Linux in Government: Another Look at Linux in the MS Infrastructure
In an article published in IT Week, Roger Howorth discussed lab results that indicated how the latest version of the open-source Samba file and print server software out-performed commercial Windows 2003 Server. The latest version of Samba, the software that helped put Linux on the technology map, has new features that make it compatible with Microsoft Active Directory. Linux thus can authenticate users from an existing Active Directory. As IT Week Labs reported:
The latest benchmark results show an improvement over version 2, which performed twice as fast as Windows 2000 Server when it was tested by IT Week Labs last year. Overall, it now performs 2.5 times faster than Windows Server 2003.
In terms of scalability, the gains of upgrading to Samba 3 are even more striking. Last year we found that Samba could handle four times as many clients as Windows 2000 before performance began to drop off. This year we would need to upgrade our test network in order to identify the point where Samba performance begins to fall in earnest.
Interestingly, IT managers who have deployed Linux with Samba have found that Samba requires less expensive and lower power servers than does the Windows software. Additionally, by using open-source software and Linux, managers can remove the expense of Windows server licenses.
The benchmark tests at IT Week Labs provide a tangible example of why Linux has gained so much server market share. As Howorth writes:
The IT Week Labs tests used Ziff-Davis NetBench file server benchmark with 48 client systems. We selected a low-specification but otherwise modern server for our tests. We used an HP ProLiant BL10 eClass Server fitted with a 900MHz Pentium III chip, a single 40GB ATA hard disk and 512MB of RAM. We did not tune any of the software to improve performance.
Each NetBench client makes a constant stream of file requests to the server under test, whereas in real-world environments many users would remain idle for long periods. Consequently our test environment simulates the workload of some 500 client PCs in a typical production environment.
Samba is an open-source implementation of the filesystem deployed by Microsoft. The bundle of standards and protocols behind Microsoft's filesystem originally was called SMB, or the Server Message Block Protocol. Over the years, Microsoft has made SMB the most prevalent filesharing protocol on the planet by shipping it with every Microsoft Windows system, whether desktop or server.
In government networks, Windows and Novell provide the primary server platforms used at every level, from small municipalities to federal agencies. Consequently, anyone considering an alternative desktop must consider how it will work with Microsoft's SMB protocol, which also is referred to as the Common Internet File System (CIFS). Do not let the latter name fool you; Microsoft changed the original name to make people believe SMB is an Internet standard.
SMB, or CIFS, allows Windows machines to share directories, files, printers and other computer resources within a network. The protocols and services included in SMB, which are called a following or a bundle, enable tasks such as introducing new hosts, name resolution, authentication and access control. Each service operates independently, but to the user it all looks like a single protocol.
SMB helps each desktop find and identify shared resources. It also controls access to those resources so unauthorized users cannot access them. Within this environment, Samba allows Linux desktops to look and act like Windows desktops.
SMB has been available for open-source operating systems such as Linux for several years, thanks to Samba. And as Linux began its move out of the datacenter and onto the corporate desktop, Samba helped Linux become part of the Microsoft network neighborhood. In fact, back in 1999, companies such as Cisco discovered that their engineers had replaced NT Servers with Linux machines running Samba. These companies were alerted to the presence of Linux and Samba by IT auditors who wondered why those servers did not need rebooting. As companies began discovering Linux in their organizations, word spread and a grass-roots movement gained management acceptability.
Some of the services included in Samba came from published standards. Many remained undocumented by Microsoft and have changed with each Windows version. In current lingo, people use CIFS when referring to the entire suite of services and SMB when discussing the filesharing protocol that allows one to see the network and its resources in the network neighborhood.
As a server, Linux with Samba 3 has moved from a simple file and print server to a viable alternative to Windows 2000 and Windows 2003. Jelmer R. Vernooij, John H. Terpstra and Gerald (Jerry) Carter have provided a nice recap of these new Samba 3 features that contribute to its viability:
Active Directory support. This release is able to join an ADS realm as a member server and authenticate users using LDAP/kerberos.
Unicode support. Samba will now negotiate Unicode on the wire, and internally there is a much better infrastructure for multi-byte and Unicode character sets.
New authentication system. The internal authentication system has been almost completely rewritten. Most of the changes are internal, but the new authoring system is also very configurable.
New filename mangling system. The filename mangling system has been completely rewritten. An internal database now stores mangling maps persistently.
New "net" command. A new "net" command has been added. It is somewhat similar to the "net" command in Windows. Eventually, we plan to replace a bunch of other utilities (such as smbpasswd) with subcommands in "net".
Samba now negotiates NT-style status32 codes on the wire. This considerably improves error handling.
Better Windows 200x/XP printing support including publishing printer attributes in Active Directory.
New loadable RPC modules for passdb backends and character sets.
New default dual-daemon winbindd support for better performance.
Support for migrating from a Windows NT 4.0 domain to a Samba domain and maintaining user, group and domain SIDs.
Support for establishing trust relationships with Windows NT 4.0 Domain Controllers.
Initial support for a distributed Winbind architecture using an LDAP directory for storing SID to UID/GID mappings.
Major updates to the Samba documentation tree.
Full support for client and server SMB signing to ensure compatibility with default Windows 2003 security settings.
If the list contains technical terms you do not understand, a Linux or Microsoft system engineer can explain them to you. Here, we simply want to make the point that Linux with Samba makes an interesting alternative to more expensive, less secure and power-hungry software from Microsoft.
Home users are one of the often-missed market segments of Linux distributors. For example, when not on the road, many consultants work out of home offices. Furthermore, look around and you will find that many companies and agencies provide a "flex office" environment for their staffs. For now, Microsoft seems to have captured the technical advantage in this space.
Currently, when one wants to sets up a Linux small office environment, whether at home or in an commercial building, administration difficulties can be a barrier to a successful implementation. Additionally, compatability can be a stumbling block in heterogeneous environments where, for example, one person is running Apple OS X, while another is running Windows XP, while yet another is running a Linux desktop. These difficulties can arise within a single household or within small departments of agencies across the government spectrum.
The new technologies bundled in Samba, however, should solve these problems both for home users and for the small- to mid-sized market. For one, the OS X operating system now comes bundled with Samba by default, as does Linux. In addition, new tools have begun to appear that allow users to reduce administration duties radically and that provide plug and play capabilities for sharing computer resources.
In next week's column, we explain how to set up a small office environment using Samba 3, Linux and Windows XP. Our emphasis will be on creating a workgroup environment rather than a large domain. With this example, we believe you will see the extensive yet simple capabilities of Linux.
Tom Adelstein lives in Dallas, Texas, with his wife, Yvonne, and works as a Linux and open-source software consultant with Hiser+Adelstein, headquartered in New York City. He's the co-author of the book Exploring the JDS Linux Desktop and an upcoming book on Linux system administration, to be published by O'Reilly and Associates. Tom has been writing articles and books on Linux since early 1999.