+ Reply to Thread
Results 1 to 22 of 22
  1. Junior Member Registered Member
    Join Date
    Nov 2016
    Posts
    5
    #1

    Post Shifting from Microsoft to Linux

    Hello Everyone we are planning to shift from Microsoft server to Linux for our organization.
    The organization consists of three servers with different roles like ADDS of course
    DHCP
    DNS
    Group-policy
    File server
    Web server
    and specially the Backup and security
    for 50+ staff,
    can one give suggestion which distro would be best for this I mean
    which linux distro for server and why
    which linux distro as client and why


    What i was thinking as Ubuntu and Debian but not sure as I haven't used them
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Oct 2013
    Posts
    1,145

    Certifications
    RHCE
    #2
    You're shifting from MS to Linux and you have no experience with Linux?? Thats a recipe for disaster. Fortunately, three servers is cake, but I would recommend spread loading your services unless you're restrained to 3 physical servers.

    Why the sudden shift and what's your reasoning behind moving to Linux? Licensing cost?? There's serious considerations for migrating your environment to another OS and figuring out how to migrate services as well. I have so many questions....

    Ubuntu is Debian Linux....in any case, Canonical is hands down killing it with their desktop and actually a nice alternative for the non corporate side of things. They have a wide array of compatible device drivers and provide a very stable desktop environment for users. SuSE is another alternative, as its also Debian based, and you can also pay for technical support if necessary.
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Jul 2015
    Location
    Island on the other side of Pacific pond
    Posts
    964

    Certifications
    C****, C***, C**
    #3
    Agree with @Verities. DNS and DHCP are tightly integrated into AD and so is Group Policy. Do you plan to migrate the AD domain to Linux Samba?
    Need more details..
    Reply With Quote Quote  

  5. No longer active.
    Join Date
    Jul 2016
    Posts
    413
    #4
    My choice, for non-MS based Server, would be FreeNAS. Okay, it's not based on the Linux kernel, rather FreeBSD, but it runs on very modest hardware and I found it really nice to work with. This was a few years ago now, running on 32-bit hardware. I also looked at Ubuntu Server at the time and gave it a try, but I much preferred working with FreeNAS.
    No longer an active member
    Reply With Quote Quote  

  6. Junior Member Registered Member
    Join Date
    Nov 2016
    Posts
    5
    #5
    Yes we want to migrate AD domain into Linux Samba
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Jul 2015
    Location
    Island on the other side of Pacific pond
    Posts
    964

    Certifications
    C****, C***, C**
    #6
    Quote Originally Posted by Romajhon View Post
    Yes we want to migrate AD domain into Linux Samba
    Licensing cost an issue? Migrating away from Windows SBS?

    You can select a Linux distro, install Samba 4 and do some reading and testing. This is not exactly trivial given you do not have much Linux experience.

    Alternatively, you can consider custom Linux distros that have AD functionality and provides a graphical front-end (usually web based) for administration. Some examples are Zentyal, UCS (Univention Corporate Server), ClearOS. Most have community versions and a few do provide professional services and local support. You will have to evaluate them.
    Reply With Quote Quote  

  8. Junior Member
    Join Date
    Nov 2016
    Location
    Malaysia
    Posts
    14

    Certifications
    MCSA 2012 , Comptia network+ , Linux+(done) , RHCSA(done)
    #7
    Quote Originally Posted by Romajhon View Post
    Hello Everyone we are planning to shift from Microsoft server to Linux for our organization.
    The organization consists of three servers with different roles like ADDS of course
    DHCP
    DNS
    Group-policy
    File server
    Web server
    and specially the Backup and security
    for 50+ staff,
    can one give suggestion which distro would be best for this I mean
    which linux distro for server and why
    which linux distro as client and why


    What i was thinking as Ubuntu and Debian but not sure as I haven't used them

    I would advise you to use CentOS with non-gui and manage it from a windows workstation with winscp and maybe a free control panel like webmin.
    Reply With Quote Quote  

  9. Woohoo! It's over 1000!
    Join Date
    Aug 2015
    Location
    Australia
    Posts
    1,683

    Certifications
    Linux+, ACSA, ACTC, ACSP, MCSA:7, MCTS, ITIL F, Prince2 Pract, AgilePM Practitioner, VCP-DCV 5/6, Storage+, CCNA R+S/Sec/CyberOps, Sec+, CEH, CASP
    #8
    50 staff? So, a couple of techs? And you want to replace MS with Linux?

    Hire someone to do it for you. And get your techs trained up in whatever the replacement is.

    To get up to speed with RedHat for administration, for example, could easily cost 15k.

    So the cost will quite possibly be something like 10k for architecting, engineering and deployment. 30k for staff training, and then a higher premium for future staff.

    The hardware costs aren't likely to change much. Software/licensing will be cheaper. Maintenance will possibly be a little higher.
    2017 Goals - Something Cisco, Something Linux, Agile PM
    Reply With Quote Quote  

  10. Junior Member
    Join Date
    Nov 2016
    Location
    Malaysia
    Posts
    14

    Certifications
    MCSA 2012 , Comptia network+ , Linux+(done) , RHCSA(done)
    #9
    Quote Originally Posted by OctalDump View Post
    50 staff? So, a couple of techs? And you want to replace MS with Linux?

    Hire someone to do it for you. And get your techs trained up in whatever the replacement is.

    To get up to speed with RedHat for administration, for example, could easily cost 15k.

    So the cost will quite possibly be something like 10k for architecting, engineering and deployment. 30k for staff training, and then a higher premium for future staff.

    The hardware costs aren't likely to change much. Software/licensing will be cheaper. Maintenance will possibly be a little higher.
    I wonder why he would spend that much money on when he can use CentOS with open-source daemons and control panel for all he want to do and most of them have free tutorials wikis , still the hardware costs are not avoidable though
    Reply With Quote Quote  

  11. Woohoo! It's over 1000!
    Join Date
    Aug 2015
    Location
    Australia
    Posts
    1,683

    Certifications
    Linux+, ACSA, ACTC, ACSP, MCSA:7, MCTS, ITIL F, Prince2 Pract, AgilePM Practitioner, VCP-DCV 5/6, Storage+, CCNA R+S/Sec/CyberOps, Sec+, CEH, CASP
    #10
    Quote Originally Posted by egyasia.com View Post
    I wonder why he would spend that much money on when he can use CentOS with open-source daemons and control panel for all he want to do and most of them have free tutorials wikis , still the hardware costs are not avoidable though
    Architect/Engineering/deployment costs are unavoidable as well. And maintenance for Linux can be higher than for MS since good Linux skills are typically less common than good MS skills.

    It's a basic error to assume that "free" software doesn't have all these costs, but unfortunately, it's also a common error. So I'm trying to remind our friend that if their motivations are economic, then they do need to consider all these costs.

    For a small organisation, it usually makes sense to outsource the higher skill technical work, and just keep maintenance/admin skills in house.

    And yes, they could attempt to teach themselves from free online sources and man pages, but it will inevitably lead to substandard work full of errors and problems that a seasoned professional would not have done. Paying qualified staff is nearly always surer to deliver faster and better quality.

    To be honest, for an organisation that size, sticking with the bog standard Windows + Office environment is probably a good choice. If they are a little more forward looking, moving to cloud services where all their applications can run out of a browser is probably a better choice. You could probably downsize the IT department to one person or less.
    2017 Goals - Something Cisco, Something Linux, Agile PM
    Reply With Quote Quote  

  12. Senior Member
    Join Date
    Jul 2015
    Location
    Island on the other side of Pacific pond
    Posts
    964

    Certifications
    C****, C***, C**
    #11
    The cloud seems a good way moving forward. Azure Active Directory Domain Services is still fairly new, and Windows 10 can join Azure AD domain. Give Azure ADDS some time to mature and we probably can get rid of local AD domain controller come next year.

    Small business can then use Azure ADDS for managing domain users with GPO, Office365 for office, email, file, messaging, video conferencing and web services, Intune for device management and Azure Backup for any local PC file backup. There is no requirement for an on-site server; IP addresses can be served via DHCP service on the internet broadband router.
    Reply With Quote Quote  

  13. Senior Member
    Join Date
    Oct 2013
    Posts
    1,145

    Certifications
    RHCE
    #12
    +1 for everything Octal posted.
    Reply With Quote Quote  

  14. Junior Member Registered Member
    Join Date
    Nov 2016
    Posts
    5
    #13
    so with Centos can we achieve everything like what i was thinking to use
    Red-hat for group policy
    security-onion for network security
    but not sure how to manage user accounts in linux like we have ADDS in MS and
    specially the back-up plan in linux
    any suggestions plz
    Reply With Quote Quote  

  15. Member
    Join Date
    Oct 2016
    Posts
    42
    #14
    Quote Originally Posted by Romajhon View Post
    so with Centos can we achieve everything like what i was thinking to use
    Red-hat for group policy
    security-onion for network security
    but not sure how to manage user accounts in linux like we have ADDS in MS and
    specially the back-up plan in linux
    any suggestions plz
    My suggestion would be to halt your project. Perhaps examine if it's possible to change one element at a time if there is a reasonable driver to move to open source.
    OctalDump's words are quite wise here.

    What is the use case for this? What type of business software do these 50 staff need to run?
    Reply With Quote Quote  

  16. Senior Member
    Join Date
    Oct 2013
    Posts
    1,145

    Certifications
    RHCE
    #15
    Quote Originally Posted by Romajhon View Post
    so with Centos can we achieve everything like what i was thinking to use
    Red-hat for group policy
    security-onion for network security
    but not sure how to manage user accounts in linux like we have ADDS in MS and
    specially the back-up plan in linux
    any suggestions plz
    If you're going to use a setup with Security-Onion make sure you set SELinux to permissive to verify and violations when running your security software. If HIPs is included with the suite, make sure you turn off SELinux since or else you're going to take your systems down.

    OpenLDAP + Kerberos is perfect for you with administering accounts in the same way as MS AD. If you want to get a little deeper you can go with RH Directory Server or Free-IPA Server, however based on your skill set and experience, I recommend going with the easiest solution (the one I first mentioned).

