www.SYS-CON.com

L
TI
S UN
ER Y 4
IL A
A PL 00
ET S , 2
R DI 30
SE NE
EA JU
PL
‘INSANELY GREAT’ LINUX DEVICES?
WWW.LINUXWORLD.COM
THE LEADING MAGAZINE FOR ENTERPRISE AND IT MANAGEMENT
MAY 2004 VOL.2 ISSUE 5
Meet tomorrow’s requirements with today’s technologies...
Beyond Technical Measures
The culture of a truly secure organization
$9.99US $9.99CAN
0
09281 02976
05
2
The Functionality
of the Future Is Here
Linux and clustered blade servers make distributed
virtual computing a reality
SECURITY:
s
e
g
n
lle
x
u
n
i
e
L
h
of t udit
A
e Cha
Th
Protecting the keys to your kingdom
TABLE OF CONTENTS
Inside...
What’s
THE LEADING MAGAZINE FOR ENTERPRISE AND IT MANAGEMENT
MAY 2004 VOL.2 ISSUE 5
[7]
[44]
From the Editor
Insanely Great Linux Devices?
BY KEVIN BEDELL
[9]
Guest Editorial
Open Standards vs Open Source
BY TYLER JENSEN
[10]
CGL
Linux Gains Momentum in Telecom
BY IBRAHIM HADDAD
[60]
Debian GNU/Linux
Exclusive Interview
Linux in ‘its purest form’
Dr. Frederick H. Berenstein, director of Xandros, Inc.
BY JALDHAR H. VYAS
INTERVIEW BY KEVIN BEDELL
[16]
Virtualization
The Functionality of the Future Is Here
BY SAM GREENBLATT
[20]
Dr. Migration
Guide to Linux on the
Business Desktop Part 2 of 3
BY MARK R. HINKLE
[32]
Exclusive Interview
Francois Bancilhon on
Mandrakesoft
INTERVIEW BY KEVIN BEDELL
[34]
Policy
Security: Beyond Technical Measures
BY RUSS ROGERS
[26]
TELECOM: Moving Toward Open Platforms
[36]
Security Viewpoint
An Approach That Works
BY STEVE SUEHRING
[42]
BY IBRAHIM HADDAD
JBoss
Following in Linux’s Footsteps
BY BOB BICKEL
[48]
[38]
Security
Securing a Tightly Integrated OS
BY BRAD DOCTOR
[50]
Gaming
Linux on the Back End: Dark Age of Camelot
INTERVIEW BY DEE-ANN LEBLANC
[52]
Product Review
EmergeCore’s IT in a Box
BY MARK R. HINKLE
[54]
Book Rookery
Linux for Dummies, 5th Edition
INTERVIEW BY KEVIN BEDELL
SECURITY: The Challenges of the Linux Audit
BY RICHARD WILLIAMS
MAY 2004
4
[64]
Around the LinuxWorld
Brought to You by...
Linux Business Week
www.LinuxWorld.com
If you’re paying unreasonable licensing fees for software that constantly needs security patches, you’re getting eaten alive. But there’s a solution. With SUSE® LINUX,
Novell® can help you unleash the cost-saving power of a flexible, end-to-end open source strategy. Only Novell supports Linux from desktop to server, across multiple
platforms. We’ll integrate our industry-leading security, management and collaboration tools seamlessly into your environment. We’ll provide award-winning technical
support 24/7/365, and train your IT staff to deploy Linux-based solutions. And we’ll make sure your open source strategy actually meets your number-one business
objective – making money. Call 1-800-513-2600 to put some teeth back into your tech strategy, or visit www.novell.com/linux
w e s p e a k y o u r l a n g u a g e.
©2004 Novell is a registered trademark of Novell, Inc. in the United States and other countries. SUSE is a registered trademark of SUSE AG, a Novell company.
FROM THE EDITOR
[
EDITORIAL BOARD
]
Editor-in-Chief
Kevin Bedell [email protected]
Senior Editor
James Turner [email protected]
Health Care and Biotechnology Editor
Dan Bent [email protected]
Industry News Editor
Steven Berkowitz [email protected]
LAMP Technologies Editor
Martin C. Brown [email protected]
Desktop Technologies Editor
Mark R. Hinkle [email protected]
Gaming Industry Editor
Dee-Ann LeBlanc [email protected]
Advocacy Editor
Steve Suehring [email protected]
Contributing Editors
Ibrahim Haddad [email protected]
Bruce Byfield [email protected]
Rachel Morrison-Walker [email protected]
Maria Winslow [email protected]
[INTERNATIONAL ADVISORY BOARD]
Wim Coekaerts, Director of Linux Engineering
Oracle
Brian E. Ferguson, Partner
McDermott, Will & Emery
John Fowler, CTO, Software
Sun Microsystems
Gaël Duval, Cofounder/Director of Communication
MandrakeSoft
Samuel J. Greenblatt, Senior Vice President
and Chief Architect, Linux Technology Group
Computer Associates
Scott Handy, Director of Linux Software Solutions
IBM
Bruce Perens
Perens, LLC
Simon Phipps, Chief Software Evangelist
Sun Microsystems
Stacey Quandt, Principal Analyst
OSDL
Thomas Reardon, VP and General Manager,
Client Product Group
Openwave Systems
Alan Williamson
SYS-CON Media
John Weathersby, Executive Director
Open Source Software Institute
[
EDITORIAL
]
Managing Editor
Jennifer Van Winckel [email protected]
Editors
Gail Schultz [email protected]
Nancy Valentine [email protected]
Jamie Matusow [email protected]
Jean Cassidy [email protected]
Research Editor
Bahadir Karuv, PhD [email protected]
[
OFFICES
]
SYS-CON MEDIA
135 Chestnut Ridge Rd. • Montvale, NJ 07645
Telephone: 201 802-3000 • Fax: 201 782-9600
LinuxWorld Magazine
(ISSN #1544-4511)
is published monthly (12 times a year)
by SYS-CON Publications, Inc.
Postmaster send address changes to:
LINUXWORLD MAGAZINE
SYS-CON MEDIA
135 Chestnut Ridge Rd. • Montvale, NJ 07645
COPYRIGHT © 2004 BY SYS-CON PUBLICATIONS, INC.
ALL RIGHTS RESERVED. NO PART OF THIS PUBLICATION
MAY BE REPRODUCED OR TRANSMITTED IN ANY FORM OR
BY ANY MEANS, ELECTRONIC OR MECHANICAL, INCLUDING
PHOTOCOPY OR ANY INFORMATION, STORAGE AND
RETRIEVAL SYSTEM, WITHOUT WRITTEN PERMISSION.
FOR PROMOTIONAL REPRINTS, CONTACT REPRINT
COORDINATOR.SYS-CON PUBLICATIONS, INC., RESERVES
THE RIGHT TO REVISE, REPUBLISH AND AUTHORIZE ITS
READERS TO USE THE ARTICLES SUBMITTED FOR
PUBLICATION. ALL BRAND AND PRODUCT NAMES USED
ON THESE PAGES ARE TRADE NAMES, SERVICE MARKS,
OR TRADEMARKS OF THEIR RESPECTIVE COMPANIES.
WORLDWIDE NEWSSTAND DISTRIBUTION
CURTIS CIRCULATION COMPANY, NEW MILFORD, NJ
NEWSSTAND DISTRIBUTION CONSULTANT
GREGORY ASSOCIATES / W.R.D.S.
732-607-9941 – [email protected]
FOR LIST RENTAL INFORMATION:
Kevin Collopy: 845 731-2684, [email protected]
Frank Cipolla: 845 731-3832, [email protected]
LINUX IS A REGISTERED TRADEMARK OF LINUS TORVALDS
LINUXWORLD® IS THE REGISTERED TRADEMARK OF
INTERNATIONAL DATA GROUP, INC.
SYS-CON IS USING THE MARK PURSUANT
TO A LICENSE AGREEMENT FROM IDG
www.LinuxWorld.com
Insanely Great
Linux Devices?
I’m waiting for Linux’s Steve
electronics with advanced features,
but primative form and style.
But now combine these ideas with
Jobs to arrive.
some of the great innovations happening in porting Linux to custom
ou know what I mean? A
hardware platforms and things start to
person who can take this
look a little different.
technology and turn it into
For example, Cyclades is now sellsome amazing consumer
ing a small console server that’s a
products. “Insanely Great”
BY KEVIN BEDELL
Linux-based device about the size of a
products.
pack of cigarettes. Another example is
“Insanely Great” was what Steve
demanded of his engineers at Apple when they cre- the Motorola A760 cell phone. Both of these are
custom pieces of hardware that run Linux, are easy
ated the Mac together. “Insanely Great” meant that
to use, and have stability requirements far beyond
it was so advanced it was easy. It was better than
the average Windows-based PC. Both of these also
anything the competition was doing by far.
offer feature sets that are far beyond similar, nonLinux is capable now of being used to build
Linux-based products.
insanely great machines. I know it is. I’ve seen what
What would happen if we were to
so many people are doing with Linux; I’m concombine these ideas? We’d get Linuxvinced of it.
based consumer electronics that are easy
But to do so will require a complete
to use, are highly stable, and have capachange of mindset.
bilities far beyond other products.
For example, I recently reviewed
For example, what if someone crethe book Linux Toys: 13 Cool
ated a custom device the size of an
Projects for Home, Office and
iPod with 50 Gig of hard drive space, a
Entertainment by Christopher
built-in wireless network connection, a
Negus and Chuck Wolber (ISBN
voice modem, and an embedded Linux
0764525085). In it were a bunch of
distribution?
really cool, nerdy projects like
Then you could have a high-end voice
building a digital video recorder,
mail system that you could simply plug
or a digital jukebox, or digital picyour phone line into and configure from a
ture frame display out of old combrowser on your desktop. It could send your
puters running Linux and free/open
voice messages to you via e-mail and archive years
source software.
worth of old messages if you wanted it to.
Another really neat project was to build a full
Now, that would be insanely great.
featured voice mail system with multiple mailboxes, the ability to check your voice mail over
LINUXWORLD MAGAZINE WWW.LINUXWORLD.COM
the Internet, and automatic e-mailing of voice
A B O UT TH E E D ITO R
messages to your e-mail box.
The only problem was that they were all cobKevin Bedell is editor-in-chief of LinuxWorld
bled together with whatever parts happened to be
Magazine. He holds a BS degree in engineering from
lying around; they took hours to build; and they
Michigan Tech and an MBA from The Crummer
took pretty deep knowledge to make them work.
Graduate School of Business at Rollins College. Kevin
(Of course, if you’re a computer nerd like me then
is a seasoned software professional who has coauthat’s just a pretty decent way to kill a few hours
thored books for SAMS and O’Reilly Associates and
over a weekend...)
who writes and speaks on Linux, open source, and
Regardless of how clunky they may be, they are
other software development topics.
still all actual, working devices. They’re consumer
[email protected]
Y
7
MAY 2004
Network backup seems insurmountable
if you don’t have the right solution.
Introducing Arkeia 5.2
The right solution.
files within a single directory and up to 50 times faster for
150,000 files!
If you’re responsible for protecting your company’s heterogeneous
network, the Arkeia 5.2 Linux or Unix backup server solution is
just what you’ve been looking for.
We’ve also expanded GUI capabilities for maximized security.
You can easily clone tapes for off-site storage. Combine this
with Arkeia’s Disaster Recovery module, and you can
automatically rebuild servers from scratch if they are destroyed
or stolen.
Arkeia has always been noted for powerful, scalable, reliable and
cost-effective backup solutions. Now we’ve added even more
options to give you greater control and ease of use.
New features, greater benefits
Our completely redesigned reporting functions allow you to
produce highly customizable machine-based reports as well as
more developed messages that inform you about successful
operation completion.
Quantum DLTSage™ support for SDLT tape devices helps you
predict and prevent storage system errors.
An optimized catalog algorithm lets you dramatically increase
backup speed for large file servers—five times faster for 10,000
In addition, a new hot backup plug-in is available for
MS-Exchange that complements our online backup solutions
for Oracle, Lotus, DB2 and MySQL.
Try Arkeia 5.2 for 30 days. Free!
The best way to prove that Arkeia 5.2 is the right solution for
you is to let you try it—
FREE—for 30 days. We’ll
even include free installation
tech support. Simply
download the demo version
www.arkeia.com
at www.arkeia.com.
GUEST EDITORIAL
The World’s Leading i-Technology Publisher
President & CEO
Fuat Kircaali [email protected]
Open Standards vs Open Source
VP, Business Development
Grisha Davida [email protected]
Group Publisher
Jeremy Geelan [email protected]
[
The benefits and market
]
ADVERTISING
Senior VP, Sales & Marketing
Carmen Gonzalez [email protected]
VP, Sales & Marketing
Miles Silverman [email protected]
Director of Sales and Marketing
Megan Mussa [email protected]
Advertising Director
Robyn Forma [email protected]
Advertising Sales Managers
Alisa Catalano [email protected]
Carrie Gebert [email protected]
Associate Sales Managers
Kristin Kuhnle [email protected]
Beth Jones [email protected]
[
PRODUCTION
]
Production Consultant
Jim Morgan [email protected]
Art Director
Alex Botero [email protected]
Associate Art Directors
Louis F. Cuffari [email protected]
Richard Silverberg [email protected]
Tami Beatty [email protected]
[
]
SYS-CON EVENTS
President, Events
Grisha Davida [email protected]
Conference Manager
Lin Goetz [email protected]
National Sales Manager
Sean Raman [email protected]
[
C U S T O M E R R E L AT I O N S
]
Circulation Service Coordinators
Shelia Dickerson [email protected]
Edna Earle Russell [email protected]
Linda Lipton [email protected]
[
]
SYS-CON.COM
VP, Information Systems
Robert Diamond [email protected]
Web Designers
Stephen Kilmurray [email protected]
Christopher Croce [email protected]
Online Editor
Lin Goetz [email protected]
[
ACCOUNTING
]
Financial Analyst
Joan LaRose [email protected]
Accounts Receivable
Charlotte Lopez [email protected]
Accounts Payable
Betty White [email protected]
[
SUBSCRIPTIONS
]
[email protected]
For subscriptions and requests for bulk orders,
please send your letters to Subscription Department
Cover Price: $5.99/issue
Domestic: $49.99/yr (12 issues)
Canada/Mexico: $79.99/yr
all other countries $99.99/yr
(U.S. Banks or Money Orders)
Back issues: $12 U.S. $15 all others
www.LinuxWorld.com
Would IBM give up its quest to
dominate the hardware and services
market if open source and Linux had
opportunities provided by open
never come along? Would Oracle throw
in the towel and stop selling its datastandards far outweigh those derived
base for proprietary operating systems?
Would Amazon.com close its virtual
from open source. While the software
doors? Would governments cease critical services if they could not install an
development market has certainly
BY TYLE R J E N S E N
operating system without paying a
license fee for it?
benefited remarkably from open
The real question is where would we be without
open standards? Without HTTP there would be no
source, open standards and protocols such as
Amazon.com. Without TCP/IP there would be no
Internet. Without SMTP there would be no spam.
TCP, HTTP, and XML have made it possible for
Well, okay, maybe that would not be such a bad
thing. Without Ethernet there would be no LAN for 20
developers and software vendors to participate
bucks a node. Without XML there would be no easy
way for disparate systems to work together. Without
in the most rapid technological progression of
SOAP there would be no Web services. Without SSL
there would be no e-commerce. Without develophumanity in the history of the world.
ment language standards such as ANSI, C++, and
SQL 93, people like me would be lost in a sea of proithout question open source has
prietary languages and unique development tools.
been a boon to software developers. While you may not find many Indeed, without all of these open standards and
more, open source would be without purpose or
lines of Linux code in the propridirection, without a skeleton on which to build the
etary applications software sold
muscle and sinew that brings technology to life.
for systems running Linux and
Standards bodies such as ANSI, ISO, ECMA, W3C,
other operating systems, you will undoubtedly
and IEEE are the guardians and keepers of the techfind developers and software products that have
nological compacts that have made it possible for
benefited either directly or indirectly from the
us to leap from the punch cards of 40 years ago to
buoyant properties of the open source communiwhere we are today. Let us salute them and their
ty and its shared intellectual library of solutions to
many members who work tirelessly to the benefit of
common software development challenges.
us all. Because of their work, I can plug my computAn understanding of the underpinnings of the
er into an Ethernet jack anywhere in the world and
operating system and its source code levels the
be on the network. I can buy books from Amazon.
playing field for the applications market. This may
com securely with the browser software of my
even lead vendors of proprietary operating syschoice. And I can jump on the Internet with a wiretems, who also compete in the applications marless card in any one of thousands of locations
ket, to think twice before taking unfair advantage
across the globe to check my e-mail, chat with
of insider knowledge.
friends, post a letter to the editor, or just catch up
Despite the sizable contribution of open source to
on the news in my small rural hometown.
the world of technology, the assumption that open
source and Linux are responsible for an economic
LINUXWORLD MAGAZINE WWW.LINUXWORLD.COM
bonanza for those companies that have embraced
A B O UT TH E A UTH O R
them is questionable. One must ponder the possibility that HP would have sold $2.5 billion in hardware,
Involved in enterprise application architecture and
proprietary software, and services referred to as
development for over 10 years, Tyler Jensen is a
“Linux-based” with an alternative operating system
senior technical consultant in a large health
if Linux and the open source concept did not exist
intelligence company, designing and developing
because HP’s customers would have required those
claims processing and analysis software. In his spare
goods and services regardless of the existence of
time he does a little writing and outside consulting.
open source and Linux.
[email protected]
W
9
MAY 2004
CGL
Linux Gains
Momentum in Telecom
What do carrier grade environments
require from Linux?
OSDL’s Carrier Grade Linux working group is hard at work on an open source
BY
I B R A H I M
H A D D A D
Cluster Project (see references), which aims
to develop clustering services for Linux.
platform for the telecom industry. This article describes the goals, structure, and
CGL Subgroups
working groups of CGL; presents the CGL architecture; and provides an overview of
the CGL 2.0 requirements.
he Linux kernel does not meet telecom requirements in various areas,
including reliability, security, and
scalability. Open Source
Development Labs (OSDL) has
established the Carrier Grade Linux
(CGL) working group to specify and help
implement an open source platform targeted
for the communication industry that is highly
available, secure, scalable, and easily maintained. CGL is composed of several member
companies that are contributing to the
requirement definition of CGL, helping open
source projects to meet these requirements,
and in some cases starting new open source
projects such as the OSDL cluster project.
Many of the CGL member companies have
contributed technologies to open source to
allow the Linux kernel to be a viable option
for telecom platforms. For instance, Ericsson
has contributed the Telecom IPC, the
Asynchronous Event Mechanism, and the
T
Distributed Security Infrastructure. In parallel, Linux distributions such as MontaVista
are providing distributions based on the CGL
requirement definitions. As for deployment,
quite a few companies are evaluating, experimenting with, or deploying CGL.
CGL Working Group
Ibrahim Haddad, contributing editor of LWM,
is a researcher in the Research & Innovation
Unit at Ericsson Research in Montreal, Canada.
He contributed to Richard Petersen’s books,
Red Hat Linux Pocket Administrator and
Red Hat Enterprise Linux & Fedora Edition:
The Complete Reference (DVD Edition),
published by McGraw-Hill/Osborne. Ibrahim is
currently a Dr. Sc. Candidate at Concordia
University in Montreal.
[email protected]
Carrier Grade Linux (CGL) is a working
group in OSDL that was established in
January 2002. The group aims to enhance the
Linux operating system with carrier grade
characteristics; it is defining specifications for
an operating system with carrier grade characteristics as well as tools to support software
development for carrier grade systems.
CGL has the vision that next-generation
communication services can be delivered
using open standards and Linux-based platforms on carrier grade equipment. To
achieve this goal, the working group is defining the requirements and architecture for
the Carrier Grade Linux platform, upon
which commercial components and services
can be deployed.
As part of creating the requirements definition, the group is identifying existing
open source projects that support the
roadmap and implement required components and interfaces. When an open source
project does not exist to support a certain
requirement, OSDL CGL launches (or supports the launch of) new open source projects to implement missing components
and interfaces. One example is the OSDL
MAY 2004
10
A B O UT
TH E
A UTH O R
The CGL working group consists of three
distinct subgroups that work together:
Specifications, Proof-of-Concept, and
Validation. Explanations of the responsibilities of each subgroup follow.
• Specifications: The specifications subgroup is responsible for defining the
requirements that lead to enhancements
in the Linux operating system that are
useful for carrier grade implementations
and applications.
• Proof-of-Concept: This subgroup drives
the implementation and integration of
core carrier grade enhancements to
Linux as identified and prioritized by the
requirement document. The group is
also responsible for ensuring that integrated enhancements pass the Carrier
Grade Linux validation test suite and for
establishing and leading an open source
umbrella project to coordinate implementation and integration activities for
Carrier Grade Linux enhancements.
• Validation: This subgroup defines standard test environments for developing
validation suites. It develops validation
suites to ensure that all of the Carrier
Grade Linux requirements are covered.
CGL 2.0 Contributors
The key participants in the CGL working
group include:
• Network equipment providers: Alcatel,
Cisco, Ericsson, Fujitsu, Hitachi, and Nokia
• System integrators: HP, IBM, and Sun
• Platform providers: Intel and Force
Computers
• Linux distributors: MontaVista, Miracle
Linux, SUSE, and TurboLinux. CGL works
www.LinuxWorld.com
CGL
closely with Linux distributions to
ensure that CGL functionality is adopted
in their offerings.
As for new contributors to CGL 3.0, the
following companies have recently joined
OSDL in contributing to CGL: NTT,
WindRiver, TimeSys, and Ulticom.
Target CGL Applications
CGL 2.0
Requirements Definition
The requirements definition document of
CGL version 2.0 introduces new and
enhanced features to support Linux as a carrier grade platform. The complete requirements
document is available for download from the
OSDL Web site. It consists of 105 pages; the
following brief summary of the main categories should satisfy the impatient for now.
and provide special mechanisms at kernel
level to be used by telecom applications.
Standards
These requirements specify standards
that are required for compliance. Examples
of these standards include:
• Linux Standard Base
• POSIX Timer Interface
• POSIX Signal Interface
• POSIX Message Queue Interface
• POSIX Semaphore Interface
• IPv6 RFCs compliance
• IPsecv6 RFCs compliance
• MIPv6 RFCs compliance
• SNMP support
• POSIX threads
Clustering
These requirements support the use of
multiple carrier server systems to provide
higher levels of service availability through
redundant resources and recovery capabilities, and to provide a horizontally scaled environment supporting increased throughput.
Security
The security requirements are aimed at
maintaining a certain level of security while
not endangering the goals of high availability, performance, and scalability. The requirements support the use of additional security
mechanisms to protect the systems against
attacks from both the Internet and intranets,
Platform
OSDL CGL specifies requirements that
support interactions with the hardware
platforms making up carrier server systems.
Platform capabilities are not tied to a particular vendor’s implementation. Examples
of the platform requirements include:
• Hot insert: Supports hot-swap insertion
of hardware components
• Hot remove: Supports hot-swap removal
of hardware components
• Remote boot support: Supports remote
booting functionality
• Boot cycle detection: Supports detection
of reboot cycles due to recurring failures
Software Development Tools
The CGL working group has identified
three main categories of application areas
in which they expect the majority of applications implemented on CGL platforms to
fall.
• Gateways: Bridges between two different
technologies or administration domains.
A gateway processes a large number of
small messages received and transmitted
over a large number of physical interfaces. Gateways perform in a timely
manner, very close to hard real time.
• Signaling servers: These handle call control, session control, and radio recourse
control. Signaling servers require soft
real-time response capabilities and may
manage tens of thousands of simultaneous connections. A signaling server
application is context switch and memory intensive due to requirements for
quick switching and a capacity to manage large numbers of connections.
• Management servers: These handle traditional network management operations, as well as service and customer
management. Typically, management
applications are data and communication intensive.
Linux Requirements Definition, version
2.0 (CGL 2.0). This latest requirement
definition for next-generation Carrier
Grade Linux offers major advances in
security, high availability, and clustering.
Applications
Carrier Grade Linux Architecture
Figure 1 presents the scope of the CGL
working group, which covers two areas:
• Carrier Grade Linux: Various requirements, such as availability and scalability, are related to the CGL enhancements
to the operating system. Enhancements
may also be made to hardware interfaces, interfaces to the user level, or
application code and interfaces to development and debugging tools. In some
cases, to access the kernel services, userlevel library changes will be needed.
• Software development tools: These tools
will include debuggers and analyzers.
On October 9, 2003, OSDL announced
the availability of the OSDL Carrier Grade
MAY 2004
HA, Management,
and Services Middleware
Standard Interfaces
(LSB, POSIX...)
