Comment My assessment (Score 1) 375
I'm part of a team looking into moving our company to Linux in the long term. Some 3000+ workstations with windows XP, MS office, exchange, etc.
Currently we're looking at Ubuntu and servers in Debian. My assessment is:
- You need directory services. Fedora Directory services (389 server) is hard to install on Debian/Ubuntu and has a lot of trouble with their two way AD replication. Other people who have worked with OpenLDAP report severe corruption when synchronizing multiple masters across unreliable links. Both arer a pain to set up windows clients for.
- Both Ubuntu 9.10 and Macs can join Active Directory using Likewise Open. Ubuntu 10.04 included it in their main repository, adverrtised the integration and completely fucked it up. Most of the bugs are fixed in the PPA, but they haven't bothered to put the fixes in their supported repositories for the last 6 months, and the same bugs are in 10.10. Upgrading 9.10 -> 10.04 with break your configuration, unless you know enough to add the PPAs beforehand or a private repo. With the PPAs it works well, but single-sign-on doesn't work (worked in 9.10) and it has problems when working from home.
- Some things aren't implemented. Windows can authenticate with Radius (WPA Enterprise, VPN, etc) with the machine's AD password. Ubuntu + Likewise doesn't have that capability, though it's relatively easy to script yourself. You have to log in and enter a password for the wireless, (hard if you need the wireless to log in) or set your password to be used for anyone who uses the computer (bad if you ever change your password)
- Ubuntu has a bunch of embarrassing bugs that prevent me from just giving it to one of my users. The original OOo in 10.04 couldn't even join cells selected with the mouse. It's sad when MS's products have more quality than yours.
Maybe we'll start over looking at Fedora, I'd like to hear about people's experiences with their quality assurance.
All that aside, the other big points to watch:
- Email is a problem. Web based solutions preclude you from having PSTs locally for personal history/backups (which is very common at my company). If you don't switch to a web based solution then Evolution is a mess with its exchange integration. The old connector only connects through OWA, and loses synchronization (says there are unread emails but won't show you them or download them, silently stops updating, etc) and crashes every once in a while. The MAPI connector has some weird issues with character encoding. You can use Thunderbird but you lose all the Gnome integration. And either you switch windows users to thunderbird too or support two different programs. You could install a Linux based email and calendaring server too, that can sync email, appointments and everything else with linux windows, macs and phones , but it's nontrivial. Just choosing the right combination of solutions is a big project.
- Access and excel macros have to be rebuilt. A lot of people at our company use them. Every department seems to have a VBA expert building mini-applications and data analysis spreadsheets connected to our data warehouse that then become business-critical. This is not a problem until you want to switch.
- MS Project. If your people use it and need it, there is just no good replacement. Serena Openproj is the closest, but it hasn't been updated in two years and has a bunch of bugs. Plus it's missing things like multi-project and a bunch of features our users need.
- Custom apps: Our intranet won't show well under Firefox and we have a bunch of custom apps (VB and other languages). The former have to be redone anyway to update for a new IE, but the latter are a lot of work in our case.
A migration project is a big undertaking that probably won't be completely justified by cost. On the other hand I don't agree with just laying on your laurels and mindlessly updating to the latest MS offering. Do look into switching every once in a while. If things are good enough for you then switch, even if it takes a lot of work. You can also switch bits and pieces. Migrating the back-end away from exchange and the workstations to web or Thunderbird might lower your costs, simplify your support and simplify a later full migration. It won't be easy, at all, but how else are you going to justify your paycheck?
On the back end, DHCP/DNS are easy. Squid/Squidguard instead of ISA server are pretty easy except for the AD integration, but they're not too hard either. There is a JBoss doc somewhere showing how to create a service/machine account in AD that can later be used in a kerberos keytab to authenticate your users with single-sign-on, and Squidguard can use their AD account to check their access rights if you add Samba to your server. Email is next on our list. Puppet is supposed to be a great tool for reducing your workload, as is Nagios. Postgres is easy to set up, but redoing all your store procedures and porting your apps can be a big job. MS Analysis Services is harder to replace.
Seriously, study the solutions, decide for yourself. Don't just assume it'll work, and don't just assume it won't.