instance to run certain applications on the server but it seems (from the responses I’m getting) that it is too much of a security risk so I’ll setup the applications to run locally on the client’s desktops and access the server data via SSH.

I have a test environment set up like this :-

File/print/ldap/nfs server
10 opensuse clients
Proxy/squid/dynamic dns/dhcp server

The file server runs openldap which the clients use to authenticate
It also has the automounting information. The clients get their
home directories and three data directories automounted on login
using nfs4. The server also acts as a print server and the clients
use the remote cups server on this box for printing to a network printer.

The the Proxy box has Squid and dansguardian It has dynamic dns and dhcp
for the clients…

Users can hot desk and all the kde stuff works ( I haven’t put a lot
of effort in Gnome )

We also have a Windows Terminal server that allows us to run a Windows
app on the linux desktop that has no Linux equivalent, it uses seamlessrdp
so just the app appears not the whole desktop

… and getting all this to work has driven me insane ( btw many thanks
to all the people who helped me on these forums ) if this is interesting
let me know and we can either take this off line or I can bore everyone on these
forums to death how it all works - and they can rip it to bits as junk :slight_smile:

M

We also have a Windows Terminal server that allows us to run a Windows
app on the linux desktop that has no Linux equivalent, it uses seamlessrdp
so just the app appears not the whole desktop

This is the part that I’m still unsure about. I don’t know if I should have the clients run their Windows applications locally via VirtualBox (because it would be more secure) and access the data on the server via SSH or run a Windows Terminal Server that the clients will logon to via RDP over SSH.

Did you setup a separate physical Terminal Server or do you run a virtual server from with the linux server?

Depends on the app (how it’s built, whether processing is frontend or backend), depends on available bandwidth, depends on many things which way to go whether to run an app and/or data locally or remotely. Also, as interele notes there are two types of MS Terminal Services, serving an entire virtual desktop or just the application to the local desktop. Done right (yeah) almost any remote access solution can be done without major security risks (but security can be in the eye of the beholder), my guess is that your options could be restricted more by how the app(s) work.

You still haven’t mentioned what you intend to use as your mailserver, that’s a critical consideration and part of whether you can or will migrate from Outlook. If your Users are simply reading email, then you might be able to replace Outlook but if they’re doing more then you might run into real User backlash. No one has ever created a true Outlook competitor and Power Users and Enterprise Users commonly use Outlook with a variety of other mail systems.

IMO,
Tony

For a firewall Smoothwall Express is vary good. It’ll run on almost anything, I ran it on a P3 with 756MB of RAM and a 6GB hard drive, and it has the ability to set up multiple zones for different levels of protection. I only stoped using it because it is overkill for a home network.

We have a separate Terminal server box

For a firewall Smoothwall Express is vary good. It’ll run on almost anything, I ran it on a P3 with 756MB of RAM and a 6GB hard drive, and it has the ability to set up multiple zones for different levels of protection. I only stoped using it because it is overkill for a home network.

Smootwall looks good but It seems like a standalone firewall that requires a specific server, I’m looking for a firewall to run on the server and the clients.

In my experience running the firewall on a separate system, even if just through visualization, is much more secure. Plus it doesn’t need the newest hardware to run, you could buy a used P3 or 4 off of craigslist or from a local computer store and it would have more then enough power for Smoothwall… The other advantage of something like Smoothwall is it will act as your DHCP and DNS servers.

These days the firewall in the modem/router is usually good enough. A separate firewall machine draws power. Say 40W which is 1 KWh per day = 365 KWh a year. Around here that would cost $50. On some routers you can install DDWRT or OpenWRT, Linux based firewall distros. A modem router draws more like 5-10W.

These days the firewall in the modem/router is usually good enough. A separate firewall machine draws power. Say 40W which is 1 KWh per day = 365 KWh a year. Around here that would cost $50. On some routers you can install DDWRT or OpenWRT, Linux based firewall distros. A modem router draws more like 5-10W.

I have Tomato firmware on my router and it seems to be doing OK so I’ll stick with that for now.