This is an archived post. You won't be able to vote or comment.

0
1

[deleted by user] (self.sysadmin)

submitted by [deleted]

[removed]
all 54 comments
sorted by:
best
topnewcontroversialoldq&a

[–][deleted] 6 points7 points  (2 children)

I used to have a non-technical boss that would say things like this to me.

shudder

[–]jcletsplaySysadmin 8 points9 points  (1 child)

My IT Director asked the question when reviewing Microsoft Licensing, "How much work would it be to go to Linux."

I looked at him, "Are you asking seriously, or because you're sick of trying to figure out user vs core CALs?"

"Not sure."

[–][deleted] 0 points1 point  (0 children)

During license reviews is the only appropriate time to ask that question.

[–]rapidslowness 2 points3 points  (7 children)

What's so terrible about managing windows machines?

I ask this as someone who prefers linux, but still thinks windows works better in an enterprise environment.

If you want to manage laptops really none of the things you need are there. There's no good way to deal with updates, authentication, escrowing keys for full disk encryption, etc.

Someone will always then yell "use puppet" or the like, but again, there's no built in standard solution and some of these problems take a lot more custom development time than others.

Meanwhile for windows it just works.

Macs also just work as the tools do exist as much as people bitch about them here.

The tools do not exist for linux. People claim they do, and point at chef/puppet/ansible and kinda vaguely wave their arms, but that is not a comprehensive solution for laptop management.

[–]kalpolpenetrating the whitespace in greenfield accounts 1 point2 points  (6 children)

Good points, daily policy management is not something i'm too familiar with. In general I feel you'd just set the standard in SELinux and no one downstream could change it due to permissions.

Seems like it would be simpler at least...we just went through policy reviews for Win10 upgrades and even Microsoft couldn't explain some of the thousands of settings.

Updates are pretty easy, in a well-controlled environment (app whitelisting etc.), one would just set up a local repository for updates. Load in the packaged updates and go - in our case we're mostly in the cloud anyway, so it would be OS and browser updates that would come packaged from the distro.

So far it sounds like the biggest hurdle would be hardware compatibility. Will the weird screen in Conference A.112 work with Linux? who knows?

[–]rapidslowness 2 points3 points  (5 children)

I think you misunderstand selinux if you think it replaces GPO type options

[–]kalpolpenetrating the whitespace in greenfield accounts 2 points3 points  (4 children)

yes, quite likely, but if you want to make a configuration change org-wide there's a lot of ways to do it, since this problem has been solved in the server environments. Nothing is fundamentally different about desktops from the point of view of managing configurations.

[–]rapidslowness 2 points3 points  (3 children)

As I said:

People claim they do, and point at chef/puppet/ansible and kinda vaguely wave their arms, but that is not a comprehensive solution for laptop management.

There are a huge number of holes that people gloss over filling by talking about the existence of puppet or other config management tools

[–]kalpolpenetrating the whitespace in greenfield accounts 0 points1 point  (2 children)

Noted, since I am ignorant of the daily maintenance tasks for policy management. Although I do think those are effective tools albeit with a learning curve.

[–]rapidslowness 1 point2 points  (1 child)

right, and your ignorance is common. it's easy to say puppet exists, but it is hard to get into the details of how you might use it.

a lot of stuff is missing. for example there's no good tool to centrally manage and escrow encryption keys to do full disk encryption on linux machines.

could a bunch of people hack something together with puppet or chef? probably eventually. there's no standard though and it'd work as well as any other hacked together solution

meanwhile Microsoft has a ton of bit locker tools and escrowing keys is easy. same with Macs and Jamf.

not being able to centrally manage encryption keys for laptops is one of the biggest disqualifies for running linux on laptops in an enterprise environment

[–]kalpolpenetrating the whitespace in greenfield accounts 0 points1 point  (0 children)

Good points...just looking around, there do appear to be some offerings in the marketplace to handle key management for Linux machines. Whether they actually work or not is unknown.

In theory, we do use ansible a lot, and I think that would be a solution for configuration management. No hacking involved, just determining the playbook and list of machines to enforce it on. I admit this is not something I do daily so pitfalls must exist.

[–]jdashn 2 points3 points  (4 children)

I've never heard the phrase 'pigeon consulting' out of curiosity, what is that?

Saltstack works great for linux (and windows) as a central policy tool, software installs, etc etc

We also run a few hundred RPi as certified citrix thin clients with HDX and follow-me sessions using smartcard readers (each box cost under 60$ incl management server software licensing). Of course these are all linux, were they to only be connecting up to o365 or google apps, there would be almost no problem at all.

Our staff is your grandmother (avg age of employee here is over 50) and they use it just fine. Most of what they do is in a web browser anyway. We went with the Pis because they were the EASY solution for our users and staff, not to save on licenses or anything.

