Microsoft Windows Server 2003 Customer Solution Case Study Visualization Software Company Extends Windows-based Security Model and Management Tools to Linux Systems Overview Country or Region: United States Industry: Information technology Customer Profile Bellevue, Washington based Tecplot develops and sells post-processing and data visualization software for engineers and scientists. The company has 38 employees. Business Situation To improve security and manageability, Tecplot needed to better integrate the Linux-based systems used for software development with the company s Windows -based IT infrastructure. Solution By using the Likewise server management solution from Centeris, Tecplot can use its existing Active Directory service for user authentication and administer its Linux systems using familiar, Windows-based management tools. Benefits Increased security through centralized authentication Improved ease of administration Enhanced troubleshooting capability Reduced total cost of ownership The time that it takes to set up and configure a new Linux system has been reduced from a day to hours, and the time to add a new user across our Linux systems is reduced from an hour to mere minutes. As a company that supports multiple computing platforms, software developer Tecplot must run several Linux systems within its Windows -based IT infrastructure and needed a way to better secure and manage those systems. The company deployed a management solution called Centeris Likewise, which facilitates user authentication for the Linux systems against the company s centralized Active Directory service and allows the sole network administrator to manage those systems using familiar Windowsbased tools. Through the combination of Likewise and the capabilities provided by the Windows operating system, Tecplot is benefiting from better security, improved ease of administration, enhanced troubleshooting, and reduced total cost of ownership for its Linux systems.
Centeris Likewise lets us integrate our Linux systems with the rest of our IT infrastructure, and enables us to secure and manage those systems with the same ease as our Windows-based systems. Situation Tecplot develops and sells specialized postprocessing and data visualization software for use by engineers and scientists. The company differentiates itself from its competition through value, quality of output, and support for a broad range of computing platforms, including the Windows operating system, several versions of UNIX, and multiple Linux distributions. Tecplot runs most of its business on Microsoft software, including the Windows Server 2003 operating system, SQL Server 2005, Exchange Server 2003, Project Server 2003, and Microsoft Dynamics CRM. However, the company s IT infrastructure includes 13 Linux systems that are used to develop and test the various Linux distributions that Tecplot supports, including SUSE, Red Hat, and Mandrake. Of those systems, some are workstations that people use regularly for software development, while others are used mainly for compilation or test and are usually accessed remotely. The Linux systems also include one server computer that runs the Fedora Core 3 operating system and is used primarily for storage and heavy computation. For Pete Koehler, the company s sole network administrator, getting the Linux systems to talk to each other and to integrate with the rest of the company s IT infrastructure was a challenge. The systems were primarily stand-alone linked together in a peer-to-peer fashion and were accessed using user credentials that were managed separately on each system. One challenge I m faced with is getting computers with dissimilar operating systems to cooperate with each other, says Koehler. The big hurdle for me was to implement a unified authentication mechanism so users can log on to any computer using the same credentials, regardless of the platform. I wanted a solution that leveraged our Windows-based authentication servers already in place." Due to a lack of centralized management tools, Koehler had to administer each Linux system by hand. The needs are similar for all employees, who each require access to network resources like printers and file shares, but the process for configuring those services was unique enough for each Linux distribution that I had to do it all manually, says Koehler. As a result, it could take me up to a day to set up a new Linux system with the necessary user accounts, home directories, and file shares, and to get cross-platform services configured properly. In contrast, I can build a new Windows-based system from scratch in just a few hours. For Linux, every time we hired a new person, I had to manually set up a user account on each machine. Although the extra time and effort that Koehler spent managing the Linux systems was a sore point, a larger issue was the inability to employ standard security practices across the company s IT infrastructure. As part of a recent security initiative, we evaluated the vulnerability of all systems, says Koehler. Our Windows-based systems, which all authenticate against the Active Directory service, were pretty solid. The gaping hole in our security infrastructure was the decentralized authentication model for our Linux systems, in which user names and passwords were managed locally on each machine. In addition, the noncentralized authentication model used for our Linux systems prevented me from enforcing common security practices such as password expiration policies. Solution Tecplot improved security and reduced the effort required to manage its Linux-based systems by deploying the Likewise server management solution from Microsoft Certified Partner Centeris. With Likewise, user credentials for the Linux systems are no
The ability to authenticate Linux users in the same centralized manner as for Windowsbased systems using Active Directory is a huge plus, and will eliminate one of the greatest security risks that we faced. longer stored locally. Instead, Linux users are centrally authenticated against the company s existing Active Directory infrastructure. In addition, with the Likewise tools, Koehler can administer the Linux systems in the same way as the company s Windows-based systems and with considerably less time and effort. Centralized authentication for our Linux systems was the main reason that we chose Likewise, as we had to quickly do something to improve security, says Koehler. The ability to manage the Linux systems in the same manner as the rest of our IT infrastructure is an added bonus, and has made my job a lot easier. I tried to find solutions provided by the Linux distributions themselves, but there was nothing to meet my needs. Koehler currently has Likewise installed on 6 of the company s 13 Linux systems, and will migrate the rest of the systems as his time allows. In the case of 64-bit systems, he is waiting for Centeris to deliver an agent that runs on those systems something Centeris expects to release in August 2006. Options Considered In evaluating potential solutions, Koehler examined several options, including the deployment of a second centralized Lightweight Directory Access Protocol (LDAP) server computer. We briefly considered deploying a dedicated LDAP server that would sync with Active Directory, but it would have taken a huge amount of work and required extensive customization of each Linux system because each Linux distribution s implementation of LDAP is slightly different, says Koehler. And there would not have been a guarantee that it would have worked. distribution costs far too much and would have taken me out of the office for weeks, which isn t practical because I m the company s only network administrator, says Koehler. In addition, training or certification would not assure me that my specific desired results would be addressed. Centeris Likewise offered an immediate solution and was a far better value than the one other turnkey solution that I found. How It Works Centeris Likewise consists of two solution components: the Likewise Agent, which is installed on each Linux system; and the Likewise Console, which runs on any Windows-based system. Koehler uses the console to push the agent out to each Linux system. Then a wizard similar to the Manage Your Server wizard in Windows Server 2003 guides him through the process of joining the Linux system to the company s Active Directory domain, setting up groups and users, creating file and printer shares, and so on. The Likewise Agent assures me that connectivity between systems has been set up in a consistent way, says Koehler. And the process is the same for all distributions of Linux, with the agent taking care of all the subtle differences. After the Likewise Agent is installed and configured, users can log on to the Linux system locally or remotely using the same credentials that they use to access all the Windows-based systems. In addition, Koehler can manage the Linux systems using the same Microsoft Management Console snapins that he uses to administer the rest of the company s IT infrastructure. Koehler also looked at advanced training and certification for Linux, but the diversity of different distributions that he supports made that a poor option. Training for one Linux With Centeris Likewise, I can point the Microsoft Management Console at a Linux system and manage it using familiar, intuitive tools, he says. Being able to point the
The ability to use Windows-based management tools across our Linux systems should significantly reduce the time that it takes to troubleshoot network connectivity and authentication issues. Windows Event Viewer at a Linux server is especially useful, as it consolidates the multiple log files on a Linux system into a single view that I can sort and manipulate graphically, including severity indicators and all. That one capability alone saves me a good deal of time when troubleshooting. Benefits With its new administration solution, Tecplot is able to extend its centralized, Windowsbased authentication model to include Linux systems, and now can manage those systems in the same way as the rest of the company s IT infrastructure. That leads to improved security, more efficient system administration, enhanced troubleshooting, and ultimately lower cost of ownership for the Linux systems. While we use Windows for much of our company operations, we also run Linux because we develop software that runs on that platform and need to support it accordingly, says Koehler. Centeris Likewise lets us integrate our Linux systems with the rest of our IT infrastructure, and enables us to secure and manage those systems with the same ease as our Windows-based systems. For a situation like ours, in which a few Linux systems must coexist within a larger Windows-based environment, Likewise is an ideal solution. Improved Security For Tecplot, the greatest benefit provided by the new solution is improved security. Centralized authentication of all users against Active Directory eliminates the security risks associated with storing user names and passwords in a local hash file on each Linux system. In addition, integration with Active Directory allows Koehler to easily extend and enforce the same security-related best practices in use for the company s Windowsbased environment to the Linux systems, such as password expiration policies. The ability to authenticate Linux users in the same centralized manner as for Windowsbased systems using Active Directory is a huge plus, and will eliminate one of the greatest security risks that we faced in the past, says Koehler. Ease of Administration and Use The ability to manage and support Linux systems in the same way as Windows-based systems will significantly improve Koehler s productivity. My background is more in Windows than in Linux, and Likewise is designed for people like me, says Koehler. I m sure there are experts out there who can find a way to do it all with Linux, but tools like Likewise help the rest of us easily do the same. The time that it takes to set up and configure a new Linux system has been reduced from a day to hours, and the time to add a new user across our Linux systems is reduced from an hour to mere minutes. Use of Centeris Likewise to manage the Linux-based systems also benefits users, who now can log on to those systems using the same credentials that they use for other network resources and no longer maintain a user name and password for each Linux system. Similarly, those users also enjoy more consistent access to shared files and printers because Koehler can more easily configure and manage those services across the company s Linux systems. Enhanced Troubleshooting When combined with the management tools provided with Windows Server, Centeris Likewise will help facilitate faster troubleshooting of Linux systems for Koehler. On average, I face some sort of user issue on a Linux system once per day, he says. In the past, although I could handle most such issues remotely, it was done using low-level, primitive tools like Telnet. The ability to use Windows-based management tools across our Linux systems should significantly reduce
For More Information For more information about Microsoft products and services, call the Microsoft Sales Information Center at (800) 426-9400. In Canada, call the Microsoft Canada Information Centre at (877) 568-2495. Customers who are deaf or hard-ofhearing can reach Microsoft text telephone (TTY/TDD) services at (800) 892-5234 in the United States or (905) 568-9641 in Canada. Outside the 50 United States and Canada, please contact your local Microsoft subsidiary. To access information using the World Wide Web, go to: www.microsoft.com For more information about Centeris products and services, visit the Web site at: www.centeris.com For more information about Tecplot products and services, visit the Web site at: www.tecplot.com the time that it takes to troubleshoot network connectivity and authentication issues. Reduced Total Cost of Ownership Koehler s improved productivity will lead to a lower total cost of ownership for the company s Linux-based systems, the largest component of which is Koehler s time and effort. It s fair to say that our cost of ownership for Linux is greater than for Windows simply because of the added time that it takes me to maintain and administer the Linux environment, says Koehler. If I can help reduce that, then we ll see a significant savings in cost of ownership, including my time. I expect the solution to save me six to eight hours per month, which means that it pays for itself in less than a year through labor savings alone. Microsoft Windows Server 2003 The Microsoft Windows Server 2003 family helps organizations do more with less. Now you can run your IT infrastructure more efficiently, build better applications faster, and deliver the best infrastructure for enhancing user productivity. And you can do all this faster, more securely, and at lower cost. For more information about Windows Server 2003, please visit: www.microsoft.com/windowsserver2003 2006 Microsoft Corporation. All rights reserved. This case study is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Microsoft, Active Directory, Microsoft Dynamics, Windows, the Windows logo, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All other trademarks are property of their respective owners. Published July 2006 Software and Services Microsoft Servers Microsoft Windows Server 2003 Microsoft Exchange Server 2003 Microsoft Office Project Server 2003 Microsoft SQL Server 2005 Microsoft Dynamics Microsoft Dynamics CRM