Linux in Government: How to Misunderstand the Enterprise Linux Desktop
If you are considering deploying open-source software in your organization, this article aims to help you draw appropriate distinctions for your business case. We address economic issues, issues of security and administration and the availability of applications. We also discuss myths and perceptions of the dominant operating systems in the market today.
GNU/Linux and open-source software have matured and attained significant popularity within the enterprise space. GNU/Linux already has made a showing of dominance based on empirical indicators. For example, the Netcraft Web Server Surveys shows the Apache server as having an installed share of 67% to 71%. Apache has become the default Web server for Linux. The Linux desktop also receives consideration for enterprise deployment. Anchored by cross-platform productivity suites, such as OpenOffice.org, StarOffice and the Mozilla FireFox browser, Linux has gained acceptance in numerous heterogeneous environments.
One measure of enterprise acceptance achieved by Linux is its place among the elite operating systems produced by IBM, HP, Sun, SGI, Microsoft and Sony. In addition, two Linux enterprise distributions recently achieved the coveted status of Common Criteria Certification. This certification offers governments a high level of confidence in using Linux (see Table 1).
What is Common Criteria? Certification in this area provides standards for security for mission-critical software. Common Criteria Certification provides a seal of approval recognized by government agencies and enterprise IT professionals. Countries that recognize the Common Criteria include the United States, Canada, the United Kingdom, Australia, New Zealand, Germany, France and Japan.
In January 2004, Novell SuSE Linux Enterprise Server 8 earned the EAL 3 certification. Atsec Information Security GmbH, along with IBM, assisted Novell SuSE with the certification process. In May 2004, Oracle helped Red Hat achieve its Common Criteria certification. Version 3 of Red Hat Enterprise Linux was certified to meet EAL 2 of the Common Criteria Certification.
Having attained this certification, Red Hat and Oracle and Novell SuSE can be deployed in government operations and in the Department of Defense. It also means they can deploy into security-sensitive organizations, such as federally insured banks and other government and government-regulated agencies. State and local government units with Federal Assistance programs also can deploy Red Hat and Novell SuSE Enterprise distributions.
Table 1, below, lists all operating systems that have been evaluated, as taken from the complete and official list of all evaluated software products. As you can see, Linux shares space with some prestigious software.
On July 1, 2004, the Executive Office of the President of the United States issued a memorandum for Senior Procurement Executives and Chief Information Officers. The memorandum emphasizes the President's previous memorandum titled "Maximizing Use of SmartBuy and Avoiding Duplication of Agency Activities." In this latest memorandum, OMB 04-16, the President issued the following ground-breaking statements:
This reminder applies to acquisitions of all software, whether it is proprietary or Open Source Software. Open Source Software's source code is widely available so it may be used, copied, modified, and redistributed. It is licensed with certain common restrictions, which generally differ from proprietary software. Frequently, the licenses require users who distribute Open Source Software, whether in its original form or as modified, to make the source code widely available. Subsequent licenses usually include the terms of the original license, thereby requiring wide availability. These differences in licensing may affect the use, the security, and the total cost of ownership of the software and must be considered when an agency is planning a software acquisition.
This is merely one example of the changes under way in procurement policies and habits across federal, state and local government agencies nationwide. Despite great odds and powerful opposition to changes in the status quo, open-source software has established a place at the conference table, where it will stay and survive on its merits.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- The Qt Company's Qt Start-Up
- Devuan Beta Release
- May 2016 Issue of Linux Journal
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The US Government and Open-Source Software
- Open-Source Project Secretly Funded by CIA
- The Death of RoboVM
- The Humble Hacker?
- New Container Image Standard Promises More Portable Apps
- BitTorrent Inc.'s Sync
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide