I have just recently moved to a new city with a new job and so far everything is running smoothly. What attracted me to this job more than my previous job, aside from the higher pay, was the freedom to implement totally open source and Linux-based solutions for the company I now work for.

To give you readers a brief idea, the company I work for revolves its business around domain hosting and support, web site and web app development, SEO, ads, the whole e-commerce shebang. We have PHP devs, and sysads that deal directly with customer requirements in managing their sites and domains. The most challenging part of all was that the environment, up until I came on board, was a mix of Windows XP and a few Linux boxen. As expected, the minority of Linux boxen were being used by the “on-lease” sysads, and the rest are XP hordes.

The Environment

The current network environment I’m dealing with can be summed up using the following list:

  1. PFSense – BSD-based gateway/firewall border watchdog. We are also using it as our traffic shaper to cap our bandwidth to not exceed ISP-allocated bandwidth or else we’re toast for excess bills.
  2. SuSE Linux Enterprise Server – runs virtually every local services including Apache, BIND, centralized logging via Syslog-NG, and others.
  3. Linux Desktops – most of the minority of Linux users in the company prefer their own distro (no we do not impose what distro to use – we still value user freedom) so currently we have a mix of Ubuntu, Kubuntu, Mandriva, and Fedora existing within the infrastructure.
  4. Windows XP 32bit/64bit – some users prefer to use 64bit and the rest wants to use the trusty 32bit. We give them what they want as long as within limits. But usually, it’s just whatever we get our hands on whether 32bit or 64bit doesn’t matter.
  5. Windows 2003 Server – this one’s a tricky decision. This box exists as a Xen virtual machine on SLES for the sole purpose of housing our HR application which was outsourced and was developed using VB. This application existed before I joined the company and currently runs on Windows XP. Backend runs on Postrgres. We hope to consolidate this later on and put the backend into Postgres on Linux.

The Challenge

Looking at the list above, anybody not really familiar with this type of mixed environment will certainly go gaga. And yes, no definite management tools are in place to unify the management of these machines let alone manage the resources available. And no, going proprietary is out of the question specially while I’m around. So to meet the challenge I’m facing, I have prepared a list of my open source toolkit for our existing enterprise.

  1. Samba Primary Domain Controller authenticating through OpenLDAP – the only solution that I can find to support both Windows machines and Linux boxen will be to centralize accounts using OpenLDAP. Windows can auth through Samba PDC, Linux may opt to go direct through OpenLDAP. Either way, they will still use a single user account database. These by the way run currently on SLES and are managed through YAST. However, we deployed PHPLDAPAdmin just in case we get lazy and manage it using the browser.
  2. Syslog-NG – provide centralized logging facility. Any machine that supports Syslog can now throw their logs to our local log server.
  3. OCS-NG Inventory – this one’s a jewel. OCS-NG can conduct a detailed inventory of any box in our existing armory whether it is Windows, Linux, Mac OS X, or Unix variants like AIX, HP-UX, BSD, Solaris, and others. In the proprietary world you’d be dealing with HP OpenView, IBM’s Tivoli, or Novell’s ZENworks Asset Management which spells thousands of dollars in software licensing cost. For us with OCS-NG, we spent nothing in terms of cash, spent 2 days installing and tweaking it, and will spend a couple of days deploying the agents. Bottomline, OCS-NG costs the company nothing.
  4. GLPI Free IT and Asset Management – GLPI, which, originally in French, stands for “Gestion Libre de Parc Informatique” is a complement to OCS-NG Inventory. GLPI can be used to actively manage and monitor IT assets. What’s more it has a built-in Help Desk system, including a Knowledgebase facility and user portal and support ticket tracking system. Totally free.
  5. Joomla – One of our departments need their own departmental portal where they can deploy their own training system. Joomla fits the bill specially with its wide user base, full customizability and various available modules that fully integrate with the Joomla core.
  6. WordPress – Of course, our auxiliary services will not be complete without providing a company blog available only to the corporate intranet. And WordPress is always a fitting choice with easy templating and customizability and management ease. Plus full control over who gets to post.
  7. ProjectPier – We needed to have a project management system available. We previously have taken a look at Basecamp however since it is a hosted service, we were concerned of some sensitive details regarding the projects we are doing, so we decided to have a local project management system implemented locally. Then we found ProjectPier, which happens to be a fork of the now close-sourced ActiveCollab, which also happens to be a clone of Basecamp. Neat!
  8. DotProject – Being the picky ones that we are, we were not contented with one solution so we also implemented another project management tool called DotProject. Yeah, it does serve the same purpose as ProjectPier but DotProject has some other bells and whistles not available in ProjectPier. Where ProjectPier is minimalist, DotProject has this totally whizbang set of project management goodies that anybody will want to try. Currently our SysAdmin Team is using it.
  9. OSSIM – My toolkit will not be complete without this one. OSSIM, or Open Source Security Information Management is the swiss army knife of opensource security toolkits. It’s got everything a sysad needs to do the whole administration ballet. It’s got Arpwatch, Pads, P0f, Nessus, Snort, Ntop, Tcptrack, Spade, Nagios, Osiris, OSSEC, and others in a single easy deployment package. We have yet to deploy it but it is already in line for deployment within the year.

These tools of course need the bare essential opensource tools like Perl and CPAN, MySQL, PHP, Apache, just to name a few. But hey, we got the things that we need, without collapsing the company’s coffers. Plus we’ve kept the inhouse geeks happy.

How we implemented these tools are for another round of posts.
Stay sharp and good luck!

Advertisements