Comment Re:dumb terminals? (Score 1) 904
http://www.cfengine.com/pages/benefits
Few good points on what enterprise owners may want from policy compliance on desktops... cfengine is a very good option.
Comment Re:What are you trying to do? (Score 1) 904
Firstly, please note we need co-existence. I apologize if the original post was misleading... this is not about throwing out Windows, its about moving 300 desktops to Linux while retaining others with Windows & MAC.
Some of the lockdown features:
- Authenticate desktop against AD. Yes I know its LDAP, but guys we already have one and eventually I'd like to move to OpenLDAP, but in a heterogeneous environment we use AD - web apps login, network proxy login, VPN login, everything is tied to the AD identity. Likewise Open, Samba and others do this nicely - so this is the easiest bit.
- restrictions on what can be installed locally. Again SSH and configuring controlled environments is not a problem. Having a nice GUI tool to do it with would be ideal. Resident Linux genius won't always be around... In any event, making technology easier to use is one of the goals here.
- desktop preferences including personalizing network settings, display settings, file system folders (or redirection to network drives), backups, company screen saver, wallpaper, etc, etc. Stuff that management dreams up as well as routine admin requirements. And since the hardware belongs to the company, no one has the right to complain... don't like the policy get your own machine.
- application preferences like URL lists in firefox, proxy settings, email folder subscriptions, FTP server links, Intranet links, custom toolbar menus (in apps that allow this using windows registry), etc.
- pushing new applications and updates against to groups of users or users who belong to a certain role. Remotely deploying new executable with role specific configurations.
- Remotely managing firewall, security, etc. Less off a problem given netfilter, clam, etc.
- Inventory for everything - hardware, software, etc.
Guys, the problem isn't that this stuff doesn't wok with Linux... Likewise, Landscape, cfengine, puppet, OpenLDAP, all excellent tools. In fact, SuSe Enterprise does most of this out of the box and perhaps other commercial enterprise desktops too.
But have any of you put the pieces together and analyzed the costs? Put together, its expensive. Expensive enough to not be able to justify the move.
So question is, are there viable, lower cost alternatives (don't have to be free, in fact having paid support is a good thing) that can solve our problems and save the company money justifying the move? Recession is coming up...
Comment Re:You don't (Score 1) 904
Comment Re:CFengine, SElinux, ldap+nfs, and transparent pr (Score 1) 904
Comment Re:Ubuntu - landscape management (Score 1) 904
Submission + - Locking down Linux desktops in an enterprise 1
All the options listed above are EXPENSIVE, in fact so expensive that its cheaper to leave M$ on!
So while we figured out the Office Suite, Email Client, Browser, VPN, Drawing Tools and pretty much everything else, there seems to be no reasonable, open source alternative to locking down Linux terminals to comply with company policies. We're not looking for kiosk mode — we're looking for IT policy enforcement across the enterprise. Any ideas ladies & gentlemen?