Introducing YippieMove '09. Easy email transfers. Now open for all destinations.

Scalix Admin

Scalix Admin

When we added support for Scalix in YippieMove, we created a Virtual Machine in VMware. While the process of installing Scalix is quite straight-forward, there are some minor tricks to it (more info about adding support for Scalix in YippieMove is avaliable here). For instance, CentOS is not officially supported by Scalix (Enterprise). Because of that, you need to trick it into believing that you are running Red Hat Enterprise Linux (which is what CentOS is ‘based’ on).

Ok, let’s get started.

First, install CentOS 5.3 as normal. In the software selection, we only selected ‘Server’ and deselect everything else (why people run X-windows on a server is beyond me). The only other thing to keep in mind is to use a static IP and a fully qualified domain name (FQDN).

Once you got your system up and running, we need to make a few changes to the default setup. Login using SSH or the console and run:

# system-config-securitylevel-tui

You will need to disable ‘SELinux’ as well as configuring the firewall according to your needs.

Next we need to trick Scalix into believing that you are running RHEL instead of CentOS. This is pretty easy:

# cp /etc/redhat-release /etc/redhat-release.orig
# echo ‘Red Hat Enterprise Linux Server release 5 (Tikanga)’ > /etc/redhat-release

We also need to make sure your hostname is listed in /etc/hosts under its IP (and not under 127.0.0.1). An example of a proper line is :

xxx.yyy.zzz.nnn server.example.org server

Now, let’s get started with installing Scalix. We start by upgrading the system and installing a few dependencies.

# yum -y upgrade
# yum install -y tk cyrus-sasl-md5 cyrus-sasl-plain sendmail-cf postgresql-server postgresql-libs mx compat-libstdc++-296

Assuming you’ve already downloaded Scalix onto the machine, all you need to launch the installer

# chmod +x scalix-11.4.4-GA-enterprise-redhat-intel.bin && ./scalix-11.4.4-GA-enterprise-redhat-intel.bin

After you are done answering all the questions, you should be able to access your brand new Scalix installation from your browser.

Good Luck!

Update: As Michael points out, the step of ‘tricking Scalix that you are running RHEL’ is not necessary. Thanks Michael.

Update 2: If you want to take Scalix for a spin without actually having to install it, we have created a Virtual Machine with Scalix installed that can be downloaded here.

Author: Tags: , , ,
Introducing YippieMove '09. Easy email transfers. Now open for all destinations.

(We apologize for the recent slow flow of posts on the blog, but we’re spending all our time finishing off our first product for the Private Beta launch and we still haven’t figured out how to extend the 24h limit per day.)

In our last article, Building an IT infrastructure with a sub-3,000 budget we discussed the possibility to build an extremely cheap, yet modern IT infrastructure. Now a couple of weeks later, I’ve actually deployed a setup based on that article.

The final system I deployed differed slightly from the specs provided in the previous article. For instance, instead of 10 clients as the article stated, my deployment only included 4 clients (at this point). Other than that, the hardware used was very similar to the article. Below is a list of all the components that was purchased and the approximate price in dollars.

New Inventory

Note that I decided to buy three different brands of hard drives to reduce the chances of having two drives collapse at the same time (two drives from the same batch are more likely to collapse around the same time than two random drives).

The company already had a handful of semi-obsolete computers that would work fine as clients in the new environment. Also, as in most organizations there were already other peripherals available that I had to make working in this new infrastructure. Fortunately, this went smoother than what I had anticipated. The peripherals were as follows:

Existing Inventory

The Server

The server is the heart of this environment (as in most environments), therefore, I’ll start describing the setup of the server first. (I’m not really going to describe what LTSP is, and instead kindly refer you to the previous article for an introduction on the topic).

The initial plan, as I described in the previous article, was to install the 64-bit version of Ubuntu 6.06.1 LTS Server on the server, primarily because of the Long Time Support. Unfortunately it turned out to be a bad choice for two reasons:

1) Ubuntu 6.06.1 has quite limited support for LTSP. Although many of the features work fine, some features such as sound-forwarding to the clients are not implemented. It would quite likely be possible to modify the 6.06.1-setup to support sound as well, but I decided to save some time and just switch over to 7.04 server instead.

2) I was forced to use the 32-bit version instead of the 64-bit version. Although I really tried to avoid this, the software support in the 64-bit version didn’t meet my requirements. For instance, I didn’t manage to print from Wine to Cups in the 64-bit version due to some problem with libcups. Moreover, I discovered that there is no Flash support in the 64-bit distribution. Since many websites today require Flash, I had no choice but to use the 32-bit distribution.

So we decided to use the 32-bit version of Ubuntu 7.04 Server. The next problem I came across was how to partition the hard drives. In contrast to what my previous article stated, it turns out that /opt/ltsp/i386 only includes the boot-environment for LTSP, and not the entire system. Therefore it makes little sense to have an 800GB RAID5 array devoted to it. Once the clients have booted up, they log into the core-server. Because of this, I had to change the partitioning strategy. What I ended up doing was to create two partitions on the RAID5 array: one of 795GB to be used for / and one 5GB to be used for swap. I did discover one problem with this setup though: Grub had problems booting off a software RAID array. After some research, I found that it’s possibly to boot Grub from a software RAID, but it required some hacking. Because of this, I decided to create a small partition on the stock hard drive for a /boot and use the remainder of that drive for backup (mounted as /backup). The problem with this setup is that we have a single point of failure – the stock hard drive. Although nothing important is kept on this drive (unless we need to recover our backups), a failure of the drive would still prevent the system from booting.

The hardware

APC Smart-UPS SC 450VA
The only piece of hardware that requires a bit configuration other than the RAID is the UPS. Fortunately setting up this particular brand of UPS is dead simple. Just install the NUT package and modify your configuration files to match the following:

/etc/nut/ups.conf
[ups]
driver=apcsmart
port=/dev/ttyS0
desc="UPS for BLServer1"
sdtype=0

/etc/nut/upsd.conf
ACL all 0.0.0.0/0
ACL remote 192.168.10.0/24
ACL localhost 127.0.0.1/32

ACCEPT localhost
ACCEPT remote
REJECT all

/etc/nut/upsd.users
[monuser]
password = ups_password
allowfrom = localhost
upsmon master

/etc/nut/upsmon.conf
MONITOR ups@localhost 1 monuser ups_password master

and edit /etc/default/nut to
START_UPSD=yes
START_UPSMON=yes

Brother MFC-8460N
Setting up the network printer was a breeze. Just enter the IP address and you’re set. What surprised me a bit was that even the network scanner worked. After installing the Linux driver from Brother’s homepage and following the instructions, the scanner was up and running in less than 5 minutes.

Brother HL-2040
This printer was locally connected, and once it was added in LTSP (see the next section), the printer worked without any problems.

Dymo Labelwriter 400 Turbo
The printer was connected locally to one of the workstations and added without any problems using the pbm2lwxl-driver (ex. CoStar LabelWriter II). I did not spend much time with this printer, but according to openprinting.org the printer is supposed to work fine in OpenOffice with a specific template matching the paper size in the printer.

Setting up LTSP

As described earlier, the way I described LTSP in the prior article was slightly incorrect. Instead of having the entire environment in /opt/ltsp/arch, the clients actually log into the server as if they were local users. Because of this, the first thing we need to do is to install the desktop environment (since the server-edition comes without this). To do this, simply run:

# sudo apt-get install ubuntu-desktop
Note that this will take quite some time, and I would encourage you to use the installation CD as the source unless you have a very fast internet connection.

Once this is done, it’s time to set up LTSP.
# sudo apt-get install openssh-server
SSH is required to run LTSP, since the traffic from the clients runs through an SSH tunnel

# sudo apt-get install ltsp-server-standalone
Install the LTSP-software

# sudo ltsp-build-clients
Build the client environment. This will take a while.

It’s important that you install the ‘standalone’ edition, else you won’t get the dhcp-server that enables the clients to boot from the actual server. Once you’ve run all the commands above without receiving any errors, you need to make some changes to the dhcp-server. Go ahead and edit /etc/ltsp/dhcpd.conf with your favorite editor to match your network.Then restart the dhcp-server:

# /etc/init.d/dhcp3-server restart

If you changed the IP-address of your server after you ran the installation of ltsp-server-standalone, you need to update the SSH-keys. Do this by running:

# ltsp-update-sshkeys

Setting static IP on clients and allowing local printers

Once you have LTSP configured, you might need to access local devices on the clients. In my case, I had a couple of locally attached printers (both USB and Parallel). To enable the use of these, the first thing you want to do is to set a static IP for the client that holds the printer, based on the MAC address. To do this, we first need to configure the DHCP server to assign a static IP to the client. Edit /etc/ltsp/dhcpd.conf and add:

host ExampleWS1 {
hardware ethernet 00:01:02:03:04:05;
fixed-address 192.168.10.21;
option host-name "ExampleWS1";
}

Now we need to tell LTSP to share the printer assigned to that given workstation. Edit /opt/ltsp/i386/etc/lts.conf and add

[00:01:02:03:04:05] #ExampleWS1
PRINTER_0_DEVICE=/dev/lp0

for sharing a parallel port attached printer, or

[00:01:02:03:04:05] #ExampleWS1
PRINTER_0_DEVICE=/dev/usblp0

for sharing an USB printer.

Once you’ve added this, you need to restart the DHCP server as well as the local client to receive the new IP (or wait for the current IP lease to expire). Now all you need to do is to add the printer using TCP/IP printing with the above IP as the IP address and the appropriate driver for the printer.

That’s it for LTSP. Your server should be ready to have your clients boot off of it now.

Creating a shared space

This part was something that I anticipated to be very simple, but it turned out to be more complex. My plan was to create a folder (/home/shared) and simply just set the owner of that folder to the same group in which I had placed all the desktop users. Although this seemed to work fine at first, a problem appeared when a user created a folder inside of /home/shared. The problem was that all the other users only had read, and not read and write permission to that folder. This means that if User A creates a folder in the shared space, User B cannot rename or delete that folder, which is unlikely to be desirable. After a couple of attempts with chmod, I gave up and started to look for other solutions (correct me if I’m wrong, but it appears as Linux does not inherit folder permission like FreeBSD for instance does). Instead, I found the solution in umask. By editing /etc/profile and changing umask from 022 to 002. What this means is that all files created by the users now have read and write permission by all users in the group. Although this might be considered a security problem, it was the only solution I could find. However, since this is a closed environment, I wouldn’t consider it a very serious problem. Yet, you probably don’t want to have a 002 umask for root and probably want to edit /root/.profile and set umask to 022.

The Clients

Setting up the clients was the easiest part. Just plug in a new Gigabit network adapter and set the BIOS to boot off of it and you’re done. However, I also unplugged the hard drives from the clients to reduce the noise.

The Verdict

Overall the implementation was quite easy. Setting up the LTSP environment was really easy and probably took less than an hour. What I by far spent the most time on was to try to make Wine run the required Windows software (SPCS Administration 2000 Nät). However, after spending about two days hacking configuration files and researching, I threw in the towel – the software just didn’t run well (I primarily blame the software vendor, Visma Spcs, for a very poorly written software with very strange network behavior). Instead, I had to install VMware Server on the Server to run Windows XP (I initially tried Windows 98, since I had a bunch of licenses just laying around, but SPCS Administration 2000 Nät failed to work there too). This was of course undesirable, but with the time constraints I had this turned out to be the only realistic solution. The setup was quite straight forward (using this guide). In order to connect to Windows from the LTSP environment, I simply enabled RDP in Windows and used rdesktop to connect.

The d’oh and ahh’s

* /opt/ltsp/arch only holds the boot environment, not the entire LTSP desktop environment. Once the clients have booted up, they log into the core-server.
* The Windows software that I was supposed to run under Wine didn’t play nice. The only way I got this working was through a Windows XP session running under VMWare Server. Unfortunately this requires a Windows license. However, it’s likely that the company will switch to a web-based program instead, eliminating the requirement.
* I had problems using certain characters when connecting to Windows from the LTSP environment using TightVNC and RealVNC. I solved this problem by switching to Windows’ own RDP-protocol.

Author: Tags: , , , ,
Introducing YippieMove '09. Easy email transfers. Now open for all destinations.

Introduction
No way! That’s impossible.” Well, actually it’s not. Using Open Source technology, it’s actually possible to create a competitive IT infrastructure at very low costs. Not only does Open Source software enable you to create more customized solutions to better fit your needs, but it also means that you can spend your budget on hardware – not software.

Last month I was asked by a company to figure out how to ‘modernize‘ their IT infrastructure with a minimal (almost non-existing) budget. After plenty of thinking and research, I came to realize that the only way to do this was to use some kind of thin-client solution. The solution that I found to fit my needs the best was Linux Terminal Server Project (LTSP). LTSP utilizes network boot (we will use PXE) to boot the clients directly from the server. Therefore, we can use obsolete clients without hard drives (to reduce the noise) as thin clients. The only thing we need on all the clients is a fast network adapter with PXE-support.

Some of the widest adoption of LTSP has been within K12 the education field. Since many educational institutions are working with very tight budgets, LTSP has a strong advantage. It is a way to save costs without having to compromise too much on usability. Edubuntu is a Linux distribution that targets educational institution. What makes Edubuntu very interesting is that it comes out-of-box with LTSP support, which enables system administrators with limited knowledge of Linux to get a thin-client setup running with little effort. Since Edubuntu is closely related to the regular Ubuntu, it’s not very hard to get Ubuntu up and running as an LTSP server.

Infrastructure

This layout is quite typical for a LTSP setup. You might also want to add a couple of network printers.

The Hardware
With a very limited budget, I realized that a thin-client solution would be the most realistic approach. As the name implies, the clients are thin and most of the load will be on the server. Therefore we will spend most of the money on a solid server. After a good amount of research to find a cheap, yet powerful and expandable server, I found the HP ProLiant ML115. The server comes with a 64 bit 2.2GHz Dual Core AMD Opteron CPU, which will serve our needs well. However, it only comes with 512Mb of RAM, which is insufficient for the number of users we intend to have. Therefore we’ll need to purchase some additional RAM. The RAM consumption estimates varies across different LTSP projects, ranging from 256Mb + 32Mb per client to 1024Mb + 64Mb per client. However, since I’d rather be on the safe side, I’d recommend that you purchase another 2Gb of RAM (total 2.5Gb) and put in the server (1024Mb + 150Mb per client).

The next thing we need to add is a Gigabit switch to reduce the possibility of having the network as a possible bottleneck (note that I’m not sure if a 10/100 Mbit network would actually create a bottleneck in this setup, but I rather be safe than sorry). Since Gigabit is cheap today, going Gigabit all the way seems like a reasonable move. Therefore, I’ve budgeted for 10 Gigabit network adapters (with PXE support) and a 16 ports Gigabit switch (the HP server comes with Gigabit network adapter).

Now we need somewhere to store the users’ data with high security and performance. Since we’re on a limited budget, we will use a software RAID solution rather than a high-end hardware RAID solution. A RAID-5 setup on three SATA disks using Linux’s software RAID is probably the cheapest and most reliable for the price. This will allow us to increase performance while we also gain protection against loss of any one drive without loss of any data. Moreover, we also use a separate OS disk to reduce the I/O load.

Because everything is both stored and running on the server, it’s crucial that we protect the equipment from power failures and spikes (the server by itself is a single point of failure). Therefore I’ve added an UPS to the budget (1100 VA) that will not only protect our hardware but also reduce server downtime.

The last thing we need to add is the clients. It’s quite likely that you have a many retired PCs (preferably P2>). If not, you’re likely to find a many of these computers for sale (or for free) in your local classified adds section. If Craigslist is available where you live, this is a great source to find this kind of hardware. Even though many of you will get these computers for free, I’ve budgeted $50 per client.

Budget

Here’s the complete budget for the project. As you can see, the total is just below $3,000

The Software
I’ve divided this section into two parts: Server and Desktop. Although all software will be running on the server, the users will only see the software on the Desktop side, which is why I have separated them.

Server
As already touched upon, the server will be running Linux. To be more precise, I’ve decided to use Ubuntu Server 6.06.1 LTS Server (64-bit). The reason why I didn’t chose to use the most recent version (7.04) is to minimize the administrative effort. Since 6.06 is the Long Time Support (LTS) version, the Ubuntu team will supply this version with security patches and updates for a longer period than the 7.04 release (6.06 LTS Server will be supported until 2011).

Installing Ubuntu is very straight forward. The only thing to consider in this setup is to make sure we install the system on the hard drive that came with the server and not the RAID-5 array.

Configuring the RAID 5 can be done though a couple of different ways. You can either do this during the installation (with Ubuntu’s graphical utility), or wait and set it up afterward in the console (see the Software RAID HOWTO for details). After setting up the RAID, go ahead and mount it to /raid or something similar.

Now it’s time to set up LTSP, which is the foundation of our cost-saving solution. There are a couple of different ways to do this, but the one I found to be most useful was to follow a guide from Novell (strangely enough) available here. You might also want to take a look at Ubunut’s Thin-client documentation.

Before you start the installation, go ahead and symlink /opt, which is where LTSP will be installed, to within you RAID array (ln -s /opt /raid/opt). This will install all the packages on the RAID array instead of the system disk. Finally, what you will want to do is to add a test-user (or a real user – it’s your call). This is done by simply using the user-management tool in the Ubuntu. Note that you probably want to have the home-dir of the users on the RAID array. To achieve this, you can either symlink the entire /home to /raid/home or just set the home-dir to /raid/home/user in the user-creation process.

Desktop
The LTSP setup comes with the most common software used in a corporate environment. This includes:
* FireFox – A great web browser
* Open Office – A Microsoft Office replacement
* Evolution – A Microsoft Exchange replacement
* The Gimp – An Adobe Photoshop replacement (arguably less powerful)
Plus a long line of other applications such as PDF-viewer etc.

You might also want to install is Wine. Wine is a Windows emulator which will run (legally) without any Windows license. Although it does not run all Windows software, many applications work very well.

If you have needs outside of the applications listed above, there’s more available. Any software that runs in a Linux environment (pretty much) will run on these thin clients. Although I haven’t tested it, you should be able to run a fully emulated Windows environment using a virtualization software such as VMWare Workstation or CPU/RAM intense softwares such as MatLab or CAD software.

Screenshot of LTSP in Action Running Open Office in Swedish

Here’s a screenshot of LTSP in action (from the client-side) running Open Office and the Gimp in Swedish

The Clients
The last part is to get the clients to actually boot over the network. If you decide to use a different network card than the one specified in the budget above, make sure it supports PXE booting. Many budget NICs don’t support this feature. There are also other ways to boot but I’m not going to cover that in this article (such as floppy, CD etc.).

The Pros and The Cons
Although this approach is a very good way to create an updated desktop environment while at the same time minimizing the administrator’s job, it does come with some drawbacks. Unfortunately many companies today are stuck with custom software that only runs on Windows. Although Wine offers a great emulation software, you might be forced to purchase a license of VMWare Workstation (and Windows) to run some specialized applications. If you’re lucky, your custom software was written in Java, and it will actually run on Linux as well.

Another thing to consider is the transition from the old environment (quite likely from Windows) to this new environment. Although the transition is likely to be smooth for a crew of young people, members of the older generation (40+) are likely to require some training before being able to use the system fully. Both Open Office and Firefox work very similar to their Windows-counterparts, but Evolution is slightly different.

Another pro is the lack of viruses on Linux. Since we’ve left Windows behind, the likeliness of being infected by a virus is almost zero.

In summary, utilizing a solution such as this might or might not suite your needs. If you do have the flexibility to use Open Source software in your organization and are able to run your customized software either emulated or use a web-based interface, this is a great way to reduce costs from the IT budget and spend them in a way that benefits the company better.

Update: I’ve now actually deployed this solution at a company. For information about how it went, go ahead and read “Deploying the sub-$3,000 IT-infrastructure.”

Author: Tags: , , , ,
Introducing YippieMove '09. Easy email transfers. Now open for all destinations.

A while back I became responsible for the IT infrastructure for another company. Fortunately, these type of companies tend to be easy to manage with the right software and hardware. However, this time I thought about trying something new. For many, many years I’ve been running Linux on the server for a variety of companies, but now I’m thinking about taking things one step further; migrating the desktops. I already did some initial research about what applications the company is using, and it appears as the few ‘Windows only’ applications they’re using can be run through Wine.

With the impressive improvements Ubuntu done to Linux on the desktop, it might be about time to give it a shot. Ubuntu Desktop comes with all softwares needed for the business (word-processing, spread sheet, web-browser, e-mail etc.), which makes it convenient to install and maintain.

At the moment this other company is in really bad shape in terms of their IT infrastructure. They have no server, and use one of their workstations to ‘share’ files used for critical business application. Obviously this needs to change.

If we start with the server, I’m considering using either Ubuntu Server (which goes well with Ubuntu Desktop), or CentOS, which is a clone of RedHat Enterprise Linux for the operating system. As for the hardware, I’m considering some cheap Dell or HP server, with 2 extra SATA hard drives to run on a RAID 1 array for the critical files. Furthermore, the server needs to have a UPS attached to ensure good uptime.

So now we have both our server and desktops running Linux, and we get that good feeling in our chest. Now what? The next (and final thing) is to set up file-sharing and central-user administration. The problem with this step is that there are many different paths to choose. However, I chose tree different options to consider.

    Samba PDC login with Samba file-sharing

  • Benefit: Works well even in a mixed environment with Windows Machines.
  • Drawback: No native UNIX filesystem, hence no support for UNIX privileges on files.
    Kerberos with NFS file-sharing

  • Benefit: Been around for quite some time. Fully compatible UNIX filesystem. Recommended by FreeBSD’s handbook.
  • Drawback: More complicated to setup. A 2nd slave server strongly recommended.
    NIS with NFS file-sharing

  • Benefit: Also been around for quite some time. Fully compatible UNIX filesystem. Easy to setup.
  • Drawback: Old. Not as secure as Kerberos.

All of these solutions may be run with OpenLDAP as a back-end, which makes administration and integration of other application easier later on. In one way the flexibility of Linux/Unix may become somewhat of a disadvantage. Since there are almost infinitely many ways to approach this problem, it involves a great amount of research.

In my research, I posted first a post at Ubuntu’s forum, and then later a post at Gentoo’s forum. However, none of them really gave me a good answer. Right now I’m leaning toward Kerberos, since it appears to be more secure and robust.

Since this project is scheduled for the summer, I haven’t started implementing this yet. However, I’m curious about what you readers think. How would you approach this problem?

Author: Tags: ,
Introducing YippieMove '09. Easy email transfers. Now open for all destinations.

Ryan Paul over at Ars Technica wrote a very interesting article today regarding the rumors about whether or not Dell will put Linux on their desktop machines.

We would gladly see more diversification, and less dominance on the PC desktop market, but do we have to sacrifice something from our beloved Linux in order for it to hit the big market? As we all know, the power in Linux lays in the its ability to customize for our needs. But how will this affect the support? In order for a vendor such as Dell to sell a computer, they need to fully be able to support it, both the hardware and the software. Mr. Paul writes that “[f]or Dell to provide cost-effective Linux support for desktop users on a large scale, the company would have to limit its Linux pre-installation to very specific components, limiting user flexibility and ultimately defeating one of the biggest advantages of Linux, which is freedom of choice.”

Mr. Paul points out something very interesting here, that most of us forget since we’re tech-savvy power-users. For us support is most often solved through various online forums (see our article “Support is for old people“). However, for the majority of the PC users, the vendor’s support is where they turn for help.

Gnome, KDE, XFCE, Afterstep…the list of window managers can go on forever, which makes commercial support very expensive. All of these window managers uses their own way to configure things. Even if we just narrow things down to KDE and Gnome, which are the biggest ones, it can still be expensive. Both KDE and Gnome tend to evolve quite rapidly, and different versions behave differently and settings are not necessary located at the same place.

Linux means less support, right? Well, you might argue that “Linux is rock solid” and “things just work.” To some extent this is actually true, once a Linux machine is properly installed (and no new updates are installed), the machine tend to be rock solid. If you take that into the equation, it might actually not be more expensive to support Linux machines, once the initial competence is acquired.

I’d strongly recommend you to read Mr. Paul’s article over at Ars Technica. He brings up some very interesting points that many of us simply never thought of.

Author: Tags: ,

© 2006-2009 WireLoad, LLC.
Logo photo by William Picard. Theme based on BlueMod © 2005 - 2009 FrederikM.de, based on blueblog_DE by Oliver Wunder.
Sitemap