|
Linux might hit the Big Time
First off, i'm sorry to do this, but i have searched and i haven't found what i'm looking for. I don't know if this is the right place/forum, but i need help! Bad! As for the title of the post, i really mean it.
I work at a company which has over 15,000 desktops and tons of servers. Yes, it is ENTIRELY Windoze and Yes it is a royal pain in my a$$. What i do here, is manage some of the servers and do Cad support for people that need it. My days are spent searching the web for linux stuff to read or ways to implement Linux into our company. Well, guess what? It's going to happen. I want my company to be one of these linux "success" stories you see on the web or on Linux.org. The IT boss for Canada told me to get together a proposal for a post script to PDF server and from there, we will implement linux on servers and obviously (i hope) to the desktop. We use the Adobe Distiller to convert PS Cad drawings to send to clients. It crashes a lot and the whole windows thing is starting to bother everyone - not just IT, the big bosses that don't even turn on a computer are sick of contracts and obviously the enormous cost of implementing windows. My question....and i have to do this right if i want linux on the company desktop..... I need to setup a ps2pdf server on an already bloated Windows domain. I need to know how to do this (not necessarily in detail, just the applications i should use and roughly how to get started.) Users need to be able to print-to-file directly to the server and get a pretty PDF spat out somewhere on the network. I don't even know how to setup a linux home network let alone a Linux server on a Windows network - and have people access it like it was a normal business day. I know a lot more about linux every day and i consider myself pretty good as a home user, but i really need to learn the networking side really quick. Again i'm not asking for a step-by-step, hold my hand kind of thing, i just need a push in any direction and i'll figure the rest out from there. What i do know (or think i know)...... 1. I'll use cups as my backend 2. Maybe samba might be in the mix somewhere? 3. Firewall and security is #1 - again......#1 (they are all nervous that Linux is going to fail them, so i need to do this right and show them the potential). 4. What kind of box and what distro should i use? I am thinking a 500-1000mhz p2/amd Athlon with Slackware or Gentoo. I would say the average load would be a 3 or 4 meg ps file every other min that would need to be converted. (some of them can get up to 2 gigs with a raster image in the cad file) Please...Please Help me. I want this to work. Not so i look good, but so all those years of me saying "why are we doing this, you know there is a better alternative" won't go to waste. If a company our size starts to use other products other than Windoze, it would force the smaller companies that we associate with consider Linux as well. Thus a wonderful chain of events will be set in motion. Wow that was long. Thanks in advanced! Adam. :Pengy: |
Yes you will need to use samba - thr distro is pretty irrelvant. I suggest using something that you are comfortable using.
There is a decent howto here: http://lists.leap-cf.org/pipermail/l...er/006816.html The firewall shouldn't be a big issue. Just close off all ports except for 137, 138 and 139 - these are used by samba - you may also want port 22 for remote access via ssh. If oyu are anticipating having really large PDFs then I would get as much ram as possible as I think it will take its toll on the server. You will obviously need quite a large disk as well if you are going to store the PDFs long term on the system. Good luck, let us know how it turns out or if you need more info. |
if you use gentoo, i hope your computers are fast enough to compile and that you know how to use the command line. For support use redhat or suse. slackware and debian are used on lots of servers but not as easier as something like redhat or suse.
samba you will need it firewall they are plenty of them based on iptables learning the command line won't heart and would help you(basic commands and how to use a text editor) ps: i would not recommand gentoo on a server if you don't know how to use linux |
So far, i have used almost every distro there is. I am very confident at the command line and Lack of Linux skills isn't a problem. I can pretty much do anything the big boys can except get a server going - which i'm heading home right now to start with a Duron 900mhz, 128ram. It's hurt'n i know, but it's a start. My problem is going to lie in the initial setup. Like samba. I need to work on that. I had it set up for a home network (which never worked) only to come home one day and find about 20 people connected using it to spam and who know's what else. In other words, i really, really need to owrk on my Networking skills - for linux any way. I'll just dive in and keep coming back here when i get stuck. And i will let people know how it goes. Trust me, you'll hear from me again - really soon i bet :-)
And david_roos, thanks for the link. Already printed and ready to get started. ttyl. |
If you're thinking of converting your entire network (eventually) to Linux, then you're going to need an incredible amount of support. If you and your staff are not already Linux experts on Win -> Lin migration, *n*x systems administration, *n*x application developement, etc then you are going to need help!
I would not recommend undertaking a task this size without vendor support. This means you will want to look to Red Hat, Novell, IBM, Sun, HP, etc any of the vendors that have Linux server offerings. Since you eventually want to do desktops as well, that will probably narrow the field a bit as not all of the vendors I mention above concentrate on Linux desktops. Of the names I mentioned, I think Novell, IBM, and Sun are probably the main desktop supporters. As for the firewall, what are you running now and what do you hope to achieve? I assume you're running a commercial IP security firewall right now and not something like Microsoft ISA (please tell me you don't use ISA)? If so, I would not recommend changing your boarder firewalls. What you may want to do is become familiar with how netfilter/iptables work so you can use this to install host-firewall scripts on your servers and workstations (eventually). You could also use low-cost Linux boxen internally to firewall off different network segments from each other. This would help contain worm outbreaks (surely you will continue to have Windows boxes for a long time), but it will be much more practical than paying $15,000 to Cisco every time you want to prevent the marketing people from infecting your CAD developers. In short, if you want to be an enterprise Linux success story, you're going to need to work with a vendor. Only smaller organizations with a high concentration of *n*x administrators and developers can afford to switch to free Linux distributions (such as Debian, Gentoo, or Slackware). Everyone else will need to keep paying for OS and application licenses (although the Linux-based solutions are generally much cheaper than Microsoft, for instance Sun Java Desktop is far cheaper than Windows + Office). |
I don't have a lot of experience with ps2pdf or cups, but as far as I can tell, this is how it would work.
Setup Cups with your pdf converter first (Google found this) Then setup samba to share your Cups 'printer' to the windows computers. Now, check where the pdf file outputs to. You could either set it up to write to a local folder and share it (eg \\Linux-server\converted_pdfs) or mount a samba share off another computer and save it there (you will need the smbfs package for this) (eg \\MS2k3-server\printed_pdfs) |
Gee not getting the answers you are looking for are you. Well i recomend you do exactly as you say and i will give you some pointers.
First will you be showing people the server. If so go for mandrake one point people don't mention is EVERY linux distribution runs linux as the kernel. Which means it does not matter what you use. they are all the same thing with a different look and feel, so go for the one which looks the best. anyway ps2pdf is already a package of mandrake so all you need is to fire up samba and make one simple script. make a share for samba and have all windows machines mount it. Then get them to save the ps file to this share then make a cron job to check over the directory looking for ps files if it finds a new ps file it runs ps2pdf and saves the output to the same folder with same name but different extension(use awk). as you know you can do this in any other manner, give each user there own folder for security, or when it converts it to pdf it deletes the ps file. you will need to use bash to program a script, so look that up. And you will need to use awk to split up the file name from the extension and append the pdf extension, so look this up. but yep very simple should take you a few hours(though awk is a bit, so maybe longer). ask for an example if you have trouble :) |
Wow!! Thanks for the responses. I know it's going to be a long haul before we get linux to the desktop but i'm not going to stop pushing it. As for actual Support from Vendors, at the moment, that would not be an option and i am basically on my own (for the moment). I too think it would be a good idea but there isn't money for that - unless we dump windows which won't happen any time soon.
Thanks for all the links too. I did do a search before i posted and i found those links as well, but i wasn't even sure what questions i had to ask let alone try and find the right answer. Like i said, i just needed a push in the right direction. I had decided to use whatever for the server, it really doesn't matter, but i had already decided on a customized Gentoo for the desktop or for demo's. We can slap that company logo all of the place. As for the server, nothing has happened yet, as the boss hasn't got back to me and all my hard drives at home are being used (except for a 2gig and 1 gig lolollololol) so i can't put together that 900mhz Duron to test the waters. I'll keep everyone posted and trust me, i'll be back soon with more questions. |
Well, all went well and the server "works" fine. I ended up using Gentoo 2004.1 with Samba 3.0.3 and cups. It works very well and i am very happy the idea in my company has gone this far. However - i know - the big bosses (including windoze IT staff) are concerned with a couple of things.
1. What stops someone from walking up to the machine, booting up the computer with a live cd and editing the sys files? I know about the bios stuff, but is there a better way (SE Linux)??. I mean how secure can i get the hard drive from a physical standpoint? 2. How do i change the "NT Server 4.9" identification one will see when checking the properties from a windoze machine? I tried a couple things in the smb.conf file, but nothing has worked 3. This might be a tough one, how would a *.pdf file that has been created by the print from a windoze machine be sent back to the originating box. I know it's asking a lot, but i was hoping there was a way. Maybe a script and a monitored folder, that would send the file back to the source where the print originated. And now that i read the title of the thread, i have to admit, it's a little pretentious :-)) :D |
Quote:
(Of course, if they have physical access to the computer, there's nothing to stop them turning the box off, inserting a CDROM drive and then using a live-cd on it.) Quote:
.nf anounce as = <Server Type> check man smb.conf for more info Quote:
checks the printer output dir for new files maps the %U (client Username) / %m (NETbios name) / %I (IP address) to an email address or shared folder emails pdf as attachment to email address, OR moves to shared folder delete the files just sent from the output dir |
Phorem, you have some crazy bosses. You can use Win2K restore CDs to edit stuff on Windows any way, and any OS running on i386 hardware will be susceptible to booting from a Live CD. Actually, never mind that, any time a malicious user has access to the hardware, there is nothing you can do to completely prevent them from misusing it. The best you can do is lock it in a cage and encrypt the entire hard disk driver, but a) you can still invent ways to get into the cage and b) even if they can't read the encrypted disk, they could simply overwrite it with a new disk image, or simply remove the HDD entirely.
For point #3, I'd have to say that e-mailing the PDF would be the easiest approach, but it will tax your e-mail system pretty significantly and if some of the files are large (up to 2 Gigs?) that will definitely crash the mail server. I would say you have two options, either require every user to have a specific share on their machines so that you can always write back to that share, or perhaps a better approach would be to have user specific shares on the print/conversion server so that users could browse to it and grab their files. If the system is under heavy load, that might not be a good idea, either. Maybe a file store that has user-specific shares would be in order and each user could map a drive to it. |
PS, I moved this thread to the Linux Enterprise forum because this is exactly the type of question this forum was created for!
|
I told them i could easily walk up to any machine and have my way with it, but from some reason, they are very critical of linux and are nervous about the whole thing (and i don't think they know about the SCO issue - it would be game over for sure if they did).
About security, i guess i will physically lock the machine up in a cage so to speak. That would alleviate the physical concern. But what about the root password. Can't anyone boot it up (if they have physical access of course) and change the password??? Is there a way to secure the root password so it can never be changed. That's right...i said NEVER.. As for the sending files back to a machine, email is not an option. As mentioned, cad files with Rasta (photo's) images in the file can be enormous! The script would have to be something like urzumph mentioned, i would send it back to the machine (i.e. in this case, it would be identified as RTO6606) like (including urzumph's suggestion)..... mv %U (client Username) / %m (NETbios name) / %I (IP address) ??? or smb:\\%U / %m \C$\PDF ????? I have no clue. But i do need to work on that password issue. I think that might help the situation if i could secure the password at least. And chort, yes my bosses are nuts. One even has stock in windoze! I think he might have a hidden agenda :-) |
You can't boot it up and change the root password unless you are in single user mode. If you put a password on your bootloader then nobody can change the options and therefore boot up in single user mode (without the password anyway). Another easy way of securing the systme a bit is to set a supervisor password on the bios and only set the system to boot from the hard drive - this should stop anyone just sticking a CD in. Rember that the bios can always be reset or the hard drive removed as with any OS but it will certainly put people off trying.
To send the pdfs back you would probably need to make a temporary mount so in your script it would be something like: Code:
# If the IP has a directory already then there must be another conversion |
Phorem, try this approach: Ask your boss(es) exactly how a Linux password is any more dangerous than a Windows password. Explain that it is just as possible to reset Windows passwords by using bootable disks (floppy or CD) as it is to change Linux passwords using the same method. Perhaps if you educate them instead of letting them think it's a huge issue that you need to find a solution to, they might drop that complaint.
|
| All times are GMT -5. The time now is 02:09 PM. |