Enterprise Linux Log


September 11, 2007  12:12 PM

The Unix wizard

ITKE ITKE Profile: ITKE

Unux Wizard

The classic UNIX magic poster by Overacre was distributed at a USENIX conference and featured a wizard with UNIX related signs, portents and doo-dads around him. I wonder what a Linux wizard keeps in his hat these days? And, would the Linux wizard be shown totally owning the Unix one and stealing his market share? I wonder…

September 11, 2007  12:05 PM

BMW, Siemens jump on board with Microsoft, Novell

ITKE ITKE Profile: ITKE

Today BMW AG and Siemens Corp. today became the latest customers to hop on board the Microsoft-Novell bandwagon. For those of you keeping score at home, good for you, because I’m not.

According to a joint release fired off from Redmond and Waltham, Mass. simultaneously , Under two separate agreements Microsoft will deliver to BMW and Siemens each certificates for three-year priority support subscriptions to SUSE Linux Enterprise Server from Novell.

BMW and Siemens join a small but growing group of European companies, including Credit Suisse and HSBC, which have already signed on to Novell and Microsoft’s agreement to jointly build and support applications to improve interoperability, virtualization capabilities, and provide intellectual property assistance to customers (that last point is up for debate).

For Siemens, the agreement will support the Siemens operating company through the work of the ISEC subsidiary of Siemens Enterprise Communications, which is responsible for customer software application development and management worldwide. Due to the large quantity of current and legacy Linux applications in customer environments, Siemens has a need for Windows and Linux platform compatibility.

The agreement will enable BMW’s dual-vendor data center strategy, supporting worldwide corporate computing services and many human resources, marketing and financial applications.

Don’t you just love the smell of a press release in the morning? Regardless, this is yet another customer (two, actually) that believes the Microsoft-Novell approach to interoperability is the right one.


September 11, 2007  10:17 AM

Mainframes, Linux, and cost advantages

ITKE ITKE Profile: ITKE

MainframesOccasionally throughout the summer I’ve been chatting and emailing with Saugatuck Technology analyst Charlie Burns about mainframes, IBM and Linux. Many people have argued over the past year that the mainframe is dying out (again), but Burns and some very telling market trends go against that grain with a 180 degree turn: the mainframe is surging, and it’s all thanks to Linux.

I’ll have an article up a bit later this week (or early next) detailing just exactly what is going on in this space, but for now I thought I’d include one of the recent emails Charlie sent me that covers some of the basic cost advantages of the mainframe.


Mainframe Cost Advantages
By Charlie Burns
Vice president, Saugatuck Research Inc.

Architecturally-based advantages in the hardware, the operating systems, and in the virtualization functionality enable mainframes to manage multiple diverse workloads based on business objectives and deliver exceptional cost reductions. If we compare the costs of using mainframes to those of conventional servers as noted earlier, we find the following:

  • Technical support and maintenance costs. By consolidating and centralizing the capabilities of dozens of servers into a single platform, use of a mainframe drastically reduces the redundancies and differences that are de rigueur in server farm environments. If we accept conventional industry wisdom that states a minimum of 70 percent of IT costs are labor – and that the majority of labor costs are training and support – it’s easy to see how mainframes can quickly free up IT budgets for more strategic investment such as new application development.
  • Software licensing and maintenance costs. Since most operating, middleware, and application software is licensed to each server it is used on, a mainframe offers substantial software savings. In a mainframe, the computing capacity applied to software can scale dramatically. Literally, hundreds of virtualized server images can operate in a single mainframe under a single license, thus, avoiding additional license and maintenance fees. In addition, the IBM System z has the capability of running specialized processors for Linux and for some application workloads. These processors are priced substantially lower than the base processors. Thus, the System z delivers both hardware and software saving on a broad scale when compared to individual x86 server platforms.
  • User and IT training costs. Training costs tend to be driven by the number and complexities of multiple applications and operating systems. By enabling the use of all leading operating systems and applications within single platform, mainframes drastically reduce the need for training.
  • Utility and environmental costs. Mainframes require substantially smaller amounts of power, UPS capacity, cooling, and floor space when compared to the environmental requirements of an x86 server farm with equivalent processing capacity. The mainframe’s advantage is even more substantial when one considers the reduced amount of storage and inter-connection equipment compared to an x86 server farm.
  • Security costs. Mainframes enable centralization of software and application interfaces. Centralization of software enables vastly improved security management by reducing the number and types of access points. Additionally, because of its heritage, security is architected into the mainframe and is uniquely robust. For example the IBM System z family of mainframes provides security against information flow between virtual machines. The System z was first certified in mid-2003 as Evaluation Assurance Level 5 (EAL 5) by meeting the Common Criteria standard ISO 15408. Comparatively, virtualization on x86 server platforms require security to be added and layered as part of the operating system, applications, databases, and so on – further increasing both the complexity and cost of security, while adding more points of vulnerability due to incompatibilities between security systems and other software.

