Oct 28 2004

PH34R Teh FuD!

Category: IT ThoughtsJeremy Wright @ 8:22 am

I’ve been saying this a lot today: Give. Me. A. Break.

I wouldn’t know where to start.

From “Microsoft paid SCO to sue IBM” to:

Well, if sending as many as five people around to as many as 3,500 Windows PCs to remediate each virus outbreak could be said to affect our TCO, then yes, I guess viruses, worms and trojans do tend to add substantially to the cost of doing business. At approximately $25.00/hour per person, that must come to… Well, enough to make it cost effective to begin a desktop Linux pilot program…

I’m sorry. If you have 3500 desktops, you’d damn well better have:

  • Patch management
  • Imaging
  • PXE-boot capabilities
  • Anti-virus
  • Context-scanning of your internet traffic
  • Multiple zones
  • Internal and extrnal firewalls

Which would:

  • Update your computers automatically, which is where 98% of viruses get in anyways
  • Protect your boxes if they are unpatched
  • Allow you to reimage a box in minutes if it did get infected
  • Check your internet traffic and email from viruses before it even gets to the desktops
  • Protect entire areas of your company, and the internet / WAN’s / etc, from any viruses that do happen

I’m just curious (really). If Linux TCO cost is lower, why aren’t we seeing a large number of companies that have actually moved their desktops to Linux? We hear about all kinds that are thinking about it, have decided they will or are commissioning studies. I don’t hear about very many that have done a succesful move from Windows to Linux.

The reasons are clear, and obvious, beyond the TCO argument. There is just too much that can go wrong. And the cost to prevent against issues is larger than the pure hardware / licensing cost / installation / training costs, etc.

It’s really the same reason we don’t simply roll out XP or 2000 to all of our desktops. We could do it in 3 days. But what about documents that are kept in non-standard locations? What about apps that users forget they have installed? What about the weird customizations which cause innumerable issues, especially when you’ve wiped all the data from the hard drive?

The reality is that there isn’t any easy way to move all users from one OS to another OS in a large environment without simply hoping your users have:

  • No custom apps
  • No undocumented apps
  • No files stored in weird locations

Moving OS’s arbitrarily is simply too complicated and risky on a large scale. Whenever we’ve tried, we’ve found that 3/4 of desktops require personal attention to the point where it’s cheaper to simply migrate them manually and keeping ALL hard drive data backed up.

6 Responses to “PH34R Teh FuD!”

  1. Aaron says:
    October 28th, 2004 at 10:21 am

    If the enterprise is using LDAP then why is it hard to migrate accounts?

    As for data migration, yeah that could be hairy but that would be hairy anyway. I users you network shares or personal shares, there would be no real issue as Linux can easily map a drive with an nfs mount just as Windows can.

    As for these points:

    * Patch management
    * Imaging
    * PXE-boot capabilities
    * Anti-virus
    * Context-scanning of your internet traffic
    * Multiple zones
    * Internal and extrnal firewalls

    * Patch management is simple. Redhat uses Up2Date but I happened to roll my own up2date which works phenomenally. If you want to make it SUS-like, that’s even easier.

    * Imaging? Are we talking about Ghost or what?

    * Anti virus and firewall are built in to most Linux distros and in a routered environment, that can be more effectivley stripped prior to the end user even seeing any harmful traffic.

    * Multiple zones… why is this a problem at all?

    Bottom line is that for the end user, using a Windows environment probably makes the most sense for usability, efficiency and familiarity. Many of the issues you bring up are on the server end and I don’t see why you can’t keep a low TOC when it comes to servers. Biggest thing is is that in a currency analogy, MCSEs are like nickels and RHCEs are like silver dollars. One is worth more. One is more common.

  2. Jeremy C. Wright says:
    October 28th, 2004 at 11:44 am

    Aaron, I didn’t say Linux couldn’t do these things… The oped I pointed to said that Windows would be incredibly more expensive because of viruses.

    Their calculation was:

    3500 desktops * 25.00/hour * 1 hour/desktop=87,500$/infection

    Which would be false if the enterprise had the above tools in place, whether it’s Linux or Windows.

    Migrating accounts between directory services is easy as pie. Migrating data on servers is easy as pie. It’s when users have data on their computers, applications on their computers, etc, that migration gets incredibly evil.

    Sorry for the confusion :)

  3. G says:
    October 28th, 2004 at 12:42 pm

    Are admins still using MS SMS (System Management Server) to manage large amounts of Windows machines these days?

  4. Jeremy C. Wright says:
    October 28th, 2004 at 1:11 pm

    Yep. SMS2003 is okay. 2005, due out soon, is actually fantastic.

    We use Novell for our Directory and Desktop Management stuff here, and I really enjoy it. Novell’s management stuff works fantastically in an Windows environment

  5. Aaron says:
    October 28th, 2004 at 6:03 pm

    SMS 2003 is great in conjunction with AD. Running fabulous in our testing. We’re still running SMS 2 with NO A.D. and it’s a beast managing about 1000 seats.

  6. Jeremy C. Wright says:
    October 28th, 2004 at 7:07 pm

    SMS rates among the top 5 desktop management apps. I’m figuring 2005 will put it as either the top or the second.

    Fingers crossed though ;)