CAS18543 Migration from a Windows Environment to a SUSE Linux Enterprise based Infrastructure Liberty Christian School

CAS18543 Migration from a Windows Environment to a SUSE Linux Enterprise based Infrastructure Liberty Christian School Don Vosburg Systems Engineer dvosburg@suse.com don.vosburg@libertyonline.org

Who is Liberty Christian School? Private school located in Anderson, IN, USA Established 1976 About 600 students in prek-12 Two campuses - Elementary and MS/HS 2

The before picture

LCS Technology Summary - 2009 ~100 PC s, 40% running Windows XP Home No Classroom accessible PC s or Laptops Two low-end Dell servers hosting files Each with a single desktop-class 250GB hard drive All users with all rights to all shares No imaging - all software individually installed on any PC as needed Self-hosted proprietary email solution with no effective spam filtering 4

LCS Network Summary in 2009 Wireless point-point connection between schools unreliable, slow (2 miles apart) Single IP addressed, flat Class C network, causing excess broadcast traffic, limited devices Low-end Linksys firewall at edge of a single Internet connection, limited flexibility and monitoring No connections faster than 100Mbps 5

LCS User technology - 2009 No centralized domain Each user defined on the computer(s) they might use No centralized printer administration or definition store One student desktop lab in each building, no student access beyond that No internally managed DNS local host access defined on each PC by IP address Proprietary content filter over-blocking, rendering Internet usage not worth the wait 6

Creating a better infrastructure

Infrastructure on SUSE Linux Enterprise Server SUSE Linux Enterprise standardized throughout Consistent enterprise-grade linux Both SUSE Linux Enterprise Server 11 and 12 Hosting bind DNS for internal name resolution Samba/openLDAP domain LDAP mirrored between facilities Apache Directory Suite to view/manage LDAP Samba 3 style domain Logon script for group-based drive mapping Documents redirected to network home Centralized printer and driver management Windows 7, 8.1, 10 client machines Users added/managed with YaST 8

Infrastructure on SUSE Linux Enterprise Server KVM virtualization added to allow more flexibility and hardware independence Live migration key to staying current Hosting Linux, Windows, and FreeBSD iscsi Storage SAS drives in a standard server Linux HA OCFS2 Clustered file system, hosting KVM virtual machines Clustered web server in each school VM s managed by the cluster One node can be lost and facility runs as normal 9

Clonezilla imaging Golden images of Windows machines Applications loaded based on function Modified for our environment with registry and policy changes DRBL server in each building Running on Ubuntu LTS Multicast image deployment Clonezilla USB for more portable imaging Parted Magic USB stick for launching clonezilla or gparted 10

Network infrastructure with pfsense FreeBSD based networking software Deployed on standard hardware or VM Class B 10.X.X.X/16 net in each building Two pfsense routers across leased fiber Firewall enabling hundreds of outbound connections Integrated filtering with squid/squidguard Excellent web interface Annotated rules NAT mapping to allow remote access for faculty/staff DHCP servers for each facility Two firewalls, each running as a clustered 64-bit VM 11

Additional solutions at LCS Leased 100mbps fiber between campuses ($) Google Apps for Education 3000 available accounts Unlimited storage for each account GADS - synched with LDAP Microsoft Volume Licensing ($) For Windows desktops and Office Ninite ($) Manage deployment/updates for flash, java, PDF reader, VLC Media player, etc. Freshdesk helpdesk software PowerSchool ($) School Information System Runs on its own appliance 12

Hardware choices Use Ebay for commodity hardware Average desktop costs ~$100 per unit Standardized on Dell, HP, Lenovo enterprise PC s Server costs kept low - ~$400 Augment with memory upgrades, disk, NIC s we install ourselves GB interfaces added to switches Netgear ProSafe networking hardware Managed GB switches Managed wireless AP s Multiple 1500kva UPS s Recycle older technology 13

Network Diagram (created in Dia) 14

Screenshots of Admin tools

Cluster View First-level bullet (24pt) Second-level bullet (20pt) Third-level bullet (16pt) 16 Fourth-level bullet (14pt)

Firewall view 17

Monitoring Console - Icinga2 18

Zmanda Backup 19

Live Look at the network Thank you. 20

Network today

Open Source solutions at LCS SUSE Linux Enterprise standardized throughout bind DNS server KVM virtualization Samba/openLDAP domain Linux HA clustering Imaging with Clonezilla and Parted Magic Firewall, content filter (squidguard), DHCP, routing with pfsense Icinga2 monitoring/notification server Amanda network backup UltraVNC remote control 22

LCS Technology Today Student Google accounts from grade 5-12 500 Chromebooks, 50 laptops, 150 desktops Centralized domain synced with Google Apps Clustered servers, centralized storage, virtualization with cluster-managed live migration Business-class Internet connections in each facility, managed by clustered VM s Content filtering that is fast and minimally intrusive Network monitoring/notification for all servers and network devices and services Student team working on major projects during breaks 23

Featured in News 24

Any questions? Thank you. 25

Unpublished Work of SUSE. All Rights Reserved. This work is an unpublished work and contains confidential, proprietary, and trade secret information of SUSE. Access to this work is restricted to SUSE employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of SUSE. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability. General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. SUSE makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for SUSE products remains at the sole discretion of SUSE. Further, SUSE reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All SUSE marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.