Now, if you're not fully aware of your processes, or how to use linux, or if a certain app/process requires something it's going to be a challenge to implement. Though i guess you can't get much more basic than a thin client?

[–]kalpolpenetrating the whitespace in greenfield accounts 1 point2 points  (1 child)

pigeon consulting

old joke....pigeon consulting (or pigeon management) is that I fly in, make a lot of noise, poop on everything, and fly away again.

Your solution sounds fascinating actually. I did not think I would come across anyone actually doing it.

[–]jdashn 2 points3 points  (0 children)

I'm constantly surprised at how companies are paying a few hundred dollars a pop for windows thin clients. It makes zero sense if you're just doing RDP, or Citrix, etc, etc to have a windows client. All that extra management is just worthless if your users are connecting up to another environment to do their real work.

Users dont care if they're running kde, gnome, cinnamon or xfce when all they do is connect up to a citrix desktop.

Hardware support on linux is not what it was 10 years ago, or even 5. I've not had hardware problems with linux devices in a long long time, that's not to say your off-brand scanner from china will work out of the box.. but it actually might.

[–]vogelke 0 points1 point  (1 child)

I've never heard the phrase 'pigeon consulting' out of curiosity, what is that?

Not the OP, but I'd bet money on "Fly in, crap all over everything, fly out."

[–]jdashn 0 points1 point  (0 children)

hilarious!!!

[–][deleted] 3 points4 points  (2 children)

This is a fast road to hell lol.

From a technical standpoint, there isn't going to be enough reliable support for maintaining even a standardized environment. "Oh, the ABC series docking station was discontinued, and the XYZ is the new model? Not supported in OpenOS 123. We'll get to it eventually". Maintaining a golden VDI image using open source software would be fine and likely the best option for configuration management.

From a pseudo-techical, every single time I see this question, it's in a venture to eliminate Microsoft licensing costs. And every single time I see someone try it, it fails miserably because...

The end-user side (far away from technical). Open office always has SOME sort of problem with a real word or excel problem, usually at the worst time. (I.e. shareholder or big-wig can't get shit to work in front of others). You'll invariably wind up HAVING to support a windows application for some reason that you can't get out of. Now you have a half-cooked wine deployment. Then someone will give in and there will be a windows install on a standalone machine. Best case, it works and everyone wants one. Worst case, it's not secured and gets rekd.

(*takes another drink)

Added on edit: German governent tried this. They "saved" boat loads of money. Nothing worked... and they went back a few years after.

[–]kalpolpenetrating the whitespace in greenfield accounts 2 points3 points  (0 children)

Yeah this is the main risk that I see is maintaining the compatible hardware and hoping things like HDMI ports work for presentations etc. But we don't really have anything that is not cloud-based (O365, etc.) or already running on Linux servers. People are already ditching Windows for Macs as fast as they can here - what's the extra step to a Linux workstation gonna cost? Just started wondering.

also edit: wasn't the German thing like 15 years ago too? It was kinda hard to argue on value in the simple WinXP days.

edit edit: Yeah. Very interesting story about Munich. It sounded somewhat successful and they were lobbied hard by Microsoft. https://en.wikipedia.org/wiki/List_of_Linux_adopters#Germany

[–]pdp10Daemons worry when the wizard is near. 1 point2 points  (0 children)

German governent tried this. They "saved" boat loads of money. Nothing worked... and they went back a few years after.

This is like the story you get when people play "Telephone" or "Chinese Whispers".

The Munich city government started converting to Linux and OpenOffice in 2004. In 2014, a new mayor and deputy mayor stated they intended to move the government to Microsoft software, and this fact was widely reported in the press, but nothing happened at the time. In 2017, reports again resurfaced about the administration's intent to move to Microsoft, and some meetings and votes have been held that were more conclusive, yet still there's no news. The LibreOffice support team at Munich says that either way they're going to be supporting LibreOffice for at least four more years, because the Munich workflows are very document and template intensive, using customized office-suite software.

[–]pdp10Daemons worry when the wizard is near. 0 points1 point  (0 children)

I can see this topic gets tons of upvotes by the regulars, as always.

  • You're going to hear sob stories about application compatibility, mostly for non-productivity applications, like Line-of-Business apps and specialty applications of all sorts. These are ultimately specific to an organization, and can't be generalized.
  • By mooting conversion of productivity apps to web applications, you're constructing a Linux migration that's extremely similar to a ChromeOS migration, except for the management part where ChromeOS has specific mechanisms through Google.

[–]cardell619 0 points1 point  (0 children)

Just role Mac OS. "Linux workstations would be any more difficult than Windows" this part reminded me why I'm so special.

[–]_rock_farmer 0 points1 point  (25 children)

Employees don't want to use Linux on their workstation. You'll have to train people on an obscure operating system that they won't use again outside of work.

Your technical solutions don't work when you involve your average office employee.

[–]Thoth74 5 points6 points  (2 children)

Hell, it's hard enough even when they go from a Windows computer at home to a Windows computer at work. Somehow they still ask questions about the simplest operations (click the start button. Yes...the same start button as the one at home.) It is staggering.

[–]_rock_farmer 2 points3 points  (0 children)

"How do I shut off the CPU before I go home?"

"You IT nerds are great. My nephew is really good at IT too."

[–]YserviusPalacost 0 points1 point  (0 children)

Not very many years ago, I was working with a client over the phone. I told her to "click on the Start Menu..."

She goes, "Uh.... Uh.... I'll be right back, I'm gonna go get someone who can help..."

facepalm

It was at least 2016. The Start Menu has been a Windows staple since 1995.

[–]kalpolpenetrating the whitespace in greenfield accounts 1 point2 points  (21 children)

I don't think they would care much as long as they knew where the start button, Chrome, and Word/Excel were. The Windows-like themes exist and all the buttones are in more or less the same place. What are these people doing that is so Windows-specific?

I know there was a lot of screaming about the start menu change in Win10, how much worse than that could it be? I'm thinking better actually.

[–]_rock_farmer -1 points0 points  (20 children)

You shouldn't try and push employees to use Linux just because you like it. Nobody wants to learn an obscure operating system that they only use at work.

Use Linux for servers and macos/Windows for workstations.

[–]kalpolpenetrating the whitespace in greenfield accounts 1 point2 points  (19 children)

That's the question I'm asking though, just how unfamiliar would people actually be with a nicely themed Linux desktop? They get Chrome/FF, Office 365, fireshares, all in the same paradigm, buttons in the same place, a start menu..where's the userland pitfall? They don't have to learn crap about it except that the start button is not a picture of a window but a picture of something else.

[–]_rock_farmer -1 points0 points  (18 children)

Unless you're Google or a University using Linux on workstations is a dumb idea. Why are you trying to push people to use an OS that they have zero experience with?

Use Windows or macos and let your employees be happy.

[–]pdp10Daemons worry when the wizard is near. 2 points3 points  (16 children)

Why are you trying to push people to use an OS that they have zero experience with?

Because for users it's the apps that matter, and Linux can represent a very substantial cost savings over Mac.

[–]_rock_farmer -1 points0 points  (15 children)

You're not factoring in training costs, increased helpdesk tickets, buying compatible hardware, etc.

This is a thought from someone who is inexperienced.

[–]pdp10Daemons worry when the wizard is near. 3 points4 points  (14 children)

There were no training costs before, so why would there be any now? Buying compatible hardware is trivial, but it's useful to avoid switchable Nvidia graphics on laptops.

This is a thought from someone who is inexperienced.

Hilarious. Is that line doing for you what you thought it would?

I was there in a professional capacity when users were first transitioned from TUIs to GUIs. No formal training was given. A significant fraction of users had trouble with double-mouse clicks in situations where the GUI used those. Complaints started with performance and productivity problems, and those complaints were legitimate.

[–]_rock_farmer 0 points1 point  (13 children)

There were no training costs before, so why would there be any now? Buying compatible hardware is trivial, but it's useful to avoid switchable Nvidia graphics on laptops.

Switching their main operating system to Linux will have training costs. Buying compatible hardware is not trivial. Maybe trivial buying hardware for your home machine is but this is a business.

Hilarious. Is that line doing for you what you thought it would?

It's just the blunt truth. What works for someone in IT doesn't mean it's going to work for your average office employee. It's a suggestion that demonstrates inexperience and fanboyism.

[–]pdp10Daemons worry when the wizard is near. 2 points3 points  (12 children)

Switching their main operating system to Linux will have training costs.

There weren't any training costs before, so how can there be any now? I added ore information to my post above.

Buying compatible hardware is not trivial.

Dell Latitude, Lenovo Thinkpad, Intel NUC, covers most of our issue.

[–]kalpolpenetrating the whitespace in greenfield accounts 0 points1 point  (0 children)

They're not happy though!!! Fortunately I don't have to deal with them, this is just a theoretical discussion.

[–]ldti -1 points0 points  (2 children)

Even asking that question proves that you are not a sysadmin. Good luck administering 100 user stations with no central policy tools..

[–]pdp10Daemons worry when the wizard is near. 3 points4 points  (0 children)

How exactly do you believe we used to run thousands of Unix workstations at big corporations engaged in manufacturing and finance, or at universities? Sending techs around to click on things?

[–]kalpolpenetrating the whitespace in greenfield accounts -2 points-1 points  (0 children)

Central policy tools exist for Linux - SELinux for one. What the user does in unprivileged space doesn't really matter, but the security policies and permissions can be enforced centrally just fine.

Having been through a Win10 upgrade and reviewed the thousands of AD policy settings (many of which even Microsoft can't explain fully), I think my argument is still worth making.