Ubuntu 15.04 Linux Implementation Proposal.
Introduction:
HACKD, LLC’s move to launch a new research and development group christened, CWE is a welcome move for the organization to streamline research operations, and to develop innovative products and services. The proposed CWE group systems are expected to run on the Ubuntu Linux 15.04 operating system that will access and share resources with the Microsoft Active Directory (AD) domain at HACKD, LLC. The AD domain comprises several servers running Windows Server 2012 R2 providing various services such as DHCP, DNS, file sharing, Microsoft Active Directory, printing and web services. HACKD, LLC also has a mix of about 500 desktop and laptop computers running on the Windows XP and Windows 7 client operating systems.
According to the Windows lifecycle Fact Sheet (2015), Microsoft ended the extended support for the Windows XP client operating system in April 2014, and this move acted as a catalyst for organizations to either upgrade to newer Windows offerings such as Windows 7 and Windows 8.1, subscription Linux distributions such as Red Hat, or free Linux distributions such as Ubuntu. The management at HACKD, LLC has thus requested for a proposal and plan to migrate from the now legacy Windows XP operating system to Ubuntu Linux 15.04 operating system. However, since Windows XP systems have been used by organizations for over a decade, a full operating system upheaval to a completely new platform is a daunting task that requires considerable planning and coordination. Issues to be considered in the migration plan and justification for the new platform will include coping with new system configurations, new interfaces, application software, file sharing, required hardware, networking, printing, user adaptation to the new systems, system conversion techniques to use, and security aspects such as authentication.
Justification on whether to implement Linux on current Windows XP hardware.
Before embarking on the move to migrate to Ubuntu 15.04 (Vivid Vervet) the first thing to check is whether the operating system will meet the organizational needs, software and hardware requirements. In the case of the CWE group systems implementation, the minimum system requirements for running Ubuntu 15.04 will be used to determine whether new hardware will be purchased, or whether current systems running Windows XP will be migrated to Ubuntu.
The Ubuntu 15.04 operating system is distributed on two types of bootable images i.e. 32-bit and 64-bit PC images. The 64-bit (AMD64) desktop image is built to cater for systems based on the EM64T and AMD64 architectures such as Core 2, EM64T Xeon, and Athlon64. For 64-bit processor not manufactured by AMD, or when full support for 32-bit applications is required, the 32-bit (i386) desktop image is recommended. The 32-bit image is designed for almost all PC systems and includes computers with AMD/Intel processors, almost all machines capable or running Microsoft Windows operating system offerings. In fact, the 32-bit version of the Ubuntu 15.04 desktop image is recommended when organizations/users are unsure of which version to use (Releases.ubuntu.com, 2015).
Another issue to consider on the hardware aspect regards the minimum system requirements required to run Ubuntu 15.04. The Table 1 below shows the minimum system requirements for Ubuntu 15.04 compared to the current system specifications for machines running Windows XP. The third ‘Requirements met’ column specifies whether the current Windows XP hardware meets the minimum requirements for installing Ubuntu 15.04.
Migration plan from Windows XP to Ubuntu 15.04 operating system.
Since it has been determined that the systems currently running Windows XP meet the minimum requirements for Ubuntu 15.04, the best way to approach the migration from Windows XP to Ubuntu is to perform a pilot test on some few machines. In this case, a sample size of about 20 employees at CWE who use Windows XP workstations is to be considered. The point of the pilot test is to work with a small group of pioneers to the new migration in order to convince senior management at HACKD, LLC and staff at the CWE group that the migration is viable. Using an initial pilot test will also help identify problem areas with the Ubuntu 15.04 implementation and help train the first batch of employees on how to use the new systems. There are expected challenges especially in adopting various Microsoft software alternatives such as Libre Office suite that is an alternative to Microsoft Office suite. However, with some training and willingness to adapt, the staff at CWE are bound to accept Ubuntu 15.04 as the way forward.
If Ubuntu 15.04 desktop implementation is approved based on the results of the pilot test, all the machines currently running Windows XP will have all company data stored locally backed up to the AD domain file servers. After backing up all company information, the Ubuntu 15.04 desktop operating system will be clean-installed to all the XP machines in phases and configured to access Microsoft AD domain services such as printing and file sharing using Samba shares. Since the migration will be phased, the staff will gain new insights on using the software and it will be easier to notice problems and fix them during the implementation of Ubuntu in later phases to ensure configuration mistakes are not repeated. After all machines have been migrated upgrades, tweaks, and further configurations can be done to ensure seamless system operation at CWE.
Ubuntu 15.04 installation options and hardware to be used.
Since the systems currently running Windows XP have met the minimum requirements for Ubuntu 15.04 installation, there is no extra hardware required to implement Ubuntu on these systems. However, regarding the installation options, clean installs of the Ubuntu 15.04 operating system will be done on the XP machines since XP has been completely phased out by Microsoft and will no longer be supported. The end of Windows XP support means that Microsoft will no longer offer updates, fixes and security patches for the legacy operating system. In this regard, clean-installing Ubuntu in phases will ensure across all machines in the organization will ensure that employees strive to adapt to the new systems since there is no option of falling back to the old and vulnerable Windows XP. Staff at CWE may see the lack of rollback options to Windows XP as a way to force Ubuntu 15.04 on them, but in the long run, the decision to completely switch to Ubuntu will reduce exposure to security risks and employees will work harder to learn the new operating system.
With regard to the installation options, the 32-bit (i386) Ubuntu 15.04 desktop image will be used. This is because 32-bit operating systems support system memory of up to 4 GB, and the machines that are currently poised to run Ubuntu 15.04 only have 2GB RAM. The 32-bit implementation also supports a wider range of hardware drivers and application software which will ensure a seamless performance.
In all the justifications made so far, there is a general assumption that only machines currently running Windows XP will be migrated to Ubuntu and machines running on Windows 7 will stay as they are. In this case, little will be mentioned regarding Windows 7 systems since Microsoft is still offering extended support for the systems up to the year 2020 (Windows lifecycle Fact Sheet, 2015). For these reasons, migration of Windows 7 systems is not be considered at this time the extended support period is still on.
User authentication in Ubuntu 15.04 systems into the AD environment.
All HACKD, LLC systems are supposed to be connected to the Microsoft Active Directory domain environment. For Windows based, systems, the configurations are easy since Windows operating systems and AD domain components are based on the same platform. The network environment for CWE systems is mainly Windows-based since all the servers run Windows operating systems. However, after implementing Ubuntu 15.04 in the systems that were running on Windows XP, there is a need to ensure interoperability by allowing Ubuntu users to join the AD domain using their credentials. In such instances, the Samba software suite is used to provide AD connectivity and provide stable, secure and fast file sharing and print services to all clients using the SMB/CIFS protocol. In this case, Samba is a critical component for seamlessly integrating Linux clients and servers in AD environments and can function as a domain member or as a controller (Samba.org, 2015). However, authentication via Samba is a daunting task since a lot of configurations are needed (Wallen, 2012).
Consequently, a group of developers has come up with an easy to use Graphical User Interface (GUI) tool to ease authentication for Linux clients into AD environments. The tool known as Likewise Open allows Ubuntu/Linux users to join AD via a couple of short commands and clicks. The requirements for the tool are a working Ubuntu installation, a domain name, a configured DNS (domain name server), authentication credentials to an account that can join a join, and the user must belong to a known group in the domain. The Likewise Open tool is easy to install from the Ubuntu repository and once installed, the user can then launch the application GUI where they are prompted to enter the computer name, the name of the exact domain they want to join, and select the Organizational Unit they presume to use for connection. When this information has been correctly entered, the user can click on Connect, and an authentication window will appear where the user is supposed to enter and password just like he would do on a Windows computer. After entering the credentials, the Likewise tool will attempt authentication, and if correct, then the user has successfully joined the company domain. To login again into the system using domain credentials, the user will use the DOMAIN/ configuration to access the AD domain. However, logging into the local machine will just require the standard and password to access the local system (Screenage.de, 2008; Wallen, 2012).
IP address assignment and DNS access by CWE systems.
The assumption here is that Samba software suite has been properly built/installed and configured as earlier stated to ensure interoperability between the Ubuntu 15.04 clients and AD domain. It is also assumed that there is a working DNS server in AD. Based on these assumptions, the newly installed Ubuntu 15.04 machines require to communicate with the domain controller and get authenticated. In this case, IP addressing can be configured at the Ubuntu 15.04 client networking settings by ensuring the network interface for each client is configured to use the (dynamic host control protocol) DHCP or by assigning a static (fixed) IP address and subnet mask to each machine using the ifconfig command. DHCP allows clients to be assigned temporary IP addresses based on a first come first served basis (Kirkpatrick, 2015).
Assuming that the AD DNS is working properly, CWE can be made to access the DNS by configuring the DSN resolver for each Ubuntu 15.04 machine to use the same DNS name server used by the domain controller. In most cases, this resolver is a domain controller in the domain where one wants to join the Ubuntu/Linux client. The assumption here is that the DNS in use is the AD-integrated DNS. After configuring the IP addresses and DNS resolver, the host name of the Ubuntu client must be set to reflect in the domain, and while this can be done using the network configuration application in Ubuntu, the best way involves directly editing the /etc/hosts file by adding an entry beneath the entry for localhost.localdomain which has the form <ip address> <FQDN> <host name>. The failure to perform this step leads to the creation of an incorrect computer object entry in the directory after joining the Ubuntu client to the AD domain (Kirkpatrick, 2015).
Network file access by CWE systems.
CWE can access files on the Windows network by either of two ways depending on the nature of the client. Windows 7 clients in the CWE network can connect and easily browse via their corresponding network interface to see shared files. For example, in Windows 7, the user can navigate to the Control Panel > Network and Internet > Network and Sharing Center > View network computers and devices. One can then browse all the available SMB shares (Help.ubuntu.com, 2014). For the Ubuntu clients to access shared files, folders, printers and drives on the Windows network, only the smbfs plugin of the Samba meta-package is required to access SMB shares. Ubuntu 15.04 GNOME desktop makes file access on Windows network shares quite easy. The user only has to navigate to the Place menu and then select Network. A Windows Network icon is then displayed and when double clicked, a new window opens and all domains and workgroups in the network can be seen. Navigating through each workgroup or domain will show all the computers in the workgroup/domain that have sharing enabled. Shares and files in each computer can be accessed by double-clicking the respective computer icons (Help.ubuntu.com, 2014).
Secure file sharing between groups and users in CWE.
The CWE system can be configured to enable secure file sharing between groups and other users/groups in the company. In this case, the security configuration for each shared directory can be implemented using group policies. In a nutshell, groups define collections of machines that have the same level of access to a specified network resource, and they offer some extra control when controlling such resources. For example, in the group XX containing users Dan, Fred and Kim and group YY consisting of Ken, Fred, and Tom, the network shares configured for access by group XX will be accessible by Dan, Fred and Kim but not Ken and Tom. However, since Fred belongs to both groups, he can access resources shared by both groups but the others can only access resources in their explicitly defined groups. This technique will allow the system administrator for CWE systems to configure which users/groups have access to what resources (Help.ubuntu.com, 2015).
Handling printing in the CWE systems network.
Printing in the CWE systems will be handled using Active Directory whereby shared printers appear the same way as SMB shares. In this case, printers are accessible from the same places where hosts can be seen in different workgroups and domains. If there is a shared printer in the domain, then any client Ubuntu or Windows 7 can use it (Dedoimedo.com, 2009).
Data encryption in CWE systems.
Finally, encryption at the disk level can be handled using Bit locker encryption for Windows 7 systems while Linux systems can be configured to either encrypt the whole disk or the Home folder during installation. During transmission, data encryption can be encrypted using IPSEC and 802.1x protocols and standards which are already in use within the Active Directory environment (Lucas, 2012).
Conclusion.
In conclusion, it is evident that the migration of CWE systems from Windows XP to Ubuntu 15.04 operating system will lead to several costs benefits on hardware purchases since none are required, and also on software licensing (Ubuntu is free). However, no operating system and applications switchover can be considered as seamless ice every change implemented is bound to have an initial negative impact on productivity. This is because there are new things to learn and new problems identified during and after the migration. In fact, there would still be an issue if CWE systems decided to upgrade their Windows XP machines to current Microsoft Windows offerings such as Windows 8.1 and Windows 10. In this regard, this proposal provides a general overview of the main issues and considerations to be dealt with when migrating systems from Windows XP to Ubuntu 15.04, and as new issues arise during the actual implementation, new solutions are bound to arise.
References:
Dedoimedo.com,. (2009). How to print from Linux machines to Windows printers over Wireless - Tutorial. Dedoimedo.com. Retrieved 22 July 2015, from http://www.dedoimedo.com/computers/linux-printing.html
Help.ubuntu.com,. (2014). Samba/Samba Client Guide - Community Help. Help.ubuntu.com. Retrieved 22 July 2015, from https://help.ubuntu.com/community/Samba/SambaClientGuide
Help.ubuntu.com,. (2015). Securing File and Print Server. Help.ubuntu.com. Retrieved 23 July 2015, from https://help.ubuntu.com/lts/serverguide/samba-fileprint-security.html#samba-security-mode
Intel ARK,. (2015). Legacy Intel ® Core 2 Processor - All. Intel ® ARK (Product Specs). Retrieved 20 July 2015, from http://ark.intel.com/products/family/79667/Legacy-Intel-Core2-Processor#@All
Kirkpatrick, G. (2015). Authenticate and Integrate Linux with Active Directory. Technet.microsoft.com. Retrieved 22 July 2015, from https://technet.microsoft.com/en-gb/magazine/2008.12.linux.aspx#id0060003
Lucas, M. (2012). What can be used to keep Active Directory data secure? - Premier Field Engineering (PFE) Platforms. Blogs.technet.com. Retrieved 22 July 2015, from http://blogs.technet.com/b/askpfeplat/archive/2012/09/26/what-can-be-used-to-keep-active-directory-data-secure.aspx
Releases.ubuntu.com,. (2015). Ubuntu 15.04 (Vivid Vervet). Releases.ubuntu.com. Retrieved 22 July 2015, from http://releases.ubuntu.com/15.04/
Samba.org,. (2015). Samba - opening windows to a wider world. Samba.org. Retrieved 21 July 2015, from https://www.samba.org/
Screenage.de,. (2008). Joining an Active Directory domain with Ubuntu | Screenage. Screenage.de. Retrieved 21 July 2015, from http://www.screenage.de/blog/2008/02/13/joining-an-active-directory-domain-with-ubuntu/comment-page-1/
Ubuntu.com,. (2015). Ubuntu for enterprise | Ubuntu. Retrieved 21 July 2015, from http://www.ubuntu.com/desktop/enterprise
Wallen, J. (2012). How to join a Ubuntu machine to a Windows domain | Linux.com. Linux.com | The source for Linux Information. Retrieved 22 July 2015, from https://www.linux.com/learn/tutorials/336477:how-to-join-a-ubuntu-machine-to-a-windows-domain
Wiki.ubuntu.com,. (2015). Ubuntu 15.04 (Vivid Vervet) GNOME Release Notes - Ubuntu Wiki. Wiki.ubuntu.com. Retrieved 21 July 2015, from https://wiki.ubuntu.com/VividVervet/ReleaseNotes/UbuntuGNOME#Minimum_System_Requirements
Windows life cycle Fact Sheet,. (2015). Windows lifecycle fact sheet - Windows Help. Windows.microsoft.com. Retrieved 20 July 2015, from http://windows.microsoft.com/en-us/windows/lifecycle