Open Source Terminal Server Architecture for Enterprise Environment Fabrizio Manfredi OpenExpo 2008 March 2008
Agenda Company Profile Goals Overview Solution Architecture Software Trouble Result Next Step
Company Profile Italsempione Italian private company Fully indipendent Operating in the freight forwarding and logistics market Spans the entire supply chain Structure Head Office in Vittuone (Milano) 600 Staff strenght in Italy 90 Staff strenght abroad all over the world 14 Italian Branches 6 Foreign Branches from Singapore to NewYork 350.000.000 Turnover 2006 Centralized service desk
Goals Quality Increase Efficiency Reduce Cost Stability
Overview License Opensource OS Openoffice Opensource Network service Hardware Thin client Small server System management Centralized User Profile Centralized Management Server Consolidation Terminal Server
Overview: Software Cost Software Cost Comparison for 100 clients Software Quantity Standard Solution FOSS Solution Price ( ) Totals ( ) Price ( ) Totals ( ) MS Office 100 500 50000 0 0 MS Windows 2003 Server 4 1200 4800 0 0 MS Windows CAL 9 230 2070 0 0 MS Exchange 1 500 500 0 0 MS Exchange CAL 95 75 7125 0 0 MS Vista 100 270 27000 0 0 RH Advance Server 4 0 0 370 1480 Grand Total 91425 1480
Overview: FOSS Advantage Cost reduction Stability Disadvantage Compatibility problem, office document.. Custom Software windows only Commercial Support
Overview: Hardware Cost Hardware Cost Comparison for 100 clients Hardware Quantity Standard Solution LTSP Solution Price Totals Price Totals Workstation 100 400 40000 250 25000 Terminal Server 3 3500 10500 Gran Total 40000 35500
Overview: Thin Client Advantage Cost reduction 10% for new hw Long Life > 5 years, 30-40% TCO Simplify administration, reduction 80 % User workstation independence Security Low noise Low heat Disadvantage SLA Single point of failure Network infrastructure (Bandwidth) Local device
Solution: Use the Best Solution.. Replace Windows Client with Linux Desktop (LTSP) Employ with a executive job Employ with light level of usage of Microsoft Office Office with more 10 terminal user Replace Windows Client with Windows Terminal Server Employ with usage of custom windows application Employ with heavy level of usage of Microsoft Office Office with more 10 terminal user Replace Domain Controller with Linux/Samba Server Office with more 5 Domain User Enterprise Directory Centralized all user/application with Ldap Replace Network Service Replace network service with Open Source (mail, dns, dhcp, proxy, etc)
Architecture Centralized infrastructure Star topology, WAN Gigabit network, Local LAN Headquarter Central point Directory Server Master Samba Domain Controller Network Services (dns,dhcp,ntp, proxy,etc) LTSP Windows Terminal Mailserver Branch Office Satellite Directory slave Samba Domain Controller LTSP Network Service slave (dns, dhcp, ntp, etc)
Architecture: Thin client
Architecture: HA Headquarter HA Switch and trunk configuration Mixed Port Workload at 65% Failure 1/5 External Storage user home directory TFTP on Terminal server Branch Office Workload at 75% Standby backup server Day before image on hot-plug disk Double switch LAN (manual) Hardware
Architecture: LTSP Hardware Headquarters 30-40 user per server Hardware dl360, 2 CPU Xeon 3.0Ghz, 6 GB Ram Max per server 60 user Branch Office Hardware ml350, 2 CPU Xeon 3.0Ghz, 4 GB Ram Default user 20-30 per server Max per server 40 user
Architecture: Management Centralized User Profile Identity life cycle management Secure password management Role-based administration capability/ Delegation User Self Provisioning Maintenance Remote control (ex. ILo) Automatic package distribution Monitoring (ex. Centralized log) Server consolidation Reduction number of system Simplified backup and monitoring operations Simplified update operation
Architecture: IDM Centrally administration means time and resource savings
Architecture: DIT
Gosa Architecture: IDM automatically creates, modifies and deletes user accounts on multiple heterogeneous systems and applications Advanced graphical user interface Wide spectrum of platform coverage Password management Ldap back end Extensible
Software Terminal Server Windows 2003 terminal server Linux Terminal Server Project (LTSP) PXES Enterprise Directory OpenLDAP 2.3.x Gosa Interface Fileserver Samba wth Ldap backend, ACL, CUPS, Quota Monitor VFS module External lib for password enforce (cracklib) Red Hat (kimberlite) Cluster Mailserver Postfix Mail Transfer Agent Cyrus, mailbox delivery and IMAP/POP Services Monitoring/Inventory Zabbix, ocs Inventory Backup Amanda
LTSP Troubles Supported Hardware Local device (usb device, scanner, ect.) Ldap Slave sometime disconnects to master (ldapsync) and loses synchronization Berckley db corruption, sometime we need to rebuild the database by hand When TLS is in use the cost of connection setup and binding is likely to far outweigh the search load. A large pool of clients will also result in many hundreds of connections being held open, with a big usage of file descriptors. PAM CHAGE command didn t read shadow parameter from Ldap, replace with pwdutils Samba Failure to join new computer to domain in Branch Office, latency in Directory replication Locking file (old samba Version) Backup Filesystems ACLs are not handled from amanda backup system you need a separate script for dump to text file.
Results Implementation 7 Samba Domain Controller 350 Linux Desktop ( LTSP) on 11 Server 70 Windows Terminal Client on 3 Server 130 Windows client Reduction Cost Direct impact on help desk costs, achieving 70% time reduction License Reduction 60% Benefit Increase performance (Server and Desktop) Increase security Single sign-on Reduced down time
Next Distributed Filesystem AFS single file system cross network Kerberos V Heimdal with ldap backend Kerberos Password for Unix System LTSP Load Balancing / HA Fedora Directory Multi master configuration Selective replication Openthinclient Multicast boot
Reference For Further Questions: Fabrizio Manfredi fabrizio.manfredi@gmail.com manfred.furuholmen@gmail.com http://www.beolink.org The End