High Availability Interfaces
Service Interfaces
Linux Kernel with Carrier Grade Enhancements
Hardened Device Drivers
Hardware Configuration &
Management Interfaces
Co-Processor Interfaces
High Availability Hardware Platforms
FIGURE 1
CGL SCOPE AND ARCHITECTURE
12
www.LinuxWorld.com
CGL
• Diskless systems: Support for diskless
systems, which load and run applications via the network
• Support for remote access to event log
information
Performance
Availability
The availability requirements support
heightened availability of carrier server systems by improving the robustness of software components or by supporting recovery from failure of hardware or software.
Examples of these requirements include:
• RAID 1: Support for RAID 1 offers mirroring to provide duplicate sets of all
data on separate hard disks.
• Watchdog timer interface: Support for
watchdog timers to perform certain specified operations when timeouts occur.
• Support for disk and volume management: To allow grouping of disks into
volumes.
• Ethernet link aggregation and link
failover: Support bonding of multiple
NIC for bandwidth aggregation; also
provide automatic failover of IP addresses from one interface to another.
• Support for application heartbeat monitor: Monitor application availability
and functionality.
Serviceability
The serviceability requirements support
servicing and managing hardware and
software on carrier server systems. These
are wide-ranging requirements that, when
put together, help support the availability
of applications and the operating system.
Examples of these requirements include:
• Support for producing and storing kernel dumps
• Support for dynamic debug of the kernel
and running applications
• Support for platform signal handler,
enabling infrastructures to allow interrupts
generated by hardware errors to be logged
using the event-logging mechanism
OSDL CGL specifies the requirements
that support performance levels necessary
for the environments expected to be
encountered by carrier server systems.
Examples of these requirements include:
• Support for application (pre)loading
• Support for soft real-time performance
through configuring the scheduler to
provide soft real-time support with
latency of 10 ms
• Support for kernel preemption
• Raid 0 support to enhance performance
Scalability
These requirements support vertical and
horizontal scaling of carrier server systems,
such as the addition of hardware resources
for increased capacity.
Tools
The tools requirements provide capabilities to facilitate diagnosis. Examples of
these requirements include:
• Support for the usage of a kernel debugger
• Support for kernel dump analysis
• Support for debugging multithreaded
programs
CGL 3.0
CGL activities are providing momentum for
Linux in the telecom space, allowing it to be a
viable option to proprietary operating systems. The work on the OSDL CGL requirements, version 3.0, started in January 2004
with focus on the following requirement areas:
1. APIs/specifications/standards:
References to useful and necessary existing standards and interface specifications
2. Availability: Useful and necessary functionality for single-node availability and
recovery
3. Clustering: Useful and necessary components to build a clustered set of individual systems
4. Hardware: Useful and necessary hardware-specific support that affects the
expected carrier operating environment
5. Performance: Useful and necessary features that contribute to adequate performance of a system
6. Security: Useful and necessary features
for building secure systems
7. Serviceability and tools: Useful and necessary features for servicing and maintaining a system, and coverage of tools
that support this as well as support the
other sections
The official release of CGL 3.0 is expected
in October 2004.
Open Invitation to Participate
Linux with carrier grade characteristics
provides an essential building block that will
allow us to build open communication platforms. CGL is a community effort, based on
cooperation between companies and individuals, and participation is open to everyone. Please consider this as an invitation to
get involved in this effort and contribute to
the making of Linux as an alternative operating system for communication platforms.
Is this a step for Linux toward world
domination? Only time will tell...
LINUXWORLD MAGAZINE WWW.LINUXWORLD.COM
References
• OSDL: www.osdl.org
• CGL: www.osdl.org/lab_activities/
carrier_grade_linux
• MontaVista: www.mvista.com
• Open System Lab: www.linux.ericsson.ca
• TIPC: http://tipc.sourceforge.net
• AEM: http://aem.sourceforge.net
• DSI: http://disec.sourceforge.net
• Linux kernel: www.kernel.org
“CGL activities are providing momentum for
Linux in the telecom space, allowing it to be a
viable option to proprietary operating systems”
www.LinuxWorld.com
13
MAY 2004
Advertorial
GO-Global Solutions for Linux
Simple and affordable cross-platform application publishing
Applications
run on
Windows
Server
Applications
run on
Linux or
UNIX Server
The GO-Global® family from
Near-Zero-Footprint
Only display commands
GraphOn® is a fast, simple,
Network
Network
and mouse/keyboard
Clients
events are transmitted
affordable application publishing
GO-Global provides you with
over the network
and Web-enabling solution. Using
advanced, near-zero-footprint
advanced server-based computing
clients. You simply use a Java
technology and near-zero-footprint
applet, a browser plug-in, or a
clients, GO-Global enables easy,
tiny native client to run your
Linux or UNIX clients display
Windows clients display Linux
cross-platform application access
applications on any networkWindows application GUI
or UNIX application GUI
from anywhere in the world –
attached device.
regardless of connection, location
or platform. So now you can run Windows
Completing the Linux Desktop
Eliminating WTS and Citrix
programs on your Linux and UNIX clients –
GO-Global for Windows is the ideal complement
GO-Global for Windows eliminates the need
and Linux and UNIX programs on your
to Linux desktop environments. Now your
for additional infrastructure such as Windows
Windows clients – without modifying a single
Linux desktops have easy access to Windows
Terminal Services (WTS) or Citrix MetaFrame.
line of code or adding infrastructure such as
applications, including productivity tools such
And unlike WTS, multiple GO-Global sessions
Citrix, Windows Terminal Services, or local
as Microsoft Office.
can run with a single instance of the 32-bit
X Server software.
Windows subsystem.
Deploying Linux Applications
GO-Global for Windows
No Local X Server Software
GO-Global for UNIX makes it easy to deploy
■ Provides instant access to Windows
Linux and UNIX applications to your local,
Deploying, maintaining and managing X
applications from Linux and UNIX platforms,
remote and mobile users, regardless of their
Server-based applications can be costly and
while retaining 100% of the application’s
device, platform or operating system.
time-consuming. And the high bandwidth
features, functions and branding
requirements dictate a LAN connection. With
Increasing Efficiency
■ Provides Linux desktop users with familiar
GO-Global’s simplified, near-zero-footprint
The GO-Global family greatly increases your
clients, the X Server software runs only on the
productivity tools such as Microsoft Office
operational
efficiency.
With
highly
scalable,
server. So your organization saves time, money
■ Eliminates the need for Microsoft Windows
centralized
application
deployment,
the
ability
and IT resources.
Terminal Services, Citrix MetaFrame, or other
to
leverage
corporate
networks
and
the
Web,
infrastructure
The Invisible Solution
and easy cross-platform access, you’ll be able to
■ Publishes application GUI only, not the entire
reduce operating costs, lower bandwidth
GO-Global is invisible to your users. WebWindows desktop
consumption, and eliminate retraining and
enabled applications look and feel exactly the
■ Integrates fully with existing management
reengineering costs. What’s more, GO-Global
same as natively running applications. And as an
publishes only the application’s user interface
ISV or an enterprise, you can private label the
infrastructure
across the network, not the entire desktop. This
solution to promote your own branding.
GO-Global for UNIX
greatly improves speed and performance.
For More Information
■ Provides instant access to Linux and UNIX
The Secure Solution
Call GraphOn at 1.800.GRAPHON or visit
applications from any PC or device, while
Unlike distributed applications, with GO-Global’s www.graphon.com/linux
retaining 100% of the application’s features,
unique architecture your applications and
functions and branding
mission-critical data remain secure on the server
■ Eliminates the need for local X Server software
behind your corporate firewall. Only the
■ Maximizes investments in existing Linux and
application’s user interface is transmitted to
UNIX applications, eliminating the need for
your remote devices. All transmissions are
rewrites or add-ons
fully encrypted, with GO-Global for UNIX
Access to Applications Anywhere.
■ Publishes application GUI only, not the entire
supporting Secure Socket Layer (SSL)
technology.
www.graphon.com/linux
Linux or UNIX desktop
W
I
N
D
O
W
S
A
N
D
L
I
N
U
X
I
N
Linux on your
office desktop.
T
E
G
R
A
T
I
O
N
Office on your
Linux desktop.
®
Good Move.
Genius Move.
GO-Global makes it easy to run MS Office (or any other Windows applications) on your Linux desktop.
Linux on your desktop is a great idea. An even better idea is the ability to instantly access your favorite
Windows® programs. GO-Global® from GraphOn® is a fast, simple, affordable application publishing and
Web-enabling solution. Using advanced server-based computing technology and near-zero-footprint clients,
GO-Global enables application access from anywhere in the world – regardless of connection, location or
platform. So now you can finally run Windows programs on your Linux and UNIX clients. And UNIX
and Linux programs on your Windows clients. All without modifying a single line of code – or adding infrastructure such as Citrix,® Windows Terminal Services, or local X Server software. To download your free
trial, visit www.graphon.com/linux or call 1.800.GRAPHON. Then you’ll be the one they call a genius.
Access to Applications Anywhere.
© 2004 GraphOn Corp. All rights reserved. GraphOn, the GO logo, and GO-Global are trademarks or registered trademarks of GraphOn Corporation. Citrix is a registered trademark of Citrix Systems. Windows and Office are registered trademark of Microsoft Corporation. All other trademarks belong to their respective owners.
W
W
W .
G
R
A
P
H
O
N
.
C
O
M
/
L
I
N
U
X
VIRTUALIZATION
The Functionality
of the Future Is Here
With the advent of Linux and clustered blade servers,
distributed virtual computing has become a reality
Computing virtualization is a popular term these days, but the concept is far
from new. Back in the sixties, Star Trek’s Captain Kirk had the ideal virtual computer.
Aboard ship, he called out his question or command and the computer responded.
He never had to tell it which drive to access, which application to load, or what
routing to take when he wanted to see something up on screen. And he never
worried about where or how the computer did its job.
ack when Gene Roddenberry created that show, such a computer
probably seemed far-fetched. But
while no one can say when someone will discover transporters,
warp drives, or dilithium crystals,
virtual computing is becoming a reality. The
combination of the Linux operating system
with clustered blade servers means that distributed virtual computing is fast becoming
a means of high-performance, always available, ubiquitous computing.
B
“virtualized environments” in which all
resources are available in parallel to any
other resource in a compute area network.
In the mid-sixties the Massachusetts
Institute of Technology (MIT) developed
what was known as CP-67 and later evolved
into IBM’s Virtual Machine Architecture. It
A New Model
BY
S A M
G R E E N B L AT T
technical issue; it was also a financial one.
The key was to reduce the cost of administration, the network, storage, software, and
hardware. Doing this would free up money
for companies to spend on the new applications that they needed.
Now, with the advent of Linux and clustered blade servers, distributed virtual
computing has become a reality. This architecture leverages resource virtualization,
bringing together both the manageability of
centralized infrastructure and the flexibility
of compute area networks.
This concept goes by many different
names. Computer Associates calls it
Management On Demand, Hewlett-Packard
uses the term Utility Computing, IBM calls
it On Demand, and at Sun Microsystems it’s
Grid Computing. Whatever name you prefer to use, they all describe the ability of
enterprises to deploy resources when and
where needed. Rather than the old paradigm where the users send the work to a
particular resource, under the new model,
the resources move to where the work is.
The Technology Trio
Since the inception of the modern-day
computing model we have strived to create
Sam Greenblatt, senior vice president and
chief architect for CA’s Linux Technology
Group, is responsible for the company’s
cross-brand integration of Linux technology.
He joined CA in 1994 and has held senior
management positions in cross-platform
product strategy and development. Prior to
CA, Sam was chief technology officer and vice
president of research and development
at Candle Corporation. He has also held
management positions at ARCO, Commodore
International, and Arthur Andersen.
[email protected]
was an excellent architecture for provisioning a large set of resources centralized in a
single processor. This model reduced the
cost of infrastructure by centralizing
administration while distributing resources.
But while the virtual machine architecture works great for mainframe computing,
it did not lend itself to the complexity of
services that were required for a distributed
computing environment. So, for the next 40
years the search was on for a way to make
the virtual paradigm available within a distributed environment. This was not just a
Creating such a network is not a hardware problem – enterprises already have
plenty of that. They spend fortunes on idle
CPUs, empty disks, and unused bandwidth
just to make sure that any server or connection can handle that random peak load that
might come its way. Instead virtual computing poses a management problem –
how to continually reallocate resources for
maximum effect. On Demand computing
breaks the lock that any single device has
on the ability to provide a service. Strength
is then measured not by a component’s
specifications, but by the power of the
entire network. This requires a new level of
management capability.
MAY 2004
16
www.LinuxWorld.com
A B O UT
TH E
A UTH O R
NOT
NOT
NOT
NOT
NOT
NEW
EXCITING
COMPLEX
IMPROVED
FLASHY
(proven)
(no surprises)
(easy to install, configure)
(same consistent technology)
(just plain works)
For more than 20 years, Comtrol has delivered consistent, reliable device connectivity
technology without a lot of marketing hype.
Look to the serial device networking specialists for multiport and multimodem
expansion cards, USB-connected multiport serial hubs, and
Ethernet-attached device and application servers.
For free phone consultation contact Comtrol today.
w w w. c o m t r o l . c o m
800-926-6876
Products manufactured and supported in the U.S.A.
© 2004 by Comtrol Corp. All rights reserved.
VIRTUALIZATION
Computer Associates, like other management software companies, has redefined the reality and economics of On
Demand. Using management software on
top of Linux can reduce both capital and
operational costs. Also, management of
Linux optimizes the availability of every
application on multiple platforms. This is
done by creating a complete family of software that exploits Linux clustering technology, network technology, and storage
subsystems. It gives enterprises the ability
to dynamically provision the compute area
network.
Creating such a network requires the
technology trio of storage virtualization,
network virtualization, and finally, compute virtualization.
Compute Virtualization
The Management Evolution
Compute virtualization is the third component necessary to effectively achieve scaling,
whereby rather than having a predetermined
set of processors assigned to a particular user
or task, the system dynamically assigns
processors, bringing additional power to a
process through the use of clustering technology. An “enterprise workload dispatcher”
routes work based upon resources and utilization. This requires the ability to monitor
the resource utilization of a transaction and
correlate it to its service level.
These three components are the foundation for managing virtual computing.
A virtualized Linux environment is a
breakthrough in hardware and software
built for scalable applications, but it only
works when overseen by enterprise-class
tools offering functions such as load balancing, security, storage, and database
management in a virtualized environment.
Being able to dynamically provision a
user’s resources and security will drive the
utilization rate from the current low of 20%
up to a high 90% range. The ability to
dynamically shift processors to the work
means a business no longer has to buy significant excess peak capacity. With dynamic
provisioning of a compute area network,
providing new servers can be achieved in
minutes and new processors are then placed
in a pool. This enables businesses to focus
on the scale of applications that previously
were neither economic nor plausible.
Computer Associates, along with other
vendors, is providing the management
infrastructure which sits above the virtualized environment and enables the evolution in enterprise-class computing. These
virtualization toolsets completely aggregate
processing, storage, and networking into
resource pools that are allocated based
upon workload. The tools encompass IP
and storage networking, clustering, load
balancing, hardware failover, management
consoles, and secure partitioning.
Virtualization replaces static, physical
hardware with dynamic software equivalents.
A server is no longer dedicated to individual
applications, and services are not tied to specific hardware or network paths. Virtualization software automatically reprovisions and
reallocates resources based on service-levels
required to meet business requirements. It
provides adaptable, high-quality services at a
lower total cost of ownership since it prevents resource overprovisioning.
With the management tools in place,
administrators can move to a higher level of
resource management. It is no longer a matter of just dealing with boxes and their interconnections. Instead the job evolves into
one of strategically administering services
through a geographically dispersed set of
computing resources running homogeneous
platforms such as Linux. And that moves us
one step closer to the level of functionality
enjoyed by Captain Kirk and the Starship
Enterprise.
Enter the Penguin
Network virtualization drives storage virtualization by providing a multi–point-topoint connection that enables any system
to access any storage at any point on the
network. In Linux, the virtualization is realized through virtual servers using technology such as bonded dual nets and routed
mesh networks. Balancing the network traffic requires a heuristic approach based on
service levels. With network virtualization,
administrators are able to prioritize service
levels within a domain or within a system
of the enterprise.
Virtualization answers questions about utilization of the enterprise infrastructure, and
the fact that infrastructure is unresponsive to
changes in the environment. An underutilized
and unresponsive infrastructure seriously
impacts quality of service, which then
impacts the bottom line. Linux helps reduce
infrastructure complexity – the Linux platform delivers a common denominator that
can run on multiple platforms and enables a
view of Linux clusters as a single system.
Virtualization with Linux drives toward having the resources from all enterprise data centers appear within a single resource pool. That
pool can then be utilized in projects based on
business requirements. The resources allocated to projects are determined by policy-driven services that intelligently monitor and
manage the overall computing environment.
The architecture requires that the environment be broken down into provisioning, policy-driven business initiatives, automation,
and use of resources directly derived from
these areas. Hiding the complexity of the
network, storage, processor, database, Web
applications, and host-based applications is
critical to creating this environment. The
ability to connect all these pieces is mandatory in order to translate a unit of work within a business process to the enterprise.
The architecture enables both high availability and security. Using Linux projects
such as Beowulf, Cplant, Paris, Linux High
Availability, and Linux Virtual Server creates
this new platform. CA is currently developing
the infrastructure to manage the clustered
environment, which will enable companies
to use blades or enterprise servers such as
Egenera Blade Frame and IBM z to leverage
Linux for mission-critical applications.
MAY 2004
18
Storage Virtualization
Companies are looking for an end-toend storage solution that has the ability to
provision within the context of the complete system – including resources external
to the enterprise. That’s not how it is done
today. Today storage is generally provisioned on a per-user basis, without considering application usage or placement within the network. A better approach is to provision based on context rather than require
a Storage Area Network or a rigid file system. This can be done using a database or
metadata approach incorporating Storage
Networking Industry Association (SNIA)
standards for interoperability and storage
management. This approach is necessary
to realize such an end-to-end solution in
which storage resource management
extends beyond the virtualization concept
and into the area of analyzing the utilization of storage across the network, the
transaction, and the users.
Network Virtualization
LINUXWORLD MAGAZINE WWW.LINUXWORLD.COM
www.LinuxWorld.com
Now, Raritan
gives the
serial world
complete
control.
© 2004 Raritan Computer, Inc.
TM
The New Dominion SX Secure Console Server.
If you can access the Internet, you can control everything, both near and far. No extra client software. No server software.
Just secure and convenient access from a JavaTM – enabled browser, delivering secure console access and direct command
line control of every device.
Everything you expect in an enterprise-class secure console server, plus advanced features that you don’t always find:
128-bit SSL security with RC4 encryption, custom TCL scripting for streamlined
administration, and an integrated modem for complete network independence.
Available with 4, 8, 16 or 32 ports. And like every Raritan product, it provides the
flexibility to be deployed individually or integrated in an enterprise-wide data
center management solution.
Schedule an Online Demo from
your desktop and get a FREE
USB Memory Stick key chain.
call1-800-724-8090 x902
or visit www.raritan.com/902
DR. MIGRATION
Guide to Linux on the
Business Desktop Part 2 of 3
Adventures in laptop shopping
BY
In Part 1 of this series (LWM Vol. 2, issue 4), Dr. Migration analyzed some
M A R K
R.
H I N KL E
for you. This month, he takes a look at some of the major vendors’ Linux desktop
core business – no matter what it is.
People ranging from PR representatives
to insurance claims processors to tractor
suppliers have contacted me for advice
on Linux solutions.
offerings and begins to explore the Linux laptop.
Name-Brand PC Manufacturers
common Linux distributions with the goal of helping you figure out which is right
Many of the large manufacturers of
laptops have been advertising their
Linux offerings during sporting events
and a variety of other venues. Their
apparent intent is to make you aware of
Linux as a server offering, not a desktop
solution. Linux servers on Intel hardware
are without a doubt a robust and costeffective solution. However, when you try
to find a Linux desktop, or harder still, a
laptop available from these same manufacturers, you may have quite an adventure. This is disheartening; as they’re
pushing Linux servers out the door at an
increasingly fast pace, their desktop
offerings lack the options that many of
us would like when purchasing a PC. I
know that many of you have bought
these companies’ products for years and
have extra power supplies, docking stations, and possibly even a relationship
with their support organizations.
However, the ability of large, namebrand manufacturers to service the Linux
desktop doesn’t meet the standards set
for their commercial OS offerings. I find
that name-brand PC manufacturers are
not supporting Linux on the desktop and
laptop at the level at which they support
the server. Here’s a quick synopsis of
where they stand.
have been a loyal consumer of desktop PCs, laptops, and servers from
one vendor for almost 10 years. As I
started my search for Linux PC manufacturers, I looked for a vendor to
supply me with not only a Linux
solution, but one that they could support
with the same level of competence that
I’ve come to rely on for commercial operating systems like Windows (I realize that
this may not be a good thing for those who
have received Windows support).
I also thought about those of you who
read LinuxWorld Magazine and send me
correspondence regarding problems running Linux – correspondence that indicates that there are sophisticated users
who may or may not have a technical
aptitude. My indication is that LWM
readers are a mobile workforce who rely
heavily on PCs, and they don’t always
have the ability to fix their IT problems
without some assistance. With this in
mind I tried to find a group of solutions
to address these needs. Ideally, you
should have reliable supply channels and
receive quality technical support, and do
so with minimal interruption to your
I
A B O UT
TH E
A UTH O R
Mark Hinkle, desktop technologies editor of
LinuxWorld Magazine, is vice president of
operations for NeTraverse, a Linux software
company that specializes in Windows-to-Linux
migration. Mark is on the Formation Board of
the Desktop Linux Consortium.
[email protected]
MAY 2004
Dell
Based on my conversations with Dell
representatives, they have little to offer in
pre-installed Linux distributions. For large
clients they will gladly preload anything
you like onto the PCs, as those of you par-
20
www.LinuxWorld.com
DR. MIGRATION
“Fortunately, as Linux gains popularity,
a growing number of quality vendors cater
to the Linux crowd”
ticipating in those programs probably
already know. The rest of us may want to
look at their FreeDOS (www.freedos.org)
offering, which is their solution for those of
us who don’t want Windows installed on
our PCs. The Dell n-Series features select
popular models from the Dimension,
OptiPlex, and Precision desktop lines sold
without a Microsoft operating system. Dell
has also started to acknowledge the
demand for Linux by creating a community
site that provides a forum to discuss running Linux on Dell (http://linux. dell.com).
There are resources on this Web site for all
manners of desktops, laptops, and servers
running Linux, but the bottom line seems
to be that if you want to run Linux on a Dell
desktop or laptop, you may have to supply
some of the expertise yourself.
HP
HP has made some recent positive
announcements regarding the availability
of Linux PCs. In addition, they have published a Linux client matrix (www.hp.com/
wwsolutions/linux/products/clients/client
scert.html#compaqlaptops). This details
the models that support Linux and the various distributions that are HP supported
and Linux-vendor supported, and those
models that have future Linux support
plans. Of the large name-brand PC manufacturers, your best bet for finding PCs with
manufacturer support is HP.
IBM
Despite IBM’s commitment to Linux on the
server, they have yet to show a significant
commitment to a PC or laptop offering,
though IBM’s ThinkPad series is one of the
most popular laptops among the Linux user
community. We hope to see some laptop offerings pre-installed with Linux in the future, but
at the time of this writing there are none.
Overall, the name-brand PC manufactur-
MAY 2004
ers offer great customizable hardware solutions but do not offer a broad range of
Linux desktop solutions. If you’re not able
to provide substantial Linux expertise yourself, you should look at the following Linuxoriented vendors.
Linux-Oriented Vendors
Since the demand for Linux on the desktop is dwarfed by the demand for Windows
on the x86 desktop, your ability to find a
desktop Linux business solution from a
name-brand manufacturer may be limited
Product Review: EmperorLinux
www.emperorlinux.com
In my search for the ultimate Linux desktop replacement or high-performance laptop, I
turned to the folks at EmperorLinux, located in Atlanta, Georgia. EmperorLinux supplied me with
their version of the cutting-edge Dell Latitude D800 rebranded by Emperor as the Rhino
(www.emperorlinux.com/ rhino.php). What’s appealing to me is being able to acquire a laptop
from a hardware vendor I trust (Dell), without the hassle of installing Linux and finding the
appropriate patches and support for all the devices that the laptop is equipped with.
EmperorLinux is a unique vendor in the sense that they focus on providing solutions from vendors including Sharp, Dell, IBM, and Sony, but these are tailored to the Linux user market.
EmperorLinux has been in business for more than four years, with steady growth as the demand
for Linux, and especially Linux laptops, has grown. Lincoln Durey and the crew have built a
strong following. Not only does the EmperorLinux staff supply a fully installed Linux laptop complete with patches for power management and support for wireless access, they also offer their
own Linux distribution, EmperorLinux (based on Fedora Core 1), which is designed with the
mobile Linux user in mind. I was fortunate enough to receive a top-of-the-line laptop
with Fedora Linux installed as well as the EmperorLinux Care Package (www.emperorlinux.com/
care_package.php). I also asked that it be installed, which you might like if you’re migrating
from Windows to Linux (after all, I am Dr. Migration).
The configuration was a dual-boot Windows XP and Fedora Core 1 Linux configuration with a FAT32
data partition. This may not seem very Linux-centric, but I felt that if I was going to continue to look
at the migration path between operating systems, I would have to continue to compare migration
strategies between the two operating systems. Also, as many of you who already own laptops know, the
migration of data and applications is going to be the key factor in your Linux success. A bridge
between the two operating systems is critical.
My initial experiences with my laptop from EmperorLinux have been positive. The staff took my
order and helped me decide which configuration would best serve my needs. Calls to inquire about my
laptop were always answered in the first couple of rings, often by EmperorLinux’s president Lincoln
Durey. After processing my order I received confirmation of the PC and upon shipping I was sent status to track my PC – all the same things I would expect of large PC vendors (even though the tagline
at the bottom of the invoice noted that it was generated while the author lay in a hammock listening
to MP3s). Finally, when I did receive the laptop, it included a comprehensive guide outlining the steps
to take to install and set up my laptop. I thought this was a nice touch, and by following these steps
I was up and running in less than 15 minutes. That’s a feat for any new PC, let alone one as complex
as the Rhino laptop. Overall, my experience so far has been excellent; next month’s article will be
more detailed as I tweak the laptop for business use. I encourage you to check next month’s issue for
the update and for more information about EmperorLinux and my adventure with the Rhino.
22
www.LinuxWorld.com
June 28–
July 1, 2004
Everywhere starts here
Moscone Center
San Francisco, CA
JavaTM technology is everywhere, improving the digital experience
for everyone. It all starts at the JavaOneSM conference, your
source for cutting-edge knowledge and proven solutions.
Discover from the experts how to deploy Web services and connect the world securely; you’ll learn to code simpler and faster,
and bring higher efficiency and profitability to your business.
Save $200! Register by May 31, 2004,
and receive the Early-Bird price for the full
Conference package. Registration code: ADCUZKND
Join James Gosling, the father of the Java Programming Language
Register at
java.sun.com/javaone/sf
Sponsored by
Produced by
Copyright © 2004 Sun Microsystems, Inc. All rights reserved. JO040051. Sun, Sun Microsystems, the Sun logo, Java, the Java Coffee Cup logo, JavaOne, the JavaOne logo, Java
Developer Conference, all Java-based marks and logos, and J2SE are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries.
The JavaOne conference offers hundreds of in-depth technical
sessions in:
Topic 1—The Foundations: Core J2SETM Technologies
Topic 2—Core Enterprise Technologies
Topic 3—JavaTM Technology on the Desktop
Topic 4—Java Technology for the Web
Topic 5—Java Technology for Mobility
Topic 6—Dissecting the Implementation: Solutions
Topic 7—Intriguing and Unexpected: “New and Cool”
DR. MIGRATION
at best. But for smaller specialty vendors,
Linux desktops and laptops are becoming
viable. The number of Linux desktop suppliers is too great to mention them all, but
notables are Linare (www.linare.com),
Microtel’s offering available with
LindowsOS (www.lindows. com, available
from www.walmart.com), and CPU
Builders by Stratitec (www.cpu builders.
com, see my review of their Linux PCs in
the January issue of LinuxWorld Magazine).
Fortunately, as Linux gains popularity, a
growing number of quality vendors cater
to the Linux crowd. The problem they’re
beginning to solve is this: the tech-savvy
Linux crowd is often mobile and in need of
a laptop solution. None of the name-brand
vendors offers a robust solution in this
arena. The remainder of this article focuses
on helping those who want to convert to
Linux find the high-performance products
they need.
Desktop Replacement
Laptop Vendors
linux.com) offers name-brand laptops
rebranded and optimized for Linux.
EmperorLinux supplies laptops from
Sony, Dell, IBM, and Sharp. They stand
behind their products in conjunction
with the manufacturer, so your security
when buying one of their laptops is doubled. In addition to a guarantee, they
offer a dedication to service and a great
deal of technical expertise. Their customized Linux kernel (the empkernel),
which is optimized for mobile computing, solves many of the problems that
Linux laptop users face when installing
their first Linux distribution on a laptop
(the kernel includes the appropriate
patches and drivers for the hardware
they ship and solves the problems
associated with customizing standard
Linux distributions). Extensive testing
from EmperorLinux makes it possible
for them to provide a high-quality
business-class laptop.
LinuxCertified –
Training and a Free Laptop
In my quest for a good desktop replacement laptop I had a hard time finding a
hearty solution. I did find many offerings,
but they seemed to be limited in terms of
features and offered very little in the way of
support. I was hard pressed to find a range
of laptops from one vendor that comprises
the entry-level notebook as well as the
desktop replacement. And in the age
of the superstore that wants to service your
every need, I found there’s still room for the
mom-and-pop shop, or the guy who’s big
enough to meet your needs but small
enough to react to your specific requests.
That’s why I was pleased to find Lincoln
Durey and the folks at EmperorLinux, the
offerings from Chander Kant at LinuxCertified, and Tadpole Computers’ Sun Java
Desktop–equipped Talin.
Chander Kant started LinuxCertified
(www.linuxcertified.com) to serve the need
for Linux training. LinuxCertified initially
found that supplying a Linux laptop (refurbished IBM ThinkPad) to their students
allowed the students to get more out of the
class and provided the opportunity for longterm hands-on experience. The result of this
is a very successful training company and a
core of Linux laptop customers looking for
more in the way of a Linux laptop supplier.
Chander decided to investigate producing
their own laptops optimized for Linux; now
Linux laptops are LinuxCertified’s most
profitable business. Also, LinuxCertified will
be glad to customize your Linux laptop to
your specifications or supply other customized installation services.
EmperorLinux – Name-Brand Laptops
Optimized for Linux
Tadpole – Engineering Laptops Powered
by the Sun Java Desktop System
EmperorLinux (www.emperor
Unix laptop maker Tadpole (www.tad
polecomputer.com) has recently
thrown their hat in the ring with
their Talin notebook running Sun’s
Java Desktop. The makers of the Talin
are experienced Unix laptop providers
who already have a track record in
that market and hope to make a
splash as a Linux laptop provider.
While they have a relatively limited
offering, they do have the expertise in
the *nix space that should make them
successful.
The Verdict
It’s only a matter of time until Linux
on the desktop becomes pervasive,
but as we wait for that day, there are
some very high-quality vendors addressing the current needs of the Linux
desktop PC/laptop market.
I use Linux on my laptop every day
and am always looking for hardware
that can keep up with the optimizations
offered by the ever-advancing Linux OS.
The vendors highlighted in this article
are good places to start when searching
for Linux desktops. I encourage you to
speak with as many as you can to find
the right fit for your company. Also, if
you want to find out more about your
existing laptop compatibility or other
tips and tricks for Linux on the laptop,
visit www.linux-laptop.net. Now that
I’ve explored the options for hardware
and operating systems, I encourage
you to tune in to next month’s edition
of “Dr. Migration,” which will be dedicated to software and the tuning of
your desktop Linux setup. I’m very
excited to share with you how I’ll be
tweaking my brand new EmperorLinux Rhino to provide an example
of how a former Windows user can
migrate to Linux with confidence –
and have an experience that’s just as
good, if not better, than what they
experience today.
LINUXWORLD MAGAZINE WWW.LINUXWORLD.COM
“It’s only a matter of time until Linux on the
desktop becomes pervasive”
MAY 2004
24
www.LinuxWorld.com
TELECOM
MOVING TOWARD
Meet tomorrow’s requirements
with today’s technologies
OPEN
PLATFORMS
This article explores the recent trend toward open telecom platform solutions as
proposed by three key industry consortia – PICMG, OSDL, and the SA Forum – working in
the areas of highly available hardware, middleware, and carrier grade operating systems.
Introduction
BY
I B R A H I M
A B O UT
TH E
H A D D A D
A UTH O R
Ibrahim Haddad, contributing editor of LWM,
is a researcher in the Research & Innovation
Unit at Ericsson Research in Montreal, Canada.
He contributed to Richard Petersen’s books
Red Hat Linux Pocket Administrator and
Red Hat Enterprise Linux & Fedora Edition:
The Complete Reference (DVD edition),
published by McGraw-Hill/Osborne.
Ibrahim is currently a Dr. Sc. Candidate
at Concordia University in Montreal.
[email protected]
MAY 2004
Traditionally, communications and data
service networks were built on proprietary
platforms that had to meet very specific
availability, reliability, performance, and
service response time requirements. Now,
communications service providers are challenged to cost effectively meet their needs
for new architectures, new services, and
increased bandwidth, all while maintaining
highly available, scalable, secure, and reliable systems that have predictable performance and are easy to maintain and upgrade.
The demand for rich media and enhanced
communications services is leading to significant changes in the communications
industry, such as the convergence of data
and voice technologies. The transition to
packet-based, converged, multiservice IP
networks requires a carrier grade infrastructure based on interoperable hardware and
software building blocks, management middleware, and applications, all implemented
with standard interfaces (see Figure 1).
26
Meeting
Tomorrow’s Requirements
One frequently asked question is: How
can we meet tomorrow’s requirements
using existing infrastructures and technologies? Proprietary platforms are closed
systems; they are expensive to develop
and often lack the support of the current
and upcoming standards.
The current trend is to deliver nextgeneration multimedia communication
services using open standard, carrier
grade platforms. A uniform, open software environment with the characteristics
demanded by telecom applications, combined with commercial off-the-shelf software and hardware components, is a necessary part of these new architectures.
Open platforms are expected to reduce
the costs and risks of developing and
delivering rich media and enhanced
telecommunications services, enable
faster time to market, and ensure portability and interoperability.
www.LinuxWorld.com
TELECOM
Open and Standardized Solutions
There are many forces motivating the
migration toward open and standardized
platforms, all of which are designed and
implemented using commercial off-the-shelf
software and hardware components as building blocks. Such motivations include lower
costs, better interoperability with third-party
software, and faster time to market.
Three key industry consortia are defining
hardware and software high-availability
specifications that are directly related to
telecom platforms:
• The PCI Industrial Computer Manufacturers Group (PICMG) defines
standards for high-availability
hardware.
• Open Source Development Labs
(OSDL) has a Carrier Grade Linux
(CGL) working group defining specifications for an operating system with
carrier grade characteristics and tools
to support the software development
for carrier grade systems.
• The Service Availability Forum (SA Forum)
defines the interfaces of the middleware
and focuses on APIs for hardware platform
management and for application failover in
the application API. SA-compliant middleware provides services to an application
that needs to be highly available in a
portable way. The middleware is responsible for the management of the system components, including the application components, to ensure that the application qualifies to be highly available.
Figure 2 illustrates a generic platform
architecture. Throughout this article, I use
this architecture to point to the blocks that
are being specified by the different consortia.
Service & Application Layer
Proprietary Middleware
“The demand for rich media and
enhanced communications services
is leading to significant changes
in the communications industry”
PCI Industrial Computer
Manufacturers Group
PICMG is a consortium of more than 600
companies who collaboratively develop
specifications for high-performance
telecommunications and industrial computing applications (see Figure 3). The goal
of PICMG is to offer equipment vendors
common specifications, thereby increasing
availability and reducing costs and time to
market.
PICMG has developed the specifications
for the next-generation of telecommunications equipment, called Advanced
Telecommunications Computing
Architecture (AdvancedTCA), with a new
form factor and based on switched-fabric
architectures. The AdvancedTCA effort
began early in 2001 with a small working
group outside of PICMG (the Santa Barbara
group) who determined the need for “an
open platform standard that meets the
needs of telecom infrastructure equipment
for the next ten years.” The initial group
included a cross section of industry interests, including both telecom and computer
companies. In November 2001, the Santa
From proprietary
solutions to open
and standardized
solutions
Service & Application Layer
Service Availability Forum APIs
Service Availability Forum
Compliant Middleware
Proprietary Operating Middleware
OSDL Carrier Grade Linux
Operating System
Proprietary Hardware
PICMG AdvancedTCA
FIGURE 1
FROM PROPRIETARY SOLUTIONS TO OPEN SOLUTIONS
www.LinuxWorld.com
27
Barbara group turned its groundwork over to
the PICMG organization, which kicked off
the development of the PICMG 3.x series of
specifications.
The focus of the AdvancedTCA work within PICMG was to define a telecom hardware
platform. While the AdvancedTCA platform
may be useful in other contexts, all necessary tradeoffs were made in favor of the telecom industry requirements. The working
group wanted to provide a structured growth
path for the next decade or more. As a result,
AdvancedTCA supports multiple switch fabrics while maintaining standard mechanics,
backplane, system management, power distribution, and cooling.
AdvancedTCA is defined by a set of specifications: a base specification that includes
a common backplane and separate fabric
specifications that detail how specific
switch fabrics can be implemented on the
standard backplane. Since the summer of
2003, a complete set of specifications and a
number of products have gone through
interoperability testing.
The full range of specifications
includes:
• PICMG 3.0: The AdvancedTCA base
specification master document; it
defines everything with the exception of
the implementation of specific switch
fabrics.
• PICMG 3.2: Defines 1 and 10 Gigabit
Ethernet fabrics and an option for Fiber
Channel.
• PICMG 3.2: Defines how to build systems using InfiniBand switch fabrics.
• PICMG 3.3: Defines how to build systems using StarFabric switch fabrics.
• PICMG 3.4: Defines the use of PCI
Express Advanced Switching.
• PICMG 3.5: Defines the use of RapidIO
on the AdvancedTCA backplane.
MAY 2004
TELECOM
ATCA technology, most hardware is interoperable and the mechanicals, software, pin
assignments, and so on, are all defined specifications. This is not the case when trying to
mix and match with proprietary systems.
Proprietary solutions can often handle the
higher speeds, but they have disadvantages,
such as the high cost of prototyping and
low- to medium-volume production. In
comparison, ATCA offers open standards
with dozens of vendors, ensuring competitive pricing. Compatibility is an important
issue. With an entire community serving the
Open Source Development Labs
OSDL is a nonprofit organization founded in 2000 to accelerate the growth and
adoption of Linux in the enterprise. It is
sponsored and supported by a several IT
and telecom industry leaders and provides
state-of the-art computing and test facilities in the United States and Japan to developers from around the world.
OSDL has two working groups:
1. Data Center working group: This working group was established in August
2002 to develop the roadmap for Linux
platform software that supports commercial software products and corporate
IT requirements, enabling developers to
create Linux-based solutions for the
data center market segment.
2. Carrier Grade Linux (CGL) working
group: This working group was established
in January 2002 with the goal of enhancing
the Linux operating system to achieve an
open source platform that is highly available, secure, scalable, easily maintained,
and suitable for carrier grade systems.
3. Desktop Linux working group:
Announced on January 20, 2004, this is
the latest initiative from OSDL. The working group will be focusing on greater use
Software Development Tools
Applications
High Availability Management
and Services Middleware
Linux Kernel with Carrier Grade Enhancements
High Availability Hardware Platforms
FIGURE 2
A GENERIC PLATFORM ARCHITECTURE
Software Development Tools
Applications
High Availability Management
and Services Middleware
Linux Kernel with Carrier Grade Enhancements
High Availability Hardware Platforms
Scope of the PICMG
FIGURE 3
SCOPE OF PICMG
LINUX KERNEL DEVELOPMENT PROCESS
PRODUCTION
KERNEL
MARKETPLACE
SOURCE
CODE
SOURCE
CODE
CONTRIBUTORS
SUBSYSTEM
MAINTAINERS
FIGURE 4
2003 Open Source Development Labs
©Verbatim
copying of this document is permitted
in any medium, provided this notice is included
OPEN DEVELOPMENT PROCESS AND PEER REVIEW
MAY 2004
Motivations for Linux
Why consider Linux as a potential
replacement for proprietary operating systems in carrier grade systems? Several factors motivate the use and deployment of
Linux on carrier grade systems. These motivations include:
• Cost: Linux is available free of charge in
the form of a downloadable package
from the Internet.
• Availability of source code: With Linux,
you gain full access to the source code,
allowing you to tailor the kernel to your
needs.
• Open development process: The development process of the kernel is open to
anyone to participate and contribute.
The process is based on the concept of
“release early, release often.”
• Peer review and testing resources: With
access to the source code, people using a
wide variety of platforms, operating systems, and compiler combinations can
compile, link, and run the code on their
systems to test for portability, compatibility and bugs.
• Vendor independent: With Linux, you no
longer have to be locked into a specific
vendor. Linux is supported on multiple
platforms.
• High innovation rate: New features are
usually implemented on Linux before
they are available on commercial or proprietary systems.
Other contributing factors include Linux’s
support for a broad range of processors and
peripherals, the availability of commercial
support, its high performance networking,
and the proven record of being a stable, and
reliable server platform. Figure 4 illustrates
the Linux kernel development process.
Carrier Grade Linux Architecture
DEVELOPMENT
KERNEL
Ongoing peer review of code
Continuously available online
for public review
of Linux on desktops throughout the
enterprise. The goal with this initiative is
to create a forum where a range of desktop usage models can be studied, with
recommendations on improvements to
encourage broader adoption of Linux.
28
The CGL working group has identified
three main application areas that will run on
CGL platforms: gateways, signaling, and
management servers. The CGL working group
will focus initially on Linux platform requirements to support applications in these areas.
www.LinuxWorld.com
TELECOM
Figure 5 highlights the scope of the
CGL Working Group, which covers two
areas:
• Carrier grade Linux: CGL enhancements to the operating system
are related to various requirements
listed in later sections, such as availability and scalability. Enhancements
may also be made to hardware interfaces, interfaces to the user level
or application code, and interfaces
to development and debugging tools.
In some cases, user-level library
changes will be needed to access the
kernel services.
• Software development tools: These tools
include debuggers and analyzers.
Why Support Clustering?
Today’s telecommunication environments are increasingly adopting clustered servers to gain benefits in performance, availability, and scalability. A cluster is a collection of servers that share
resources and work together to solve a
problem. The benefits of a cluster are
greater and more cost-efficient than
what a single server can provide.
Furthermore, the telecommunication
industry’s interest in clustering originates from the fact that clusters address
carrier-class characteristics – such as
guaranteed service availability, reliability,
and scaled performance – using costeffective hardware and software. They
can be divided into three categories:
short failure detection and failure recovery, guaranteed availability of service,
and short response times.
The most widely adopted clustering
technique is use of multiple interconnected “loosely coupled, nothing shared”
nodes to a single highly available system.
A node is a stand-alone server (a computing unit) or an SMP machine; therefore,
the cluster can be either a collection of
servers or a collection of SMP machines,
or even a mix of both.
The advantages of clustering in telecom
servers include:
• High availability through redundancy
and failover techniques, which isolate or
reduce the impact of a failure in the
machine, resources, or device
• Manageability through appropriate system management facilities that reduce
system management costs and balance
loads for efficient resource utilization
• Scalability and performance through
expanding the capacity of the cluster
by adding more servers, adding more
processors, memory, storage, or other
resources to support growth and to
achieve a higher level of performance
In addition, the use of commercial offthe-shelf building blocks in clustered systems has a number of advantages, including a better price/performance ratio when
compared to specialized parallel supercomputers, deployment of the latest massmarket technology as it becomes available
at low cost, and added benefits from latest
standard operating system features as they
become available.
A generic cluster model is presented in
Figure 6. Using loosely coupled nodes as
Software Development Tools
On October 9, 2003, OSDL announced
the availability of the OSDL Carrier Grade
Linux Requirements Definition version 2.0
(CGL 2.0). This latest requirements definition for next-generation carrier grade
Linux offers major advances in security,
high availability, and clustering.
The requirements definition version 2.0
introduced new and enhanced features to
support Linux as a carrier grade platform; it
is divided into three sections:
• Clustering: The clustering requirements support the use of multiple carrier server systems for higher levels of
service availability through redundant
resources and recovery capabilities,
and to provide a horizontally scaled
environment supporting increased
throughput.
• Security: The security requirements are
aimed at maintaining a certain level of
security while not endangering the
goals of high availability, performance,
and scalability. The requirements support the use of additional security
mechanisms to protect the systems
against attacks from both the Internet
and intranets, and provide special
mechanisms at kernel level to be used
by telecom applications.
• General system: The general system
requirements support interactions with
the hardware platforms. They include
requirements for standards, performance, availability, scalability, serviceability, and tools.
ed in January 2004 with focus on advanced
requirement areas such as manageability,
serviceability, tools, security, standards,
performance, hardware, clustering, and
availability.
Applications
High Availability Management
and Services Middleware
Standard Interfaces
(LSB, POSIX...)
High Availability Interfaces
Service Interfaces
Linux Kernel with Carrier Grade Enhancements
Hardened Device Drivers
Hardware Configuration
& Management Interfaces
Co-Processor Interfaces
High Availability Hardware Platforms
Scope of the OSDL Carrier Grade Linux Working Group
FIGURE 5
SCOPE OF OSDL CGL WORKING GROUP
Applications
Middleware
Operating System
Processor
Reliable and Fault-tolerant Node Interconnect
Reliable and Fault-tolerant Storage (RAID/SAN/...)
The work on the next version of the
OSDL CGL requirements, version 3.0, start-
www.LinuxWorld.com
FIGURE 6
A GENERIC CLUSTER MODEL
29
MAY 2004
TELECOM
the other nodes. As for hardware upgrades,
each node is upgraded separately without
affecting service availability. In addition,
you can increase the number of nodes in
the cluster as the load/traffic demand
increases.
This generic model eliminates the node
being a single point of failure and provides
means to achieve high performance, reliability and scalability. To respond to the need for
clustered platforms in a telecom environment, the CGL clustering requirements are
aimed at supporting clustered applications
in a carrier grade environment as an effective
way to achieve highly available services.
the base of the clustering solution gives
more flexibility than a tighter coupling
between nodes. The loosely coupled cluster model is also suitable for the type of
applications CGL servers host. In this
model, the probability of a failed shared
component affecting the availability of the
service or the availability of the system
does not exist. As for performing software
or kernel upgrades, the procedure is executed on each node separately without
affecting the availability of the service. In
the case of a hardware fault, a specific node
is affected; it can be replaced or fixed without affecting the uptime (no unscheduled
downtime is allowed). On the other hand,
in the case of a software fault or bug on one
node, the specific node is affected. The
platform will still provide service through
Carrier Grade Linux Enhancements
Several enhancements to the Linux kernel are required by the communications
industry to help them adopt Linux on
their carrier grade platforms and support
their telecom applications. These
enhancements fall into the following categories: high availability, security, serviceability, performance and scalability
enhancements, reliability, standards, and
clustering (see Figure 7).
The implementations providing these
enhancements are open source projects
and are planned for integration with the
Linux kernel when they are mature and
ready for merging with the kernel code. In
some cases, bringing projects to the
required maturity level takes a considerable amount of time. Nevertheless, some
of the enhancements are targeted for
inclusion in kernel version 2.7. Other
enhancements will follow in later kernel
Carrier Grade
Enhancements
Standards
(POSIX, LSB, IETF)
Persistent
Device Naming
Security
Performance
Linux Kernel
Reliability
Memory
Management
Serviceability
Process
Management
Clustering
Support
FIGURE 7
CARRIER GRADE ENHANCEMENT AREAS
Hardware Platform
Interface Specification
2
Application Interface
Specification
Application Services
2
Application
Management
and High
Availability
Services
Middleware
Database
Communication
Directory
Protocols
1
Platform
Management
Middleware
System Management
1
Linux Kernel with Carrier Grade Enhancements
High Availability Hardware Platforms
FIGURE 8
SCOPE OF SA FORUM INTERFACE SPECIFICATIONS
MAY 2004
30
Software Development Tools
Applications
SA Forum Interfaces:
releases. Meanwhile, all enhancements, in
the form of packages, kernel modules, and
patches, are available from their respective
project Web sites.
Possible Concern
The usage of Linux is being expanded
day after day; Linux is running on desktops,
servers, mobile phones, personal digital
assistants, and other specialized embedded
and industrial devices. Linus Torvalds, the
creator of Linux and development leader, is
responsible for the roadmap of the official
Linux kernel (www.kernel.org). Linus has
always expressed his interest in targeting
the kernel development for high-end desktops. Consequently, if a feature is not widely used and if it does not benefit almost
everyone using Linux, then it may be very
hard to integrate this feature with the kernel; this is the case with specific requirements that target specialized markets such
as telecom, embedded, data centers, and
so on.
The concern in this area is whether
there will be a fork of the kernel source
tree to specialized kernel trees. Will this
fork happen? If so, when? Who will be
responsible for new kernel tree(s)? How
will this affect the open development
process of the resulting specialized kernels? These questions may or may not be
a major concern now; however, they will
be valid questions in the very near future.
Service Availability Forum
The SA Forum is a consortium of communications and computing companies
that are working together to develop open
standard interface specifications to promote the rapid development of cost-effective solutions that deliver highly dependable voice, data, and multimedia services
over fixed and wireless IP networks.
The scope of the SA Forum is highlighted in Figure 8. In such an open buildingblock design, the middleware manages all
critical resources to enable ultra-dependability of delivered services. The hardware
platform interface specification provides a
standardized interface between the middleware and the platform. The use of standard interfaces enables carrier grade systems to run on cost-effective commercial
off-the-shelf building blocks, while making management middleware independent
of any particular hardware platform.
www.LinuxWorld.com
TELECOM
The SA Forum is working on different
interface specifications and has publicly
announced the Hardware Platform
Interface (HPI) specification and the
Application Interface Specification (AIS).
The Hardware Platform Interface
(HPI) Specification
The HPI specification hides hardware
platform–specific or proprietary features
from availability middleware and applications, and allows the use of commercial
off-the-shelf middleware building blocks.
The HPI specification allows you to manage a carrier grade hardware platform independently of any particular hardware. It represents the platform-specific characteristics
of the physical hardware in an abstract
model, and based on that model it provides
standard functions for monitoring and controlling of any specific hardware. It enables
interfaces the middleware provides services
essential to making applications highly
available, e.g., managing failovers, event
delivery, etc., in a vendor-independent way.
As such, it supports portability of applications across high-availability middleware
supplied by different vendors.
The application interface specification
defines APIs that an application programmer can use in conjunction with a vendor’s
high-availability middleware that implements the specifications. The application
interface specification defines APIs for the
availability management framework, cluster membership service, checkpoint service, event service, message service, and
lock service.
As promoted by the SA Forum, the benefits of the AIS will include lower development costs, accelerated time-to-market,
enhanced portability and integration capa-
The activities of these bodies will allow all
players to have a common set of modular
software and hardware building blocks. These
building blocks will also help in the process
of migrating from proprietary platforms to
open and standardized platforms. This
process is associated with several challenges;
however, it also promises advantages that are
expected to be enormous and compensating.
The PICMG AdvancedTCA, the SA
Forum interfaces, and the OSDL Carrier
Grade Linux are expected to be successful;
however, as history has taught us, the best
technology does not necessarily always
win – timing is an important factor.
References
• OSDL: www.osdl.org
• CGL: www.osdl.org/lab_activities/
carrier_grade_linux
• PICMG: www.picmg.org
“Today’s telecommunication environments
are increasingly adopting clustered servers
to gain benefits in performance,
availability, and scalability”
bilities, increased resources focused on
innovation of solutions, and limited technology risks through the choice of compatible commercial off-the-shelf components.
As a result, network equipment providers
and telecom equipment manufacturers
adopting the application interface specification will speed up and simplify development, in addition to enabling open solutions that are composed of portable, carrier
grade building blocks.
• SA Forum: www.saforum.org
• Linux Kernel: www.kernel.org
• “AdvancedTCA: Next Generation
Architecture for Communication
Application,” white paper from NMS
Communications.
• Jokiaho, Timo; Herrman, Fred; Penkler,
Dave; Reitenspiess, Manfred; and Moser,
Louise. “The Service Availability Forum
Specification For High Availability
Middleware,” Service Availability Forum.
Conclusion
Acknowledgments
The application interface specification
(AIS) standardizes the interface between
compliant high-availability middleware and
(service) applications. It defines a standard
for high-availability management middleware through its interfaces. Through these
The general technology trend is toward
building reusable, flexible, stable, and powerful standard platforms from modular
hardware and software kits. PICMG, OSDL,
and SA Forum are three major efforts in this
direction with support from the telecom
industry.
The author would like to acknowledge all
the reviewers with special thanks to Peter
Badovinatz (IBM), Andre Beliveau (Ericsson),
John Cherry (OSDL), Makan Pourzandi
(Ericsson), and Maria Toeroe (Ericsson) for
their contributions and reviews.
www.LinuxWorld.com
31
the design of highly reliable infrastructure
products at a more abstract level without
the limitations of proprietary interfaces.
The hardware platform interface specification is expected to provide several benefits, such as shorter development cycles,
reduced time-to-market due to the ability to
use standard building blocks, a lower total
cost of ownership, improved design flexibility, faster validation of products using standard interfaces, and faster innovation since
focus will be on differentiating features.
The Application Interface Specification
LINUXWORLD MAGAZINE WWW.LINUXWORLD.COM
MAY 2004
EXCLUSIVE INTERVIEW
Francois Bancilhon
on Mandrakesoft
The friendly Linux operating system
is going strong
In this interview, LWM Editor-in-Chief Kevin Bedell speaks with Francois
Bancilhon, CEO of Mandrakesoft, about the success they’ve had over the past
year...and how they plan to build upon it.
LWM: Tell us a little bit about
Mandrakesoft and how you got involved
with them.
Francois Bancilhon: I’ve been with
Mandrakesoft for about a year. I joined
at a time when the company was in
deep financial trouble, and I joined to
help fix it. That’s what we’ve done over
the year. We announced today our first
positive financial result over a quarter
in the last five years. It’s a result of very
hard work from the entire team; moreover, it’s a signal that we’ve fixed the
company and brought it back from
where it was. The company’s generating
more cash than it’s spending.
LWM: Congratulations. You’re a Parisbased company, correct?
Bancilhon: We’re Paris based; we have people all over the place in the U.S. and
Canada. We’re a truly international company in the sense that we do less than 15% of
our revenues in France. We do about 45% in
North America, 35% all over Europe, and
the remainder in the rest of the world. We
pride ourselves on being a truly international, global distribution, with more than
63 languages, and we sell online in about
150 countries worldwide.
have to understand two things: there are
the people who use the system and people who pay for the system. In terms of
usage, today we average roughly 10,000
downloads a day, which means it’s somewhere between 3 and 4 million a year.
This goes up to more than 50,000 when a
new version comes out and goes down to
7,000 at the end of a cycle. That’s a really
broad reach, and it’s roughly distributed
FRANCOIS BANCILHON
CEO OF MANDRAKESOFT
Kevin Bedell is editor-in-chief of LWM.
[email protected]
as I mentioned in terms of country and
geography. Out of these 4 million people
who use Mandrakelinux, 1.5% actually
pay something – which is an interesting
ratio. It shows that the model works
and makes sense. We need to keep
improving on that. We’re truly 100%
committed to this open source approach;
we’ll keep providing a free download
version to all our users, and we’ll keep
maintaining it and providing the security
updates. That’s part of what we believe
the open source model is, and that’s part
of what we’ll do. On top of that, we’ll keep
MAY 2004
32
LWM: That’s quite a broad reach.
Bancilhon: In terms of distribution you
A B O UT
TH E
I NTE R V I E W E R
I NTE R V I E W
BY
KE V I N
B E D E L L
providing services and products that are
complementary to that distribution.
That’s what we’ve been doing over the
past year, and that’s what has brought us
to where we are – we’re a profitable,
healthy company now.
LWM: In addition to selling the product,
you actually have an online subscription
service. Can you tell us a little bit about
that?
Bancilhon: We have a club; the
Mandrakelinux Club is what helps
Mandrakesoft in difficult times. We
have about 20,000 members right now.
These people get free products or discounts on products, online services –
essentially anything else we do. The
Mandrakelinux Club is growing at a
fast pace. Our goal is to try to double
the number this year, and it seems that
we’re on target to do that. More and
more we treat the club as the forefront
of our users and supporters; they help
us with their advice, suggestions, and
so on. When we do something wrong,
they make sure they yell at us very quickly, and we listen and fix it. I think that’s
the right way of doing things. The beauty
of the system is that we can be in tune
with the people, who react very quickly
if we do something wrong. In addition,
when they tell us we’re doing things the
right way, we try to continue in that
direction.
LWM: I’m a Mandrakelinux user myself.
I’ve heard that Mandrakelinux’s strengths
are the ease of installation and maintenance. What do you see as the strengths of
your product?
Bancilhon: First of all, our mission is to
try to bring Linux technology to the mass-
www.LinuxWorld.com
EXCLUSIVE INTERVIEW
es, and we do that in two ways. The first is
to give away a free downloadable version
of the system to everybody who needs it.
Second, we make the technology as easy
as we can – to use, to administer, and to
install. That’s where the focus of the company is in terms of technology, and that’s
where we’ll keep working very hard. For
instance, 9.2 came out with a product
named Discovery, where the main
emphasis is to make Linux for beginners –
make a system incredibly simple by
choosing very simple and well-integrated
applications. And that’s working very well
in retail stores and the online store.
LWM: So you’re finding that most of your
customers are people who come to
Mandrakelinux because of your reputation for ease of use and simplicity?
Bancilhon: Today 50% of our people
doing downloads are new Mandrakelinux
users. That shows the growth of the system, and it shows we’re on the right track.
Out of all these people, I would say that
less than 50% are in businesses, and a little more than 50% are individual users.
These are our users; they are the ones
who got us to where we are. We’re grateful
to them and we’ll keep providing good
services. We think the company should
also make progress in providing better
services to the enterprise world, which is
why we’ve created this new line of products, the corporate server product, the
MNF [Multi Network Firewall], and the
clustering mechanism. We’ll keep adding
products to that with a release cycle that
is longer and more adapted to the corporate world.
LWM: I know the traditional Mandrakelinux user was an individual who was
looking for an easy-to-use, easy-to-install
distribution. Do you see that continuing
to be your focus?
Bancilhon: I think it’s going to continue –
you don’t want to abandon your installed
base. These are the people who helped us,
who appreciate us, so we’ll keep serving
them. We want to develop a new set of
customers in the enterprise world by
addressing what the corporate world
needs. That’s what we’re working on now,
and 10.0 will have a new set of features
and functionality more targeted at the
enterprise world.
www.LinuxWorld.com
LWM: What kind of new features are you
looking at for the business world?
Bancilhon: We’ve chosen specific software
for our groupware, which will be very
nicely integrated with our mailing system.
We strongly believe that in the Linux
world, less is more. A huge distribution
with 3,000 applications is very nice for
some people, but other people will want
something more focused, where they
know exactly the service it’s going to provide for them. We’ll be providing more
focused and targeted distributions for different roles, for example, a mail server.
LWM: So for the business world you’re
going to be providing more tightly focused
desktops that are more targeted toward
the specific needs of business users?
Bancilhon: Absolutely. The other piece,
which is very interesting right now, is the
extremely positive feedback we’re receiving on Mandrakemove – it’s a live CD, so
the system boots directly from the CD
reader. It comes with a USB key in which
you can store your preferences and data.
You can travel around with your CD and
your USB key, in which you have your
preferences and your key data, and on the
CD you have the system. It’s the ultimate
way to travel. We put that on the market
in early December. It’s getting a very
warm response from everybody who’s
reviewed it, and it’s selling like hotcakes
on our Web site. We’re very happy with it.
LWM: I can take my desktop with me?
Bancilhon: Absolutely. When I go home in
the evening, instead of carrying my laptop
I just carry my CD and USB key, and I use
my wife’s computer to do whatever I need
to do. We’ve added a nice, fun touch – the
CD from which you boot can be ejected,
so you can listen to your favorite CD while
you run your computer. We think it’s fun;
we’re getting very strong feedback on that
product; and we’re already starting to
think about the next version and how to
improve it.
LWM: What do you see in the future for
Mandrakesoft?
Bancilhon: We’ll be coming out with a
corporate desktop that will be the companion product to our corporate server,
targeted toward the corporate world. We'll
have a few very focused distributions on
some vertical markets, and some specific
functionality and so on. We believe
Mandrakesoft will be successful by heavily investing in technology. We’re doing a
lot of joint R&D projects with a number of
U.S. organizations, and that’s how we
think we’ll be successful. In terms of
developing the company, we have great
opportunities to expand our business on
the service side. Right now, we’re doing
less than 10% of our business in services,
while most of our competitors do business on the service side. There’s a good
opportunity there and we’ve taken a few
steps; we’re getting extremely good feedback on expanding our business to the
corporate world by providing a comprehensive set of services. We’ve accomplished the first step, which was to fix the
company, to bring it to a normal stage.
Now we’re ready to take it to a higher
level.
LINUXWORLD MAGAZINE WWW.LINUXWORLD.COM
“We’ve accomplished the
first step, which was to fix
the company, to bring it to a
normal stage. Now we’re ready
to take it to a higher level”
33
MAY 2004
POLICY
Security: Beyond
Technical Measures
Steps toward a comprehensive
information security policy
BY
Linux folks tend to have a better eye on security. I realize that’s an
R U S S
R O G E R S
Russ Rogers is CEO & CTO of Security Horizon,
Inc. He is a technology veteran with over
12 years of technology and information
security experience. He has served in multiple
information security positions to include
support of the National Security Agency and
the Defense Information Systems Agency.
He is a certified instructor for the
NSA INFOSEC Assessment Methodology (IAM)
and has recently coauthored
Security Assessment: Case Studies for
Implementing the NSA IAM, available
from Syngress Publishing.
[email protected]
Not only do these tools provide the ability to secure my organization at a fraction of
the cost of the more commercially based
tools, but they also let me see what they’re
doing. They have nothing to hide. In the
end, I can know everything I want to know
about my own security.
But let’s step away
from the technical
aspects of security for
just a moment. The
Linux community has
been great at addressing our technical problems, but it’s missing
another piece of the
puzzle that simply
cannot be addressed
by software: the organization itself.
Organizations need to
have the underlying
policies, procedures,
and culture associated
with security or else it
becomes a simple matter of “user = bad
password” or “screen = unlocked” and all
of our network security measures have
been compromised.
Coming from a technical background
myself, this was the hardest nut for me to
crack. Dealing with policies and procedures was always something that managers were supposed to do. I don’t do policies. But it occurred to me in a moment of
great enlightenment (OK, I’ll admit it, it
was actually over a Mountain Dew and a
Soft Taco Supreme) that most managers
can’t understand the security side like
many technical people can. So who’s
going to translate reality into potential
policies for the managers? In the end, it
falls to those technical individuals willing
to take up the banner of information
security and endure the pains of policy
and management.
The National Security Agency (NSA)
developed a system, years ago, called
the INFOSEC Assessment Methodology
(IAM) that can be used
to conduct assessments against the
organizational side
of each company.
The system doesn’t
deal directly with
the technical side
of security assessments but instead
strives to answer questions about organizational policy, procedure, and culture.
The IAM is based
on the very same
procedures that NSA
uses to assess the security of military and federal sites
all around the world.
The IAM is used to determine the actual
security posture of an organization based
on how it addresses security within its
MAY 2004
34
www.LinuxWorld.com
overwhelmingly general and wide-sweeping statement, but that’s my opinion.
I’ve been working with Linux for a very long time, and most of the other users in
the community tend to be highly technical and thus aware of many of the security
concerns facing the networked world today. And let’s be honest, there’s a reason
we all choose to use an open source operating system that allows direct access
to the kernel source code and its modules.
inux allows us to build robust
firewalls, intrusion detection, and
file system integrity checkers. The
firewall I’ve installed at my own
company is based on a Slackware
9.1 iptables implementation. The
Linux world has provided us with forensic
tools, vulnerability scanners, network analyzers, and more. I can now test my network, scan for security issues, resolve
those issues, and investigate potential
compromises, all from the comfort of my
shell prompt.
L
A B O UT
TH E
A UTH O R
www.linuxworld.com
POLICY
policies and procedures. What’s actually
covered within the organizational security
policy? What’s missing? Are any of these
things actually enforced? How? What
security regulation is our organization
required to adhere to?
The IAM breaks down this analysis into
three phases: the Pre-Assessment phase,
the On-Site phase, and the PostAssessment phase. The Pre-Assessment
phase consists of activities that try to get
the customer to sit down and decide what
information is critical to the organization’s
business. The goal is to get the customer to
start thinking in terms of confidentiality,
integrity, and availability. We start by getting customers to ask themselves questions
like “What is the impact to my organization
if I lose integrity of these customer
records?”
In most cases, these decisions have to be
made by upper management–level personnel who understand the ins and outs of the
business process. But what the IAM delivers at the end of this phase is an easy-toread matrix that lists the most critical
information types along with the customer
ratings for the impact each one would
have on the organization if it were compromised.
One of the most useful aspects of the
IAM is that it also gets the customer to
sit down and list the specific systems
within their own networks that contain
each of these critical pieces of information. So now we know which information
is critical to the organization, what
impact it would have on the organization
if we had a compromise, and where that
information exists. This provides a great
starting point for technical assessment
activities because the customer has identified the most critical servers and network components.
The On-Site phase is used to verify policies and regulations and to determine the
actual level of adherence to these things.
The activities include documentation
review, interviews, system demonstrations, and review of network documents.
The NSA IAM has worked with the
National Institute of Standards and
Technology (NIST) to generate a list of
areas that are covered during these activities. These areas are broken into three
areas: Management, Technical, and
Operational.
www.LinuxWorld.com
•
•
•
•
Management:
INFOSEC documentation
INFOSEC roles and responsibilities
Contingency planning
Configuration management
•
•
•
•
•
•
•
•
•
Technical:
Identification and authentication
Account management
Session controls
Auditing
Malicious code protection
Maintenance
System assurance
Networking and connectivity
Communications security
Next
Issue!
•
•
•
•
•
Operational:
Media controls
Labeling
Physical environment
Personnel security
Education training and awareness
Coming Hot off
As you can see from the list above, the
IAM allows for a complete organizational
assessment while still allowing for the flexibility of customization for each independent organization.
Finally, the Post-Assessment phase
is generally used for creating recommendations for areas that are not being
addressed appropriately and could lead
to an impact on the business. With the
appropriate management buy-in at this
point, the final report that is produced
in the Post-Assessment phase can be
used as a roadmap for the organization
to an increased security posture. The management buy-in is especially vital when we
consider the significant cultural and policy
change that should occur in response to an
assessment process of this magnitude.
I think we all agree that great technology is a wonderful thing, but if we stop
and really analyze the entire situation, we
find that we need both sides of the puzzle
if we’re to have the best security possible
for our organization. Using a methodology like the IAM can help your organization take the next steps toward a comprehensive information security program
and augment your technical measures.
For more information on the NSA IAM,
please visit www.iatrp.com or www.secu
rityhorizon.com.
the press here’s a
sneak peek at the
next issue of LWM!
PERFORMANCE
Scaling Linux to the Extreme
______________
OEM
Commercial DVD Software on Linux
______________
SECURITY
The New Paradigm for
Clustered Systems
______________
GAMING
Anarchy Online:
Linux-Powered Science Fiction
LINUXWORLD MAGAZINE WWW.LINUXWORLD.COM
35
The World’s Leading i-Technology Publisher
SECURITY VIEWPOINT
An Approach That Works
Comparing open and closed source security
Seemingly everyone has insight into the open source versus closed source
security debate. Each side provides plausible arguments for the benefits of their own
model and points out drawbacks of the other. The proponents of open source argue
that the source code is open and available for anyone to see, for many sets of eyes
to examine, and is therefore more secure. Opponents of open source say that this
“many eyes” theory is irrelevant since the vast majority of users will never look at
the source code. Countless arguments ensue from there and can get quite derived,
much like arguments over the exact number of episodes of Star Trek.
Steve Suehring is advocacy editor of
LinuxWorld Magazine. A technology architect
and engineer with a solid background in many
areas of computing encompassing both open
and closed source systems, he has worked with
a variety of companies to help them integrate
systems and provide the best use of available
technologies. Steve has written magazine
articles as well as a book on the MySQL
database server. He has also performed
technical editing on a number of other titles.
[email protected]
Debian. Some of this software isn’t even
Linux specific but runs on other operating
systems as well, including Microsoft
Windows. Microsoft releases patches only
for Microsoft-specific software.
With the thousands of software packages
available with Debian, security bugs are
impossible to avoid. Most updates are not
specific to Debian but rather affect the software as it runs on Linux, Mac OS X, and
Microsoft Windows alike. Regardless, the
software updates become available to users
of Debian Linux through the apt package
utility. Even if the problem isn’t directly
related to operating system functionality,
the update is easily downloaded and automatically installed. On the other hand,
updates for Microsoft through the default
“Automatic Update” service consist of what
Microsoft terms to be core functions. These
core functions include updates to bundled
products such as Internet Explorer and
Media Player but don’t include updates to
other Microsoft software such as Microsoft
Office, Exchange, SQL Server, and others.
Security flaws in this additional software
can lead to full compromise of the computer and the data contained therein, as is the
case with operating system flaws.
The timing of security updates best
reveals the differences in how the two models approach security. One of the aspects of
open source security is transparency – vir-
MAY 2004
36
ooking past these arguments, it’s
helpful to examine the theory of
security as it is approached by open
and closed source software organizations. To that end I’ll look at the
security approach of the Debian
Linux project as compared to the security
approach of Microsoft – I’ll use Microsoft
as an example acknowledging the important
role that they play as a target of securityrelated attacks due to their market share in
the desktop operating system environment.
Security for both Debian and Microsoft is
chiefly accomplished through the use of
software patches. Debian issues patches for
Debian-specific software problems as well
as non-Debian-specific problems. These
patches run the gamut of any of the thousands of software packages available with
L
A B O UT
TH E
A UTH O R
BY
STE V E
S U E H R I N G
tually as soon as a security flaw, theoretical
or practical, is reported, it’s released to the
general public so that users of the software
can take steps to mitigate the effects of the
security flaw. A patch follows very shortly
after for all of the popular open source software packages. If a patch isn’t readily available within hours, the community frequently steps up to release an intermediate
patch and to help others mitigate problems
associated with the flaw.
On the other hand, Microsoft has undertaken the policy of releasing patches only
monthly for the operating system functions. While this results in fewer security
notices to the public, it does nothing to
enhance security. In fact, releasing patches
on a monthly cycle rather than as necessary
increases the possibility of exploit. The only
people who know about the exploit are the
people responsible for finding it and
Microsoft. Of course, the people who find
software exploits are all honest individuals
with no ill intentions, right? Imagine that a
burglar found a new way to pick door locks
and shared this information with their
friends-in-crime, and the police found out
about the impending crime spree. Now
imagine the police did nothing to alert the
public about this danger because they only
talked to the public monthly. Transparency
and openness of security flaws and defects
in products should be demanded by customers for their own safety.
Comparing the security approaches of
open and closed source software organizations illustrates the inherent structural differences between the two models. Open
source organizations such as Debian
believe in greater protection, openness, and
transparency of the security process so that
their users can protect themselves. Closed
source organizations such as Microsoft
believe that they know best how, where,
and when to disseminate information
about security flaws. Unfortunately for
users, this means quietly, discreetly, and
belatedly.
LINUXWORLD MAGAZINE WWW.LINUXWORLD.COM
www.LinuxWorld.com
304,187 of the World’s Foremost IT Professionals
DIRECT MAIL, EMAIL OR MULTI-CHANNEL
Target CTOs, CIOs and CXO-level IT professionals and developers
who subscribe to SYS-CON Media’s industry leading publications
Java Developer's Journal...
The leading publication aimed
specifically at corporate and
independent java development
professionals
LinuxWorld Magazine...The
premier monthly resource of Linux
news for executives with key
buying influences
Web Services Journal...The
only Web Services magazine for
CIOs, tech, marketing & product
managers, VARs/ISVs, enterprise/
app architects & developers
for those who design, build,
customize, deploy, or administer
IBM’s WebSphere suite of
software
resource for corporate and
independent enterprise
client/server and
web developers
dedicated to ColdFusion web
development
leading XML resource for CEOs,
CTOs, technology solution
architects, product managers,
programmers and developers
WebSphere Developer’s
Journal...The premier publication
PowerBuilder Developer’s
Journal…The only PowerBuilder
ColdFusion Developer's
Journal...The only publication
XML-Journal...The world's #1
WebLogic Developer’s
Journal…The official magazine
for BEA WebLogic application
server software developers, IT
management & users
Wireless Business &
Technology... The wireless
.NET Developer’s Journal…
The must read iTechnology
publication for Windows
developers & CXO management
professionals
magazine for key corporate &
engineering managers, and other
executives who purchase
communications products/services
Recommended for a variety of offers including Java, Internet, enterprise computing, e-business applications, training, software, hardware,
data back up and storage, business applications, subscriptions, financial services, high ticket gifts and much more.
NOW AVAILABLE!
The SYS-CON
Media Database
For postal information:
For email information:
304,187 postal
contact Kevin at 845-731-2684
contact Frank at 845-731-3832
addresses
[email protected]
[email protected]
epostdirect.com 800-409-4443 fax845-620-9035
edithroman.com 800-223-2194 fax845-620-9035
s
e
g
n
e
SECURITY
l
l
ha
x
u
n
i
e
L
h
t
of udit
A
eC
h
T
em
t
s
y
s
e
ecur
s
a
r
fo
Steps
As a decision maker in your IT organization, you’re aware that your Linux
systems share is growing (if your enterprise follows today’s business trend). Linux
installations are now available on every major hardware platform. New projects in
development include Linux systems in an increasing share, and you’re challenged
with incorporating these Linux systems seamlessly into your operations and business
BY
R I C H A R D
W I L L I A M S
processing.
hese Linux systems must also
now be included as part of
your IT audit. IT audits are
increasingly performed by
cross-functional teams rather
than by operations, networks,
applications, or database management
teams. The cross-functional audit teams
have the scope and purview to examine
each area of operations. Since your skilled
operations teams aren’t responsible for
policing their own house, they can remain
focused on their core skill sets.
The audit teams make scheduled passes,
with strategic focus on physical security,
network security, applications security, systems security, and whatever else is part of
your enterprise security plan. The report is
T
A B O UT
TH E
A UTH O R
Richard Williams is director of education for
Symark Software in Agoura Hills, California.
With over 20 years of experience in systems
administration, architecture, and design,
Richard oversees the development and delivery
of Symark’s University Training Program in
providing customer support to
global enterprise customers.
[email protected]
MAY 2004
38
digested and parsed by the audit team
leader or information security manager,
who tactfully disseminates the information
to the appropriate team leaders.
The first challenge emerging from this
vision of corporate information systems
unity is that the operations teams will
potentially mistrust, hate, fear, or otherwise
loathe the audit teams. This humanistic certainty is based on the perception that
someone is trying to find something wrong
so that blame can be assigned. Overcoming
this challenge, while not a typical strategic
audit goal, is important since you want the
audit teams to have unfettered access, and
you want their work to be supported and
adopted by the operations teams. The audit
teams’ reports must become meaningful
www.LinuxWorld.com
SECURITY
input for operations teams, who will review
a report and mitigate the threats instead of
putting out fires later because important
audit information was not heeded.
Using your vision, sensibility, and other
executive powers, you’ve attained respectful buy-in from the teams – you can now
move forward to meet other challenges.
party products to give you more auditability
when users gain or use elevated privilege.
This particular product will log all standard
input, output, and errors, as well as a complete report regarding the secured task:
$ pbrun GIMMIEROOT
Enter your reason for accessing this policy: I
need to edit the /etc/passwd file
The Audit
One problem identified during Linux
audits is that too many people know the
root password and other elevated-privilege
account passwords. These passwords are
the electronic keys to the kingdom in Linux,
and taking back control of these accounts is
a top audit priority. Typically, everyone who
has the root password knows why they
shouldn’t pass it out or overuse it.
There’s limited accountability in most
native Linux operating systems, including
the lack of a cogent audit trail. The native
auditability is primarily centered around the
syslog and sulog facilities, which cannot
describe the interactive actions of the root
user with the system at the level required by
the HIPPA, Sarbanes-Oxley, and NISPOM
Chapter 8 requirements, to mention only a
few. For example, Figure 1 shows a sample
sulog, revealing a not very detailed snapshot
of users using su on a system.
While they’re better than nothing, the
sample log entries don’t describe what
actions were taken after the SU command
occurred. (For the uninitiated, the + or –
tells you if the SU request was successful.)
The syslog example may be roughly
equivalent (see Figure 2).
The example in Figure 2 also indicates
privilege being elevated, but does not
describe (or require) a reason. Additionally,
the file(s) produced by the syslog daemon
may contain information not germane to
your audit, but again, some information is
certainly better than nothing. You can significantly improve the auditability in your
enterprise by adding third-party software
that captures all standard input, output, and
errors, including everything the user does
with the elevated privilege.
The example below is from a policy created
on a Linux system (salmon.mydomain. com),
using a Symark product called PowerBroker,
(version 3.2.1). It provides a root shell for any
user authorized to run the command pbrun
GIMMIEROOT. The policy creates an audit
file akin to others available in some third-
Figure 3 shows what the resultant logfile
includes. Note that the “who, what, when,
where, and why” are evident in the log
output.
I truncated the log file, but you can see
that your audit team has the ability to see it,
and to tell the who, what, when, where, and
why for any elevated-privilege or vital-asset
access. In addition to third-party products,
Linux vendors are working hard to provide
this functionality. This functionality significantly improves your teams’ ability to take
back the root and other elevated-privilege
accounts by granting elevated privilege only
when the user accesses certain commands
or assets (within their normal job descriptions, for example). When access is complete, normal privilege resumes, and the
user never knows the elevated password.
So you’re familiar with elevated-access audit
control; is your audit team is as well? Basic
audit tenants include reading the documentation to determine what to audit, but what documentation do you have that describes who
can access what, when, where, and why?
Your systems, applications, and networks
team can collaborate to create a document
like Table 1.
Your teams may have used any visualization method, but the output is a matrix of
your systems (vertical axis), and your user
community (horizontal axis). Notice that
www.LinuxWorld.com
39
Feb
Feb
Feb
Feb
Feb
Feb
Feb
Feb
Feb
Feb
Feb
29
29
29
29
29
29
29
29
29
29
29
17:16:50
17:17:01
17:17:10
17:19:15
17:19:20
17:19:26
17:19:29
17:21:11
17:21:41
17:22:39
17:23:50
FIGURE 2
halibut
halibut
halibut
halibut
halibut
halibut
halibut
halibut
halibut
halibut
halibut
each login/access method is described, as
well as which system each user can access,
from which system, by which method. Once
users are on the systems, executable commands are listed, as well as any elevated
privilege required. With this documentation,
your audit team now knows which systems
to go to, which accounts to scrutinize, which
commands should normally be allowed as
the user, and which commands require elevated privilege. This documentation is simple but effective in meeting the requirement
to report upward and manage outward.
Another important problem that surfaces
in a Linux audit is the publication of passwords, which often happens inadvertently
via secure applications scripts (Web startup
or shutdown, middleware startup or shutdown, database startup or shutdown, etc.).
Information synchronization routines
(such as NIS or LDAP v2) also place assets
at risk, as they pass account, system, and
other enterprise information around the
LAN or WAN in clear case. (In the case of
passwords specifically, the encrypted value
is sent, but agile information bandits know
the difference between a crypt, bigcrypt, or
MD-5 hash. When the rest of the information is in clear case, encrypting only the
password may provide little safety.)
SU
DATE
TIME
RESULT
PORT
USER NEWUSER
SU
08/19
15:07
+
pts/4
root-eshalov
SU
08/19
15:09
+
pts/2
eshalov-root
SU
08/19
15:24
+
pts/4
eshalov-root
SU
08/19
16:18
+
pts/4
root-eshalov
SU
08/19
16:26
+
pts/3
cgotcher-root
SU
08/19
16:36
-
pts/6
rwilliam-root
SU
08/19
16:36
-
pts/6
rwilliam-root
SU
08/19
16:46
+
pts/5
root-eshalov
FIGURE 1
SAMPLE SULOG
su: [ID 366847 auth.notice] 'su root' succeeded for pbtester on /dev/pts/1
su: [ID 366847 auth.info] 'su pbtester' succeeded for pbtester on /dev/pts/1
last message repeated 10 times
inetd[169]: [ID 965992 daemon.error] sypbguid/tcp: unknown service
su: [ID 366847 auth.info] 'su pbtester' succeeded for pbtester on /dev/pts/1
pbrun3.1.0-05: [ID 635269 auth.error] 3005 Request ended unexpectedly
su: [ID 366847 auth.info] 'su pbtester' succeeded for pbtester on /dev/pts/1
last message repeated 2 times
su: [ID 366847 auth.notice] 'su root' succeeded for pbtester on /dev/pts/3
su: [ID 366847 auth.info] 'su pbtester' succeeded for pbtester on /dev/pts/3
last message repeated 3 times
SAMPLE SYSLOG
MAY 2004
SECURITY
Once passwords are obtained by a nontrusted source (someone leaves a file containing a password world-readable, for example), valuable assets are at risk on numerous
fronts, including easy access to critical
files/data. When an asset can be accessed by
a user in masquerade, the asset is at risk. The
insertion of a Trojan program, the destruction
of an application, and the alteration of data
are all undesirable options. Whether compromised by the pad of paper in the machine
room, the e-mail to the group alias with a
defunct (but still receptive) recipient, the
generic account password used by consultcommand
'GIMMIEROOT'
cwd
'/home/rwilliam'
date
'2004/03/08'
eventlog
'/var/log/pb.eventlog'
host 'salmon.mydomain.com'
hour
16
keystrokelog
'/var/log/pb.rwilliam.GIMMIEROOT.salmon
.mydomain.com.040308.164656.TZs2RH'
masterhost 'salmon.mydomain.com'
policyUse
' I need to edit the password file'
requestuser 'rwilliam'
runeffectiveuser 'root'
runhost
time
'salmon.mydomain.com'
'16:46:46'
ants nationwide when installing the new software on your enterprise server, or some other
method, the untrusted source now has the
ability to log in to one or more systems as
someone other than themselves. No audit
could save you at this point, as activity performed under the guise of a trusted user is
now suspect.
Fortunately, your systems audit includes
the regular checking for ownership, permissions, checksums, and other embedded safety mechanisms to keep data and applications in a known good state. Program files,
executables, even operating system and
patch levels are being recorded and compared from audit to audit, and maintained at
the most current secure levels. The LDAP
directory is scrutinized for the dysfunction
that occurs between Human Resources and
Information Systems, causing transferred or
even terminated employees to be removed to
systems, but allowed to remain in the LDAP
directory. This step eliminates the ability for
a transferred or terminated employee to gain
access to assets via an LDAP-credentialed
application. You have delegated and empowered effectively, your audit team is passing
back the appropriate report to the systems
managers, and the integrity of the systems
and programs is secure.
Conclusion
FIGURE 3
RESULTANT LOGFILE
TABLE 1
AUDIT DOCUMENT
MAY 2004
As a quick summary, your internal teams
40
periodically perform these audits:
• Physical security
• Operating system
• Network security
• Others as you require
Each team has a specific focus and reports
to you for dissemination and mitigation. A
periodic review of your documentation will
reveal newly emerging systems, network
components, or applications requiring audits,
and your appropriate team will incorporate
them as needed. The process feeds itself, as
each successive audit both addresses issues
and reveals an emerging strength of operations as a cohesive unit, with assets protected
in concentric rings of recurring audits.
Your charter to your auditors is multifold,
as they assess each aspect of today’s
increasingly complex information systems
nervous system. The audits should be periodic, focused on a specific aspect of the
larger picture, and as unintrusive as possible. They should yield a systematic and
repeatable report, which is then passed
back into the system for assessment and
mitigation. Your audit teams use a documentation tool to determine who, what,
and how to audit your assets, and the result
is that the external audit becomes a quality
checkpoint rather than an item causing
worry, fear, or loathing.
LINUXWORLD MAGAZINE WWW.LINUXWORLD.COM
www.LinuxWorld.com
LOOK FOR YOUR FREE...
Coming this
SPRING!
© 2004 SYS-CON MEDIA. ALL RIGHT RESERVED. ALL BRAND AND PRODUCT NAMES USED ARE TRADE NAMES, SERVICE MARKS, OR TRADEMARKS OF THEIR RESPECTIVE COMPANIES.
JBOSS
Following in
Linux’s Footsteps
How open source Java technology
is shaking up the market
BY
Is open source and the commoditization of certain technologies cannibalizing
B O B
B I C KE L
software license revenue? Possibly, but many argue that this market dynamic
been cleared and the open source OS has
already been embraced by mainstream
enterprises.
stimulates many vendors to accelerate innovation and to create new technologies
Where It’s Successful
Bob Bickel is vice president of strategy and
corporate development for JBoss, Inc., provider
of the most popular Java-based application
server. In addition to his role as an advisor,
Bickel is responsible for establishing
technology partnerships and alliances,
as well as helping drive corporate
marketing initiatives. Bickel previously
was general manager of the
HP Middleware.
[email protected]
standards and an excellent way to achieve
true definitions of the standards. Of
course, the consumers of open source
benefit from the low cost. Proprietary
vendors are grappling with the commoditization of infrastructure software that
today is firmly entrenched as a large,
macro-economic force.
In the case of application server technology, some other key factors are
accelerating its commoditization, including the Java 2,
Enterprise Edition ( J2EE)
platform. This standard has
been widely accepted by
multiple
application
servers,
which levels the
playing field among vendors and makes
portability of applications relatively
straightforward.
In addition, Linux has played the role
of a big brother, paving the way for
young newcomers. Little brothers and
sisters usually get to drive the car sooner
or stay out later – the older sibling greases the wheel and makes life easier for
them. So, the adoption of open source
middleware is going much faster than
Linux since the pathway has already
On the server side, combining open
source with Java has pushed the limits of
what modern middleware technology can
do. JBoss, a Java-based, open source application server that has achieved 4 million
downloads since 2001 so far, is a popular
application server for companies that
want a high-quality, cost-effective platform for developing scalable, secure Web
applications.
This is also happening on the database
front. According to an
August 2003 brief by
Forrester
Research’s Ted
Schadler,
with the
open source
database
MySQL “….nipping at the heels
of commercial databases, IBM,
Microsoft, Oracle, and Sybase
will ramp up their already busy research
teams.”
Furthermore, SAP has recently handed
its SAPDB database software to the open
source development community and
keeps 100 developers working on the
software. Anyone can download the
database from the SAP Web site, and the
company provides support for its ERP
software customers who are using the
database.
In fact, MySQL AB now offers MaxDB.
MaxDB is the result of an alliance between
MySQL and SAP to jointly develop and
market an enterprise open source database.
MAY 2004
42
www.LinuxWorld.com
and applications. And, while this market dynamic can be disruptive, it creates a
roaring buyer’s market for IT decision makers.
owhere is the case for this
more apparent than in the
middleware and application
server sectors. Falling prices
and a maturing market are also
resulting in consolidation
among the vendors. At the same time,
open source alternatives, combined with
tightening IT budgets, are changing the
application server software market.
N
The Times –
They Are A-Changin’
The Internet and open source make it
possible to economically produce and distribute software. This is especially true
with middleware, where stable standards
are defined and open source is both a
high-quality way of implementing these
A B O UT
TH E
A UTH O R
www.linuxworld.com
JBOSS
Free, high-quality products like this
are changing the competitive landscape.
Two years ago there were 30 application
server vendors; today there are less than
10 proprietary vendors and only 4 have
significant market share. At this rate,
JBoss may become to application servers
what Apache is to Web servers – a dominant open source platform in critical IT
infrastructure and a deciding force in
promoting open standards on the
Internet.
What’s a
Commercial Vendor to Do?
Increased competition from both
commercial and open source companies
is pushing everyone to continue innovating and improving their technology. As
a result, many vendors are now trying
to differentiate themselves by adding
extensions to their application servers.
Although, according to Gartner’s 2003
Enterprise Application Server Magic
Quadrant, “The mainstream majority
of enterprise projects will succeed
equally well using an application server,
embedded into a larger framework of
tools, applications, or infrastructure
technologies.”
Other industry experts predict the
emergence of specialized application
servers dedicated to presenting database information to a variety of handheld devices, for example. Some are
even rethinking the traditional practice
of tying software licenses to mandatory
service.
The Net-Net
The consumer, a discriminating
IT buyer in a down market, is tired
of multiple startups and even established
vendors putting out the same technology
and noise. As a result, the IT buyer is
increasingly looking to open source products. At the same time, many proprietary
vendors, losing market share due to the
commoditization of such technologies
are redirecting R&D into new Web services, integration, and portal technology,
which ultimately may also benefit end
users as well.
Like the Internet itself, the modern
enterprise now increasingly relies on
successful open source projects. Plus,
the commoditization of operating systems, compilers, and servers is only
the beginning. Many forms of infrastructure software can benefit from
the open source model. Even nonproprietary business software likely
to have a large user base may soon be
ripe for commoditization too.
Ultimately, all this new thinking and
ingenuity gives consumers increased
choices, better products and services,
and more cost-effective ways for building cutting-edge IT infrastructures
and the next wave of distributed
applications.
LINUXWORLD MAGAZINE WWW.LINUXWORLD.COM
Industry
Newsletter!
The insider intelligence
you need to keep
ahead of the curve
FREE
e-Newletters...sign up today!
Go to www.SYS-CON.com
The most innovative products, new releases,
interviews, industry developments, and
plenty of solid i-technology news can be
found in SYS-CON Media’s Industry Newsletters.
Targeted to meet your professional needs, each
e-mail is informative, insightful, and to the
“JBoss may become to
application servers what Apache
is to Web servers –
a dominant open source platform
in critical IT infrastructure”
www.LinuxWorld.com
43
point. They’re free, and your subscription is just
a mouse-click away at www.sys-con.com.
Select the
Industry
Newsletters
that match
your needs!
Choose one –
or try them all!
The World’s Leading i-Technology Publisher
DISTRIBUTIONS
Debian
GNU/
/
Linu
All you need to know to get started
with Linux in ‘its purest form’
Linux is rapidly becoming a household name. More and more people are aware of
the various distributions that make up the Linux scene – but until now the vaguely
science-fictionish sounding Debian has not entered the public consciousness in the way
of names like Red Hat or SUSE. Through this article I hope to help LinuxWorld Magazine
readers enter the world of what many consider to be Linux in its purest form.
BY
J A L D H A R
H.
V YA S
The Debian Project:
History and Aims
A B O UT
TH E
A UTH O R
Jaldhar Vyas is a consultant and Hindu priest
who has been a member of the Debian Project
since 1997. He lives in Jersey City, New Jersey
with his wife and daughter.
[email protected]
MAY 2004
If you think Linux is hard to install today,
pity the poor pioneers of the early '90s.
They had to scour the Internet to find software to run, porting and integrating it
themselves. There were a few fledgling distributions that made the task easier, but
Linux was still only for
the most dedicated and knowledgeable.
In 1993, an Indiana college student
named Ian Murdock became dissatisfied
with the existing Linux offerings and decid-
44
ed to create a Linux distribution that was
community based, composed entirely of
free software, and technically excellent. The
name Debian (pronounced “deb-ee-an”
with stress on the first syllable) is a contraction of the names of Ian and his wife Debra.
The new project attracted a lot of interest
from like-minded Linux enthusiasts and
began to grow steadily. Its fervent stance in
favor of free software attracted the attention
of Richard Stallman’s Free Software
Foundation (see www.gnu.org), which
sponsored it for a while. Although that for-
www.LinuxWorld.com
DISTRIBUTIONS
mal relationship has ended, Debian still
shares many of the FSF’s aims. The FSF’s
GNU project also provides much of the core
software that makes up Debian, so the
developers were proud to formally name
the distribution Debian GNU/Linux.
Today, despite its lack of glitz and PR,
Debian is estimated to be the second- or
third-most popular Linux distribution and
the only major noncommercial one. It is
committed to supporting the Linux Standard
Base (see www.freestandards.org) and takes
part in other initiatives to enhance the Linux
operating system. It has also become the
base for other distributions: from commercial desktop-oriented products like Libranet,
Lindows, and Xandros to government-sponsored efforts such as Spain’s LinEx and
Scandinavia’s Skolelinux, and live CDs such
as KNOPPIX and Morphix.
In 1997, the Debian developers decided
to formally state their goals in a social contract with the free software community. A
set of guidelines as to what the project considers to be free software was also issued.
The Debian Free Software Guidelines
(DFSG) later became the source of the
Open Source Definition.
The Debian GNU/Linux
Social Contract
The Debian Project is an association of
individuals who have made common cause
to create a free operating system. This is the
“social contract” we offer to the free software community.
1. Debian will remain 100% free software:
We promise to keep the Debian
GNU/Linux Distribution entirely free
software. As there are many definitions
of free software, we include the guidelines we use to determine if software is
“free” below. We will support our users
who develop and run nonfree software
on Debian, but we will never make the
system depend on an item of nonfree
software.
2. We will give back to the free software
community: When we write new components of the Debian system, we will
license them as free software. We will
make the best system we can, so that
free software will be widely distributed
and used. We will feed back bug-fixes,
improvements, user requests, etc., to the
“upstream” authors of software included
in our system.
www.LinuxWorld.com
3. We won’t hide problems: We will keep
our entire bug-report database open for
public view at all times. Reports that
users file online will immediately
become visible to others.
4. Our priorities are our users and free
software: We will be guided by the needs
of our users and the free software community. We will place their interests first
in our priorities. We will support the
needs of our users for operation in many
different kinds of computing environments. We won’t object to commercial
software that is intended to run on
Debian systems, and we’ll allow others
to create value-added distributions containing both Debian and commercial
software, without any fee from us. To
support these goals, we will provide an
integrated system of high-quality, 100%
free software, with no legal restrictions
that would prevent these kinds of use.
5. Programs that don’t meet our free
software standards: We acknowledge
that some of our users require the use of
programs that don’t conform to the
Debian Free Software Guidelines. We
have created “contrib” and “nonfree”
areas in our FTP archive for this software.
The software in these directories is not
part of the Debian system, although it
has been configured for use with Debian.
We encourage CD manufacturers to read
the licenses of software packages in these
directories and determine if they can distribute that software on their CDs. Thus,
although nonfree software isn’t a part of
Debian, we support its use, and we provide infrastructure (such as our bugtracking system and mailing lists) for
nonfree software packages.
1. Free redistribution: The license of a
Debian component may not restrict any
party from selling or giving away the
software as a component of an aggregate software distribution containing
programs from several different sources.
The license may not require a royalty or
other fee for such sale.
2. Source code: The program must include
source code, and must allow distribution
in source code as well as compiled form.
3. Derived works: The license must allow
modifications and derived works, and
must allow them to be distributed
under the same terms as the license of
the original software.
4. Integrity of the author’s source code:
The license may restrict source code
from being distributed in modified
form only if the license allows the distribution of “patch files” with the
source code for the purpose of modifying the program at build time. The
license must explicitly permit distribution of software built from modified
source code. The license may require
derived works to carry a different name
or version number from the original
software. (This is a compromise. The
Debian group encourages all authors
to not restrict any files, source or binary, from being modified.)
5. No discrimination against persons or
groups: The license must not discriminate
against any person or group of persons.
6. No discrimination against fields of
endeavor: The license must not restrict
anyone from making use of the program
in a specific field of endeavor. For
example, it may not restrict the program
from being used in a business, or from
being used for genetic research.
7. Distribution of license: The rights
attached to the program must apply to
all to whom the program is redistributed without the need for execution of
an additional license by those parties.
8. License must not be specific to Debian:
The rights attached to the program
must not depend on the program’s
being part of a Debian system. If the
program is extracted from Debian and
used or distributed without Debian but
otherwise within the terms of the program’s license, all parties to whom
the program is redistributed should
have the same rights as those that are
granted in conjunction with the
Debian system.
9. License must not contaminate other
software: The license must not place
restrictions on other software that is
distributed along with the licensed software. For example, the license must not
insist that all other programs distributed on the same medium must be free
software.
10. Example licenses: The “GPL,” “BSD,”
and “Artistic” licenses are examples of
licenses that we consider “free.”
45
MAY 2004
The Debian Free Software
Guidelines
DISTRIBUTIONS
Debian Packages
The software provided by Debian is
packaged in a special binary format called
deb (after the .deb extension of package file
names) which, much like the rpm packages
used by other distributions, makes it easy
to install, uninstall, and upgrade. Although
rpms and debs cannot be used interchangably, there is a utility called alien that
converts between the two. Debian has a
written policy manual (see www.debian
.org/doc/debian-policy) that strictly
defines how packages should behave and
thus ensure they will work well together.
A common difficulty with binary software packages is that of satisfying dependencies. A particular piece of software may
require a certain library to work correctly or
two programs may conflict with each other.
Debian has developed an advanced packaging tool, aptly named apt, that solves this
name, taken from characters in the Pixar
animated film Toy Story, which a former
Debian project leader worked on.
Publicly released distributions also have
a version number, with sub-version numbers (X.Y or X.Y rZ) to indicate updated
point releases that are not complete new
versions.
Currently the three distributions are:
1. Stable (Woody or 3.0 r2): This is the version usually found on CDs. It is the most
recent officially released Debian distribution and is suitable for production
servers and other environments where
high reliability is essential. No new code
is added to a stable release except for
fixes of security vulnerabilities, which are
back-ported from newer versions. While
this conservative approach may appear to
make stable lag behind other Linux distributions, it ensures that it is as bug-free as
“Debian is estimated to be the
second- or third-most popular
Linux distribution and the only
major noncommercial one”
You can find older Debian distributions
at www.debian.org/distrib/archive. A listing of third-party packages is available at
www.apt-get.org.
Within each distribution, there are three
sections:
1. Main: The official distribution made
up entirely of free software packages.
2. Nonfree: For packages that fail the
DFSG.
3. Contrib: For those that are free but
depend upon a nonfree component.
Debian has been ported to many different architectures:
• i386: Intel’s 80386 and its descendants
and clones. Binaries optimized for
Pentiums, AMD’s Athlons, etc., are not
provided, but can be created by the
user.
• m68k: Motorola 68000 chips as used in
Sun3, early Apple Macintosh, Atari, and
Amiga machines.
• sparc/sparc64: Systems based on Sun
Microsystems’ 32- and 64-bit SPARC
processors.
• alpha: Compaq’s (formerly Digital’s)
Alpha processors.
• powerpc: IBM and Motorola PowerPC
processors used in IBM servers and
newer Apple Macintoshes.
• arm: ARM processor used in the
Netwinder and many embedded
devices.
• mips/mipsel: MIPS processors which
can be big-endian (as used in SGI
machines) or little-endian (e.g.,
DECStations).
• hppa: Hewlett-Packard’s PA-RISC architecture.
• ia64: Intel’s 64-bit Itanium processor.
AMD’s Opteron is not yet supported, but
a port to that architecture has just begun
and may be available by the time you
read this.
• s390: IBM’s S/390 mainframes.
• sh: Hitachi Super/H chips as used in the
Sega Dreamcast.
At any given time, there are actually
three Debian distributions: stable, testing, and unstable. Each distribution has a
possible. It is possible to run some of the
latest Linux software on Woody thanks to
the third-party Debian Backports Project
(see www.backports.org).
• Unstable (Sid): This is where new development takes place. Although there
might be occasional breakage, unstable
refers to the fact that this distribution is
constantly in flux with new packages
being added, bugs fixed, etc., not to the
quality of its software. Developers and
other power users tend to use unstable.
• Testing (Sarge): This distribution
attempts to fall between stable and
unstable. When packages in unstable are
deemed sufficiently bug-free, they are
added to testing. When testing itself is
bug-free and any other release goals are
met, it becomes the next stable distribution. It is a good choice for desktop
users.
Debian is branching beyond Linux
with ports in progress to the GNU Hurd,
FreeBSD, and NetBSD kernels. For more
information on each port, such as exactly
which hardware is supported, see www.
debian.org/ports.
Support for such a wide variety of often
quite esoteric hardware may seem like a
MAY 2004
46
www.LinuxWorld.com
problem. When you install a package using
the command-line program apt-get or one
of the graphical apt front ends, the most
recently packaged version is downloaded
from the Debian servers along with any
other packages it may depend on. You are
also prompted to remove any conflicting
packages. This ensures your system is in a
consistent state at all times with a minimum amount of manual intervention.
Needless to say, this idea has proven to be
quite popular. Other distributions either
developed their own variations on the
theme or ported apt. Even Apple’s Mac OS
X has an apt port (see http://fink.sourceforge.net).
Debian Distributions and Ports
www.linuxworld.com
DISTRIBUTIONS
waste of time. However, apart from the
innate geek appeal, porting to exotic hardware has advantages even for people who
will never use anything other than a standard PC because the porting process often
picks up subtle bugs that would otherwise
go unnoticed.
Obtaining Debian GNU/Linux
Debian makes its distribution available
for free on the Internet for all to use as
they wish without licenses or royalties.
You can download it as a set of software
packages by rsync or anonymous FTP
(see www.debian.org/distrib/ftplist for
servers) or as ISO9660 images suitable for
burning on to CD-ROMs (see http://
cdimage.debian.org). If you don’t have
Internet connectivity or it is too slow for
large downloads, you can get Debian by
purchasing a CD set from a third-party
vendor (see www.debian. org/CD/
vendors). Many vendors allow you to
make a donation to the Debian Project
along with your order.
Getting Help
Most of Debian’s business is conducted
via public e-mail discussion lists. A full list
plus subscription info can be obtained
from www.debian.org/MailingLists. Here
are some of the major ones. (Those marked
with a * are moderated or otherwise
restricted.)
• debian-announce*: Important
announcements from the Debian Project.
• debian-changes*: Notice of new or
updated packages in stable.
• debian-devel-announce*: Announcements from the Debian project of interest to Debian developers.
• debian-devel-changes*: Notice of new
or updated packages in unstable.
• debian-devel: Technical discussion
among Debian developers.
• debian-news*: A weekly roundup of
what’s going on in the Debian world.
• debian-policy: Discussion of Debian
policy and proposed amendments to it.
• debian-project: Discussions concerning the operation of the Debian Project.
• debian-security-announce*: Security
advisories from the Debian Project.
• debian-security: Open discussion of
security issues.
• debian-user: The main discussion and
support list for users.
www.LinuxWorld.com
Support is available via IRC in channel
#debian on the Freenode IRC network.
(For a list of servers, see www.freenode.
org.)
The Debian Web site www.debian.
org is your starting point to learn about
all things Debian. For the benefit of
international users, it is translated into
almost 20 different languages. Some
third-party Web sites focusing on
Debian are Debian Planet (www.debian
planet.org) and Debian-Help (www.
debianhelp.org).
You can contact the maintainer
of any Debian package by using our
public bug-tracking system at http://
bugs.debian.org or by sending an
e-mail to packagename@packages.
debian.org
See www.debian.org/consultants/ for
a list of companies and consultants who
provide paid support.
How to Help the Debian Project
To this day, Debian remains a community project without paid staff. It depends on
the help of volunteers and well-wishers to
further its aims. There are several ways in
which you can support the activities of the
project:
• Join us as a developer: www.debian.
org/join/newmaint describes the
process for becoming a member of
our team.
• Help with support and quality assurance: You don’t have to be a Debian
developer to help improve our operating system. See http://qa.debian.org/
howto. html for instructions and a
TODO list. Or you can assist users by
answering questions on the mailing
lists or by sharing a copy of Debian
with them.
• Donate money or resources: Debian
relies on donations of cash, servers,
bandwidth, etc., for its operation.
You are under no obligation to contribute, but if you would like to do
so, a noprofit organization registered
in New York, called Software In The
Public Interest Inc., has been set up
to accept donations on behalf of the
Debian Project. For further details,
see www.spi-inc.org/donations
or send an e-mail to treasurer@
spi-inc.org.
LINUXWORLD MAGAZINE WWW.LINUXWORLD.COM
47
Subscribe
Today!
Connect online
for fastest service...
don’t miss another
issue of LWM!
SAVE 30%
OFF!
REGULAR ANNUAL COVER PRICE $71.76
YOU PAY ONLY
49
99
$
12 ISSUES/YR
*OFFER SUBJECT TO CHANGE WITHOUT NOTICE
LOG ON
TO
www.LinuxWorld.com
The World’s Leading i-Technology Publisher
SECURITY
Securing a Tightly
Integrated OS
Protect your system with a layered approach
As the state of the art in operating systems (OS) continues to advance, an
unnerving trend has emerged: vulnerabilities in tightly integrated operating systems.
How do you address this? With an effective combination of educated staff, proper
procedures, and technology.
ather than being a collection of
separate utilities and daemons,
the modern OS is moving toward
a highly integrated system with
numerous dependencies. As a
result, the core of the OS is more
easily exposed to a broader range of vulnerabilities. While Linux still largely a collection of separate components, Microsoft
Windows is at the forefront of this design
principle and, in fact, is moving to an even
more tightly integrated system. The risks
can become significant. Whenever a vulnerability is found in one of the core components of a tightly integrated OS, interdependent components are vulnerable as a
result. Developing an appropriate approach
to protecting systems with tightly integrated OSs is the key to maintaining a secure
and safe network environment.
The rationale for a tightly integrated
operating system is sound – reduced
development costs and effort, a reduction
in portability issues, and fewer components to break. The flip side is unprece-
R
A B O UT
TH E
A UTH O R
dented exposure to vulnerabilities. In the
past, when a single system component
had a vulnerability the impact was isolated to that single component. However,
due to the dependencies introduced by
extensive integration, that one component may now impact multiple applications. It is this chain of dependencies that
presents enormous risk.
A Practical Approach to
Isolating the Exposures
Brad Doctor, CISSP, is StillSecure’s director of
security research. He has been involved in IT
security for more than 10 years. Prior to
StillSecure, Brad consulted for such companies
as Apple Computer, Phoenix Technologies,
and the Monster Board, fulfilling network
and host-based security needs. In addition to
traditional IT security, Brad also worked with
Quova, Inc., as the director of research.
[email protected]
A number of approaches exist for isolating – or at least reducing – your exposure in cases such as these. For the purposes of this article, the assumption is
that it is impossible to catch every security flaw during development and that
organizations will need to take measures
to protect themselves until patches or
upgrades are available that solve the
security flaw.
MAY 2004
48
BY
B R A D
D O C TO R
The simplest approach to dealing with
exploits aimed at integrated OSs is to turn
off any services not required or restrict
access to those services via network firewalls or network intrusion prevention systems (IPSs). Turning off a service entirely is
rarely a practical option for Web servers or
file servers. In the specific case of a Web
server, doing so would certainly solve the
problem, but then you wouldn’t have a
Web server!
A layered approach consisting of the following primary components is the most
practical solution:
1. Education of your network and system
administrators
2. A baseline of the current state of your
network
3. Proper configuration of the host operating system, including current patches
and service packs
4. Proper configuration of the network
service being hosted
5. A generic network firewall to allow only
specific traffic in and out
6. An IPS to cover the bases left open by
the network firewall
7. An on-board firewall for each device
(IPtables in Linux, TCP Filters in
Windows)
8. In the case of a Linux system, a chrooted
environment for each available network
service, and optionally physical separation from the internal network
Having an educated and security-conscious staff is the most important of these
options. The ability to recognize, understand, and correct a potential security
exposure or configuration error is much
more valuable than any technology solution. Your staff is truly the first line of
defense.
Knowledge is power! Knowing your
current exposures and configuration
www.LinuxWorld.com
www.linuxworld.com
SECURITY
issues should be on your short list,
regardless of how far into this process
you may go. Rectifying the issues found
should be the immediate next step –
directly followed by another baseline to
once again ascertain any new issues.
Automated vulnerability management
tools can help make this process straightforward and manageable.
Current shipping distributions of Linux
as well as current shipping versions of
Windows still contain many services that
are not useful or appropriate for a device
that will host publicly accessible network
services. You should identify and disable
these services before the device is ever connected to any network. Linux is able to fully
function with far fewer resources than
Windows, and you should take advantage
of this. If the first step (i.e., a well-educated
staff) was successful, your administrators
will be able to identify which services to
safely disable.
The network service itself, for example
a Web server, should also be properly
configured. No prepackaged examples or
documents should be present anywhere
within the document root, nor should
any of this data be accessible by anyone
over the network. For example, many
exploits exist that rely upon these stock
examples being installed in a default
installation of the Microsoft IIS Web
server.
Every network that is to be interconnected with any other network should have a
firewall at the gateway. The firewall should
be configured to only allow specific traffic
both into and out of the network. Nearly
every firewall controls inbound traffic, but
few are configured to also control outbound traffic. For example, should an
internal system ever be infected with a
worm (as has happened both with Linux
and Windows), the outbound controls will
hopefully limit the impact and propagation of the worm.
An intrusion prevention system (IPS) is
a great tool to fill in the cracks that a firewall leaves open. As most firewalls do not
normally perform any type of content
inspection (or very limited if they do), the
allowed traffic is by no means assured to
be free of malicious content or exploits.
This is where an IPS really shines – the
ability to inspect all traffic for attacks.
Most IPS products also allow the traffic to
www.LinuxWorld.com
be blocked, hence the prevention in intrusion prevention system. The value of an
IPS is often discounted or misunderstood,
yet for those in the know, an IPS represents a 24/7 partner that never stops preventing the malicious traffic from entering
your network.
An on-board firewall is a critical component that will shield your organization
from the inevitable configuration error. By
restricting which types of network traffic
may be passed into and out of each endpoint, you greatly reduce your exposure.
Windows and Linux have this capability.
Most Linux distributions use this out of
the box; however, Windows must be configured after the fact to leverage this capability, although Service Pack 2 for Windows
XP will change that.
Chrooted environments are an
extremely effective means to isolate
processes on a Linux system. Linux has
native support for chrooted environments
and most distributions ship with tools out
of the box that will allow you to do this for
nearly any network service (or any
process for that matter!). Unfortunately,
Windows has no good way to implement a
chrooted environment. A somewhat feasible option for Windows includes running
VMware, but the resources required are
often too much, making this impractical.
The primary benefit of a chrooted environment is the logical separation: if a
process or application is exploited, the
damage is limited to the chrooted environment, significantly reducing the
impact to the rest of the system. How-to’s
exist for popular Linux network services
and a quick search on Google will find
those.
Conclusion
The rate of exploit attempts and network worms is rising and will continue to
rise. The attack vectors are continually
increasing in their sophistication, and
attacks are becoming much more difficult
to prevent or even contain. Both Linux
and Windows can be made insecure in a
network environment – and both can also
be made secure enough to be safe.
Regardless of your chosen platform, the
most important tool available to you is an
effective combination of your staff, proper
procedures, and technology.
Subscribe
Today!
Operators are
standing by...
don’t miss another
issue of LWM!
SAVE 30%
OFF!
99
$
49
REGULAR ANNUAL COVER PRICE $71.76
YOU PAY ONLY
12 ISSUES/YR
*OFFER SUBJECT TO CHANGE WITHOUT NOTICE
CALL
CUSTOMER SERVICE
AT
1-888-303-5282
LINUXWORLD MAGAZINE WWW.LINUXWORLD.COM
49
The World’s Leading i-Technology Publisher
GAMING
Linux on the Back End:
Dark Age of Camelot
Rob Denton on how Mythic Entertainment
lets you live the legends
Rumor has it that many MMORPGs (Massively Multiplayer Online Role-Playing
Games) are using Linux on the back end to run their worlds, so your humble Gaming
Industry editor decided to start knocking on some doors. The first kind folks to
answer were those at Mythic Entertainment (www.mythicentertainment.com), who are
I NTE R V I E W
BY
D E E-A N N
L E B L A N C
LWM: What were some of the challenges
involved in building your MMORPG?
Were any of them Linux-specific?
Denton: The challenge in building a game
of this type is the game design. Technology
is very important – the game must be stable
– but making the game fun is the game
developer’s greatest challenge.
the creators of the popular Dark Age of Camelot (DAOC, www.darkageofcamelot.com)
game. Rob Denton, chief technology officer of Mythic Entertainment, took a few
moments to answer some questions.
LWM: Please tell us briefly about Dark Age
of Camelot. It’s an MMORPG, correct?
Rob Denton: Yes, Dark Age of Camelot is a
massively multiplayer online role-playing
game, where people can create characters in
a fantasy world based on Arthurian myths
and legends (as well as Viking and Celtic
lore). They can adventure with friends, make
enemies, fight one another, and basically
grow their characters in this online world.
LWM: Where is Linux involved in DAOC’s
back end?
Denton: Our game and Web servers are all
running Red Hat Linux. Because we are an
online game, we rely extensively on our server technology for game rules, logging, and
billing. All of this is done on Linux servers.
A B O UT
TH E
I NTE R V I E W E R
Dee-Ann LeBlanc, gaming industry editor of
LinuxWorld Magazine, has been involved with
Linux since 1994. Dee-Ann is the author of 12
books and 130 articles, and has more of both
coming. She is a trainer, a course developer –
including the official Red Hat online courseware at DigitalThink – a founding member of
the AnswerSquad, and a consultant.
[email protected]
MAY 2004
LWM: Why was Linux selected to handle
the back-end tasks that it handles?
Denton: Well, first and foremost because it
is free – that and because we had been
using Linux for a few years as back-end
server technology for other smaller titles
we published. We were very comfortable
with developing on that platform and rely
on its stability.
LWM: What other titles had you used
Linux with?
Denton: We used Linux for back-end
game servers on many titles between 1996
and 2001, when Camelot launched. They
are: Darkness Falls; Darkness Falls: the
Crusade; Magestorm Millenium;
Splatterball Plus; and Spellbinder: the
Nexus Conflict. DF and DFC were textbased online role-playing games;
Magestorm, Splatterball, and Spellbinder
are first-person shooters.
LWM: Why were the other back-end
platforms selected to handle what
they handle?
Denton: We don’t have any other back-end
server technology at all in Dark Age of
Camelot – it’s all Linux based.
50
LWM: What technical lessons have you
learned along the way?
Denton: We’re constantly learning lessons
not only about game design, but also about
the technology that our game uses.
LWM: Could you share a couple of
examples with us, in both the game
design and the technology?
Denton: The best example of this is when
we found that we can support many more
players on a server than we allow. So, we
made a game decision to limit the amount
of players simultaneously connected to
one of our “shards” to 3,500. There’s no
strict technical reason for this; it’s just
that when more players than that connect, the world starts to feel crowded and
it is harder to find places to go that aren’t
overrun with other players. Simply, it’s not
fun to play an online game when it is
overcrowded.
LWM: What business lessons have you
learned along the way?
Denton: Keeping your customers happy is,
in our experience, the number-one challenge. Camelot is a subscription-based
service, and we know that without our subscription-paying community, the game
would quickly become unprofitable. So we
spend lots of resources on updating the
game, fixing bugs, and ensuring that our
server code is stable and reliable.
www.LinuxWorld.com
GAMING
LWM: Is there a Linux client?
Denton: No, currently we run only on MS
Windows, since we utilize DirectX.
LWM: Do you plan to provide a Linux client?
Denton: When there is sufficient demand
for one. This is a risky thing for us – it
would take a lot of work to develop a new
client, and of course support it over the
years that Camelot will continue to be
played. Camelot was written using a commercial graphics engine API called
NetImmerse that “sits” on top of DirectX.
When we start thinking about porting the
client to another OS, we’ll have to come up
with another graphics engine solution, and
that will be time consuming.
LWM: If you don’t plan to provide a Linux
client at the moment, what would have
to change in order for you to consider
such a move?
Denton: Having a huge upswing in the
amount of Linux desktop machines, plus a
commercially accepted 3D graphics standard that we could port to. We are very
happy with Linux as a back-end server
technology – our entire business is based
on it – but we feel that Linux client technology is lagging a bit behind. It’ll catch up
soon enough, and when it does, we’ll think
about porting.
LWM: OpenGL is the standard used
for both OS X and Linux games, and is
heavily backed by game companies like
id Software. id doesn’t use DirectX at all
to my understanding, they use entirely
OpenGL, even for Windows.
Denton: That’s true, but id is in the business of making graphics engines that they
license to other companies (as well as
developing games, of course). Mythic is
not in that business; we licensed an
engine technology to develop Spellbinder
and Camelot with, and that happens to be
based on DirectX on the Windows platform. Of course it’s possible for us to
www.linuxworld.com
license another technology that is
more portability friendly, but we need
to have a compelling business reason to
do so.
LWM: Have the changes in Red Hat (the
split between its community Fedora
Project and its non-free RHEL) caused you
any concern over which Linux platform
you will use for your next offering, or for
your current platform?
Denton: Yes, we’re very concerned over
the RHL/RHEL/Fedora split. It has caused
us to closely re-examine our choice in
both Linux distribution and server hardware vendor (due to support issues with
alternate Linux distributions as we move
forward). As of now we still haven’t made
a decision as to what we’re doing, but
we’re leaning toward creating and supporting our own internal Linux distribution rather than moving forward with
RHEL or Fedora.
LINUXWORLD MAGAZINE WWW.LINUXWORLD.COM
LinuxWorld Magazine
There is no escaping the penetration of Linux into the corporate world. Traditional
Regular features
models are being turned on their head as the open-for-everyone Linux bandwagon rolls forward.
Linux is an operating system that is traditionally held in the highest esteem by the
include:
hardcore or geek developers of the world. With its roots firmly seeded in the open-source
Advice on Linux Infrastructure
model, Linux is very much born from the “if it’s broke, then fix it yourself” attitude.
Major corporations including IBM, Oracle, Sun, and Dell have all committed significant
Detailed Software Reviews
resources and money to ensure their strategy for the future involves Linux. Linux has
Migration Advice
arrived at the boardroom.
Yet until now, no title has existed that explicitly addresses this new hunger for
Hardware Advice
information from the corporate arena. LinuxWorld Magazine is aimed squarely at providing
this group with the knowledge and background necessary to make decisions to utilize
CEO Guest Editorials
the Linux operating system.
Look for all the strategic information required to better inform the community on how
Recruiting/Certification Advice
powerful an alternative Linux can be. LinuxWorld Magazine does not feature low-level code
snippets but focuses instead on the higher logistical level, providing advice on hardware, to
Latest News That Matters
software, through to the recruiting of trained personnel required to successfully deploy a
Case Studies
Linux-based solution. Each month presents a different focus, allowing a detailed analysis
of all the components that make up the greater Linux landscape.
LINUXWORLD® IS THE REGISTERED TRADEMARK
OF INTERNATIONAL DATA GROUP, INC.
SAVE 30%
The Leading Magazine
for Enterprise and
IT Management
OFF!
REGULAR ANNUAL COVER PRICE $71.76
YOU PAY ONLY
$
4999
12 ISSUES/YR
*OFFER SUBJECT TO CHANGE WITHOUT NOTICE
LINUXWORLD® IS THE REGISTERED TRADEMARK
OF INTERNATIONAL DATA GROUP, INC.
SUBSCRIBE
TODAY!
WWW.SYS-CON.COM
OR CALL
1-888-303-5282
FOR ADVERTISING INFORMATION:
CALL 201 802.3020 OR
VISIT WWW.SYS-CON.COM
The World’s Leading i-Technology Publisher
www.LinuxWorld.com
51
MAY 2004
PRODUCT REVIEW
EmergeCore’s
IT in a Box
Linux servers made easy
BY
EmergeCore’s president and CEO, Dave Brown, learned that in the ISP business,
reliability and value were keys to success for his customers. That’s why he chose
Linux as the operating system to power his IT in a Box IT-100. The IT-100 is
a “Swiss Army Knife” of Linux servers and services. The small-footprint server
appliance functions as a firewall and router for your office LAN with an
integrated four-port 10/100 Ethernet hub and wireless gateway. Additionally,
the IT-100 offers a full suite of Linux-powered services, including Web and
e-mail.
Easy Administration
As you read in LinuxWorld Magazine
every month, more and more people are
turning to Linux to provide business solutions – but there’s one small problem. They
must go through a learning curve that is
intimidating for many familiar with using
other operating systems and software. Fear
no longer, the IT-100 makes implementing
a Linux server and other services very easy.
EmergeCore’s biggest value is that they
have done the heavy lifting for you with
respect to assembling a complete Linux
infrastructure package including file sharing, Web server, mail server, firewall, and
wireless gateway to name but a few. They
then pair that with a central Web interface
that even a naïve user could use to configure the server. Initially you configure the
device via the included crossover cable
A B O UT
TH E
A UTH O R
Mark Hinkle, desktop technologies editor of
LinuxWorld Magazine, is vice president of
operations for NeTraverse, a Linux software
company that specializes in Windows-to-Linux
migration. Mark is on the Formation Board of
The Desktop Linux Consortium.
[email protected]
MAY 2004
connected to your PC or laptop’s network
card. Once configured the device can be
managed from the local area network from
any Web browser.
IT in a Box virtually pays for itself in time savings and ease of administration. Not only does
it supply all the IT services required by most
small businesses, but it does so at a
surprisingly affordable price.
Price: $1,395
Web: www.emergecore.com
52
M A R K
R.
H I N KL E
Feature Rich
Naming all the features available on the
small IT-100 is a substantial task as the unit
is more than a simple network server.
Besides the Web server, e-mail, firewall, and
wireless gateway the IT-100 offers many
additional features. Some of the most
notable are:
• E-mail features: IT in a Box mail server
offers both POP and IMAP mail with
virus-scanning abilities. The virus definitions for the e-mail server can be downloaded manually or set to download during a regular intervals daily, weekly, or
monthly. Also, besides the ability to scan
mail for viruses, the IT-100 also allows
for the enablement of server-side spam
filtering through SpamCop.
• Web features: IT in a Box does offer the
ability to host Web sites, and for a small
business with relatively light traffic it’s
probably a good choice. Domains can be
configured to point right to IT in a Box
whether you have a top-level domain or
want to use a dynamic DNS service like
TZO.com. IT in a Box can help you provide a public face via a Web site with no
problem. Besides serving Web pages, IT
in a Box can function as a proxy server to
seamlessly cache and filter Web content
to your LAN. And the add-ons don’t stop
there: the Web site builder tools come
with a wizard that allows you to set up a
Web presence through a template and
wizard system.
• Miscellaneous features: Besides the features I have already mentioned, IT-100
also offers features that some advanced
users may find useful. The ability to set
up a VPN to the IT-100 allows remote
access through a secure tunnel. Back-up
and restore faculties are provided to
restore the box to default settings or to
back up all data on the box to an
attached USB device.
www.LinuxWorld.com
PRODUCT REVIEW
Excellent Value
It’s important to realize the true value
of the IT-100. Not just in terms of the
affordable price, but also the actual longterm savings you will realize from such a
system.
• Labor: There is a short learning curve
for self-administration, or companies
can hire one of EmergeCore’s partners
to install the device. Either solution is
more cost effective than keeping a fulltime IT person. The simplicity of the IT100 allows tasks to be accomplished
quickly, keeping bills for IT services
low.
• Consolidated device: One factor to consider when buying IT infrastructure is
that multi-use devices can have a number of benefits. First, a device such as IT
in a Box will take up much less room
than having multiple devices, and it will
consume less power.
• Uptime: I have been testing the IT in a
Box IT-100 for over a month with zero
downtime. I have been able to configure
the device in minutes when I wanted to
add a forwarded port or e-mail account,
and I am able to do so through a menudriven interface. The only time I have
taken the device down was to load system updates, which is a simple procedure that requires a reboot. Otherwise,
I’ve been able to use the IT-100 without
failure despite heavy Internet traffic.
If your time is valuable, your business
relies on access to the Internet, and you
don’t require a complex setup, I believe
you would be hard pressed to find a
cheaper solution when you factor in
the time associated with set-up and
administration.
Areas for Improvement
For the most part I found little to complain about with respect to the IT-100; however, I ran into trouble acquiring a signal
from my cable modem. If the cable modem
dropped signal my only way to get the IT100 back online was via a reboot. Also, I
noticed that despite the presence of a parallel port there was no print server available on the IT-100. This seems to be one of
the key functions I would like to see added
to the box. Otherwise it’s hard to complain
about the package, it works well out of the
box and configuration is a breeze.
www.LinuxWorld.com
The IT-100 administrative interface includes a system summary showing WAN and LAN traffic,
memory usage, and disk space
This isn’t so much an area for improvement as a word of caution: if you are looking for a highly customizable solution,
this isn’t the solution for you. While you
can configure most any aspect of the IT100 with ease, it’s definitely not a customizable solution like you might find
with a Linux distribution and an Intel
server.
Summary
The IT-100 is an ideal solution for a
small office with anywhere from 2 to 75
users. Besides being easy to use, the IT-100
is very inexpensive – you could run all
your IT services from a central box for
$1,395. On top of that, this is the beginning of an expanding product line that in
the future will include more storage and
most likely other enhancements to the
base unit. I’ve seen very few products that
offer all the advantages of Linux with an
extremely easy and intuitive interface, but
once I test drove the IT in a Box IT-100, I
knew that any small business user could
benefit from Linux with a minimal
Linux is #1 for EmergeCore
amount of hassle.
President and CEO Dave Brown
LINUXWORLD MAGAZINE WWW.LINUXWORLD.COM
53
MAY 2004
BOOK ROOKERY
Linux for Dummies,
5th Edition
Everything a beginner needs to install
and run Linux
I NTE R V I E W
BY
KE V I N
B E D E L L
In this installment of the Book Rookery, Kevin Bedell speaks with LWM’s own
Dee-Ann LeBlanc about the latest edition of Linux for Dummies, which features
expanded coverage of the Linux desktop, among other things.
Can people without a lot of computer
experience really install and use Linux for
everyday tasks?
Sure! I won’t claim that it’s “tie both
hands behind your back” easy to learn
Linux, but installation has never been simpler in most cases, and you point and click
your way through things just like you do in
Windows and Mac OS X – unless you’re
really into learning the ol’ tried-and-true
command line. Some people are.
Does the book cover just Linux, or does it
cover other applications, such as
OpenOffice?
There’s a nice meaty chapter on
OpenOffice.org and all of the programs in
that suite. There’s also a ton of material on
multimedia stuff, and other fun tools that I
thought folks might like to know more
about. I’d say it’s about half and half. The
other half of the book contains things
about using Linux in the GUI and command line, customizing the GUI, and other
tasks that will help you feel more comfortable.
What has changed from previous editions
of Linux for Dummies?
In the early editions, we tried to cover
everything, from desktop to server. The
5th edition is the culmination of my decision last time around to bring this book
A B O UT
TH E
I NTE R V I E W E R
Kevin Bedell is editor-in-chief of LWM.
[email protected]
MAY 2004
more and more to a desktop focus. That
lets me zoom in on enough interesting
stuff that it’s not just some quick survey
that has no real details. There are lots of
books that have information on how to set
up servers. There’s still not much that
focuses on the desktop. Removing the
more server-based content has let me
expand the OpenOffice and multimedia
coverage, in particular.
What are the biggest challenges that most
beginning users have installing and using
Linux?
Sometimes a particular version of
Linux and a particular hardware setup
just don’t seem to get along. Without
being there in person, I can’t be sure what
happens, but it’s happened to me too.
( Just as some computers don’t seem to
get along well with Windows.) I’ve talked
to some Linux users who had to try more
than one distribution before they found
one they really liked.
As far as using Linux, it’s important to
remember that learning Linux is like
learning a whole new language if you’ve
never done anything in Unix. These are
some of the things I try in particular to
address, by helping readers to understand
some of the terminology and how things
are seen and done a bit differently in the
Linux world.
Is Linux ready for the desktop for average
users?
You’d kind of have to define an average
54
user for me. A lot of average folks write
me to thank me for the book, saying
they’re set up and happily playing with
Linux. Other people write to me with
problems, and I help them as best I can.
The biggest problem is in the area of
installation; if something goes wrong it
can really go wrong. However, people forget that most users don’t install their own
Windows boxes. They just buy them preinstalled.
Once people get their Linux boxes set up,
the average user really seems to have no
trouble as long as no one talked them into
trying a more advanced distribution.
Debian is great for the server, but it’s not
something that I would hand to someone
new to Linux who just wants to try something out on the desktop.
If I buy this book, do I get everything I need
to install and run Linux?
You get Fedora Core 1 on DVD, so you get
the entire Fedora distribution, and even the
www.LinuxWorld.com
previewing may 11, 2004, at networld+interop, las vegas
Information
Storage+Security
Journal!
&2%%2%3/52#%#$).#,5$%$
)NTHIS
ISSUE
)03TORAGE
3!..!3
$ISASTER
2ECOVERY
%NTERPRISE
3ECURITY
)NFOSECURITY
WWW)33*OURNALCOM
02%-)%26/,)335%
-ICROSOFT
23!
3ECURITY
3ECURE)$FOR 7INDOWS
3!.
.!3
%MERGINGTECHNOLOGYTRENDS
ANDMARKETMANEUVERS
for more information visit
www.ISSJournal.com
From the World’s Leading i-Technology Publisher
©COPYRIGHT 2004 SYS-CON MEDIA. ALL BRAND AND PRODUCT NAMES ARE TRADE NAMES, SERVICE MARKS OR TRADEMARKS OF THEIR RESPECTIVE COMPANIES.
BOOK ROOKERY
“Learning Linux is like
learning a whole new language
if you’ve never done anything
in Unix”
source code if you really want to play with
it for some insane reason.
Can I call you if I have problems?
I do answer e-mail, though not
always as quickly as I might like (sometimes
I’m on the road or under heavy deadlines).
I’m also part of the AnswerSquad
(www.answersquad.com), which is a paid
support team that can handle all kinds of
questions, not just Linux ones. Since it’s paid
I make sure to answer questions faster there,
and if I’m not around to do so immediately,
there are other people who can. It's a nice
way for me to pool my services with other
folks so I have time to write and work as well.
Is Linux better than Windows? If so, why?
For some this is a religious question! My
general response to this is, “Well, what are
MAY 2004
you trying to do?” I try to remember that
computers are just tools, as are operating systems. Personally, I prefer Linux. I find it more
stable, and better built in terms of security. I
also prefer the philosophy behind the free
software and open source communities to
the “What’s mine is mine, and what’s yours is
mine” approach taken by many powerful
closed source computer companies.
I know this is a very diplomatic answer,
but I’m a very shades-of-gray kind of person. The world isn’t black and white.
Though I suppose Tux, the Linux mascot, is.
any desktop system, no matter what OS you
use, you generally want to have as powerful a
computer as you can manage, just because it’s
got to run a GUI, hold five windows with different programs open at once, play games,
and more. If you don’t need a high-end desktop system though (say you just want to use it
for word processing), then Linux on an older
system can be perfect – especially if you take
the time to customize your GUI to the point
where it’s using very small components.
I don’t get into this level of GUI customization in the book since it’s more advanced, but
I do tell you how to turn the GUI off completely. Now there’s a nice, light interface!
LINUXWORLD MAGAZINE WWW.LINUXWORLD.COM
LINUX FOR DUMMIES
Copyright ® 2003 by Wiley Publishing, Inc.
Reproduced here by permission. All rights
reserved. For Dummies is a registered trademark
of John Wiley & Sons, Inc. and/or its affiliates in
the U.S. and other countries.
ABOUT DEE-ANN LEBLANC:
I’ve heard I can install and run Linux on
older and less powerful computers. Will
this book help me do this?
You sure can do this. You’ll find the best use
for older computers to be on the server front,
where you don’t need a GUI. I find that with
Dee-Ann LeBlanc, gaming industry editor of
LinuxWorld Magazine, has been involved with
Linux since 1994. Dee-Ann is the author of
12 books, 130 articles, and has more of both
coming. She is a trainer, a course developer –
including the official Red Hat online courseware
at DigitalThink – a founding member of the
AnswerSquad, and a consultant.
[email protected]
56
www.LinuxWorld.com
*
FREE CD! (
)
$198.00
VALUE!
Secrets of the Linux Masters
Every LWM Article on One CD!
— The Complete Works —
CD is edited by LWM Editor-in-Chief Kevin Bedell and organized
into 38 chapters containing more than 2600 exclusive LWM articles!
All in an easy-to-navigate HTML format! BONUS: Full source code included!
ORDER AT WWW.SYS-CON.COM/FREECD
*PLUS $9.95 SHIPPING AND PROCESSING (U.S. ONLY )
©COPYRIGHT 2004 SYS-CON MEDIA. WHILE SUPPLIES LAST. OFFER SUBJECT TO CHANGE WITHOUT NOTICE. ALL BRAND AND PRODUCT NAMES ARE TRADE NAMES, SERVICE MARKS OR TRADEMARKS OF THEIR RESPECTIVE COMPANIES.
Only from the World’s Leading i-Technology Publisher
A LIMITED TIME SAVINGS OFFER FROM SYS-CON MEDIA
SUBSCRIBE TODAY
TO MULTIPLE MAGAZINES
RECEIVE
YOUR DIGITAL
EDITION
ACCESS CODE
INSTANTLY
WITH YOUR PAID
SUBSCRIPTIONS
AND SAVE UP TO $400 AND *
RECEIVE UP TO 3 FREE CDs! 3-Pack
Pick any 3 of our
magazines and save
up to $27500
Pay only $175 for a
1 year subscription
plus a FREE CD
• 2 Year – $299.00
• Canada/Mexico – $245.00
• International – $315.00
*
*
*
*
*
*
Pick a 3-Pack, a 6-Pack or a 9-Pack
CALL TODAY! 888-303-5282
■ MX Developer’s Journal
U.S. - Two Years (24) Cover: $143
U.S. - One Year (12) Cover: $72
Can/Mex - Two Years (24) $168
Can/Mex - One Year (12) $84
Int’l - Two Years (24) $216
Int’l - One Year (12) $108
Digital Edition - One Year (12)
You Pay: $49.99 / Save: $167 + FREE $198 CD
You Pay: $29.99 / Save: $60
You Pay: $79.99 / Save: $137 + FREE $198 CD
You Pay: $49.99 / Save: $40
You Pay: $89.99 / Save: $127 + FREE $198 CD
You Pay: $59.99 / Save: $30
You Pay: $19.99
■ Linux World Magazine
U.S. - Two Years (24) Cover: $143
U.S. - One Year (12) Cover: $72
Can/Mex - Two Years (24) $168
Can/Mex - One Year (12) $84
Int’l - Two Years (24) $216
Int’l - One Year (12) $108
Save: $63 + FREE $198 CD
Save: $32
Save: $48 + FREE $198 CD
Save: $4
Save: $40 + FREE $198 CD
Save: $8
You Pay: $89 /
You Pay: $49.99 /
You Pay: $119.99 /
You Pay: $79.99 /
You Pay: $176 /
You Pay: $99.99 /
Save: $55 + FREE $198 CD
Save: $22
Save: $48 + FREE $198 CD
Save: $4
Save: $40 + FREE $198 CD
Save: $8
You Pay: $99.99 /
You Pay: $69.99 /
You Pay: $129 /
You Pay: $89.99 /
You Pay: $170 /
You Pay: $99.99 /
Save: $68 + FREE $198 CD
Save: $14
Save: $63 + FREE $198 CD
Save: $6
Save: $46 + FREE $198 CD
Save: $8
U.S. - Two Years (24) Cover: $168 You Pay: $99.99 /
U.S. - One Year (12) Cover: $84 You Pay: $69.99 /
Can/Mex - Two Years (24) $192 You Pay: $129 /
Can/Mex - One Year (12) $96
You Pay: $89.99 /
Int’l - Two Years (24) $216
You Pay: $170 /
Int’l - One Year (12) $108
You Pay: $99.99 /
Save: $68 + FREE $198 CD
Save: $14
Save: $63 + FREE $198 CD
Save: $6
Save: $46 + FREE $198 CD
Save: $8
■ .NET Developer’s Journal
■ XML-Journal
U.S. - Two Years (24) Cover: $168
U.S. - One Year (12) Cover: $84
Can/Mex - Two Years (24) $192
Can/Mex - One Year (12) $96
Int’l - Two Years (24) $216
Int’l - One Year (12) $108
■ U.S. ■ Can/Mex ■ Intl.
■ U.S. ■ Can/Mex ■ Intl.
■ U.S.■ Can/Mex ■ Intl.
•Choose the Multi-Pack you want to order by checking
next to it below. •Check the number of years you want to
order. •Indicate your location by checking either U.S.,
Canada/Mexico or International. •Then choose which
magazines you want to include with your Multi-Pack order.
U.S. - Two Years (24) Cover: $360
U.S. - One Year (12) Cover: $180
Can/Mex - Two Years (24) $360
Can/Mex - One Year (12) $180
Int’l - Two Years (24) $360
Int’l - One Year (12) $180
You Pay: $169.99 /
You Pay: $149 /
You Pay: $179.99 /
You Pay: $169 /
You Pay: $189.99 /
You Pay: $179 /
Save: $190 + FREE $198 CD
Save: $31
Save: $180 + FREE $198 CD
Save: $11
Save: $170 + FREE $198 CD
Save: $1
■ ColdFusion Developer’s Journal
■ Web Services Journal
U.S.- Two Years (24) Cover: $168
U.S. - One Year (12) Cover: $84
Can/Mex - Two Years (24) $192
Can/Mex - One Year (12) $96
Int’l - Two Years (24) $216
Int’l - One Year (12) $108
TO
ORDER
■ 1YR ■ 2YR
■ 1YR ■ 2YR
■ 1YR ■ 2YR
■ WebLogic Developer’s Journal
You Pay: $79.99 /
You Pay: $39.99 /
You Pay: $119.99 /
You Pay: $79.99 /
You Pay: $176 /
You Pay: $99.99 /
■ Java Developer’s Journal
U.S. - Two Years (24) Cover: $144
U.S. - One Year (12) Cover: $72
Can/Mex - Two Years (24) $168
Can/Mex - One Year (12) $84
Int’l - Two Years (24) $216
Int’l - One Year (12) $108
■ 3-Pack
■ 6-Pack
■ 9-Pack
U.S. - Two Years (24) Cover: $216
U.S. - One Year (12) Cover: $108
Can/Mex - Two Years (24) $240
Can/Mex - One Year (12) $120
Int’l - Two Years (24) $264
Int’l - One Year (12) $132
You Pay: $129 /
You Pay: $89.99 /
You Pay: $159.99 /
You Pay: $99.99 /
You Pay: $189 /
You Pay: $129.99 /
Save: $87 + FREE $198 CD
Save: $18
Save: $80 + FREE $198 CD
Save: $20
Save: $75 + FREE $198 CD
Save: $2
■ Wireless Business & Technology
U.S. - Two Years (24) Cover: $144
U.S. - One Year (12) Cover: $72
Can/Mex - Two Years (24) $192
Can/Mex - One Year (12) $96
Int’l - Two Years (24) $216
Int’l - One Year (12) $108
You Pay: $89 /
You Pay: $49.99 /
You Pay: $139 /
You Pay: $79.99 /
You Pay: $170 /
You Pay: $99.99 /
Save: $55 + FREE $198 CD
Save: $22
Save: $53 + FREE $198 CD
Save: $16
Save: $46 + FREE $198 CD
Save: $8
■ WebSphere Developer’s Journal
U.S. - Two Years (24) Cover: $360
U.S. - One Year (12) Cover: $180
Can/Mex - Two Years (24) $360
Can/Mex - One Year (12) $180
Int’l - Two Years (24) $360
Int’l - One Year (12) $180
You Pay: $169.99 /
You Pay: $149 /
You Pay: $179.99 /
You Pay: $169 /
You Pay: $189.99 /
You Pay: $179 /
Save: $190 + FREE $198 CD
Save: $31
Save: $180 + FREE $198 CD
Save: $11
Save: $170 + FREE $198 CD
Save: $1
■ PowerBuilder Developer’s Journal
You Pay: $99.99 /
You Pay: $69.99 /
You Pay: $129 /
You Pay: $89.99 /
You Pay: $170 /
You Pay: $99.99 /
Save: $68 + FREE $198 CD
Save: $14
Save: $63 + FREE $198 CD
Save: $6
Save: $46 + FREE $198 CD
Save: $8
U.S. - Two Years (24) Cover: $360
U.S. - One Year (12) Cover: $180
Can/Mex - Two Years (24) $360
Can/Mex - One Year (12) $180
Int’l - Two Years (24) $360
Int’l - One Year (12) $180
You Pay: $169.99 /
You Pay: $149 /
You Pay: $179.99 /
You Pay: $169 /
You Pay: $189.99 /
You Pay: $179 /
Save: $190 + FREE $198 CD
Save: $31
Save: $180 + FREE $198 CD
Save: $11
Save: $170 + FREE $198 CD
Save: $1
*WHILE SUPPILES LAST. OFFER SUBJECT TO CHANGE WITHOUT NOTICE
Subscribe Online Today www.sys-con.com/2001/sub.cfm
6-Pack
Pick any 6 of our
magazines and save
up to $35000
Pay only $395 for a
1 year subscription
plus 2 FREE CDs
• 2 Year – $669.00
• Canada/Mexico – $555.00
• International – $710.00
9-Pack
Pick 9 of our
magazines and save
up to $40000
Pay only $495 for a
1 year subscription
plus 3 FREE CDs
• 2 Year – $839.00
• Canada/Mexico – $695.00
• International – $890.00
EXCLUSIVE INTERVIEW
Xandros on the Desktop
Means Business
A talk with Dr. Frederick H. Berenstein,
director of Xandros, Inc.
With a new business desktop, a “Best Front Office Solution” award, and an
expanding product line, things are looking good for Xandros. LWM Editor-in-Chief
Kevin Bedell spoke with Dr. Frederick H. Berenstein at LinuxWorld Expo; here he
shares the history of Xandros and, more important, what he sees in the future.
LWM: So, Frederick, tell us a little bit about
Xandros and where it came from.
Berenstein: Xandros originally came from
the acquisition of the former Corel Linux
Business Division by a group of investors
called Linux Global Partners. That took
place in 2001, and it was sort of the last
major acquisition that Linux Global
Partners did after they invested in and
started some of the best-known companies in the Linux world today. For
instance, Linux Global Partners started
Ximian, which was sold to Novell this past
summer, and Linux Global Partners also
started CodeWeavers, which is famous for
the CrossOver Office applications.
LWM: That’s pretty interesting; I hadn’t
realized they were involved in those other
projects. So you acquired what had been
the Linux group from Corel – what was the
motivation behind that?
Berenstein: When Linux Global Partners
was originally started, our idea was that
in order to make a viable alternative to
the Windows desktop we would need to
invest in the technologies and applications that we felt were essential for people using a desktop on a day-to-day basis.
Our ultimate idea at that point, that was
1998, was that at sometime in the future
A B O UT
TH E
I NTE R V I E W E R
Kevin Bedell is editor-in-chief of LWM.
[email protected]
MAY 2004
DR. FREDERICK H. BERENSTEIN
DIRECTOR OF XANDROS, INC.
we would take all of these applications
and technologies, and go to one of the
major distributors and say, “Let’s do a
joint venture – your distribution, our
applications.” But what happened was
Corel came out with an award-winning
Linux desktop, and after a year of very
60
I NTE R V I E W
BY
KE V I N
B E D E L L
successful selling, they came to us and
said, “Let’s do a joint venture.” Along the
way Corel ran into some financial difficulties; they took an investment from
Microsoft and decided to divest themselves of the Linux Business Division,
which gave us the opportunity to acquire
a distribution rather than do a joint venture. After that acquisition, we renamed
the company Xandros, and that’s how
Xandros was born.
LWM: There are so many distributions –
how would you position Xandros among
the different distributions available
today?
Berenstein: I think of the commercially
viable distributions, the real difference is
that Xandros has an extended business
plan that is logically thought out. We
started with the consumer market, precisely because the consumer is in one or
another way the most demanding user.
He’s the most dependent; he needs to
have things done mostly for him. We
wanted a proof-of-concept that if we put
out a desktop that was easy to install,
totally familiar to Windows users, and
totally compatible with Microsoft files,
that people would simply be able to
install it and go back to work. This has
garnered reviews from people saying
about our 1.0 product, “It just works.”
Everything works right out of the box.
About our 2.0 product we got a review
yesterday that said “If you’re coming
from Windows to Linux, this is the distro
to buy. It’s that good.” So we felt that if
we could make that proof-of-concept,
which is what we’ve basically spent the
first year and a half doing, we would then
move on in our logical chain to enterprise products.
www.LinuxWorld.com
ers
evelop
D
:
N
ATT
EXCLUSIVE INTERVIEW
P
U
P
E
T
So the mike
We announced today the Xandros Business Desktop and
the Xandros Desktop Management Server, or xDMS. We have
further plans down the road obviously for server products.
There’s a logical progression here. I think the other major
distributions primarily started off saying, “Let’s go after the
server market, it’s the low-hanging fruit,” and that’s why
they’re there. Now they’re having second thoughts and saying,
“Well, maybe we should do a desktop.” It’s not because it was
thought out that way from the beginning, but simply because
it seems to suddenly be a very big and appealing market.
t
and be...
http:/
!
D
R
A
HE
Calling Sleek Geeks
Everywhere!
LWM: I’ve also heard wonderful reviews from people
who have used the product. I understand that one of
its real strong points is how Windows applications
or Windows files can still be used within the Xandros
distribution. Can you comment a little on that? Was it
a conscious decision?
Berenstein: That was a very conscious decision. Right at the
beginning, and several years before Xandros became Xandros,
the philosophy that I and Will Rosen, my partner at Linux
Global Partners, had adopted was this: the position that other
Linux companies were taking at the time of “We’re going to give
you Linux; it’s so much more stable; it’s so much more secure;
you’ll learn how to do things our way and you’ll love it,” was the
wrong way to go.
You have to be realistic and realize that no matter what you’re
doing, you’re selling into a Windows world. Every article about
PCs always says Microsoft has 92% of the market, 94% of the
market – it’s always over 90%, and so the reality is that you’re
selling into a Windows world. Everybody out there is using a box
with Windows on it. So when 1.0 came out it was, amazingly, the
only distribution in 2001 that had automatic domain authentication against Microsoft servers. With every other distribution,
even if they would allow you to recognize it through one technology or another, you had to go in each time; you had to identify yourself; and you had to authenticate yourself. But the
Xandros 1.0 product did automatic domain authentication.
Similarly, when 1.1 came out last April very quietly in response
to our corporate customers, it was the only Linux distribution –
and it’s possibly the only one today – that had automatic support for Active Directory Servers. And our feeling is that anybody who doesn’t offer those things is pretending that they’re
not selling into a Windows world. We know we’re selling into a
Windows world.
As far as support for Microsoft Office files, we put that capability in as well as the ability to install Microsoft Office directly
on the Xandros desktop because, at least for the foreseeable
future, those are the applications that a lot of people use. Those
are the applications where they have 10 or 12 years of data files
in Word format and in Excel format, and those are the files that
they cannot lose and don’t have time to change to some other
format. They can’t afford to filter them through some other
application, with the result being that they sort of get the document but maybe the formatting doesn’t come out right, or
maybe the macros don’t work. They have to just be able to put in
the Xandros desktop and go back to work. So it was a very conscious decision.
www.LinuxWorld.com
om
Go t/odeveloper.sys-con.c
Make sure you have your finger on
the pulse of i-Technology...bookmark
http://developer.sys-con.com today.
i-Technology
News
i-Technology
Views
i-Technology
Comment
i-Technology
© COPYRIGHT 2003,
SYS-CON MEDIA
WWW.SYS-CON.COM
Debate
LWM Advertiser Index
Advertising Partner
Web Site URL
Phone #
Page #
ARKEIA
WWW.ARKEIA.COM
760-431-1319
8
CLEARNOVA
WWW.CLEARNOVA.COM/THINKCAP
770-442-8324
57
COMPUTER ASSOCIATES
WWW.CA.COM/LINUX
631-342-6000
68
COMTROL
WWW.COMTROL.COM
800-926-6876
17
FREE SOFTWARE FOUNDATION
WWW.GNUPRESS.ORG
617-542-5942
25
GRAPHON
WWW.GRAPHON.COM/LINUX
800-GRAPHON
14-15
INFORMATION STORAGE + SECURITY JOURNAL
WWW.ISSJOURNAL.COM
888-303-5282
55
INSTALLSHIELD
WWW.INSTALLSHIELD.COM/SOLUTION
847-466-4000
11
IT SOLUTIONS GUIDE
WWW.SYS-CON.COM/IT
888-303-5282
41
JAVAONE
WWW.JAVA.SUN.COM/JAVAONE/SF
888-886-8769
23
LINUX RESOURCE CD
WWW.SYS-CON.COM/FREECD
888-303-5282
58
LINUXWORLD MAGAZINE
WWW.LINUXWORLD.COM
888-303-5282
47,49,51
MONARCH COMPUTER SYSTEMS
WWW.MONARCHCOMPUTER.COM/LW
800-611-0875
2-3
MSI COMPUTER CORPORATION
WWW.MSI.COM.TW
408-941-0808
21
NOVELL
WWW.NOVELL.COM/LINUX
800-513-2600
5
RARITAN
WWW.RARITAN.COM/902
800-724-8090 X902
19
REVELATION SOFTWARE
WWW.REVELATION.COM/LWPRINT/LWHOME
800-262-4747
6
RLX
WWW.RLX.COM
281-863-2100
67
SYS-CON INDUSTRY NEWSLETTERS
WWW.SYS-CON.COM
888-303-5282
43
SYS-CON MEDIA LIST RENTAL
WWW.SYS-CON.COM
800-223-2194
37
SYS-CON PUBLICATIONS
WWW.SYS-CON.COM/2001/SUB.CFM
888-303-5282
59
WEB SERVICES JOURNAL
WWW.WSJ2.COM
888-303-5282
63
General Conditions: The Publisher reserves the right to refuse any advertising not meeting the standards that are set to protect the high editorial quality of. All advertising is subject to approval by the Publisher. The Publisher assumes no liability for any costs or damages incurred if for any reason the Publisher fails to publish an advertisement. In no event shall the Publisher be liable for any costs or damages in excess of the cost of the advertisement as a result of a mistake in the advertisement or for
any other reason. The Advertiser is fully responsible for all financial liability and terms of the contract executed by the agents or agencies who are acting on behalf of the
Advertiser. Conditions set in this document (except the rates) are subject to change by the Publisher without notice. No conditions other than those set forth in this “General
Conditions Document” shall be binding upon the Publisher. Advertisers (and their agencies) are fully responsible for the content of their advertisements printed in
ColdFusion Developer’s Journal. Advertisements are to be printed at the discretion of the Publisher. This discretion includes the positioning of the advertisement, except
for “preferred positions” described in the rate table. Cancellations and changes to advertisements must be made in writing before the closing date. “Publisher” in this
“General Conditions Document” refers to SYS-CON Publications, Inc.This index is provided as an additional service to our readers. The publisher does not assume any
liability for errors or omissions This index is provided as an additional service to our readers. The publisher does not assume any liability for errors or omissions.
61
MAY 2004
EXCLUSIVE INTERVIEW
LWM: So where is Xandros at today – what
do you have going on now, and what do
you see happening over the next 12
months?
Berenstein: Just on behalf of all the
developers we have, the most important
thing that’s happened in the last day is
that we won the “Best Front Office
Solution” award here at LinuxWorld
Expo. It was a real tribute to the men we
have working up in Canada and to their
managers; all of them are down here at
the show. As far as the future goes, we
have announced today the Xandros
Business Desktop; we announced xDMS,
which is Xandros’ wide area deployment
manager for enterprises, and we also
announced a little bit of the future in
terms of thin clients and future server
that you can schedule to run, for example,
every day at midnight. Actually, in the
Xandros management server you can
make a perfect PC protocol, take a snapshot of it, and deploy that over any number of servers in a network, any number of
hosts, or any group of hosts. You can also
define specifically, “Okay, this is the perfect arrangement for people who are doing
word processing all day; this is the perfect
arrangement for people in the accounting
department.” And you just deploy those
specific systems that you’ve put together
to those specific PCs. With the remote
management control, for instance, on
Xandros networks if you go in and there
are security patches or kernel updates,
they’re automatically downloaded and
installed. You can download these things
pounded Annual Growth Rate] of about
33%. Currently, the CAGR of Linux on the
desktop is 44%, so I think what you’re
going to see is the kind of algorithmic
deployment of Linux on both the desktop
and the server over the next three to four
years. It’s going to go from a very small
percentage to upwards of 40% on a global
basis.
LWM: What industries or markets do you
think are going to be the earliest
adopters?
Berenstein: I think that governments,
because of cost issues as well as security
issues, are major Linux clients. Linux is a
very cost-effective solution for computers in the school systems. As of this date,
24 countries have had national votes to
“We started with the consumer market,
precisely because the consumer is
in one or another way the
most demanding user”
products. We’re basically growing our
product line as we see that the way
we’ve done things has been successful
for consumers, who are the most needy
and the most dependent. We’re now
growing the product line out so that
ultimately Xandros will provide an
end-to-end solution for every type
of user.
LWM: What’s the idea behind the Business
Desktop? Does it have remote management, remote deployment of applications,
remote control of policies? How does that
all work?
Berenstein: The Business Desktop
includes a variety of features in terms of
operating within a mixed network environment that aren’t in the Deluxe or
Standard versions. The wide area deployment and enterprise management tools
are going to be a separate xDMS product
MAY 2004
to the management server and you can
schedule this – for example, every day at
midnight. If there are any critical patches
or kernel patches, you can simply apply
them to all the PCs that are attached to
the management server. So it has very
powerful wide area deployment tools and
very powerful remote management tools.
LWM: It sounds like you’re really listening
to the corporate users and trying to
provide tools for them to manage whole
departments. What’s in store for the future?
Berenstein: I think what’s going to be in
store for the future is continued growth
of Linux both on the server side and on
the desktop side. I think everybody is
kind of familiar with Linux’s astronomical growth on the server side – from
about 2% of the server market to almost
30% of the server market. And that’s basically been based on a CAGR [Com-
62
wire their school systems to the Internet
using Linux. So they’re already going to
have all these students sitting in front of
boxes using Linux to do searches on the
Internet, and it’s a logical progression
that they’ll use Linux desktops and Linux
applications to integrate those results
into spreadsheets, reports, and things
like that. I think that when you realize
that supposedly there are 500 million
PCs in use, and that the number of students represented by the 24 countries
that have decided to do this is larger
than that number, you realize that in 10
or 12 years you’re going to have 600 or
700 million students who spent their
entire school life in front of a Linux computer, not a Windows computer. I think
that there’s just astronomical growth and
that it’s going to be totally algorithmic
from this point on.
LINUXWORLD MAGAZINE WWW.LINUXWORLD.COM
www.LinuxWorld.com
The B
est
LEARN WEB SERVICES. GET A NEW JOB !
.NET
Cove
ra
ge
Guar
antee
d!
SUBSCRIBE TODAY TO THE WORLD’S
LEADING WEB SERVICES RESOURCE
Get Up to Speed with the Fourth Wave in Software Development
• Real-World Web Services: XML’s Killer App!
• How to Use SOAP in the Enterprise
• Demystifying ebXML for success
• Authentication, Authorization, and Auditing
• BPM - Business Process Management
• Latest Information on Evolving Standards
• Vital technology insights from the nation’s
leading Technologists
• Industry Case Studies and Success Stories
• Making the Most of .NET
• Web Services Security
•
•
•
•
•
How to Develop and Market Your Web Services
EAI and Application Integration Tips
The Marketplace: Tools, Engines, and Servers
Integrating XML in a Web Services Environment
Wireless: Enable Your WAP Projects and Build
Wireless Applications with Web Services!
• Real-World UDDI
• Swing-Compliant Web Services
• and much, much more!
On
1 yealy $69.99 f
r (12
or
* New
i
s
sstand
s
u
e
price
s)*
$83.8
8f
or 1 y
Subsc
ear
ribe o
nline
www.
wsj2
at
call 8
.com
or
88 30
*Offer
3-525
subject
to chan
2
ge with
out noti
ce
SYS-CON Media, the world's leading i-technology publisher of developer magazines and journals,
brings you the most comprehensive coverage of Web services.
As Linux moves in everywhere within enterprise computing – in embedded
solutions, on the desktop, in distributed applications, and on mainframes –
NEWS
HA-OSCAR 1.0 Beta Release
(Ruston, Louisiana) – The eXtreme
Computing Research (XCR) group at
Louisiana Tech University is pleased to
announce the first public release HAOSCAR 1.0 beta. High Availability Open
Source Cluster Application Resource (HAOSCAR) is an open
source project that aims
for nonstop services in
the HPC environment through a combined
power of high availability and performance
computing solutions. The goal is to enhance
a Beowulf cluster system for mission-critical
applications and downtime-sensitive HPC
infrastructures. To achieve high availability,
component redundancy is adopted in an
HA-OSCAR cluster to eliminate single point
of failures, especially at the head node. HAOSCAR also incorporates a self-healing
mechanism; failure detection and recovery;
automatic failover; and fail-back.
The 1.0 beta release supports new highavailability capabilities for Linux Beowulf
clusters based on OSCAR 3.0. It provides
an installation wizard GUI and a Webbased administration tool that allows a
user to create and configure a multihead
Beowulf cluster. A default set of monitoring services is included to ensure that critical services, hardware components, and
important resources are always available
at the control node. New services can be
configured and added via a WebMin-based
HA-OSCAR administration tool.
http://xcr.cenit.latech.edu/ha-oscar
DataMAX Software Group, Inc., and
AML Announce Global Partnership
(Euless, TX) – AML, a developer and man-
the Linux Business Week News Desk brings you all the latest developments.
ufacturer of data collection products, has
announced a global partnership with The
DataMAX Software Group, Inc. Under the
new partnership,
DataMAX becomes a
worldwide distributor for
AML’s RF data collection hardware and
will offer AML hardware to its existing VAR
channel and customers.
“AML is delighted to announce our
worldwide distributor agreement with
DataMAX Software Group,” said Mike
Kearby, AML president. “Our new partnership with DataMAX provides an exceptional
opportunity to work with a market leader in
ADC development systems to extend the
availability of AML wireless data collection
hardware to a worldwide customer base.”
AML is a manufacturer of high-performance bar code and data collection products. Since 1983, AML and its partners have
helped companies increase business efficiency and productivity – in manufacturing, warehousing, retail, health care,
finance, government, and education. AML
products are made in the United States and
backed with lifetime, toll-free technical
support.
www.amltd.com
LPI-US Launches National Linux
Training Partner Program
(Hattiesburg, MS) –
The Linux
Professional Institute’s United
States Affiliate (LPI-US) is
pleased to announce that The Training
Camp has been approved to receive designation as an LPI-US Approved Training
Partner (LATP).
“The LATP program was established to
identify and support professional IT training centers that demonstrate a higher level
of commitment to LPI and IT professionals,” said LPI-US program manager Wesley
Duffee-Braun. “We have tremendous support for the LATP program throughout the
country, and we’re pleased and honored to
have The Training Camp serve as the inaugural member.”
Participation in the LATP program
requires that the training center use third–
party approved training materials, use LPI
certified instructors, and adhere to the LPI
Training and Academic Code of Ethics.
“The LATP designation shows that a
training center is committed to offering the
highest level of professional Linux training,” said Duffee-Braun. “By partnering
with LPI-US as a LATP, The Training Camp
has committed to leading the way for vendor-neutral Linux certification in the
United States.
www.trainingcamp.com
www.lpi-us.org
Novell Announces Expanded
Commercial Agreement With IBM
(Salt Lake City) – Novell has
announced an agreement
with IBM enabling IBM to
ship SUSE LINUX
Enterprise Server, which
customers license from Novell, with IBM’s
servers. This agreement will provide Novell
an exciting new channel to supply SUSE
LINUX to businesses around the world.
As part of the agreement, IBM can ship or
preload SUSE LINUX Enterprise Server
across its entire server line, including IBM
NetZyme Enterprise Version 6 – ‘Any to Any’ Middleware
enterprise application integration (EAI) problem: the real-time convergence of data between hardware, software, communication
paradigms, and mobile as well as embedded devices. NetZyme
Enterprise is a fully extensible integration broker middleware
that allows legacy applications to be transformed automatically, such that multiple distributed clients can access their data
and functionality dynamically, bi-directionally, securely, in real
time, and with mission-critical reliability.
www.creativescience.com
(San Jose, CA) – Creative Science Systems, Inc., has announced that
it will begin shipping the latest version of its flagship product, NetZyme Enterprise Version 6. NetZyme
Enterprise is an integration middleware that seamlessly integrates systems across platforms, protocols,
and programming languages. NetZyme Enterprise can
be operated on any version of Windows, any flavor of
Unix and Linux, and mainframes.
NetZyme Enterprise resolves the toughest and most prevalent
MAY 2004
64
www.LinuxWorld.com
AROUND
THE
eServer iSeries, pSeries, xSeries, and zSeries,
as well as IBM’s eServer BladeCenter systems. The parties have extended IBM’s existing agreement with SUSE LINUX, and
Novell will continue to develop and support
SUSE LINUX on all IBM server platforms.
“The momentum behind Linux in the
marketplace continues to grow,” said Jack
Messman, chairman and CEO of Novell.
“Novell is working with companies like IBM
to deliver the powerful, fully supported
SUSE LINUX platform on leading enterprise
servers. Customers know that they’re getting
top-quality performance backed by the
global technical support and services they
need from Novell. This marks a critical step
in making Linux mainstream in the corporate data center.”
www.novell.com
www.ibm.com
MontaVista Software Unveils
Embedded Linux Board Support
Toolkit and Certification Program
(Sunnyvale, CA) – MontaVista Software, Inc.,
has announced the
establishment of the
MontaVista LSP
Certification Program. In support of the program, which is the first of its kind in the
embedded Linux industry, MontaVista
Software has also announced the MontaVista
Board Support Toolkit (BST) for MontaVista
Linux Professional Edition. Designed for
Independent Hardware Vendors (IHVs) and
embedded developers, the BST delivers the
test and verification tools needed to accelerate generation of custom Linux support
packages (LSPs) for certification with
MontaVista Linux.
Using the MontaVista Board Support
Toolkit, board and system vendors can now
create custom Linux support packages for
their specific chips and boards, which can
then be certified by MontaVista. MontaVista
Software will provide direct technical customer support for all such certified LSPs.
Embedded developers building devices
powered by MontaVista Linux can use the
BST to do their own debugging and Q&A,
accelerate their product time–to-market,
and mitigate unnecessary risk. They can
test LSPs on their own custom hardware
platforms and improve the efficiency of the
porting process while leveraging their own
www.LinuxWorld.com
LINUXWORLD
in-house expertise to validate their own
LSPs for MontaVista Linux.
The MontaVista LSP Certification
Program lets IHVs recognize the competitive advantage of supporting MontaVista
Linux. More important, they can control
their own development schedule and costs,
streamlining time-to-market and focusing
resources on their own unique value-add.
www.mvista.com
TimeSys Delivers Embedded Linux
RTOS and TimeStorm Development
Tools for the Pentek Model 4294
VME Board
(San Francisco) – TimeSys Corporation has
announced that it has delivered a ready-torun Linux RTOS Software Development Kit
(SDK) and TimeStorm tools for Pentek’s
Model 4294 VME Board, a high-performance VME bus single-board computer
used in applications requiring supercomputing power and intensive communications capabilities. The new TimeSys Linux
RTOS SDK and TimeStorm development
and testing tools will help embedded system developers to more quickly and easily
develop embedded Linux applications on
the Pentek Model 4294 VME platform.
Pentek’s Model 4294 Quad PowerPC
AltiVec 6U VME board incorporates a
unique blend of powerful resources coupled through high-speed data paths to revolutionize next-generation, real-time
embedded DSP systems. To accelerate
development cycles for products utilizing
the Pentek board, the new
Linux RTOS SDK from
TimeSys provides a singlekernel Linux real-time operating system,
certified device drivers, Windows- and
Linux-hosted cross-platform GNU tool
chains, hundreds of Linux utilities and
libraries, and the powerful GUI-based
development tool, TimeStorm IDE.
www.timesys.com
Storix, Inc., Announces Version 5.1
and a New Licensing Option
(San Diego) – Storix, Inc., has announced
the release of Storix System Backup
Administrator (SBA) version 5.1, a backup
and disaster recovery solution for AIX and
Linux. In addition to the many new product features, Storix has added an afford-
65
NEWS
able licensing option for Linux desktop
users.
“The benefits of using
the Linux operating system
are no longer limited to the
business community. We are noticing the
migration from MS Windows to Linux and
we have tailored our new version 5.1 to not
only meet the demands of business, but
also meet the needs of the home user,”
explained Anthony Johnson, president and
CEO of Storix, Inc.
One of the major changes implemented
was the support of spare disks as a backup
medium. “Home users do not usually own
expensive tape drives, but they often have a
spare hard disk that they could use to store
backup data. The purchase of a spare disk
is often far less expensive than most tape
drives,” explained Rich Turner, director of
product development at Storix, Inc. “SBA
version 5.1 adds the ability to send full-system backups to a bootable spare hard disk,
from which the user can reinstall the entire
system or restore selective files. For corporate users, this provides the ability to clone
or migrate systems to new hardware using
SAN attached or removable hard disks.”
www.storix.com
Mobility Electronics Announces
Support for Red Hat Linux
Operating System
(Scottsdale, AZ) – Mobility Electronics, Inc.,
a leading provider of innovative portable
computing solutions for the mobile electronics device user, has announced that it
has added support for the Red Hat Linux 9
operating system in its MAGMA PCI-to-PCI
Expansion Systems.
In the past, Mobility Electronics’ MAGMA
operating system support has backed the
Windows, Mac OS, and Solaris environments. Adding Red Hat Linux to the list of
supported operating systems will allow
Mobility Electronics to support a substantial user base with a new method to add
more PCI slots to their Linux-based desktop
computer or server.
Mobility Electronics’ MAGMA-branded
line of patented PCI expansion products
provide a cost-effective method to add
additional
PCI slots
to desktop
MAY 2004
NEWS
computers and servers, and eliminate the
need to purchase a high-end, expensive
host machine.
“Red Hat Linux support has been
released in response to customer demand
to use our PCI-to-PCI Expansion products
with host computers running under the
Linux operating system,” said Charlie
Mollo, chief executive officer of Mobility
Electronics. “By offering support to the
Linux community, we will be able to target
new customers in robust application environments used by the military, scientific,
and university markets.”
www.mobilityelectronics.com
nodes, scaling to hundreds of Intel
Itanium 2 microprocessors. Each node in
an SGI Altix 3000 supercluster can combine up to 256 processors in a single
Linux operating system image. With its
unique global shared-memory capabilities
and industry-leading SGI NUMAlink
interconnect fabric, the SGI Altix 3000
supercluster is ideal for managing complex data sets and complete workflows,
enabling the highest levels of innovation
for technical users. The Parallel
Computing Research Infrastructure (PCRI)
project at Strathclyde University covers a
multitude of scientific projects. For
instance, researchers will leverage the SGI
Altix 3000 supercluster to study virtual
photonics, in which numerical models
simulate new laser systems.
Launched at the beginning of 2003, the
SGI Altix 3000 family of products has
already been adopted by more than 200
customers, including more than 25 major
research organizations around the world,
such as the University of Tokyo’s
Earthquake Research Institute, the
Queensland Parallel Supercomputer
Foundation, the University of Cambridge’s
COSMOS project, and the UK academic
supercomputing service, CSAR, based at
the University of Manchester.
www.sgi.com
Strathclyde University Scientists to
Deliver Faster Research Projects
with New SGI Altix 3000
Novell to Cross NetWare with SUSE to Create Hybrid
(Mountain View, CA, and London) –
Silicon Graphics has announced that
physics, chemistry, mathematics, and
biology researchers at the University of
Strathclyde in Glasgow, Scotland, will run
a wide range of applications on a new SGI
Altix 3000 supercluster, which was
installed in December 2003. Deployed by
the academic consortium of the Faculty
of Science, headed by the Department of
Physics, the Linux OS–based SGI Altix
3000 system will help university scientists
to develop a number of
research projects with the
help of high-performance
parallel computing. The new
Altix system is powered by 28 Intel
Itanium 2 processors and 36GB of system
memory, and leverages an SGI
InfiniteStorage solution with 1TB of
capacity.
The university is using the Altix system’s
open source environment to make it easily available to high-performance computing (HPC) applications in multiple disciplines, including mathematics, statistics,
virtual photonics, atomic physics, chemistry, biology, and even architecture.
Strathclyde selected Altix 3000 over a PCbased cluster solution because of its flexibility in accepting different numerical
codes, easy administration, low latency,
and peak power performance.
The SGI Altix 3000 supercluster offers
global shared memory across multiple
Novell talked up a combined NetWare-SUSE product dubbed Open Enterprise Server (OES) at
its recent BrainShare user conference. It expects to have it in the can at the end of the year.
It says this bridge between its past and future will deliver networking capabilities associated
with NetWare 7, SUSE Enterprise Server 9, and Ximian.
The once-great NetWare, whose demise has been announced as many times as Frank
Sinatra retired, is now supposed to vanish as a stand-alone product at the end of the year.
As the foundation of this new OES stuff, however, it’ll keep being upgraded, Novell said.
Novell said NetWare 7 won’t be ready until the end of the year, which is a year better than
the schedule.
Novell said the hybrid will provide all the components necessary to establish a manageable,
low-cost infrastructure for hosting mission-critical networking services.
Novell’s new Nterprise Linux Services is supposed to transparently interoperate between the
two environments. For example, if you have NetWare servers delivering print services and SUSE
servers running the file system, or vice versa, you can print between the two, independent of
where the files are.
The company said Open Enterprise Server is packaged to get NetWare customers to start
migrating to Linux. It’s supposed to let them move
at their own pace. Novell is converging the license
used with NetWare to cover both operating systems.
There are no prices yet, but the widgetry is
supposed to be free to NetWare customers under maintenance
and available on either a per-user or per-server basis to new
implementations. Novell will be sending maintenance customers a copy of Linux to warm
them up.
Credit Suisse says comparing the prices of OES against Red Hat will be “extremely difficult,”
but considers Novell/SUSE more pragmatic about pricing than Red Hat, whose Enterprise pricing is “less granular.”
The broker is expecting Novell to take market share in Linux by converting some of its
NetWare base to SUSE and to take some share outside its base in Linux servers used for infrastructure services.
www.novell.com
www.suse.com
MAY 2004
66
www.LinuxWorld.com
Web Footed
The right management software allows you to
seamlessly integrate Linux into your infrastructure.
Linux Management Software
No matter what type of Linux implementation you have planned, you’ll still need management software to ensure
that it’s seamlessly integrated across your enterprise. Our management software solutions help maximize
the potential of Linux across your entire business by letting you take full advantage of its unique scalability and
open-source programming. As a result, you can increase productivity while decreasing total cost of ownership.
To find out more about our continuing commitment to Linux innovations, go to ca.com/linux today.
© 2003 Computer Associates International, Inc. (CA). All rights reserved.
Web Savvy