    Amanda Network Backup is a straight forward tool for your size environment.
    Last edited by Verities; 11-14-2016 at 07:02 PM.
    Reply With Quote Quote  

  17. Senior Member
    Join Date
    Jul 2015
    Location
    Island on the other side of Pacific pond
    Posts
    964

    Certifications
    C****, C***, C**
    #16
    @Verities, does directory services (OpenLDAP, Kerberos, RH Directory Server) support Windows group policy?

    To replicate AD, @Romajhon may still have to try Samba 4. Unfortunately, RedHat disabled (i.e. removed) AD functionality of Samba 4 in RHEL/CentOS 7. He can compile Samba 4 himself. Use Samba Wiki as a starting point


    Quote Originally Posted by Romajhon View Post
    but not sure how to manage user accounts in linux like we have ADDS in MS and
    Use Microsoft RSAT to administer Samba 4
    Reply With Quote Quote  

  18. Senior Member dontstop's Avatar
    Join Date
    Dec 2011
    Location
    ::1/128
    Posts
    543

    Certifications
    CompTIA IT Fundamentals, CCENT, CCNA:R&S, JNCIA, BInfoTech
    #17
    Quote Originally Posted by Verities View Post
    +1 for everything Octal posted.
    +1 on that too please
    Reply With Quote Quote  

  19. Senior Member
    Join Date
    Oct 2013
    Posts
    1,145

    Certifications
    RHCE
    #18
    Quote Originally Posted by Mike7 View Post
    @Verities, does directory services (OpenLDAP, Kerberos, RH Directory Server) support Windows group policy?
    "SSSD only allows using GPO for the computer-based access control. Other GPO-related access control options are currently not supported."

    https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/sssd-gpo.html
    Reply With Quote Quote  

  20. Junior Member Registered Member
    Join Date
    Nov 2016
    Posts
    5
    #19

    Default SSSD and RAID

    I was thinking and reseraching to use SSSD method for creating Domain-controller with SAMBA 4. Any suggestion Please?
    and which RAID would best suit Linux server 0 or 6? any one tried?
    Reply With Quote Quote  

  21. Senior Member
    Join Date
    Oct 2013
    Posts
    1,145

    Certifications
    RHCE
    #20
    Quote Originally Posted by Romajhon View Post
    I was thinking and reseraching to use SSSD method for creating Domain-controller with SAMBA 4. Any suggestion Please?
    and which RAID would best suit Linux server 0 or 6? any one tried?
    Question 1: Google - Samba has a complete guide on how to use it as a Domain Controller. I personally hate using Samba and would not use it because it is extremely insecure. Without fine tuning, you'll be leaving wide openings for attackers.

    Question 2: Maybe you should read up on the different RAID types since that's a very simple question to answer.
    Reply With Quote Quote  

  22. Senior Member
    Join Date
    Jan 2015
    Location
    Chicago, IL
    Posts
    990

    Certifications
    Too many MCPs and MCTS, MCSA: Security, MCSE: Security, MCSA: 2003, 2008, 2012, MCITP: EA, CISSP-ISSAP, SCS DLP, GREM
    #21
    I did such transitions in the past on almost anything ranging from Archlinux and FreeBSD to RedHat/CentOS and Debian/Ubuntu.

    I'm not a big fan of GUI so I don't need Ubuntu's user-friendliness so I'd skip it. Then, if you don't want to dive deeply into FreeBSD which is rather different from your typical Linux and for the sake of better documentation and support I'd stay with Linux. Now the question is RedHat or Debian. These are two major distributions on which majority of other smaller distributions are based on. I would throw a dice if I were you as there's not much difference for a person who's not deeply familiar with any, but personally I'd choose RedHat as I have more experience with it. RedHat is a paid support distro and a free version is CentOS. So I'd install it and configure all the services you mentioned and would solve any issues that will most certainly arise in this transition.

    The only typical problem for me was native Windows applications that people access by the means of Terminal Services/RDP. So I usually leave one or two Windows servers which I run on Xen hypervisor and set up rdesktop connection icons on people desktop OSes (I assume they are flavors of Linux as well).

    This is a bit dated information as I transitioned from MSP/MSSP career to enterprise for a few years now and haven't used this scheme since then.
    Reply With Quote Quote  

  23. Senior Member jdancer's Avatar
    Join Date
    May 2011
    Posts
    430

    Certifications
    CCNA: R&S, Security, CyberOps; CompTIA: A+, N+, S+, L+, P+; MTA, MCP, ITIL Foundation, CIW DDS
    #22
    As others have posted, if your organization don't have a lot of Linux experience, your organization is going to be a world of hurt. I mean a lot of hurt. Have I mentioned a lot of hurt?

    If you do decide to move forward, you'll want to use a headless non-GUI servers. To really get to know Linux, do it via the command-line. Yeah, Web-based GUI config interfaces work but won't help you when you need to troubleshoot issues.

    At the personal level, I suggest Archlinux. At the professional level, go with CentOS.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks