Enterprise applications for Linux

Celebrating the holidays with Linux

This week I went and picked up two ornaments from my local “Giving Tree,” did some shopping, and returned some gifts to be distributed to children in need. This is the third year that I’ve participated in this community giving project, and this year I noticed that the tree was absolutely covered with ornaments for needy children. In these tough economic times, I think it’s important to help out our communities if we are able. We’ve reported that Red Hat has donated the money for the company party to a local food bank. And employees at mobile phone company Funambol have organized a food drive. Whether you’re ready or not (and whether you’ve been good or bad this year), the holiday season is here! I found some stories and ideas about how you might make the most of it this year from the Linux community.

Just in time for the holidays, HP released it’s preinstalled SLED (SUSE Linux Enterprise Desktop) 10 SP2 on its HP Compaq dc5850. (I wonder if the name SLED is a coincidence, or if they held off the release to get it out with the snowy weather?) Steven J. Vaughan-Nichols has already been reviewing SLED 10 SP2 on his blog, noting that the main improvements surround interoperability with Microsoft. He shares that the new version of SLED supports read and write access to local NTFS drive partitions and has better active directory integration. Vaughn-Nichols installed SLED and encountered a few kinks — a hassle that can be avoided in HP’s preinstalled offering.

But if all of that sounds too practical, or dare I say too boring, fear not — Ken Hess has provided a Linux geek wish list for the 2008 holiday season.You may already have a Linux mobile phone, but do you have a Chumby? Hess points out that all of these gadgets have Linux inside. What more could you want?

1. Asus Eee PC
2. Chumby
3. MusicPal
4. LimeBook
5. Linux-based phones
6. Amazon Kindle
7. MVIX MX-760HD
8. Garmin Nuvi880
9. Nokia N810
10. TiVo

But if you don’t want to spend a bunch of dough, Matt Hartley provides some ideas of “homemade” items that you can give your family and friends by putting your Linux skills to use.

… by utilizing your existing computer system, chances are you already have access to what you need to build a really great gaming rig, with the right open source videos games. Enter PlayDeb for Ubuntu. Whether you download each game individually or opt to give the “gift of plenty” all at once, there are more games here than most people would likely have ever imagined.

From Second Life to a number of very well done first-person shooters, even 3D strategy games, just about anything you might conceive of is available here — at no cost whatsoever.

Hartley also suggests updating an unused notebook and giving the gift of Internet, anywhere, to a loved one. Or spread the joy to your community and give “an off-lease or even totally used PC preloaded with Ubuntu, Fedora, OpenSuSE or PCLinuxOS.”

Centrify streamlines administrator tasks in mixed environments

On Oct. 21, Mountain View, Calif.based Centrify Corp. added DirectAuthorize to its suite of products for integrating Active Directory into mixed Linux and Windows environments. DirectAuthorize streamlines user access rights management so that administrators no longer have to configure rights separately on Windows servers and then on non-Windows servers. By consolidating information in a centralized location, DirectAuthorize eliminates redundant rework.   

DirectAuthorize arrives as the third member of a line of products created to ease the task of managing mixed environments with Active Directory. The other two products, DirectControl and DirectAudit, perform centralized authentication and auditing.  

“Typically we serve customers who are looking to introduce Linux, Hewlett-Packard, AIX, or Unix into their environments, and also often VMware.” Centrify CEO Tom Kemp said. “In terms of access rights and password management, that ends up being a lot of sticky notes next to your screen.” DirectAuthorize replaces non-Windows systems’ authorization infrastructure with that of Active Directory, which allows admins to move all user authorization information to a central location and to manage it from that location.

Whirlwind Tech Tour explores remote administration tools

This week, SearchEnterpriseLinux.com launched its Whirlwind Tech Tour, a new site feature in which we ask Linux professionals a weekly question and post their answers side by side. This week we asked about remote server administration. Done correctly, remote server administration enables companies to distribute resources and prepare for disaster recovery. It also requires a strong toolset to perform these roles well.  

Which tool is best for remote server administration in a Linux environment, and why?

 Jay Lyman, an open source analyst at Boulder, Colo.-based 451 Group, recommends the General Public License-licensed Virtual Network Computing (VNC) system for its user-friendly general user interface. This tool works with Open Secure Shell (OpenSSH) to perform tunneling, a method to establish secure connections between local and remote networks.  OpenSSH itself received several mentions in our IT pros’ responses .

As Kristian Erik Hermansen noted, the tool does more than tunnel. Hermansen’s description of OpenSSH’s capabilities: It can “forward graphical applications to remote machines, create a series of tunnels, redirect traffic over a SOCKS proxy, and perform way too many other features to mention.”  

Serge Wroclawski expected SSH to be at the top of respondents’ lists but suggested they trade it in for more automated remote administration tools. He advises managing remote server configuration with tools such as bcfg2 and Puppet. 

“Remote server management is a multidimensional problem, and managing the Linux OS is only a part of it,” said Ideas International Inc.

CEO Tony Iams Iams outlined several considerations in approaching this problem, but concluded that  “perhaps the most important factor in choosing a remote Linux management tool…is to make sure it integrates smoothly into the dominant management tools and procedures that are already in place.” 

Do you have a question you’d like to see asked and answered? Email it to  editor at searchenterpriselinux.com class=”MsoCommentReference”> . To see the complete responses from our IT pros, go to the feature main page.

Trusted Computer Solutions shores up security methods with CounterStorm

As threats become less predictable and more targeted, security technologies have shored up their methods and devised additional precautions to secure company systems. With its acquisition of CounterStorm, a government-run security software company, Trusted Computer Solutions (TCS) has done just that. CounterStorm adds to TCS’ existing security protection process built into TCS’ Security Blanket. Security Blanket hardens and creates a baseline for a system, and CounterStorm acts as a vigilant guard to maintain these measures.

“Ten years ago, most attacks were random,” said Ed Hammersla, the chief operating officer at TCS. “Now we are seeing attackers who have a focused knowledge of their victims. CounterStorm acts as a last line of defense in an environment in which more serious, targeted attacks … have become prevalent.”

Security Blanket first runs a security compliance profile on a system, automatically brings it into compliance with specified security standards and monitors the system for possible breaches.

CounterStorm strengthens the lockdown process with yet another measure: anomaly-based targeted threat prevention that observes a system’s typical behavior, scans for deviations and isolates and attacks these anomalies. With this approach to abnormalities, CounterStorm makes server scanning and issue resolution easier for admins. “It is much easier and less costly to fix 100 servers than it is to fix 1,000,” said Hammersla.

With the acquisition, TCS expands further into commercial applications for its security tools. Hammerla said that while government and the private sector have different security needs, an unsecured system can result in damage to either. “Government and commercial software security administrators have different concerns,” Hammersla said, “but face the same consequences.”

“Hospitals, for example, are not particularly anxious about their networks being infiltrated by China, but the government certainly is,” Hammersla said. “However, over time, I think that we will see more and more of the commercial and government compliancy standards merging.”

‘Open source cheaper’ story sparks debate

A SearchEnterpriseLinux reader from Queensland, Australia, wrote that my recent article asking whether open source is really cheaper than proprietary software missed the point.

“Most users are locked into the concept of Microsoft and this is the problem,” wrote Trevor Hughes. “For Mr. Average, Linux has much to recommend it. If I can do it anyone can. I am 57 and a newcomer to computing. For Internet communications and normal use, Windows is NOT worth the money.”

Hughes really takes issue with the article’s conclusion that users require more technical expertise and a certain openness to risk-taking to maximize the financial savings of open source. However, the article actually addresses Linux on servers in the data center, not Linux on home desktops.

Nevertheless, Hughes expresses the positive, can-do, problem-solving attitude that would lead to successful operation of Linux in the data center — and Windows, too, for that matter.

It’s pretty obvious that Linux can be a big money-saver over Windows. Why else would so many big corporations make the switch? It’s like anything else. There are always trade-offs, and companies and individuals are able to vote with their dollars on what they want to do. And choice is always a good thing.

SELinux now enabled in AppArmor’s openSUSE

On Friday, Aug. 22, openSUSE announced that its newest version, 11.1, will support Security Enhanced Linux, or SELinux. Novell’s security tools, AppArmor and SELinux, have traditionally been considered intense rivals. In this interview, openSUSE’s Andreas Jaeger, Roman Drahtmüller and Matthias Eckermann discuss openSUSE’s support of SELinux.

OpenSUSE now has basic enablement with SELinux. That’s great for SELinux users now, but will openSUSE be able to integrate new patches for SELinux?

Andreas Jaeger : OpenSUSE is developed with a community approach; We are proud to have opened the openSUSE build service to the community, with the option to develop and package open source software cross-distribution.

As SELinux is a cross-distribution effort, we encourage members of the SELinux community to participate in the openSUSE build service: to develop, test-drive and integrate new user land patches and tools into openSUSE and other distributions using our cross-distribution service. This way, all distributions running with SELinux enabled in the Linux kernel will benefit.

Is support of SELinux indicative of a larger industry trend toward interoperability?

Roman Drahtmüller: Novell observes a tendency in the industry to increase the security value of a system by introducing additional controls beyond the scope of the application. This means the application is exposed to these controls but cannot change them.

In moving from AppArmor to SELinux, does a company sacrifice compliance benefits?

Drahtmüller: AppArmor profiles for application containment and confinement are comparatively easy to manage throughout an infrastructure. Creating them is a distinct, low-pain checkmark item. The same applies to evaluating log messages that record possible violation attempts against protected system services.

For customers, the transition to SELinux may need a change in thinking and architecture, but also allows for the definition of a complete policy in a system. It helps to disallow actions that are not subject to a defined policy. There are environments that require such a functionality — regardless of the cost associated with it — for compliance reasons.

We anticipate that customers with these requirements will aim for a SUSE Linux Enterprise operating system, as it targets the special needs of customers working in compliance-bound environments.

Security tools have created a tradeoff between capability (SELinux) and usability (AppArmor). Is Novell’s approach to this tradeoff changing with its basic enablement of SELinux?

Matthias Eckermann: As in earlier releases of our product, openSUSE 11.1 reflects our belief in the value of additional security mechanisms in the operating system. The benefit of such mechanisms is maximized if the configuration and administration is as transparent, straightforward and as easy as possible for administrators.

Security needs that aim toward mandatory access control, mandatory integrity control or even multi-level security require a suitable architecture. With the basic SELinux enablement, we will allow our partners and customers to use such an architecture to implement solutions that fulfill their specific needs.

Nevertheless, we want our users to be able to choose their own priorities between administrative effort and functional benefit.

What do you think? Leave a comment below or contact chunter@techtarget.com.

Canonical, VMware: Start of a new wave at Linux Foundation?

Less than two weeks after VMware Inc., the proprietary virtualization software leader, signed up for membership in the Linux Foundation, Canonical Ltd., the commercial sponsor of Ubuntu open source software, joined as well.

Of the two, VMware is the more surprising since its software isn’t open source, despite its recent decision to make its ESXi virtualization server available for free. In fact, however, VMware recently contributed its Virtual Machine Interface for paravirtualization to the open source community and is working on other ongoing community projects. But Canonical’s joining seems, if anything, overdue; its founder, Mark Shuttleworth, also helped launch the Linux Foundation and is a current board member.

So what’s going on? Is this the beginning of a wave of new members? Jim Zemlin, the Linux Foundation’s executive director, thinks so. “You will be seeing many more new members of the Linux Foundation in the near future,” Zemlin predicted. Collaboration is critical in the open source community, and the Foundation is a place to meet and solve problems, he said.

Well-known tech blogger Jason Perlow wasn’t quite in agreement. He said Canonical’s joining is “almost a nonevent” because of its “huge support” of the community. Nevertheless, its membership puts it on an equal footing with multibillion-dollar firms in a “somewhat exclusive club” and might prompt Red Hat Inc. and Novell Inc. “to take the snappy little upstart” more seriously, he said. Jay Lyman, an analyst at the New York-based 451 Group, said the two new members — especially Canonical — are both “key” to the Foundation because of the popularity and innovation of Canonical’s Ubuntu software. VMware’s membership is not as important to the organization overall, but should help Linux to stay at the forefront of virtualization, he said. Canonical’s silver-level membership (the lowest of three full membership levels) puts it one up on open source leader Red Hat, which is at the same support level but, unlike Canonical, doesn’t have a seat on the board. (Novell is a top-level platinum member.)

Hmmm …perhaps the popular open source software company from across the ocean will start getting a lot more respect.

Splunk highlights data management maturity at LinuxWorld

Software company Splunk creates products that aid companies primarily in log file management - collecting information about the data in their systems and continuously reporting it back. At this year’s LinuxWorld Conference & Expo, Splunk will highlight several further-reaching data management products: Splunk for Virtual Server Management, Splunk for Change Management and Splunk for Server Management.

The products, in providing fuller access to information about what and how your system is doing, promise to make system management more practical and security maintenance more immediate.

The products being released this week at LinuxWorld integrate log file management with a variety of other tasks. They can simultaneously manage log files and collect and manage messages, traps and alerts as well as statistics from all system areas.

As one administrator commented on the blog of Splunk CEO Michael Baum, “Log file management is DEAD.” It is becoming just one side of the larger task of system management. For help on configuring Splunk, check out this tip.

Trusted Computer Solutions intros security automation tools at LinuxWorld

San Antonio, Texas-based Trusted Computer Solutions will release a group of security management features next week at LinuxWorld Conference & Expo that will perform pre-packaged assessments and configuration procedures so that IT managers won’t have to do so manually.

Called “lockdown profiles,” these features enable IT managers to quickly assess systems for security and compliance with four distinct sets of security standards: PCI DSS (credit card security standards), JAFAN (Joint Air Force Army Navy), DCID (Director of Central Intelligence Directive) 6/3, and CIP (Critical Infrastructure Protection). The four profiles are an addition to the company’s product Security Blanket Enterprise Edition.

They are also the most recent in a series of releases from TCS in the past year. The LinuxWorld release of Security Blanket Enterprise Edition will also be able to take snapshots of system security configuration and then provide those snapshots for simplified comparison to previous configurations.

Security Blanket Enterprise Edition supports Red Hat Enterprise Linux versions 4 and 5, CentOS versions 4 and 5 and Oracle Enterprise Linux versions 4 and 5.

Navy’s ship cancelation a blow for real-time Linux, IBM

The U.S. Navy’s cancelation of its $20 billion Zumwalt destroyer contract last week because of a 50% price hike is disappointing for the Linux community and surely must be for IBM The Armonk, N.Y.-based computer company developed Java-based, real-time capabilities to the Linux kernel specifically for the Zumwalt to ensure that all shipboard systems will run with precision timing, particularly battle systems. The Zumwalt’s unified computing system, developed by general contractor Raytheon Co.. in Waltham, Mass., runs on an IBM BladeCenter and IBM x86 servers on Red Hat Enterprise Linux.

Since the 2005-2006 Navy design undertaking, IBM has incorporated its technology in IBM WebSphere Real Time, a computing environment for running real-time Linux applications, and recently won an innovation award for its real-time kernel project at this year’s Red Hat Summit.

Now, after the completion of only two destroyers, the contract has been aborted, which surely means a hefty chunk of lost hardware sales for IBM but, more significantly, a step backward for shipboard computing technology, in general, and Linux in particular.

IBM spokesman Mike Darcy said he didn’t know the impact of cancelation on future IBM revenues but said that IBM will continue to work with other customers, defense and financial sectors among them, as interest “continues to grow” in real-time Linux operations.

“Real-time Linux will continue,” Darcy said. “This [the Zumwalt project] is a great showcase for Linux technology.”

Raytheon spokesman Jonathan Kasle agreed.

“We don’t believe the Navy can afford to put old technologies onto any ships,” he told the Boston Globe last week. “Zumwalt technologies advance mission capabilities to address current and evolving threats and support … lower ship personnel levels and lower operating costs. These technologies can be leveraged for future or existing ships.”

According to Darcy’s general reference to current “defense” customers, it appears that the military is already doing so. Let’s hope so. Reverting to old technology on new Navy ships is not the way to go.