Linux in Government: Another Look at Linux in the MS Infrastructure

In an
article published in IT Week, Roger
Howorth discussed lab results that indicated how the latest version
of the open-source Samba file and print server software out-performed
commercial Windows 2003 Server. The latest version of Samba, the software
that helped put Linux on the technology map, has new features that make
it compatible with Microsoft Active Directory. Linux thus can authenticate
users from an existing Active Directory. As IT Week Labs
reported:

The latest benchmark results show an improvement over version 2, which
performed twice as fast as Windows 2000 Server when it was tested by
IT Week Labs last year. Overall, it now performs 2.5
times faster than Windows Server 2003.

In terms of scalability, the gains of upgrading to Samba 3 are even more
striking. Last year we found that Samba could handle four times as many
clients as Windows 2000 before performance began to drop off. This year
we would need to upgrade our test network in order to identify the point
where Samba performance begins to fall in earnest.

Interestingly, IT managers who have deployed Linux with Samba have found
that Samba requires less expensive and lower power servers than does the
Windows software. Additionally, by using open-source software
and Linux, managers can remove the expense of Windows server licenses.

The benchmark tests at IT Week Labs provide a tangible example of why
Linux has gained so much server market share. As Howorth writes:

The IT Week Labs tests used Ziff-Davis NetBench file server benchmark
with 48 client systems. We selected a low-specification but otherwise
modern server for our tests. We used an HP ProLiant BL10 eClass Server
fitted with a 900MHz Pentium III chip, a single 40GB ATA hard disk and
512MB of RAM. We did not tune any of the software to improve performance.

Each NetBench client makes a constant stream of file requests to the
server under test, whereas in real-world environments many users would
remain idle for long periods. Consequently our test environment simulates
the workload of some 500 client PCs in a typical production environment.
What Is Samba?
Samba is an open-source implementation of the filesystem deployed by Microsoft.
The bundle of standards and protocols behind Microsoft's filesystem originally
was called SMB, or the Server Message Block Protocol. Over the years, Microsoft
has made SMB the most prevalent filesharing protocol on the planet by shipping
it with every Microsoft Windows system, whether desktop or server.

In government networks, Windows and Novell provide the primary
server platforms used at every level, from small municipalities to federal agencies.
Consequently, anyone considering an alternative desktop must consider
how it will work with Microsoft's SMB protocol, which also is referred
to as the Common Internet File System (CIFS). Do not let the latter name
fool you; Microsoft changed the original name to make people believe SMB
is an Internet standard.

SMB, or CIFS, allows Windows machines to share directories, files, printers and
other computer resources within a network. The protocols and services
included in SMB, which are called a following or a bundle, enable tasks
such as introducing new hosts, name resolution, authentication and access
control. Each service operates independently, but to the user it all
looks like a single protocol.

SMB helps each desktop find and identify shared resources. It also controls
access to those resources so unauthorized users cannot access them. Within this
environment, Samba allows Linux desktops to look and act like Windows
desktops.

SMB has been available for open-source operating systems such as Linux for
several years, thanks to Samba.
And as Linux began its move out of the datacenter and onto the corporate
desktop, Samba helped Linux become part of the Microsoft network
neighborhood. In fact, back in 1999, companies such as Cisco discovered that their engineers
had replaced NT Servers with Linux machines running Samba. These
companies were alerted to the presence of Linux and Samba by IT auditors
who wondered why those servers did not need rebooting. As companies began
discovering Linux in their organizations, word spread and a grass-roots
movement gained management acceptability.

Some of the services included in Samba came from published standards. Many
remained undocumented by Microsoft and have changed with each Windows
version. In current lingo, people use CIFS when referring to the entire
suite of services and SMB when discussing the filesharing protocol that
allows one to see the network and its resources in the network neighborhood.
Samba's Newest Features
As a server, Linux with Samba 3 has moved from a simple file and print
server to a viable alternative to Windows 2000 and Windows 2003.
Jelmer R. Vernooij, John H. Terpstra and Gerald (Jerry) Carter
have provided a
nice recap of these new Samba 3 features that contribute to its
viability:

1. Active Directory support. This release is able to join an ADS realm
   as a member server and authenticate users using
   LDAP/kerberos.
2. Unicode support. Samba will now negotiate Unicode on the
   wire, and internally there is a much better infrastructure for multi-byte and
   Unicode character sets.
3. New authentication system. The internal authentication system has
   been almost completely rewritten. Most of the changes are internal,
   but the new authoring system is also very
   configurable.
4. New filename mangling system. The filename mangling system has been
   completely rewritten. An internal database now stores mangling maps
   persistently.
5. New "net" command. A new "net" command has been added. It
   is somewhat similar to the "net" command in Windows. Eventually,
   we plan to replace a bunch of other utilities (such as smbpasswd) with
   subcommands in "net".
6. Samba now negotiates NT-style status32 codes on the wire. This
   considerably improves error handling.
7. Better Windows 200x/XP printing support including publishing printer
   attributes in Active Directory.
8. New loadable RPC modules for passdb backends and
   character sets.
9. New default dual-daemon winbindd support for better
   performance.
10. Support for migrating from a Windows NT 4.0 domain to a Samba domain
    and maintaining user, group and domain SIDs.
11. Support for establishing trust relationships with Windows NT 4.0
    Domain Controllers.
12. Initial support for a distributed Winbind architecture using an LDAP
    directory for storing SID to UID/GID mappings.
13. Major updates to the Samba documentation
    tree.
14. Full support for client and server SMB signing to ensure compatibility
    with default Windows 2003 security settings.

If the list contains technical terms you do not understand, a Linux
or Microsoft system engineer can explain them to you. Here, we simply want to
make the point that Linux with Samba makes an interesting alternative to
more expensive, less secure and power-hungry software from Microsoft.
Good News for the Home Users and the Small- to Mid-Sized Market
Home users are one of the often-missed market segments of Linux
distributors. For example, when not on the road, many consultants work
out of home offices. Furthermore, look around and you will find that many
companies and agencies provide a "flex office" environment for
their staffs. For now, Microsoft seems to have captured the technical advantage
in this space.

Currently, when one wants to sets up a Linux small office environment, whether
at home or in an commercial building, administration difficulties can be
a barrier to a successful implementation. Additionally, compatability can be a stumbling block in heterogeneous
environments where, for example, one person is running Apple OS X, while
another is running Windows XP, while yet another is running a Linux
desktop. These difficulties can arise within a single household
or within small departments of agencies across the government spectrum.

The new technologies bundled in Samba, however, should solve these
problems both for home users and for the small- to mid-sized market. For
one, the OS X operating system now comes bundled with Samba by default,
as does Linux. In addition, new tools have begun to appear that allow
users to reduce administration duties radically and that provide
plug and play capabilities for sharing computer resources.

In next week's column, we explain how to set up a small office environment
using Samba 3, Linux and Windows XP. Our emphasis will be on creating a
workgroup environment rather than a large domain. With this example, we
believe you will see the extensive yet simple capabilities of Linux.

Tom Adelstein lives in Dallas, Texas, with his wife, Yvonne, and works
as a Linux and open-source software consultant with Hiser+Adelstein,
headquartered in New York City. He's the co-author of the book
Exploring the JDS Linux Desktop and an upcoming
book on Linux system administration, to be published by O'Reilly and Associates.
Tom has been writing articles and books on Linux since early 1999.