An Elementary Roadmap
Saugatuck recommends that every company with more that 20 x86 servers should perform a thorough evaluation of existing workloads and servers with the following steps in mind:

  1. x86 servers yielding the largest savings should be migrated to the mainframe first (e.g., those with unique infrastructure support requirements)
  2. x86 servers with the lowest utilization should be migrated early
  3. Assets with an upcoming compelling event (e.g., need for capacity upgrade, lease expiration, etc.) should be migrated before incurring the expense
  4. x86 servers/workloads should be aggregated by user department to leverage strong buy-in
  5. Oldest technology x86 servers should be migrated early
  6. Focus on real estate by freeing up contiguous raised floor space or eliminating sites as early as possible

An interesting analysis. More to come later this week!


September 11, 2007  9:56 AM

Of Samba bugs and 3.026a

ITKE ITKE Profile: ITKE

We just put a Samba tip up the other day regarding bugs and bug fixes, so it’s kind of ironic that Jerry Carter, release manager for the Samba team, sent out a few bug updates today to the mailing list.

The first, complete with patch availability:

===========
Description
===========

The idmap_ad.so library provides an nss_info extension to Winbind for retrieving a user’s home directory path, login shell and primary group id from an Active Directory domain controller. This functionality is enabled by defining the “winbind nss info”smb.conf option to either “sfu” or “rfc2307″.

Both the Windows “Identity Management for Unix” and “Services for Unix” MMC plug-ins allow a user to be assigned a primary group for Unix clients that differs from the user’s Windows primary group.
When the rfc2307 or sfu nss_info plugin has been enabled, in the absence of either the RFC2307 or SFU primary group attribute, Winbind will assign a primary group ID of 0 to the domain user queried using the getpwnam() C library call.

==================
Patch Availability
==================

A patch addressing this defect has been posted to

http://www.samba.org/samba/security/

Additionally, Samba 3.0.26 has been issued as a security release to correct the defect.

==========
Workaround
==========

Samba and Active Directory administrators may avoid this security issue by two methods:

(a) Ensure that all user’s stored in AD are properly assigned a Unix primary group, or
(b) Discontinue use of the sfu or rfc2307 “winbind nss info” plugin until a patched version of the idmap_ad.so library can be installed.

Note that the problem is only evident on servers using the sfu or rfc2307 “winbind nss info” plugin and not those only making use of Winbind’s idmap_ad IDMap backend interface.

There is also version 3.0.26a available for download today, complete with bug fix (Memory leaks in Winbind’s IDMap manager).

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from:

http://download.samba.org/samba/ftp/

The release notes are available online at:

http://www.samba.org/samba/history/samba-3.0.26a.html

Binary packages will be made available on a volunteer basis at

http://download.samba.org/samba/ftp/Binary_Packages/


September 10, 2007  4:02 PM

Wubi install mechanism bound for Ubuntu Gusty Gibbon

ITKE ITKE Profile: ITKE

One of my Ubuntu ninjas wrote me this morning to point out that the mechanism behind the Wubi installer for Ubuntu (http://wubi-installer.org/) is being incorporated into the next version of Ubuntu (7.10 aka Gutsy Gibbon; due out in just over a month).

From the Wubi web site (say that ten times fast!):

Wubi is an unofficial Ubuntu installer for Windows users that will bring you into the Linux world with a single click. Wubi allows you to install and uninstall Ubuntu as any other application. If you heard about Linux and Ubuntu, if you wanted to try them but you were afraid, this is for you.

Not too shabby, no?

The Ubuntu archives have some of the notes on this, and I suggest you check them out if you’re in the dark on this one.

https://lists.ubuntu.com/archives/ubuntu-devel-discuss/2007-September/001580.html
https://lists.ubuntu.com/archives/ubuntu-devel-discuss/2007-September/001601.html

[Thanks, CK!]


September 10, 2007  3:38 PM

Linux Done Right: A user’s pleasant surprise

ITKE ITKE Profile: ITKE

Consider this the first in an occasional, meandering series of articles on Linux done right. These aren’t meant to boost the sales of any particular vendor, but instead are meant to show other end users, IT managers and decision makers what to look for when vetting applications and operating system migrations. It can be support, migrations strategies, execution or anything and everything in between. If it’s Linux done right, then you’ll find it here.


First, a little background.

I initially spoke with John Flores, a system administrator with the University of Texas at San Antonio, earlier this year for a broad SearchEnterpriseLinux.com article on Linux support. The article focused on the good, the bad and the ugly of working with commercial Linux distributors, as well as with the alternatives like CentOS and Debian. It was also a comparison of the past, present and future of Linux support as a whole.

Flores and his data center — like many data centers today — were at a crossroads. He was using Windows NT as his domain controller, but it was update time as a few Dell servers were past their prime and new ones were set to be introduced in the summer of 2006.

“We had an old Dell 6300 that was to be put out of service … it was what was running the NT 4.0,” Flores told me. “Rather than move NT 4.0 to a new server, we were looking for an OS that could put onto a new server and it was going to be either Linux or MS.”

But old servers weren’t the only issue at the U of T that summer. Flores explained that NT 4.0 had become “unstable, mostly due to age.” The software configurations were also old and difficult to maintain, he said. and a lot of “junk” had accumulated over the years. The clutter was quickly becoming a maintenance issue for the IT staff, he said.”We were having a server failure almost once every two weeks. A server would have a major problem so we’d have to reboot it and bring it back up again,” Flores said. But then things got even worse.

“Because this is a university environment, we have a whole new set of something like 5,000 users changing over every semester. We have to log all those IDs and passwords every semester.” Continued »


September 7, 2007  10:39 AM

Linux job numbers surge, remain behind Windows

ITKE ITKE Profile: ITKE

DICEIf Dice’s numbers are any indication, then the Linux job market it experiencing a healthy surge right now. Dice, for those not in the know, is “career website for technology and engineering professionals, and the companies that seek to employ them, in the United States,” according to the Dice.com web site. And if you read all the way to the end of this post, then your IT library could see a surge in free books.

An article over at Datamation tells it like it is:

Dice, the tech jobs site, reports that it had 9,631 Linux job listings in August. While this is a big number, what’s truly eye-catching is the percentage growth since January: Linux job listing are up a robust 30% – three times the increase of overall tech job listings. (Since January, Dice job listings have grown by 10.2%, to a total of 96,548 tech jobs.)

To be sure, Linux jobs continue to trail the mighty Windows, which had 16,895 listings. Linux also falls behind Unix – still healthy after all these years – which boasted 14,954 listings. (The AIX flavor of Unix had 2,302 jobs, and Solaris posted 4,055.)

So, while Linux job growth remains healthy, it still lags behind Windows and Unix — which is not really a surprise at all.

Salary numbers were also healthy for Linux pros, which Paul Melde, Dice’s VP of technology described as both “systems administrator as well as software developer.” The average 2006 salary for Linux professionals was $77,950. The national average for all tech professionals of $73,308. The best paying area of the country for Linux professionals is Silicon Valley, where Linux pros make $96,578! Other top-paying Linux areas, according to Dice, are Washington, D.C. ($86,882), Los Angeles ($86,618), and New York ($86,305).

Let me know all about your own IT job search–past present or future. The “best” comment — meaning randomly selected by yours truly — gets a free copy of the Dice Technology Job Search Guide Matt Stansberry and I picked up and video blogged about from LinuxWorld last month (the book has a $24.99 value. Our video, however, is priceless).


September 7, 2007  9:38 AM

More on Samba4 alpha1…

ITKE ITKE Profile: ITKE

A Samba4 update from Andrew Bartlett hit my Inbox this morning with an overview of all the new features.

NEW FEATURES
============

Samba4 supports the server-side of the Active Directory logon environment used by Windows 2000 and later, so we can do full domain join and domain logon operations with these clients.

Our Domain Controller (DC) implementation includes our own built-in LDAP server and Kerberos Key Distribution Center (KDC) as well as the Samba3-like logon services provided over CIFS. We correctly generate the infamous Kerberos PAC, and include it with the Kerberos tickets we issue.

The new VFS features in Samba 4 adapts the filesystem on the server to match the Windows client semantics, allowing Samba 4 to better match windows behaviour and application expectations. This includes file annotation information (in streams) and NT ACLs in particular. The VFS is backed with an extensive automated test suite.

A new scripting interface has been added to Samba 4, allowing JavaScript programs to interface to Samba’s internals.
The Samba 4 architecture is based around an LDAP-like database that can use a range of modular backends. One of the backends supports standards compliant LDAP servers (including OpenLDAP), and we are working on modules to map between AD-like behaviours and this backend.
We are aiming for Samba 4 to be powerful frontend to large directories.

There’s also a warning to read, because this is NOT a production level release!

Bartlett:

Samba4 alpha1 is not a final Samba release. That is more a reference to Samba4′s lack of the features we expect you will need than a statement of code quality, but clearly it hasn’t seen a broad deployment yet. If you were to upgrade Samba3 (or indeed Windows) to Samba4, you would find many things work, but that other key features you may have relied on simply are not there yet.

For example, while Samba 3.0 is an excellent member of a Active Directory domain, Samba4 is happier as a domain controller: (This is where we have done most of the research and development).

While Samba4 is subjected to an awesome battery of tests on an automated basis, and we have found Samba4 to be very stable in it’s behaviour, we have to recommend against upgrading production servers from Samba 3 to Samba 4 at this stage. If you are upgrading an experimental server, or looking to develop and test Samba, you should backup all configuration and data.

You can check out an interview I did with Samba’a release manager Jerry Carter (who actually works more on Samba 3.025, fyi) about how Samba4 is making Active Directory “Linux friendlier.”


September 7, 2007  9:17 AM

The i5 and Oracle certification headaches

ITKE ITKE Profile: ITKE

My comrade in data center arms Mark Fontecchio is presenting a unique iSeries problem over at our sister blog today.

At the iSeries blog, Mark tells the tale of an iSeries user who would like to run all his Oracle software — databases and the E-Business Suite — on the same hardware and software platform. he would like that hardware platform to be the i5.

But there’s where the trouble begins. Mark explains:

The Oracle certification matrix is a guessing game, according to this person. First off, Oracle doesn’t certify its Database Server or E-Business Suite to run on i5/OS. It does certify both to run on AIX, which can be carved into a partition of its own on the System i, but the database team wants to run Oracle applications on Linux. Why? According to this person, that’s what Oracle recommends and besides, that’s what they’re familiar with anyway.

OK, so run them on Linux on Power, right? Wrong. Oracle has certified Oracle Database Server to run on Linux on Power, but not the E-Business Suite. So now this person isn’t sure what to do. Oracle Database Server will likely get migrated off the System i and onto x86 unless IBM and Oracle can come together and figure out how to certify the E-Business Suite on Linux on Power.

It’s a migration certification quandary, is what it is. Do you have a solution? Do you have the same unsolvable problem? Shoot Mark Fontecchio an email about it, because he’s planning to tackle this issue head on with an upcoming article.


September 5, 2007  3:22 PM

Samba 4.0.0 alpha1 available for download

ITKE ITKE Profile: ITKE

If I had a klaxon I’d be sounding it right now, because there’s some Samba 4 news to bring to you this afternoon. No, not Samba 3 — 4.0! It’s a rare treat, and one that we haven;t had the pleaause of digesting for quite a while now.

Via the Samba News page: 

Samba 4 is the ambitious next version of the Samba suite that is being developed in parallel to the stable 3.0 series. The main emphasis in this branch is support for the Active Directory logon protocols used by Windows 2000 and above.

Samba 4 is currently not yet in a state where it is usable in production environments. Note the WARNINGS in WHATSNEW.txt in the source and the STATUS file which aims to document what should and should not work.

Samba4 alpha1 is the culmination of 4.5 years of development under our belt since Tridge first proposed a new Virtual File System (VFS) layer for Samba3 (a project which eventually lead to our Active Directory efforts), and 1.5 years since we first released a Technology Preview. We wish to allow users, managers and developers to see how we have progressed, and to invite feedback and support.

This release has been signed using GPG with Andrew Barlett’s GPG key (28B436BB). The source code can be downloaded now.

Remember, there are two distinct development efforts going on at Samba right now. This is a different beast from the 3.0 release, and should be treated as such!


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: