doclinuxworld_vol1issue.. - Dayton Microcomputer Association
download 
Report Transcription
linuxworld_vol1issue.. - Dayton Microcomputer Association
L TI S UN 3 ER Y 00 IL A 2 A PL 1, 3 ET S R DI ER SE MB EA CE PL DE Taking the Cost Out of Firewalls: Knowing Your Linux Pays WWW.LINUXWORLD.COM THE LEADING MAGAZINE FOR ENTERPRISE AND IT MANAGEMENT PREMIER 2003 VOL.1 ISSUE 1 Why Migrate L SPECIA R PREMIEE! ISSU — OF — LWM Facing Microsoft’s Fury... Taking the Geek Out of Linux A Talk with Michael Robertson of Lindows.com to Linux? A comprehensive solution for enterprise IT By Gaël Duval Cofounder of MandrakeSoft FREE $198 Exclusive Interview with Eric Steven Raymond LWM talks to the cofounder and president of the Open Source Initiative (OSI) $9.99US $9.99CAN 0 09281 02976 09 2 The Rise of Linux in the Enterprise Big Gains in Small Business Dominance is the forecast for coming years The benefits of Linux for small business USA DVD! SIGN UP NOW INCLUDES THE COMPLETE... SEE PAGES 50-51 FOR DETAILS Special Charter Subscription Offer! ARCHIVES! EllisIsland.org Welcomes 70 Million Visitors a Month With Oracle, HP and Red Hat More than 70 million monthly visitors look for their past with the IT infrastructure of the future: HP Adaptive Enterprise Solutions, Oracle9i Real Application Clusters, and Red Hat Enterprise Linux oracle.com/hp or call 1.800.633.0753 Copyright © 2003, Oracle Corporation. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. PREMIER 2003 2 www.LinuxWorld.com TM www.LinuxWorld.com 3 PREMIER 2003 TABLE OF CONTENTS Inside... What’s THE LEADING MAGAZINE FOR ENTERPRISE AND IT MANAGEMENT PREMIER 2003 VOL.1 ISSUE 1 [7] From the Editor Beyond the Hype BY KEVIN BEDELL [9] Guest Editorial ‘Back from the Future’ BY ALAN WILLIAMSON [16] Separating the Wheat from the Chaff Evaluating a candidate’s skills BY ROB JONES [22] Practical Methods for Combatting Spam Tackling the problem of overflowing inboxes BY DAVID F. SKOLL [32] Striking the Balance Free software projects have to find a reasonable balance between business interests and other interests BY IAN LANCE TAYLOR [34] NetOp Remote Control for Linux Instant access to Linux machines REVIEW BY TOM MONTGOMERY [36] Hyper-Threading Linux HT performance gains make a strong case for Linux BY PAUL BEMOWSKI [40] Enterprise Management for Linux Server Consolidation A holistic approach to migration BY JAH’J UAN ROGERS [10] [44] The Rise of Linux in the Enterprise [46] Big Gains in Small Business Linux provides a complete solution for a growing manufacturing company BY MARKUS KLAUSER Dominance is the forecast for coming years A Talk with the Father of sendmail Eric Allman on evolution in the IT universe BY VINCE RE INTERVIEW BY ALAN WILLIAMSON PREMIER 2003 4 www.LinuxWorld.com FREE $198 DVD! SEE PAGES 50-51 FOR DETAILS [52] — SIGN UP NOW — TABLE OF CONTENTS SPECIAL CHARTER SUBSCRIPTION OFFER! Linux Initiatives at IBM Nobody ever got fired for picking...Linux? An interview with Scott Handy INTERVIEW BY KEVIN BEDELL [54] Making Linux Unbreakable, Keeping Linux Open LWM speaks with Wim Coekaerts, Oracle’s Linux liaison INTERVIEW BY JEREMY GEELAN [58] Taking the Cost Out of Firewalls It pays to know your Linux BY RAM SAMUDRALA [60] [70] Linux Virtual Private Networking Fundamentals Choosing the right solution for your network BY J.C. UTTER AND JOSH SNYDER [64] [66] You’ve Come a Long Way, Unix A talk with Michael Robertson, CEO of Lindows.com BY JAMES TURNER INTERVIEW BY JAMES TURNER Show Me the License Buying open source software at your company? Make sure you’ve got the right license... BY MIKE OLSON [68] Introducing the Linux 2.6 Kernel Technical improvements will accelerate adoption BY DAVE FULLER [74] Taking the Geek Out of Linux Reflections on the rich history of Unix Ensuring Availability of Applications on Linux [28] [18] Why Migrate to Linux? A comprehensive solution for enterprise IT BY GAËL DUVAL The right solution for your business – LWM EXCLUSIVE– INTERVIEW! BY BOB WILLIAMSON [87] Cross-Platform Integration with X Windows [78] Creating a transparent mixed environment for users [96] Introduction to the Linux Desktop BY HERMAN VERKADE Who Owns Unix? Around the LinuxWorld An exclusive interview with esr A look at Linux in the Windows-centric enterprise Brought to you by Linux Business Week INTERVIEW BY KEVIN BEDELL BY MARK R. HINKLE www.LinuxWorld.com 5 PREMIER 2003 FROM THE EDITOR [ EDITORIAL BOARD ] Editor-in-Chief Kevin Bedell [email protected] Senior Editor James Turner [email protected] Health Care and Biotechnology Editor Dan Bent [email protected] Industry News Editor Steven Berkowitz [email protected] LAMP Technologies Editor Martin C. Brown [email protected] Desktop Technologies Editor Mark R. Hinkle [email protected] Contributing Editor Dee-Ann LeBlanc [email protected] Networking and Security Editor Robert Shimonski [email protected] Advocacy Editor Steve Suehring [email protected] [INTERNATIONAL ADVISORY BOARD] Wim Coekaerts, Director of Linux Engineering Oracle Gaël Duval, Cofounder/Director of Communication MandrakeSoft Samuel J. Greenblatt, Senior Vice President and Chief Architect, Linux Technology Group Computer Associates Scott Handy, Director of Linux Software Solutions IBM Simon Phipps, Chief Software Evangelist Sun Microsystems [ EDITORIAL ] Editorial Director Jeremy Geelan [email protected] Deputy Editor Alan Williamson [email protected] Managing Editor Jennifer Van Winckel [email protected] Editors Gail Schultz [email protected] Nancy Valentine [email protected] Jamie Matusow [email protected] Jean Cassidy [email protected] [ OFFICES ] SYS-CON MEDIA 135 Chestnut Ridge Rd. • Montvale, NJ 07645 Telephone: 201 802-3000 • Fax: 201 782-9600 LinuxWorld Magazine (ISSN #1544-4511) is published bimonthly (6 times a year) by SYS-CON Publications, Inc. Postmaster send address changes to: LINUXWORLD MAGAZINE SYS-CON MEDIA 135 Chestnut Ridge Rd. • Montvale, NJ 07645 COPYRIGHT © 2003 BY SYS-CON PUBLICATIONS, INC. ALL RIGHTS RESERVED. NO PART OF THIS PUBLICATION MAY BE REPRODUCED OR TRANSMITTED IN ANY FORM OR BY ANY MEANS, ELECTRONIC OR MECHANICAL, INCLUDING PHOTOCOPY OR ANY INFORMATION, STORAGE AND RETRIEVAL SYSTEM, WITHOUT WRITTEN PERMISSION. FOR PROMOTIONAL REPRINTS, CONTACT REPRINT COORDINATOR.SYS-CON PUBLICATIONS, INC., RESERVES THE RIGHT TO REVISE, REPUBLISH AND AUTHORIZE ITS READERS TO USE THE ARTICLES SUBMITTED FOR PUBLICATION. ALL BRAND AND PRODUCT NAMES USED ON THESE PAGES ARE TRADE NAMES, SERVICE MARKS, OR TRADEMARKS OF THEIR RESPECTIVE COMPANIES. WORLDWIDE NEWSSTAND DISTRIBUTION CURTIS CIRCULATION COMPANY, NEW MILFORD, NJ LINUX IS A REGISTERED TRADEMARK OF LINUS TORVALDS LINUXWORLD® IS THE REGISTERED TRADEMARK OF INTERNATIONAL DATA GROUP, INC. SYS-CON IS USING THE MARK PURSUANT TO A LICENSE AGREEMENT FROM IDG www.LinuxWorld.com Beyond the Hype Welcome, and thank you for Have you been looking for a straight head-to-head comparison of Windows and Linux for use as a desktop operating picking up LinuxWorld Magazine! system? You should read “Introduction to the Linux Desktop” by Mark Hinkle, f you’re familiar with our sister also in this issue. Mark does a great job publications, including Java comparing the two side by side, with Developer’s Journal, .NET screen shots and application notes. Developer’s Journal, and Mark is vice president of operations for WebSphere Developer’s Journal, BY KEVIN BEDELL NeTraverse, a consulting company spethen you know the extremely cializing in Windows-to-Linux migrahigh standards for content we strive tions, and is on the Formation Board of the Desktop for at SYS-CON Media. LWM will be no different. Linux Consortium. We’ll be working hard every issue to help you We’ll also be bringing you useful and practical understand what’s happening in the Linux world. information on other important projects in the open But really, our goal is more ambitious than that. It source community. For example, in this issue seems you can get information on Linux everywhere AlanWilliamson (editor-in-chief of Java Developer’s today – not a day goes by without more Linux news hitting the wires and popping up on technology sites. Journal, and deputy editor of LWM) interviews Eric Allman, the original developer of sendmail, the open We don’t want to add to the noise. We want to rise source e-mail processing application that dominates above it and tell you what’s important. We want to e-mail processing on the Internet. And in “Linux help you learn how to maximize the impact of Linux. Virtual Private Networking Fundamentals,” JC Utter, So finding information on Linux is easy. But president of ImageStream Internet Solutions, and Josh finding value from Linux is harder. It requires you Snyder, also of ImageStream, go over the pros and to know which actions to take and, sometimes cons of using Poptop, one of the most popular Linux more important, when to take them. That’s where VPN server solutions, which is fully open source and LWM comes in. That’s the value we provide to you. We talk to the industry experts. We have relation- free. Want to know when it makes sense to use Poptop ships both high and deep inside the companies that and when it won’t meet your needs? JC and Josh lay it all out to help you make an informed decision. are changing the technology landscape using Linux. What do all of these articles have in common? For example, when Larry Ellison needed to know They’re all written by experts and they all give how Oracle Corporation could benefit from Linux, he asked Wim Coekaerts to investigate for him. Wim you firsthand, practical information on what’s really important. now leads Oracle’s Linux technology group – and Linux has arrived. It’s ready for prime time. he’s here in the premier issue of LWM as well. Think of us as your source of information on IBM is getting into Linux in a big, industry-changwhat the real opportunities are, how to leverage ing way. They run Linux on a whole range of hardthem, and how to manage the associated risks. ware, from low-end workstations all the way up to the Linux is poised for an explosion of growth in the mainframe. They have an entire portfolio of applicanext 18–24 months – we’ll have the thought leadtions that run under Linux and literally thousands of ers here, helping you make sense of it all. software developers working on Linux. Scott Handy is Thanks again for picking us up. Hang on for a director of Linux Software Solutions for IBM and wild ride! when you hear IBM discussing Linux, it’s most likely Scott doing the talking. If you’re interested in what LINUXWORLD MAGAZINE WWW.LINUXWORLD.COM Scott thinks are the low hanging fruit‚ projects with A B O UT TH E A UTH O R which companies can get started and realize great returns using Linux, you need to check out our interKevin Bedell is editor-in-chief of LinuxWorld view with Scott here in the premier issue of LWM. Magazine. With a degree in engineering as well as an Interested in why you should migrate to Linux? MBA and years of experience as a developer, architect, Why not get the word straight from Gaël Duval, team lead, and department manager, Kevin has seen creator of Mandrake Linux and cofounder of all sides of this puzzle. He recently authored a book MandrakeSoft? Gaël is a member of our International on Jakarta Struts for SAMS Publishing and is working Board of Advisors and authored the article “Why on a book on Apache Axis for O’Reilly. Migrate to Linux?” that appears in this issue. [email protected] I 7 PREMIER 2003 GUEST EDITORIAL The World’s Leading i-Technology Publisher President & CEO Fuat Kircaali [email protected] ‘Back from the Future’ VP, Business Development Grisha Davida [email protected] [ ] ADVERTISING Senior VP, Sales & Marketing Carmen Gonzalez [email protected] Like many of the Linux devotees VP, Sales & Marketing Miles Silverman [email protected] Director of Sales and Marketing Megan Mussa [email protected] Advertising Director Robyn Forma [email protected] Advertising Sales Manager Alisa Catalano [email protected] W Associate Sales Managers Carrie Gebert [email protected] Kristin Kuhnle [email protected] [ PRODUCTION ] Production Consultant Jim Morgan [email protected] Art Director Alex Botero [email protected] Associate Art Directors Louis F. Cuffari [email protected] Richard Silverberg [email protected] Tami Beatty [email protected] [ ] SYS-CON EVENTS President, Events Grisha Davida [email protected] Conference Manager Michael Lynch [email protected] Sales Executive, Exhibits James Donovan [email protected] [ C U S T O M E R R E L AT I O N S ] Circulation Service Coordinators Niki Panagopoulos [email protected] Shelia Dickerson [email protected] Edna Earle Russell [email protected] Manager, JDJ Store Rachel McGouran [email protected] [ ] SYS-CON.COM VP, Information Systems Robert Diamond [email protected] Web Designers Stephen Kilmurray [email protected] Christopher Croce [email protected] Online Editor Lin Goetz [email protected] [ ACCOUNTING ] Financial Analyst Joan LaRose [email protected] Accounts Receivable Kerri Von Achen [email protected] Accounts Payable Betty White [email protected] [ SUBSCRIPTIONS installed, happily sit there and keep up with your office e-mail, act as an Internet gateway/firewall, and even out there, I turned to Linux when provide some file sharing capabilities…all out of the box, without the the deep-pocket budgets dried up. need to install or purchase any additional software. It was an offering that e could no longer afford the was simply irresponsible to ignore. big-iron alternatives of the Naturally, at first the big irons of the day that were traditionally BY A L A N W I LLI A M S O N world tried to ignore it, citing such first on the shopping list. reasons as scalability and redundancy. There was a perception that if we But if your office only had 50 users then such were to be deploying server-side solutions, then dreams of running eBay were just that: dreams. we needed reliability and performance that The whole notion of what a server is was comweren’t typically on offer from the PCs of the day. pletely turned on its head. This was back in the days when a “workstation” Linux, with its simple message of “it just was more than just a high-end PC (although if works,” was proving that PCs weren’t the old you looked at specifications of what the workstaunreliable machines that we were led to believe tion actually was, you’d probably be chortling they were. In fact, they were performing such an right now). admirable job, as Jonathan Schwartz at Sun comLinux was viewed as this “hobbyist” thing that mented recently, that “uptime was measured in only true hard-core geeks played with. No serious business was done with it. Fast forward five years, years.” There’s no denying that Linux has brought us and how different the world looks now. The very back from the future and saved the business same big-iron companies we blindly followed, community millions in terms of computing hardwith their promise of unbridled power and ware. But Linux has matured along the way. uptime, are now heralding Linux as the second Moving to Linux no longer means you’re entrustcoming. ing the company’s IT strategy to a summer stuSo what changed? What happened between dent who happened to throw together a Red then and now? Hat/Debian server from some old PCs he found Economics is, of course, a main driving force in the cupboard. in this change of heart. Big iron costs big bucks, Quite the opposite. Approach the likes of IBM, and with the general economic downturn comHP, and Sun and ask about their Linux offerings panies could no longer afford to keep up-to-date and you’ll be surprised at the prices they quote with the continual cycle of upgrading their hardback at you – not only within your budget, but ware. An alternative had to be sought. In addiwith support. Linux has been ready for the corpotion, developing countries such as India, Asia, rate world for some time now, but like those and Africa never had the big budgets in the first colossal oil tankers that take a week to change place – they were always left with the “seconds” direction, the corporate world is finally beginning of the western world, never really getting a to take notice. chance to catch up, let alone leapfrog ahead. The journey has just begun; we are just getting Yet, the desktop PCs that we happily threw out warmed up! every year had more than enough processing power inside them. Sure, they struggled to make LINUXWORLD MAGAZINE WWW.LINUXWORLD.COM Microsoft Windows usable, but as a raw processA B O UT TH E A UTH O R ing power goes they were powerful. Linux managed to harness this power and bring it back into When not answering your e-mails and working on vogue. Linux was the trampoline that bounced the next issue of LWM or JDJ, Alan heads up a small the PCs from the dumpster back into the server team dubbed the “Thunderbirds of the Java industry,” room. providing on- and offsite rescue for Java projects in Your typical 2–3 year-old PC that you wouldn’t trouble. For more information visit www.javaSOS.com. dream of running with anything more demandYou can also read his blog: http://alan.blog-city.com. ing than Windows 95/98 would, with Linux [email protected] ] [email protected] For subscriptions and requests for bulk orders, please send your letters to Subscription Department Cover Price: $5.99/issue Domestic: $49.99/yr (12 issues) Canada/Mexico: $79.99/yr all other countries $99.99/yr (U.S. Banks or Money Orders) Back issues: $12 U.S. $15 all others www.LinuxWorld.com 9 PREMIER 2003 FEATURE The Rise of Linux in the Enterprise Dominance is the forecast for coming years PREMIER 2003 10 www.LinuxWorld.com FEATURE BY V I N C E R E Given the rise and rise of Linux in the enterprise, LWM invites one of the giants of the commercial computing world, Computer Associates, to sketch for us its “take” on what the rest of 2003 has in store... ver the past couple of years, Linux has transitioned from the IT fringes to the technology mainstream. With giants such as IBM, HP/Compaq, and Computer Associates (CA) now firmly on the Linux bandwagon, Linux has surpassed UNIX to move into the number-two position in terms of new server operating systems. According to the latest research figures, this rate of expansion will continue to accelerate. Gartner predicts that the Linux market will surpass $9 billion in revenue within four years. International Data Corp (IDC) concurs, anticipating a growth rate of 28.2% annually for Linux until 2006. As the number of Linux applications multiplies, its penetration into the corporate world continues to gather steam. Just a few years ago, Linux enterprise involvement was restricted largely to services such as file and print sharing or simple Web serving. While these functions continue to be important, Linux is increasingly being utilized for enterprise-scale e-mail, firewalls, and database servers, and for a wide range of network and network management services. Linux is also up to date in the technical sense, and it is playing a vital role within organizations in the deployment of all sorts of next-generation technology. Organizations developing sophisticated new applications based on emerging Web services or grid computing standards are finding Linux to be an ideal server platform. As these new technologies become more commonplace, Linux stands to have an increasingly important role. Further, Linux has distinct scalability and portability advantages compared to other architectures. Applications developed for Linux can scale from small Intel commodity boxes up to the largest mainframes O www.LinuxWorld.com with very little effort. CA has validated this with the ability to take applications originally developed for Linux on the Intel architecture and have them run on mainframe Linux with very little effort. CA’s experience – spanning millions of lines of code and dozens of products – demonstrates that Linux is robust enough to provide the kind of portability across architectures that was only dreamt of in the past. The scalability and low cost of creating applications that function across multiple architectures is an important advantage that will help Linux continue to gain strength in the server marketplace. Instead of making platform-hosting decisions based on the relatively small “sweet spot” offered by a single platform and architecture, Linux makes it possible to mix and match according to the needs of the organization. Companies can pick the platform – from Intel boxes up to mainframe – based on the number of users, as well as price/performance, market conditions, reliability, and security issues. An example of this at CA is an important in-house HR application that operates using an Ingres relational database. For 10 months of the year, it is hosted on a medium-sized Sun server that copes well with routine demands. But with 16,000 employees worldwide, enormous traffic is generated during the annual performance review cycle. During that period, CA moves the backing Ingres database to a mainframe Linux environment to handle the peak load. Except for improved response times, users are generally unaware of the difference, and CA doesn’t have to dedicate otherwise unused capacity to the application year-round. Mainframe Linux Without a doubt, enterprise Linux deployments to date have paralleled the ascendancy of commodity Intel server 11 boxes. The rise of the Internet and the sweeping adoption of distributed applications over the past decade have generated an explosion in the number of servers IT must manage. Due to its sheer cost effectiveness, Linux has successfully invaded this market and is steadily rising to dominance within it. The rapid increase in distributed servers seemed more attractive than a centralized mainframe-based computing model – at first. But in some organizations, server proliferation has begun to spin out of control. These days, it’s quite common for organizations to be running hundreds or thousands of Intel and UNIX servers, many of them single-application boxes. It’s also common for companies to have no idea exactly how many servers they have, or what applications rely on which combinations of servers. This proliferation of commodity servers has proven far more costly than many previously predicted. Though smaller, scaledout systems are less expensive than mainframes, IT needs many more of them to support the business. That translates into high costs, more exposure to potential security breaches, and a greater management burden. In response, server consolidation continues to blossom. Gartner says 70% of its enterprise clients are now trying to consolidate, compared to only 33% three years ago. Many of these consolidation projects involve Linux, and vendors like IBM and CA are heavily involved in the process. A B O UT TH E A UTH O R Vince Re is chief architect and a technology strategist in the office of the CTO at Computer Associates (CA). With extensive experience in the areas of mainframe and Linux systems management applications, he works closely with CA’s technology groups. He has been responsible for much of CA’s middleware and common services infrastructure, and recently, many of CA’s Linux initiatives on the mainframe. Vince holds a bachelor’s degree in physics and a master’s degree in computer science from the Stevens Institute of Technology. For more information, go to www.ca.com. [email protected] PREMIER 2003 FEATURE It is possible, for example, to consolidate UNIX and Linux servers onto a mainframe such as the IBM zSeries. Under this model, you can transform a single mainframe into hundreds of virtual servers, each running individual copies of Linux. One midwest hospital chain, for example, had 40 small Intel servers hosting email, Web server, directory, and various health care applications. It consolidated them onto one IBM eServer z900 running multiple instances of Linux. Its health care claim-processing system originally spanned multiple servers. As the amount of claims on this system grew from $800 million to almost $6 billion over four years, it became a constant source of trouble for IT. It took integration onto the mainframe/Linux environment to bring about the needed improvements in efficiency. That organization now processes 350,000 claims daily – 12 per second. The IT manager reports that he can create a new virtual server in two minutes compared to a day or more per server for Intel boxes. Other advantages cited include a 50% cost reduction per server, a performance increase of 3 to 1, and a mean time to failure that’s gone from 6 years to more than 30 years. With the successful integration of so many infrastructure servers, the hospital chain is currently involved in the next step – application integration. This includes a PeopleSoft migration as well as database consolidation from SQL Server to IBM’s DB2 Universal Database. Once again, Linux is the operating system of choice. While the mainframe Linux model may not be right for every situation, it is certainly growing in popularity in the enterprise. So when does consolidation make the most sense? Slim. Fast. Tim Dougherty, IBM eServer director, blade server strategy, displays IBM’s “blade,” the thinnest computer server in IBM’s four decades of manufacturing computers. Almost the size of a clipboard, one blade packs more computing muscle than a room full of IBM servers from ten years ago. SOURCE: HTTP://WWW.IBM.COM • When multiple distributed infrastructure servers need to handle tasks such as file and print, Web, and e-mail • When consolidation of multiple databases is needed • When there is a need to manage more with limited resources • When there are sites with excess mainframe capacity • When application peak traffic periods are complementary • When scalability and performance needs are extreme • When applications can benefit from close proximity to existing mainframe data • When more space is needed in the data center or where environmental costs are high • When the volume of distributed servers becomes too great to keep up with routine maintenance, updates, etc. Obviously, each platform has its own sweet spot in terms of the number of users “the market for blade servers will rise to $3.7 billion in 2006, from $133 million this year... In all likelihood, Linux will become the preferred OS” PREMIER 2003 12 it can comfortably support and the amount of complexity it can manage. It wouldn’t make sense to host one small application on a mainframe or to attempt to cobble together a huge application on a few distributed Intel boxes. Therefore, it is up to IT to mix and match according to needs. But clearly, mainframe Linux has a major role to play as the server consolidation trend takes hold. And as the platform has roughly the same management costs on Intel as it does on mainframe, look for Linux to become the OS of choice in server consolidation projects over the coming years. Blade Server Linux Another form of consolidation that has Linux in the forefront is blade servers. Instead of moving from commodity boxes to the mainframe, though, blade servers house multiple boards on one chassis, thereby cutting the power, cooling, and hardware costs of computing. IBM, Intel, Dell, and HP, to name a few, are investing heavily in blade servers. Market research firm IDC forecasts the market for blade servers will rise to $3.7 billion in 2006, from $133 million this year. In all likelihood, Linux will become the preferred OS. HP, for example, launched a range of blade server offerings based on Linux. Because Linux is lightweight, has lower memory requirements, and makes better use of CPU power than alternative operating systems, it is ideal for blade servers, which require flexibility and scalability due to heat restrictions. AOL, for instance, recently announced that it is testing blade servers with a view to widespread adoption. With an average of 2.5 million subscribers active on AOL at any www.LinuxWorld.com FEATURE given time, its 800 RISC-based UNIX servers are kept busy managing log-ons and username and password verifications, as well as parental-control activations. As many of these servers are coming up for retirement, blade servers running Linux are likely to take over as a more efficient way to handle the load. So far, AOL has installed 56 IBM BladeCenter servers. These have 14 “server-on-a-board” systems per chassis. Each runs Red Hat Linux 7.3. Once the pilot demonstrates the cost, scalability, and performance advantages anticipated, AOL will replace all 800 UNIX systems with Linux-based blade servers. Desktop Linux For many years, analysts have announced Linux as the rising force in the server marketplace. With mainframe and blade server Linux systems now adding to the established trend of widespread Linux adoption on commodity Intel boxes, that prediction has come true even more forcefully than many expected. Those same analysts, however, have always maintained that Linux would never become a major player on the desktop – until recently. Over the past six months, in fact, there has been a significant shift in the willingness of enterprises to investigate the largescale commercial usage of Linux-based PCs. Faced with harsher economic times, many businesses are rethinking their approach to the desktop and have become amenable to new strategies. Many modern business applications, after all, are browser based. Rather than a high-powered and expensive desktop loaded with proprietary software, some are evaluating a thin-client desktop model based on open source elements. As desktops come up for replacement, some companies are looking to cut costs. Instead of buying the latest desktop hardware/software, they see the value of harnessing Linux to gain several more years of use out of existing hardware. Companies like Merrill Lynch, for example, are looking into this approach as reported widely in the media. Since Merrill Lynch began working with open source software, it has significantly reduced hardware and software costs. Currently the company is investigating Linux on the desktop with the initial goal of 20% of its desktops using open source products. Embedded Linux In the area of embedded applications, Linux has risen to prominence with a minimum of fanfare. As these systems are largely invisible to users, they receive scant www.LinuxWorld.com attention in the media. Yet here, too, Linux has quietly conquered the market. Embedded Linux involves porting the Linux kernel to run on a particular CPU and board, which will be put into an embedded device. For the most part, the APIs and kernel are the same for embedded Linux as for desktop Linux. Many of today’s common computer devices, such as wireless hardware, routers, switches, and other networking hardware, all use Linux to run embedded systems. High-profile consumer devices like the Sony PlayStation and TiVo utilize Linuxbased embedded systems. A number of major automakers such as DaimlerChrysler, BMW, and Ford are also using Linux in electronic products. Why? Instead of designing application-specific hardware, these automakers are now beginning to get behind cross-industry standardization using a Linux kernel to plug any device into it. The cost advantages could be staggering. BMW, for instance, has developed a wireless environment to collect serviceability data on each vehicle, which can be relayed to the dealer. Once that system is up and running, the dealer can monitor the smooth operation of sold vehicles. The dealer can then tell a driver to bring the car in for a check-up based on performance criteria falling outside preset thresholds. Interestingly, such systems open up a whole new area of risk management and security, which CA is helping to resolve. Before you relay any vehicle data wirelessly, you have to ensure user privacy and overall system security. Only when that is well in hand will it be possible to broadly use such a system, or introduce innovative approaches to vehicle security such as biometrics, i.e., validating user IDs in order to start a car with a thumb scan. Linux and Grid Computing Yet another area of the IT landscape being successfully invaded by Linux is grid computing. Simply put, grid computing technology enables access to applications and data, processing power, storage capacity, and a vast array of other computing resources. It involves clusters of servers that are joined together over the Internet and uses standard protocols, and it is increasingly harnessing open technologies such as Linux. Among other things, grid computing allows: • Coordination in or between physically dispersed virtual organizations. • Availability of computers, data, software, storage, and other resources. • Controlled access by resource providers and consumers, which defines who can share, what is shared, and which conditions allow sharing. 13 www.linuxworld.com Subscribe Today! Operators are standing by... don’t miss another issue of LWM! SAVE 30% OFF! 99 $ 49 REGULAR ANNUAL COVER PRICE $71.76 YOU PAY ONLY 12 ISSUES/YR *OFFER SUBJECT TO CHANGE WITHOUT NOTICE CALL CUSTOMER SERVICE AT 1-888-303-5282 The World’s Leading i-Technology Publisher FEATURE Linux Creates Reorganization at CA In the mid to late ’90s CA decided it was worth placing a strategic bet on Linux based on early customer adaptors. For most of its 27-year history, CA has concentrated on the development of products that break down the barriers between different platforms – either to manage the heterogeneous enterprise or to act as middleware between complex systems. CA products support everything from IBM mainframes running z/OS and OS/390 down to PDAs running Pocket Windows. In keeping with this tradition, CA is now firmly behind Linux with over 60 CA Linux applications now available for the distributed and mainframe environment. What initially caught CA’s attention was the fact that a range of efficient tools didn’t adequately support Linux. In particular, Linux servers didn’t integrate well in an enterprise environment with equipment running on other platforms. With more and more clients deploying Linux, it was up to us to come up with the software. CA released its first Linux products in April 1999, management agents for the Unicenter TNG management package, to be followed up later that year with the complete network and systems management package. Since then, CA has steadily continued to port products over to the Linux platform. Each is compatible with popular versions of the Caldera, Red Hat, SuSE, and TurboLinux versions of the Linux operating system. For enterprise management, CA offers modules for Unicenter covering service-level management, job scheduling, Web server, WebSphere, and cluster server management as well as network and systems management for devices, applications, and databases running on Linux. The BrightStor storage management line also has products specifically designed to back up and restore Linux systems, and CA enterprise back-up software supports Linux in a heterogeneous environment. In addition, CA offers a variety of security management applications covering virus protection, policy compliance, security monitoring, and access control either in a Linux environment or for Linux boxes operating in a mixed environment. To support this major investment in Linux, CA has established a dedicated Linux Technology Group that spans all of its major brands: 1. Enterprise management (Unicenter) 2. Storage (BrightStor) 3. Security (eTrust) 4. Portal and business intelligence (CleverPath) 5. Database management and application development (Advantage/Jasmine) 6. Software life cycle management (AllFusion) Rather than being one product group within the company as a whole, the Linux team operates at a strategic level. This has resulted in the formalization of CA’s Linux efforts and the integration of the operating system into all of CA’s product lines. The Linux Technology Group has three main aims: greater optimization of Linux in terms of reliability, availability, and performance; securing and preserving data, applications, and systems to minimize risk; and integration of Linux into the cross-platform environment in order to allow seamless integration with the heterogeneous nature of the modern enterprise. The interoperability of this network transforms the grid of servers into a single, large virtual computer for the end user. How this model will evolve remains to be seen. It may eventually morph into an entirely new computing platform, or it could grow into an alternative to today’s lower-level platforms. Whatever happens, though, Linux is already widely used in this development and will lead the way. Already, IBM and Ford have invested heavily in the development of economical commercial uses for grids, and CA is working to provide the management framework that viable grid computing demands. Perception Trouble While gazing into the crystal ball is never an easy proposition, it seems certain that Linux will continue to steadily increase its market share in the server, desktop, and embedded marketplaces. It remains to be seen whether Linux will rise to the occasion and defeat Microsoft in the desktop marketplace, but its dominance in the server space is assured. Why? The tide appears to have turned with regard to corporate perception of Linux. Up until about two years ago, most executives were reticent toward Linux. Their apprehensiveness was routed in ongoing support and security concerns about the open source movement as a whole. Some feared that any hacker out there could gain access to Linux systems and that they were better protected using proprietary systems. But as the recent spate of security and virus alerts has demonstrated, proprietary software is, if anything, more open to attack that open source products. More and more these days, CTOs are vocalizing that once they become familiar with the open source model and experience how it works, they realize that more eyes on the source code means greater security in the long run. The bottom line is that more people are actively looking out for the security of your systems. That’s why Linux is experiencing more interest from clients than ever before. In 2001, Linux came up less than 10% of the time during client interviews. Today, it comes up two-thirds of the time. That percentage is increasing markedly from month to month, and it seems only a matter of time before every major software and hardware vendor is forced to adopt a full-blown Linux strategy in order to remain competitive. LINUXWORLD MAGAZINE WWW.LINUXWORLD.COM PREMIER 2003 14 www.LinuxWorld.com The WE MAKE LINUX 5 TIMES FASTER storage sof t ware company. FACT: Performance tests show VERITAS makes Linux five times faster. Ever seen a penguin fly? veritas.com Copyright © 2003 VERITAS Software Corporation. All rights reserved. VERITAS, the VERITAS Logo and all other VERITAS product names and slogans are trademarks or registered trademarks of VERITAS Software Corporation. VERITAS and the VERITAS Logo Reg. U.S. Pat. & Tm. Off. All other trademarks are the property of their respective owners. LINUX CAREERS Separating the Wheat from the Chaff Evaluating a candidate’s skills BY Welcome to my first LinuxWorld Magazine column. Some credentials are in order: R O B J O N E S Rob Jones is the president of Glacier Technology Services, an IT recruiting firm based in Savannah, GA. [email protected] looking for candidates who can do the job. We want to know that they are qualified and can immediately be productive members of the company. With reduced company resources, making the correct hire is now more important than ever. With Linux/open source technologies, you have the advantage of being able to look at candidates’ résumés and get an insight into their experience, even before you pick up the phone and interview them. No, we have not developed a crystal ball that can see into a candidate’s background and ascertain his or her skills. But with some research on your part, you can quickly identify experienced candidates. Experience with open source projects and participation in LUGs or Linux User Groups are two key items to look for. These are not the only things to look for on a Linux/open source résumé, but they are items you can use if you understand their meaning. Open source projects are usually community-based initiatives. Individuals contribute their time and energy to further Linux adoption. Candidates usually work on the projects for no compensation, just a desire to learn and contribute. That sounds noble, but one of the biggest reasons for this was that the developer wanted Linux to work on a particular product, and at the time there was no formal Linux support provided. So enterpris- ing developers just did it on their own, which I think is amazing and one benefit of the open source development platform. For a candidate to have demonstrated skills that can be verified is a huge asset when reviewing résumés. Hiring managers want to see an individual with experience programming in C and a storage-related skill set; managers can go to the Web site of a relevant open source project and review the work of that candidate to determine if he or she has the desired skill set. Since open source projects for the most part are community based, the development work has been reviewed by many different individuals. The code is widely scrutinized before it’s included in the project. The quality of experience that developers gain from this exposure is hard to quantify. For someone working on a driver, it takes quite a bit of work to get that driver included in the official kernel tree. You can be sure, as the hiring manager, that when candidates have had their work accepted into the official tree, they have experience that is documented and measurable. Keep in mind that it’s not only developers who participate in open source projects. Many projects have large teams. So a candidate could gain skills with project management, QA/testing, as well as enduser support and documentation. Wouldn’t it be great to be looking for a Linux system administrator who has been testing the very technology that you are implementing at your organization. Talk about on-the-job training! You can feel comfortable that the candidate has the technology skill set, as well as hands-on experience with technology used in many different environments. Recently, more corporations have been PREMIER 2003 16 www.LinuxWorld.com I am the president of Glacier Technology Services, an IT recruiting firm based in Savannah, Georgia. In March of 2000, we formed a division called HotLinuxJobs that focuses on recruiting Linux and open source candidates on a nationwide basis. his column will focus on different aspects of recruiting and certification within Linux. It will offer advice on the different Linux certifications and which ones would be the best for your employees to have, as well as guidelines on recruiting the best candidates. This month’s column focuses on résumés and how to recognize the best candidates. Some quick history you should be aware of: Linux/open source may be new to your company, but it’s not a new technology. The Linux kernel has been around since 1991, and many individuals have dedicated their careers to its development. One of the first things to understand is that Linux is a community effort and the deep commitment of its developers is the reason behind its rapid adoption. Without the community, there would be no Linux. Since the average turnover costs 1.5 times the annual salary in lost productivity, recruiting costs, and general turmoil, you need to do everything you can to optimize your chances of picking the best player. Assuming your company is implementing Linux/open source technologies, your job is to find experienced candidates. Reviewing Linux/open source résumés for quality is no different than reviewing résumés for other IT positions. We are all T A B O UT TH E A UTH O R www.linuxworld.com LINUX CAREERS sponsoring projects. Many of the larger technology companies that we are all familiar with (IBM, HP, and Intel, just to name a few) have numerous employees within their organizations who are actively involved with open source projects. The companies understand the return that working on open source projects can bring. Their employees have an invaluable insight into developing technologies, as well as the experience from working on the projects. The following scenario demonstrates the important potential of one’s involvement in open source projects. An electronics company located in San Jose was looking for a software engineer who had experience with certain graphics and video drivers. As we began our search, we were flooded with résumés from individuals interested in this job. While sorting through them, we came across a candidate who could have easily been overlooked. Here was an applicant in his senior year of college with minimal work experience. Fortunately for us, however, a section of his résumé was dedicated to the open source projects he had engaged in. To our surprise, he was the maintainer for one of the specific drivers we were looking for. For those who are not aware of what a “maintainer” is in the open source world, it’s the person who oversees that particular project. This experience solidified his qualifications for the job. We knew that by having his code scrutinized by other open source developers and accepted, he had the necessary skill set we were looking for. As a result, he is presently a member of that company’s engineering team. Another area for hiring managers to look for on a candidate’s résumé is participation in a Linux User Group or LUG. LUGs are usually named for a city or region. There are user groups for other IT disciplines, but it seems that LUGs offer and provide quite a bit of experience to potential candidates. LUGs provide great support and resources for problems or questions with Linux/open source technologies. The questions on LUG mailing lists range from the simple to the extremely complicated involving multiple emails and opinions. You can see if a candidate is very active and if he or she is answering all types of support questions. This is another way a community resource can be used to judge a candidate’s experience level. The benefit a corporation may gain from hiring someone who is heavily www.LinuxWorld.com involved with his or her local LUG can be expressed through the following example. A manufacturer in the midwest was looking for a Linux system administrator to take care of its growing network. As a result of its search, the company decided to hire an individual who happened to be the president of his local LUG. With this great support network at his fingertips, he was able to solve some pressing issues with the organization’s network through the support of his fellow open source comrades. Essentially, this company gained more than it could ever have imagined. Not only did they hire a very competent system administrator, but also one with a support network that could not be matched. The end result is a company that is experiencing an unprecedented decrease in downtime. Open source projects and LUGs are two Linux community entities that give you, the hiring manager, additional tools for evaluating a candidate’s skills. While a candidate who has not been involved in either open source projects or a LUG may still be qualified, these types of experiences can make for a more rounded candidate with better access to solutions for your firm. Next Issue! Coming Hot off the press here’s a sneak peek at the next issue of LWM! COMPLETE CONFERENCE AND EXPO COVERAGE Conclusion The world of open source has changed the landscape of recruiting technology professionals. The ability of individuals to engage in open source projects, or the realization of the benefits gained by being a member of a local LUG, are key items that cannot be overlooked by corporations when reviewing applicants’ backgrounds. Companies are always looking for ways to determine the competence of new employees, whether through skills tests or obtaining a sample of code they have written. Rest assured, there is not a tougher test that can be administered to an individual than the process of becoming an accepted member of the open source developer community. This will go a long way in determining the caliber of the person you are looking to hire. LU EXC ! SIVE AUG. 4-7 • SAN FRANCISCO, CA STRATEGY... The Linux Desktop: The Second Wave of Linux ______________ DR. MIGRATION COLUMN... Linux Alternatives to the Windows Server ______________ LINUX BUSINESS & TECHNOLOGY... SMB Delightful Deliveries Makes the Move to Linux ______________ FEATURE... Linux Adoption in the Health Care Industry ______________ VENTURE CAPITAL... Disclaimer There are plenty of qualified individuals who don’t engage in open source projects and/or are not members of their local LUG. The purpose of this column is to identify additional resources that are available to corporations based upon the open source development model. The Economics of Linux: New Opportunities ______________ INTERVIEWS... Kevin Bedell talks with Dave Dargo, vice president of Oracle’s Linux Program Offices and Stormy Peters, open source program manager of HP’s Linux & Open Source Lab LINUXWORLD MAGAZINE WWW.LINUXWORLD.COM 17 The World’s Leading i-Technology Publisher Why Migrate COVER STORY Migrate Linux? to A comprehensive solution for enterprise IT PREMIER 2003 18 www.LinuxWorld.com COVER STORY BY .. G A E L D U VA L The world offers a number of computer operating systems; in fact, they’ve never been so abundant. Big names like Apple’s Mac OS and Microsoft’s Windows have been dominant for a long time, but there is an important emerging operating system called Linux. After the initial hype of 3–4 years ago, Linux is spreading like wildfire across the globe, silently yet successfully. ne of the most important aspects of Linux is the huge community of developers working on it. This incredible development force is made possible by the concept of open source, or free software, which allows thousands of highly skilled developers throughout the world to create and build software quickly and efficiently. As a result, Linux has quickly become one of the most promising operating systems available. Not only has Linux proven its superiority in the server field as a robust and efficient system, it has also greatly matured as a full-featured desktop alternative. So why are more and more users – individuals and corporations – using these strange free software products instead of traditional equivalents from the proprietary world? First of all, Linux is valued as a high-performance operating system due to its modular nature – entire portions of the operating system can be easily added or removed to greatly affect performance. Additionally, Linux now supports most PC hardware devices, including even the “latest and greatest” products. Linux’s extensive range of features has increased dramatically over the past few years. Linux is certainly not a computer hobbyist’s plaything anymore; it’s becoming more and more difficult to find areas that it cannot handle. Finally, the commercial offerings based around Linux have dramatically improved, including certification, training, support, and deployment of complex solutions. Another key advantage of Linux is that it includes only open technologies based on public standards (when available). This means that Linux is always a smart choice because the included technology is very likely to already be a standard in the IT world – technology that is compatible and interoperable with other operating systems. With Linux, you will never become a prisoner of technology as often happens in the Windows and Macintosh worlds. For example, with Linux it’s very easy to communicate over a network with just about any other computer platform, with various protocols, such as for exchanging data files. Even in the office productivity field Linux is rapidly gaining superiority with its OpenOffice and KOffice office suites, which understand a number of different office file formats, including MS Office documents. On the other hand, the way that Linux and its applications are developed and produced ensures that it’s very perennial because in the free software world, even if a software project is abandoned by its original authors, there is always someone, or even a new team of developers, willing to maintain and release new versions of the software. Another distinctive advantage of Linux and free software applications, maybe the most important, is that software is designed and created for users by users. In the traditional software industry, new features are introduced by a software company solely because the company thinks it will be a good idea, perhaps as the result of a marketing survey. In the Linux world, the approach is totally different: users request new features and free software developers implement them. The resulting products and features answer real needs, which is really the purpose of designing and building software in the first place. In other words, in the Linux world, software makers don’t decide what the users need. Users decide. www.LinuxWorld.com 19 O Not Just an Operating System Linux is widely regarded as an operating system – specialized software that can run various hardware devices attached to a PC, with an interface so the user can take advantage of those peripherals. But with Linux, you not only receive a basic operating system. A full Linux system is usually offered as a “Linux distribution,” such as Mandrake Linux, on a number of CD-ROMs that include a wide assortment of many of the best applications available for the operating system. This comprehensive collection of software is selected, tested, and integrated into the Linux distribution by Linux vendors; the result is a fully customizable multipurpose IT system. So what does this mean to a computer user? Normally, after installing a traditional operating system on a computer, you can do...well, not much, really. You can use some simple utilities, play a few games that come with the system, and, on recent systems, connect to the Net and browse the Web. But if you plan to do something really useful for your business or for your personal needs, you’ll first have to locate and purchase all the software packages needed for each task. Now take a look at a modern Linux system. Not only are you provided with a comprehensive collection of Internet utilities such as Web browsers, graphical FTP clients, e-mail readers, chat programs, and so on, but the system also includes just about everything you’ll ever need for office tasks, such as a complete office suite, calendar applications, project managers, finance applications, and much more. Do you need to modify and create graphics? No problem! You’ve also got a A B O UT TH E A UTH O R Gaël Duval has been a Linux activist since he discovered Linux in 1995. He released the first version of Mandrake Linux in summer 1998 with the goal of making Linux easier to use. He cofounded MandrakeSoft in late 1998 and is currently the director of communication at MandrakeSoft, among other tasks. [email protected] PREMIER 2003 COVER STORY first-class, full-featured image manipulation program plus a 3-D modeler. Need to burn CD-Rs or DVD-Rs? Easy-to-use graphical applications for these tasks and more are also included. Linux also excels in the server area: all of the most common and powerful Internet services are yours. Run your own DNS server, file and print server, and FTP server. Not enough? Then run your own Internet Web server, e-mail server, a SQL database, and so on. It’s all in there. These are not small basic applications, but “real deal” applications that power most Internet Web sites and related services. Last but not least: What is the cost of development tools under Windows? Often very expensive. But extremely powerful development tools – including various programming and scripting languages, toolkits, and integrated development environments – are all standard in a Linux distribution. And of course, all the related documentation is provided, often in a number of different languages. Yes, all this and much more is included in a $60 Linux pack. As a result, comparing the price of Linux with Windows doesn’t make much sense unless you consider the price of all the extra applications that you will need with Windows and other operating systems. porate environment. The existing network infrastructure benefits greatly after being migrated to Linux. Authentication and security services, DHCP servers, print servers, Internet gateways – all of these can be switched safely and easily. Additionally, intranet and Internet servers such as Web servers and database servers will benefit greatly from a migration that results in added stability, fewer bugs, and extended uptime. As for migrating desktops to Linux, this is a new area that needs to be addressed more carefully because experience in this field has not been as extensive as in the server area. Linux is certainly mature enough to replace Windows efficiently and safely on the desktop, but resistance can arise from users who will need to learn something slightly different from what they’re used to. Fortunately, the jump is much less dramatic than it was when switching from MS-DOS to Windows, or even from Mac OS to Windows! In the desktop area, it’s important to think about which applications must run on the workstations, because it’s not yet possible to find a Linux equivalent for each and every Windows application. Nevertheless, solutions do exist to resolve these issues, including emulators for Windows applications or using a dual- “So is Linux good enough to win the OS war? Absolutely, if you consider only its price” Migrating to Linux: Why and How More and more companies are migrating parts or all of their infrastructure to Linux. They need a system that is more efficient, more flexible, more open, more robust, and more customizable. In these challenging economic times, businesses also need to reduce their total cost of ownership. Linux is certainly the best solution for all of the reasons stated above, and more. At the same time, it’s important to consider what exactly can be migrated in a cor- boot method. Emulation software can be used to run a complete Windows system under Linux or for running individual Windows applications. The dual-boot method allows users to have Linux and Windows installed on the same machine, but the PC must be rebooted to switch between operating systems, which requires added time. Before migrating to Linux, it’s also important to list all of your computer hardware and make sure it’s supported. Unsupported hardware is becoming less common under Linux, but it does still hap- PREMIER 2003 20 pen, especially in specialized areas such as professional sound production. It’s often easier to migrate to Linux in several steps. One technique is to begin with the network infrastructure, then the servers, and finally the desktops. In all cases, it’s important to ensure that a good level of knowledge is available within the company, especially if the information system teams are deeply rooted with Microsoft proprietary technologies. Getting in touch with a Linux service provider for support and assistance is also a good idea when considering a migration. Migrating to Linux is certainly the best option for reducing the total cost of ownership of an information system because of suppression of most licensing costs and reduction of costs related to system administration – a Linux-based environment will need few administrators compared to other systems. It’s also the best solution for increasing the efficiency and the stability of the whole infrastructure. And the Winner Is... For years analysts have been predicting that Linux would never gain on Windows, that Linux would rise and fall, that Linux is just hype. But very few of them (apart from “evangelists” in the Linux world) predicted that Linux and open source would continue to grow, first in the server area and now in the desktop area. The reality is that many new companies and individuals continue to jump onto the Linux wagon every day. If it keeps going at this pace, you have to wonder: Which operating system will win in the end? Although this question may sound a bit ridiculous, it’s interesting to think about the “good enough software” concept. “Good enough software” refers to a product that is far from perfect but can do, more or less, what it’s been designed for. With the consideration of other factors such as price, this good enough software often gains more success than equivalent or better software. For instance, MS-DOS was chosen by IBM for its PCs in the early ’80s over other alternatives not because it was the best available operating system, but because it was the cheapest. On the other hand, in the early ’90s the NextStep operating system was considered to be one of the best modern operating systems available, but it died prematurely because it was too expensive. So is Linux good enough to win the OS war? Absolutely, if you consider only its price. But Linux is, without a doubt, much better than “good enough”! LINUXWORLD MAGAZINE WWW.LINUXWORLD.COM www.LinuxWorld.com E-MAIL Practical Methods for Combatting Spam Tackling the problem of overflowing inboxes In the last year or so, unsolicited bulk e-mail, more affectionately known as “spam,” has made headlines and angered, irritated, and frustrated millions of e-mail users. It’s even having a significant impact on the infrastructure of the Internet; AOL reports it blocks approximately 1 billion spam e-mails per day. Such a high volume consumes considerable resources. As founder and president of Roaring Penguin Software, Inc., David Skoll applies his experience in custom software development, network design/security, Web, e-mail, and FTP server configuration to solving the networking, systems, and software tools challenges of enterprises. David is the developer of MIMEDefang and creator of rp-pppoe, a PPPoE implementation for Linux that is deployed across Linux servers and clients worldwide. Most recently, he developed and now offers CanIt, an industryleading anti-spam solution for enterprises. [email protected] Outlook, Pine, or whatever program Alice uses to create and send e-mail. Alice composes her e-mail and then clicks “Send.” Alice’s MUA contacts her service provider’s SMTP server. SMTP (Simple Mail Transfer Protocol) is the agreedupon “language” for transferring mail across the Internet. Alice’s MUA tells the SMTP server who is sending the e-mail and who the recipients are (in general, there can be many recipients). It then sends the message header and bodies. Once the SMTP server has collected the message and agreed to transfer it to the final destination, Alice’s MUA reports successful transmission. The SMTP server stores the message on disk and attempts to send it to its final destination. If Bob is across the country and uses a different ISP, Alice’s ISP’s server determines which server handles mail for Bob’s domain. It looks up this information in the Domain Name System (DNS). DNS is a large, decentralized database that maps machine names (like www.roaringpen guin.com) to IP addresses (like 216.191.236.23). DNS also tells mail servers where to send mail for a given domain. Alice’s ISP’s SMTP server connects to another SMTP server and transmits the message, much as Alice’s e-mail program PREMIER 2003 22 his article will describe how spammers can get away with spamming, why spam is such a problem, and why it’s likely to remain a problem for quite a while. However, it’s not all bad news; I’ll give you concrete tips for reducing spam and lowering the cost of spam to your organization. As an added benefit, some of the techniques serve to increase spammers’ costs. T How Internet E-Mail Works To understand spam, we first have to understand how e-mail flows across the Internet. Suppose Alice wants to e-mail Bob; Figure 1 shows how it might work. Alice sits down at her computer and starts her Mail User Agent (MUA). This is simply the technical term for Evolution, A B O UT TH E A UTH O R D AV I D F. S KO L L did in the first place. The server may contact the final SMTP server responsible for Bob’s e-mail directly, or there may be a series of servers that relay the message. The exact path taken by the mail depends on Bob’s ISP, and to some extent on conditions on the Internet at the time. For example, if Bob’s ISP’s main SMTP server has crashed, mail may be temporarily routed to an alternate server. Alternatively, Alice’s ISP’s server may hold on to the mail and retry transmission periodically. Eventually, Alice’s message arrives at the final server that holds Bob’s mail. The mail stays there until Bob connects to retrieve it. When Bob clicks on “Check for New Mail” in his MUA, the MUA contacts Bob’s ISP’s server and downloads mail. Rather than using SMTP, this final download usually uses a protocol called Post Office Protocol 3 (POP3) or Internet Message Access Protocol (IMAP). Regardless, once the mail is safely on Bob’s computer, it is usually deleted from the ISP’s server. How Spammers Exploit Internet E-Mail When SMTP was designed some 21 years ago, it met the design goals admirably – it was a simple, easy-to-implement, reliable mechanism for getting mail from Alice to Bob. Understandably, of course, it did not meet goals which weren’t important 21 years ago, but have become very important today. SMTP suffers from the following shortcomings: • There is no mechanism for authenticating a sender. That is, anyone can fake email from Alice, and Bob will have a www.LinuxWorld.com E-MAIL hard time telling that it isn’t actually from Alice. • Even if we could authenticate senders, SMTP has certain special senderaddresses that must always be accepted as valid, no matter what. These special addresses are intended for error reporting, but can be exploited by spammers. • SMTP doesn’t define a policy for relaying mail. Until fairly recently, many SMTP servers would happily accept e-mail from anyone, for anyone, and relay it onward. In the next section, you’ll see why these so-called “open relays” are a problem. Unfortunately, neither SMTP nor the underlying Internet protocols were designed with security or authentication in mind. On the one hand, the simplicity of the protocols leads to the rapid expansion of the Internet and the dramatic growth of the Web. On the other hand, it also led to problems like spam and Internet fraud. A Few Years Ago: Open Relays In the past, spammers would actively search for and exploit open relays. An open relay is an SMTP server that will accept email from anyone and send it to anyone else, without requiring authentication. The reason open relays were so attractive is that they serve as bandwidth multipliers. If a spammer on a dial-up line wants to send one million messages, that could take a while if he or she has to send each message individually. However, an open relay allows the spammer to batch up messages – for example, he or she can send one message and tell the relay to send it to 100 recipients. This reduces the spammer’s bandwidth by a factor of 100 – an enormous savings. The problem of open relays led to the formation of DNS-based real-time blacklists. Just as the DNS can hold information about host names and addresses, it is also possible to maintain databases of known open relays. SMTP software can consult these databases and refuse e-mail from a known open relay. DNS-based blacklists are useful, but they can also cause problems. Some blacklists are overly aggressive, blacklisting whole swaths of the Internet because of one badly behaved server. They also may be slow to remove open relays once they have been fixed. Relying on such overly aggressive blacklists can result in legitimate mail being lost. On the other hand, more conservative blacklists are reactive – they require ample proof that a machine is an open relay before listing it. Unfortunately, by the time the relay makes it onto the blacklist, the spam has already been sent and the spammer begins searching for another open relay to victimize. Spammers still use open relays because they can help obscure the original source of the e-mail. So real-time blacklists are worthwhile, but be aware that they will not stop all or even most of your spam, and banning mail based on the fact that its relay is in a blacklist will cause you to lose valid e-mail. Alice B b More Recently: Cheap Broadband In the last couple of years, residential broadband has become cheap enough that many people can afford a fast Internet connection. This means that spammers can send directly from their cable modem or DSL link, without requiring the bandwidth multiplication of an open relay. For example, a spammer with a cable modem capable of transmitting 500KB/s can theoretically transmit just over a million 5KB spams per day. Thus we see a couple of trends: spam messages tend to be fairly short now, because home spammers don’t have the benefit of bandwidth multiplication. Also, we see message mutation – spammers insert random characters into message headers and bodies to try to fool software that recognizes “known-spam” messages. If you have to transmit every message from your computer anyway, you might as well mutate it to make widespread detection of identical messages difficult. Anti-Spam Tools Anti-spam tools can be divided into the broad categories described in this section. Blacklists and Whitelists These tools cover both real-time DNSbased blacklists as well as personal blacklists and whitelists maintained by server administrators or end users. Blacklists and whitelists have a number of problems. They tend to be reactive, kicking in only after spam has been delivered at least once. They may also be overzealous, stopping legitimate e-mail. Finally, blacklisting by sender address or domain is practically worthless, because these can easily be faked. Distributed ‘Bulk-Measurement’ Tools MU A MU A MT A The Distributed Checksum Clearinghouse (DCC) collects statistics about how many copies of a particular message have been sent. Clients can query the DCC and refuse messages that “look” bulky, by whatever criteria the client uses. For example, you may choose to reject a message if 350 identical copies of it have been sighted in the wild. DCC is a very clever idea, but it only samples a small percentage of all Internet e-mail. It can also be fooled by hash-busting techniques (message mutation to fool duplicate-detection) and may yield false positives for mailing-list traffic. 23 PREMIER 2003 SM OP3 or IMAP MT A MT A SM FIGURE 1 M ALICE EMAILS BOB www.LinuxWorld.com E-MAIL Distributed Spam-Reporting Centers One example is like Vipul’s Razor. Razor allows you to report spam to a central clearinghouse, and other Razor clients can query the clearinghouse to see if a message has been reported as spam. Razor uses sophisticated techniques to try to fool mutations and hash-busting, but again, a determined spammer can probably work around it, and Razor also sees only a small percentage of all Internet e-mail traffic – as of mid-March 2003, Razor processes around 15 million e-mail messages per day, which is probably much less than 1% of the Internet’s daily e-mail volume. The content-filtering category can be further divided into tools that come with a built-in set of rules, and tools that “learn” from your incoming e-mail. The hottest topic in mail filtering recently is so-called Bayesian filters. You train these filters by marking your incoming mail as spam or non-spam. Using statistical techniques, the filters eventually come to recognize key words or phrases that are useful for distinguishing spam from nonspam, and can automatically characterize email fairly accurately. Content filtering has some disadvantages. Because it must analyze the mail message, content filtering can be applied False Positives In an ideal world, you’d set up your mail server with its arsenal of anti-spam tools, and it would automatically get rid of almost all of your spam, leaving you only with valid messages and the occasional spam that slips through. Unfortunately, almost all spam-detection tools have a nasty side effect: they occasionally misclassify valid e-mail as spam. This kind of misclassified e-mail is called a “false positive,” and is a showstopper for many people. Many businesses feel they cannot afford to lose even a single potential client or sales lead, so they do “Spam is a problem because of a combination of technical, economic, and social conditions” Sender-Verification Tools not discard e-mail identified as spam. Instead, they simply tag it or file it in a different folder. Unfortunately, this means that you have to check the spam messages every so often to extract the occasional valid e-mail. This wastes time and defeats the purpose of having automatic spamdetection tools. These tools examine the content of email messages, and (with varying degrees of sophistication) attempt to classify e-mail as “spam” or “non-spam.” Simple-minded content filters can often incorrectly categorize e-mail, much to the annoyance of both senders and recipients, but better-designed and more sophisticated filters can achieve quite high accuracy rates. only after the sending SMTP relay has transmitted the message. If content filtering is done on the mail client, then you’ve already wasted time downloading the mail so your filter can examine it. On the other hand, some organizations that filter on the server use a single set of rules for the entire organization. This may or may not be acceptable; what the engineering group considers spam might not be spam to the marketing group. Content filtering is expensive in terms of CPU time. And Bayesian filters can quickly build a rather large database of word or phrase frequencies; if you want to have individual Bayesian filters for thousands of end users, you could be looking at significant amounts of storage. Content filtering can be fooled. A filter that uses externally supplied rules needs constant updating. While it is harder to fool Bayesian filters, it is still possible. By carefully crafting email messages, an attacker could cause the Bayesian database to grow significantly. Also, Bayesian filters require a fair amount of work from the end user to train them. In spite of these problems, filters are currently the most accurate way to sort spam from non-spam, and Bayesian filters are probably the best way to customize filtering per recipient. PREMIER 2003 24 www.LinuxWorld.com These tools attempt to verify that the sender address exists. There is no satisfactory automatic way to determine this, so some tools send out a “challenge” to unknown senders. If the sender does not reply with a correct response within a certain time period, the mail is discarded. Challenge/response tools are probably highly effective, but they are also very annoying for people who are trying to communicate with you. Many people will not bother responding to a challenge to prove their existence, especially if they just dashed off a quick note to a sales or information address on a Web site. Also, the email traffic caused by the outgoing challenges may itself be viewed as spam if challenge/response systems become widespread. Content Filters Profile of the Ideal Anti-Spam Tool After all this discussion, we can build the profile of the ideal anti-spam tool. 1. The tool must work with current protocols and Internet infrastructure: A true solution to the spam problem will probably require complete reengineering of Internet e-mail protocols; such reengineering is unlikely to happen within the next decade, if at all. So practical antispam tools must work within today’s SMTP environment. 2. The tool must not depend on a significant fraction of the Internet adopting it: It’s no good to say “if only all SMTP service providers would provide strong authentication...” because it won’t happen. Getting even a small fraction of Internet users to agree to change something on their mail servers is nearly impossible. E-MAIL lor messages to evade filters; if different users have different filtering rules, it’s hard to know how to construct a message that will evade them all. 8. The tool should be efficient and not overload the mail server. 3. The tool should run on the mail server: Updating software on a few million mail servers is far cheaper than distributing software to hundreds of millions of enduser PCs. Filtering on the server also saves download time for dial-up users. 4. The tool should be broad-spectrum and capable of easily integrating new antispam technologies as they become available: Simply using real-time blacklists and leaving it at that, or only doing simplistic word or phrase filtering, just won’t cut it. Because the spam versus antispam battle is an arms race, our antispam tools must be capable of identifying and reacting quickly to new spammer tactics. 5. The tool should be flexible: This follows from the previous point; it should be easy to modify the tool to stop new spammer tactics. 6. As far as possible, the tool should preserve both the sender’s and the recipient’s privacy: It should not expose the contents of e-mail to anyone unless the recipient explicitly consents to such exposure. 7. The tool should be customizable on a per-recipient basis: What’s spam to you might be fascinating news to someone else. Server-based filtering should not arbitrarily decide for end users what is spam and what isn’t; end users should be able to select their own level of filtering, and set their own level of tolerance for false positives. Individual users should decide whether or not they want to put correspondents through the hassle of a challenge-response system. Per-recipient customization has the additional benefit of making it harder for spammers to tai- A combination of tools that comes very close to our ideal profile is SpamAssassin combined with MIMEDefang. Both of these tools are freely available under open source licenses. SpamAssassin is a Perl-based filter that performs hundreds of checks against email headers and bodies, and assigns a score to each check that matches. The scores are designed so that any mail scoring under 5 points is probably not spam, and anything scoring 5 or over probably is spam. Because SpamAssassin uses sound statistical methods to derive the scores, it is amazingly accurate and produces very few false positives. SpamAssassin also integrates DCC and Razor clients. Of course, as time goes by, the SpamAssassin rules become less effective, because spammers change tactics. Nevertheless, the basic SpamAssassin rules retain their efficacy for several months, which is enough time for the SpamAssassin crew to identify new spam tactics and update the rule set. In addition, the latest release of SpamAssassin features Bayesian filtering, so it can learn to distinguish spam from non-spam from your mail stream. This extends the useful lifetime of a particular SpamAssassin release quite a bit. SpamAssassin can be integrated into the mail server in several ways. Probably the most common is to call it from “procmail” – when the mail message is about to be delivered to your mailbox, SpamAssassin scans it and can affect how the message is delivered. However, a more efficient method is to integrate SpamAssassin directly into the MTA. The popular Sendmail MTA has a method for hooking content filters right into the SMTP conversation; this method is called “Milter,” for “Mail Filter.” MIMEDefang is a C- and Perl-based milter that integrates with Sendmail and SpamAssassin (and a number of virus scanners). MIMEDefang uses architectural tricks to make Perl scanning efficient – ordinary PCs can easily handle 100,000 messages per day, and some organizations have MIMEDefang deployments that handle almost 2 million messages per day. Note that there are other content scanners out there, such as CRM-114, a very sophisticated statistical classifier, and Bogofilter, another Bayesian filter. There’s also POPFile, a Bayesian filter designed to pull mail off POP3 servers and classify it. There are also other Sendmail milter programs, many of which are listed on the Milter Community Site. However, in this article, I concentrate on SpamAssassin and MIMEDefang for a few reasons: SpamAssassin is the best-known contentscanning tool, and it also integrates many other anti-spam tricks such as the DCC and Razor. It’s also under active development. And MIMEDefang is the milter I’m most familiar with (having written it). It’s also easy to customize the behavior of your Sendmail server with MIMEDefang, and I believe that rapid customization is the key to reacting to new spammer tactics. www.LinuxWorld.com 25 PREMIER 2003 SpamAssassin and MIMEDefang E-MAIL However, all of the anti-spam ideas presented here are applicable to any mail server and any mail filtering system. Depending on your setup, however, some of these ideas may be more work to implement with a non-Sendmail system than with a Sendmail server running MIMEDefang. Using MIMEDefang and SpamAssassin Once you download and install MIMEDefang and SpamAssassin, your mail server will automatically tag messages that look like spam. You can configure your email client to look for these special tags and file spam in a separate folder or even discard it entirely. For more control, however, you can customize MIMEDefang’s filter. MIMEDefang filter rules are written in Perl, so you need to know a bit of Perl before you tackle filter customization. However, this programmability yields tremendous flexibility. Here are some things you can do very easily with MIMEDefang; the Perl recipes are available from the MIMEDefang mailing list archives: • Automatically reject messages scoring higher than a specified spam value. • Remove large attachments and replace them with URLs. • Reject mail in certain character sets, such as Korean. • Redirect suspected spam to a spamtrap e-mail address. • Detect and remove viruses and Windows executables. • Blacklist certain domains unless the sending relay matches the domain. For example, it is very effective to block mail from “hotmail.com” unless the name of the sending relay ends in “hotmail.com”. While this can block legitimate messages, this rarely happens, in my experience. It does block a lot of spam, though. Once you become used to MIMEDefang, you can explore tricks to combat spammer strategies. Let’s look at a few of these tricks. Spammers often do not wish to incur this expense; they simply ignore the failure and never resend the message. Therefore, a very effective technique is for your mail server to keep a list of “known senders”; that is, a list of senders who have ever attempted to send e-mail to the server. If mail from an unknown sender arrives, the sender is added to the list and a temporary failure notice is issued. If the sender is legitimate, the mail will be resent (typically after 15–30 minutes) and will be delivered as usual. If the mail is from a spammer using special “never-retry” software, the mail will never be delivered. This simple rule is very cheap, uses very little bandwidth, and stops anywhere from 10–20% of spam with no human intervention and practically no false positives. With a little effort, this rule can be programmed into MIMEDefang. Check the HELO string The rules of SMTP state that the sending relay must identify itself upon connection with a so-called “HELO” command. This command is supposed to contain the full host name of the sending relay. However, some spamware uses the host name of the receiving relay in the misguided belief that this will somehow relax anti-relay or antispam rules. Since your own mail server should never connect to itself, you can simply reject mail from any mail server claiming to be your own. Other spamware uses an IP address in the HELO command, often a completely random IP address to try to confuse recipients and cause them to misdirect spam complaints. Refusing mail from machines that use an IP address in the HELO command is cheap and effective. The two HELO checks, on our mail server, stop about 2.5% of all the mail we receive. Check for Sender/Relay Mismatches Spammers want to send messages cheaply. The normal rules of SMTP allow for a “temporary failure.” That is, the receiving server can tell the sending server that it is unable to accept mail for the moment, but the sender should retry a little later. This allows workarounds for transient problems, such as a full disk or a broken network connection, that are expected to be fixed later on. Well-behaved SMTP servers queue the outgoing message and retry periodically. This rule is not suitable for general-purpose use, because it could yield many false positives. However, we have discovered that rejecting mail from senders at “hotmail.com”, “aol.com”, “yahoo.com”, and “ibm.com” unless the sending relay’s name ends in the corresponding domain stops about 5% of our incoming mail volume. Our mail logs show that all such stopped mail is almost certainly spam – we see sender addresses such as “<[email protected]>” and “<tibia32 [email protected]>”, which appear to be randomly generated, as well as obvious spam sources like “<[email protected]>”. PREMIER 2003 26 Force a Retry Use Open-Relay Blacklists Open-relay and other spam-source blacklists can be very effective; unfortunately, they can also yield a lot of false positives. We recommend that before you block mail based on results from an open-relay database, you configure MIMEDefang to tag such mail first. After a month or so, you’ll get a feel for how aggressive or conservative the database is, and you can decide whether or not to trust it to reject mail automatically. Summary Spam is a problem because of a combination of technical, economic, and social conditions. Current e-mail protocols cannot enforce authentication; sending e-mail is so cheap that even dismal response rates make spamming profitable, and enough people are taken in by spam fraud that it makes the con artists keep spamming. Unfortunately, all of those conditions are difficult to change. An overhaul of email protocols is not likely in the short to medium term. One of the attractions of email is the very low cost of sending e-mail; any solution that makes it expensive to send e-mail will also change the nature of e-mail and make it much less attractive. And as long as there are gullible people out there, spammers will always have a nonzero response rate. Given these conditions, the fight against spam will be a long, grinding arms race. No single tool or technique will vanquish spam; instead, we need to use combinations of tools and techniques to restrict the strategies available to spammers. By forcing certain behavior on spammers, we can lower the cost of dealing with spam and improve our spam-fighting tools’ automation. Resources • Distributed Checksum Clearinghouse: www.rhyolite.com/anti-spam/dcc • Vipul’s Razor: http://razor.sourceforge.net • “A Plan for Spam” (Bayesian filtering): www.paulgraham.com/spam.html • SpamAssassin: www.spamassassin.org • CRM-114: http://crm114.sourceforge.net • Bogofilter: http://bogofilter.source forge.net • POPFile: http://popfile.sourceforge.net • MIMEDefang: www.mimedefang.org • Milter Community Site: www.milter.org • CanIt: www.canit.ca • Open-Relay Blacklists: http://dmoz.org/Computers/Internet/ Abuse/Spam/Blacklists LINUXWORLD MAGAZINE WWW.LINUXWORLD.COM www.LinuxWorld.com DR. MIGRATION Introduction to the Linux Desktop A look at Linux in the Windows-centric enterprise This column is dedicated to helping IT managers understand and investigate Linux as an alternative to commercial server and desktop solutions. As a Windows refugee I’ll share my experience, providing both strategic and tactical advice on how to take advantage of the Linux operating system. I hope this column will be a resource for understanding the business case and technical pathways to migration. Meet the Doctor BY M A R K R. H I N KL E market share and coffers overflowing with cash. Paradoxically, at no time in computing history has a community development effort or an alternative operating system posed such a looming threat to an industry leader as Linux now does to Microsoft. Linux vs Commercial Operating Systems Mark R. Hinkle is the vice president of operations for NeTraverse, a Linux software company that specializes in Windows-to-Linux migration. He is on the Formation Board for the Desktop Linux Consortium. [email protected] most organizations’ needs. In spite of this, a responsible manager should pursue the best value (features plus performance divided by cost). It’s a Microsoft world, but Linux is a popular option that offers good value – and hopefully the competition that will drive improvements in both operating systems. Despite Linux’s growing popularity, there’s quite a gap to bridge, especially as Microsoft enjoys a comfortable lead in The business case for Linux involves many factors: improving your overall TCO (total cost of ownership), adding functionality, and improving stability, productivity, and overall knowledge worker efficiency. This is a tall order for an operating system that some have described as a hacker science project. As you embark on your personal investigation you’ll probably have to consider the following issues: • Software licensing costs: One of the strongest selling points associated with Linux is the Open Source/Free Software model. Software and operating systems are community property that can be downloaded for free from the Internet. However, this is simply the tip of the iceberg, a “free ticket” to a great show. Once you figure the cost savings for administration and benefits from increased productivity, you’ll realize this is simply a low barrier to entry and only a fraction of the real value of Linux. • Reduced administration: In the typical office, whether it’s an SMB (small-tomedium business) or an enterprise, the cumulative costs for administrators, help desks, and the tools needed to support these functions can become costly. Linux can be remotely administered with a very secure set of open source tools, enabling administrators to fix problems even as users continue uninterrupted in their everyday work. PREMIER 2003 28 www.LinuxWorld.com ’ve been a dedicated Microsoft user since the beginning. However, the increasing frequency of operating system upgrades, rising minimum hardware requirements, and the general lack of valuable features included in new releases prompted me to explore alternative operating systems. For years, I turned primarily to Microsoft for my computing needs both in my personal life and for the businesses I’ve been involved with. In recent years Linux has emerged as a viable alternative to Microsoft for all my computing needs, be it an enterprise server or personal desktop. The Linux alternative and the strategies for migrating from Windows to Linux will be the subject of this column. As you explore Linux as an alternative to your existing infrastructure, the reasons to migrate to Linux should be business driven, not ideological. Anti-Microsoft sentiment seems to be growing, but at best it should be only a catalyst for researching alternatives. The simple fact is that Microsoft does offer a complete set of tools to address I A B O UT TH E A UTH O R DR. MIGRATION At one time the number of reasonable objections to Linux outweighed the benefits of migration for many organizations. That day has passed. Linux is now a realistic and responsible solution for more companies, schools, and government organizations than ever. Despite this fact there are several popular objections to Linux on the desktop, to which I offer short rebuttals. These points may help reassure those of you who are on the cusp of making a commitment, or at least beginning to research Linux as an alternative to your current IT solutions. • Forking: Many IT managers fear forking or diverging Linux development that could result in incompatible vendorspecific versions. This is a legitimate concern. However, major hardware vendors like HP, IBM, and Dell are working in the open source community to drive standards that will ensure an enterpriseclass operating system. The most notable initiative to date is the United Linux project (www.unitedlinux.com), which is a collaborative effort for standardization of a Linux platform that can be used as the base for Linux vendors to then apply value-added services and software. The success of this project will help ensure that fragmentation and divergence are avoided, and that a consistent high-quality product continues to emerge. • Lack of familiar applications: Windows has enjoyed an 18-year history as a desktop operating system with over a million applications available to the Windows user. However, Linux development is making exponential gains in valid productivity applications. Additionally, there are some very good ways to migrate your existing Windows applications to Linux while preserving your investment. In particular Win4Lin (www.win4lin.com), a Windows operating system integration program, allows you to integrate existing Windows operating systems and applications into your Linux operating system. This solution has an 18-year history on SCO Unix and over the past few years has been migrated to Linux. Fortune 500 companies like Oracle, AT&T, and McDonald’s have already adopted this technology. • Support: Since the operating system is developed in the general community, it’s unclear to many where they could turn for support. IBM, the world’s largest software services company, is fully committed to supporting Linux on the enterprise, SMB, and community levels. However, for the SMB the best support options are available from the Linux distribution vendors, whose main form of revenue will be generated by supporting the Linux operating system and applications. Red Hat has emerged as the leader in this field, and German software distributor SuSE is following close behind. Additionally, a rapidly expanding number of regional VARs (value-added resellers) have the ability to help businesses execute a dependable technology plan. • Lack of Linux expertise: Many organizations have spent so much time and money in training their staff on Windows or other operating systems and applications that the learning curve is their biggest factor for not moving. This is probably the most legitimate of www.LinuxWorld.com 29 • Improved stability and productivity: Linux is truly a multiuser/multitasking environment with good resistance to crashes, and it allows users to resist the need to reboot. It is not uncommon for computer users to go weeks or months without a reboot. Imagine how much time you may be losing already; one reboot a day per computer-dependent worker adds up fast. Especially if that reboot is accompanied by an unnecessary break (a cup of coffee and a “bull session” while my computer is rebooting may take several minutes). If that one reboot costs a company five minutes per employee per day, multiply that by the number of employees, and losses in productivity are substantial. • Customizability and open source: With commercial operating systems you often end up paying for unutilized or underutilized features. Most Windows users today utilize only a small fraction of the features and software made available to them when they buy the Microsoft Office suite and the operating system. Implementing an open system like Linux enables you to choose to install thousands of applications or just the applications you need, with little or no licensing costs. Biggest Objections to Using Linux all objections – until they look at their five-year planning horizon and consider the risks of a subscription-based Microsoft upgrade path. Retraining costs are significant in any move from one operating system to another, but system upgrades every two years from Microsoft require some training as well. Decision makers need to carefully weigh these costs when deciding between moving to a new operating system or staying with the old. With a well-defined phase-in plan it’s possible to minimize retraining costs over time while realizing the benefits of a Linux operating environment. Hopefully you now have some confidence in why you should be investigating Linux as a desktop alternative. The next step is to do some firsthand research and see the operating system in action. The Linux Desktop from a User’s Point of View Most people who first see the Linux desktop are surprised by its similarity to the environments that they are already using. The most popular environments are the KDE (www.kde.org) and GNOME (www.gnome.org) desktop environments. Despite the stigma Linux has of being a “geek’s” operating system, there are many community projects aimed specifically at making the Linux operating system friendly to the novice Linux user and those who may be quite experienced using other operating systems, like Windows. The desktop environments shipped with most major Linux distributions are very similar to those that you’re accustomed to in Windows. Many have a button in the lefthand bottom corner were you can “start” gaining access to applications or find control panels to adjust settings. The desktop in most popular environments has the familiar trash can and a file browser as on the Windows and Mac operating systems. The familiar network neighborhood icon is absent by default, but there are a number of open source projects that provide the same functionality for Linux. Nearly all of these crossover networking solutions are based on the Samba project (www.samba.org), which can communicate with Microsoft’s file- and printer-sharing protocol, SMB (Server Message Block). PREMIER 2003 DR. MIGRATION Now that you understand the similarities between the Linux and Windows desktop environments, let’s look at the differences. The first is the workspace guide. This allows you to create virtual desktops, where applications can be stuck on each desktop like sticky notes. Rather than minimizing applications to view the desktop, users can sim- ply stick a few applications on each desktop and navigate their virtual workspaces via a grid on the taskbar. However, it’s as simple to minimize applications as in Windows. Another useful feature is the design of the Linux GUI (graphical user interface). It utilizes the X Windows system, which is not necessarily tied to a physical piece of hard- ware like the traditional PC. It’s actually a virtual display that can be displayed to a local computer monitor or forwarded to another screen connected via a network – perhaps one of the most useful and underutilized features of Linux. System administrators and help desk personnel can take over an X Session remotely, fix problems they can duplicate, and diagnose firsthand the problems that may exist with a system – all from the comfort of their support desk. This is the same precept as PC Anywhere and the popular GoToMyPC.com. Additionally, this redisplay can be securely tunneled via the SSH protocol to avoid network snooping. We can take this solution one step further. Because Linux is a multiuser operating system able to serve many accounts from one PC or server, identical or customized desktops could be redisplayed to dumb terminals or other PCs. With a little know-how you could eliminate PCs that require individual updates and constant hardware upgrades. The life of the PC on the desktop could be extended by years and upgrades could be made in the data center rather than at each user’s desk. At the very least it’s an ideal solution for call centers and the like, where terminals are shared between users on various shifts. The idea of centralized computing is an old idea from the days of the mainframe. It may not be the ideal solution for everyone but it has merit for many situations. One popular Microsoftcompatible solution provider, Citrix (www.citrix.com), has demonstrated the value of this model, though their core competence is reducing bandwidth and delivering Windows terminals over latent networks. Terminal services is a useful solution for many problems; I discuss this idea in detail in future articles. The fact is that out-of-the-box or freshly installed, most Linux desktop distributions mimic the popular commercial desktop operating systems. However, the Linux desktop is infinitely configurable, and polling many users on the configuration of their desktop may result in drastically different results. Figure 1 shows Windows 2000 Professional running Microsoft Word, Excel, Windows Media Player, and AOL Instant Messenger. Figure 2 shows Red Hat Linux 8.0 with the GNOME Desktop Environment running Open Office Writer (word processor) and Open Office Math (spreadsheet), GAIM (instant messaging client), Win4Lin (Windows on Linux solution), and Evolution (a Microsoft Outlook–style e-mail client). PREMIER 2003 30 www.LinuxWorld.com FIGURE 1 WINDOWS 2000 PROFESSIONAL DESKTOP FIGURE 2 GNOME DESKTOP DR. MIGRATION Practical Solutions: Easy Linux Test Drive In the coming months we’ll discuss tactics for migrating to Linux from a Windows environment. Many organizations today already have Linux running in the back rooms and data centers where the most technical employees work. However, many decision makers have never seen the operating system in action. In the interest of improving your firsthand knowledge as well as to give you insight into how the operating system compares to your current operating system, I would like to offer a practical tip on how to go about your investigation of Linux. Software distribution companies like Red Hat (www.redhat.com), SuSE (www.suse.com), and Mandrake (www.mandrakesoft.com) all offer affordable desktop solutions for less than $100 (the cost is for the installation media, documentation, and support – not software royalties). However, it will be necessary to dedicate a computer for running Linux. I would instead suggest a less-committed solution. As a first step I suggest a distribution that can be run from a bootable CD and can be running on your desktop in less than a minute. Many free projects are available for download. Many of these distributions are developed to solve certain problems. The advantage is often that the file systems are read-only, so they can’t be altered in a hacking attempt. Practical applications for this technology are for simple tamper-proof firewalls, unsophisticated Web servers, rescue disks, operating systems for thin-client computing applications, and live demos. There are varying reasons to use an operating system that can be run from a CD. There are many practical uses for this type of configuration, as I’ve mentioned, but the reason most germane to this conversation is that this is an easy way for users to see a demonstration of the Linux operating system. Listed below are some other great uses for this type of distribution: • Rescue disk: Quite a few excellent rescue disk solutions are freely available for download – a functioning operating system with network access is only a reboot away. Since file systems can be read by the Linux operating system, files can be edited, drivers can be downloaded, and the knowledge base of your manufacturer can be surfed, despite the desktop computer’s broken state. • Product demo CD: Imagine walking into a customer’s office, popping a CD into his desktop computer, and demonstrat- www.LinuxWorld.com Figure 3 KNOPPIX operating system ing your product on his machine. Using a bootable CD with the appropriate software is a good way for you to make a high-impact impression. • Diskless workstations: One of the easiest ways to repurpose old PCs is to create diskless workstations. These workstations could be early-generation Pentium class PCs, damaged machines with software or hard disk problems, or computers with low customization requirements. Virtually any PC that has a CD drive and working processor could be put into low maintenance service by simply setting the computer to boot from a CD (a variety of solutions exist in this space). Take a look at workers who simply need word processing, e-mail, and Web access. Imagine never having to fix a user-caused error again. Updates to the system could be as easy as changing a CD. Once again, this may not be the solution for everyone but it’s definitely food for thought. Your First Linux Operating System: KNOPPIX For the purposes of this discussion, I recommend a distribution called KNOPPIX (www.knopper.net/knoppix), a more full-featured bootable Linux distribution. This operating system is a good way for anyone without firsthand Linux knowledge to look at the features available today in most desktop Linux distributions. The best part about KNOPPIX is that it can be downloaded via 31 Windows and burned onto a CD for use on your existing PCs. By default the KNOPPIX operating system will not write to your hard drive or damage your existing operating system. However, it is possible to alter your hard drive or to run your monitor at a resolution outside the manufacturer’s recommendations if you pass certain commands to the system. As always, you should read the documentation and proceed at your own risk. How It Works KNOPPIX is a one-CD, live file system that can be customized as a rescue system, security scanner, or platform for presentations and demos, or as a full-featured portable production platform with tools like KOffice and StarOffice. The underlying GNU/Linux base system is modified to boot non-interactively into a working X Window and KDE configuration, with all auto-detectable devices configured, ready to start applications. Because of the on-the-fly compression of KNOPPIX the whole file system can contain up to 2GB of software on the typical CD. Best of all, KNOPPIX can be used without altering your existing desktop computer. What Applications Are Included with KNOPPIX? What’s truly amazing is the sheer number of applications available from this one CD – over 900 installed packages in all. This col—continued on page 67 PREMIER 2003 INDUSTRY OPINION Striking the Balance Free software projects have to find a reasonable balance between business interests and other interests There is a potential conflict of interest between business and society, and that conflict can arise in free software. It’s up to all of us to choose how to resolve that conflict. Ian Lance Taylor discovered free software and the GNU C compiler in 1990 and has never looked back. He has contributed to dozens of free software packages, wrote the GNU/Taylor UUCP software package, and was a coauthor of the book GNU Autoconf, Automake and Libtool. [email protected] whole. Successful free software development efforts generally require central maintenance – one person or a small group of people who weave the various contributions together while maintaining the overall harmony. It’s neither anarchy nor dictatorship. The interests of society are best served when the central maintainers are free to choose the changes they prefer. When the maintainers make good choices, the project succeeds. If the maintainers make bad choices, that project will fail, or else different maintainers will pick up the sources and start making their own choices, an occurrence known as a fork. Businesses, of course, are interested in profit. When the maintainers of a free software project work for a company with a direct business interest in the project, their decisions about the project are no longer entirely free; they are constrained by the needs of the business. The potential problem is not really that business interests will cause bad choices to be made. After all, it’s probably not good for the business if the free software project fails or is forked by somebody else. The potential problem is that business interests will cause certain good choices to not be made, either because they are against the interests of business or simply because the maintainers don’t have time to focus on particular issues. This issue is not purely theoretical. In fact, in my years in the free software community, I’ve seen it frequently. Rather than speculate about other people’s motivations, I'll give an example from my personal experience. For a few years I was the GNU binutils maintainer and also an employee of PREMIER 2003 32 edical researchers agree that the best way to see whether drugs are really effective is large-scale double-blind testing, which is expensive. Most such drug testing these days is paid for by drug companies. Naturally, they tend to test their new, expensive, patented drugs. There are relatively few tests run on old, cheap drugs with expired patents or no patents, even when those drugs might have interesting new uses that could help lots of people. It’s pretty obvious that there is a potential conflict of interest between drug manufacturers and public health. It’s less obvious how to resolve it. The present resolution is not quite putting the fox in charge of the hen-house – but it’s pretty close. Why am I writing this in a magazine about Linux? To remind you that there is a potential conflict of interest between business and society, and to talk about how that conflict can arise in free software. Free software is important to society because it gives us all a computer environment that we are free to use and to change. When that environment becomes steadily more powerful and easier to use, as has happened and continues to happen with Linux, then we all benefit. However, those improvements don’t happen by themselves; they happen because people work on them. Free software at its best is a collaborative effort in which many developers work together in different ways to produce a harmonious M A B O UT TH E A UTH O R BY I A N L A N C E TAYL O R Cygnus Solutions (which was later purchased by Red Hat). During that time I often had to choose to implement features useful only for specific Cygnus customers rather than features useful for a broad range of people. For example, to this day the GNU binutils include a program which can convert an ELF object file into a NetWare Loadable Module. That program is rarely used even on the Intel x86 platform, but in fact several man-months of time were put into supporting other processors – work which I doubt anybody has ever used, as it was intended to support the Processor Independent NetWare project which was, in the end, canceled. That time could surely have been better spent, and in fact the nlmconv program continues to have a minor cost as the current binutils maintainers have to make sure that it continues to compile, and will eventually have to decide to get rid of it. On the other hand, I don’t want to minimize the benefits of having businesses pay the maintainers of free software projects. Most obviously, it gives those maintainers more time and more resources to work on the project. But we as a society shouldn’t let these benefits blind us to the potential conflicts. As with most things, we have to weigh the benefits and the costs. In fact, I think that as a society we’re doing fairly well right now with free software. I think that most free software projects have found a reasonable balance between business interests and other interests. But as free software becomes steadily more popular, business interests become steadily more entangled with the free software world. I don’t want the free software world to wind up like the drug industry. I hope you agree with me and see that although it hasn’t happened yet, it still could. Fortunately, as with all things in the free software world, we’re all free to choose what will happen. LINUXWORLD MAGAZINE WWW.LINUXWORLD.COM www.LinuxWorld.com PRODUCT REVIEW NetOp Remote Control for Linux Instant access to Linux machines around the globe R E V I E W E D Have you ever needed to get to a Linux desktop on your network, whether to pro- BY TO M M O NTG O M E RY Product Snapshot vide desktop support or install an application that required a GUI interface to install? Target Audience With NetOp Remote Control for Linux, you don’t have to drive across town to do it. Tom Montgomery is a 15-year veteran of the IT industry. He spent 7 years with CSAA (AAA Northern California), where he learned much of the skills he possesses today including an in-depth knowledge of IBM mainframe networking, OS2, Novell, Windows, and network infrastructures. In 2000, Tom left CSAA to test the IT contractor market, which is when he founded Remote Visions, Inc. Since June of 2002, Tom has been dedicated to the software side of his business. [email protected] usually as a Web server, fileserver, or mail server, and we’re seeing more and more on the desktop. NetOp lets us get to those Linux machines just as quickly and easily as we can get to one of the Windows machines. Here’ s how NetOp works – our support staff has a NetOp Guest on their computer, and they can connect to a Host running on a client’s machine, giving them full control of the keyboard, video, and mouse no matter where the client is located. NetOp has had a Guest program for Linux out for a year or two, but there was no way to get control of a remote Linux desktop. With the introduction of the NetOp Host for Linux, it doesn’t matter whether the end user is on a Windows machine, a Linux machine, or even a Solaris machine (yes, NetOp has a Host for Sun SPARC boxes as well!), we can still support them. A typical use is the occasion where Telnet or SSH won’t work because a GUI interface is needed to install or use a certain application, such as Oracle or WebSphere. Other helpful features are the chat and file transfer features. Chat lets us have an instant message–type chat between our support staff and any machine with a NetOp Host on it. The file transfer lets us easily drag and drop files from Windows to Linux and Linux to Windows. NetOp also includes a handy Phonebook tab to PREMIER 2003 34 etOp Remote Control is a remote desktop application geared toward enterprise-level technical support. Since the early ’90s NetOp has been known for its speed, stability, and high level of security. We have used NetOp for Windows for years to support our customers, providing real-time technical support across the Internet (and modems when the network is the problem). NetOp has cut down travel time and has reduced incident response time from hours or days to mere minutes. It also lets us support many more clients than we could otherwise, since we aren’t running all over the place. One of our biggest challenges is that we keep finding Linux servers here, there, and all over the place – N A B O UT TH E R E V I E W E R Network administrators Level All Linux users Pros • Immediate, direct desktop connectivity • No need for separate products or interfaces to support Windows and Linux • Faster than VNC • No other products do the same • Free tech support for the life of the product Cons • Not free (but pays for itself very quickly) • Not as fast as Windows Remote Control Platforms Linux, Sun Solaris, Windows, OS2, DOS, and handhelds Pricing Available in combined Guest/Host packages or as stand-alone modules. Guest/Host packages start at $179. Flexible licensing is available “Per User” or “Per PC.” NetOp products, along with no-charge, toll-free support, are available in North America from the CrossTec Corporation or authorized resellers. For a free fully functional evaluation copy visit www.NetOpUSA.com call 800 675-0729 or e-mail [email protected] www.LinuxWorld.com PRODUCT REVIEW help us connect to PCs without having to remember their settings. With the NetOp Guest, we simply set up a phonebook entry for machines we regularly control – one double-click, and we’re connected and remote controlling the machine. It’s that fast and easy! The NetOp Host for Linux isn’t as fast as the NetOp Host on a Windows platform due to bitmapping instead of the GDI hooking that Windows uses, but it is much faster and less resource intensive than VNC. Also, unlike VNC, NetOp lets you connect to the desktop session that is running and does not start a new X Window session, basically enabling you to see what the user sees. Typically, when you connect via an X Window, whatever you’re doing is dependent on your X Session – meaning if you disconnect, the process you are running stops. Again, with NetOp Host for Linux you’re connected to the actual desktop, so if you disconnect, the actual process continues to run. This can be particularly helpful if the Guest PC is in a nonsecured area and you need to start a database process that might take several hours. I used to work at a bank where some procedures had to run overnight and you had to worry about whether an after-hours maintenance person might accidentally poweroff the PC. You can start it, disconnect, and then come back to it later without worrying what goes on with the PC in the interim. Officially, NetOp runs only on Red Hat Linux, and that’s what we’ve used it on, but it should work on just about any other flavor of Linux as well. On the support Web site, www.netop.com/tech, there are installation instructions for SuSE Linux as well. The installation is very simple via Red Hat Package Manager, and there’s also a TAR package available. CrossTec Corporation, the North American distributor of NetOp, provides a free full evaluation at www.crossteccorp.com and also provides free pre- and post-sale tech support. Overall I’m very happy with NetOp for Linux because it lets me reach places I couldn’t reach before, and I’m pleased with the performance and flexibility that it gives me as a technical support entity. LINUXWORLD MAGAZINE WWW.LINUXWORLD.COM www.LinuxWorld.com FIGURE 1 REMOTE CONTROL WINDOW AND TOOLBAR FIGURE 2 WINDOWS 2000 PROFESSIONAL CONTROLLING A RED HAT LINUX SERVER 35 PREMIER 2003 FEATURE HyperThreading HT performance gains make a strong case for Linux PREMIER 2003 36 Linux www.LinuxWorld.com FEATURE BY PA U L B E M O W S KI Linux currently enjoys tremendous momentum in the contest for the enterprise data center. Several factors contribute to this momentum, including the high cost of alternative platforms, newfound maturity and stability in the Linux OS, and undoubtedly the success of Intel’s high-end line of Xeon processors. With these processors comes a new technology that holds great promise: Hyper-Threading. ith the introduction of the Xeon, Xeon DP, and Xeon MP processors using the P4 core architecture, Intel has incorporated a new feature known as Hyper-Threading or HT. HT is Intel’s implementation of a technology known as Simultaneous MultiThreading, or SMT, that allows a single physical processor to execute multiple threads concurrently. This new feature has great potential in the heavily threaded back-end systems that Linux is targeting in the enterprise data center. W Understanding Hyper-Threading In an SMT system, a single physical processor duplicates some of the on-chip architectural state, allowing the processor core to make greater use of available resources. The second architectural state holds another thread context, allowing the processor to more completely use its resources when an active thread encounters some type of latency. For example, when a processor encounters a cache miss, there is a slice of time that is normally wasted while the processor makes a long-latency read from main memory. In this brief slice of time, the vast majority of the processor’s resources sit idle, while the processor reports itself as busy to the operating system. In an SMT system, the processor will use an on-board thread scheduler to immediately execute the second on-chip thread context’s instructions, making use of otherwise wasted cycles. Figure 1 illustrates the basic architecture of an SMT processor. Most of the processor’s resources, such as the cache and the www.LinuxWorld.com Physical Processor Physical Processor Architectural State Architectural State Architectural State Logical Processor Cache Cache Processing Resources Processing Resources Non SMT Processor SMT Processor FIGURE 1 BASIC ARCHITECTURE computational units, are shared between the two on-chip thread contexts. SMT does incur some overhead. When two threads contend for the same processor resources, it is the responsibility of the on-chip thread scheduler to interleave the two active threads. For this reason, in certain situations a non-HT processor will outperform an HT processor. The net effect however is an overall improvement in performance for multi-threaded applications running on HT-enabled systems. HT-Enabled Systems From a hardware perspective, three subsystems must work together to enable HT: the processor, the chipset, and the BIOS. Processor Currently, all members of Intel’s Xeon processor family support HT. Xeon here is not to be confused with PIII Xeon. When Intel converted the Xeon’s architecture to the P4 core, it dropped the Pentium designation, calling the new processors simply Xeon. Xeons currently come in three flavors: Xeon, Xeon DP, and Xeon MP. All recent versions of these processors will support HT. Some older Xeon and Xeon DP processors, 37 commonly characterized by a smaller 256 Kb L2 cache, do not support HT. If you are purchasing a used Xeon system or used Xeon processors, be sure to confirm that they support HT. In early 2003, Intel released the 3.06GHz P4 on 0.13 micron technology. This new P4 supports HT, and signals the introduction of HT to desktop systems. Look for Intel to continue to support HT on all of its subsequent P4 releases. Chipset/BIOS HT requires chipset and BIOS support. Most of Intel’s newer chipsets are supporting HT. The following link presents a table of Intel’s current server/workstation chipset offerings. The last row in the table indicates whether the chipset supports HT technology. http://www.intel.com/design/chipsets/line card/svr_wkstn.htm The Basic Input/Output System, or BIOS, allows a user to set parameters affecting system hardware, before the system boots to an operating system. As such, the BIOS is generally tightly coupled to the chipset on which it is installed. In a BIOS that supports HT, the user will have an option to enable/disable HT support on the processor/chipset. With HT enabled on the system, the BIOS presents each physical processor to the operating system as a pair of logical processors. From that point, it is the responsibility of the operating system to make intelligent use of the additional hardware resources. Linux Support for Hyper-Threading Given a processor/chipset/BIOS combination that supports HT, the operating system also needs to support the feature. SMT introduces many nuances that affect thread scheduler performance. The first Linux kerA B O UT TH E A UTH O R Paul Bemowski is an independent consultant, focusing on Java and Linux solutions to enterprise computing problems. [email protected] PREMIER 2003 FEATURE nel with explicit support for HT was 2.4.18. Since then the 2.5.x kernel’s thread scheduler has incorporated numerous enhancements that will further increase performance on HT-enabled systems. Next, we’ll look at HT support in the 2.4 and 2.5(2.6) series kernels. Hyper-Threading in the 2.4.18+ Linux Kernel The current stable Linux kernel branch is 2.4.x, initially released in January 2001. The 2.4 kernel has since undergone extensive patching, initially for critical bug fixes, later for feature enhancements and support for new hardware. Because the BIOS will present even a single HT-enabled processor to the OS as two logical processors, all HT configurations should use SMP (Symmetric MultiProcessing) kernels. Pre-2.4.18 SMP kernels may recognize two processors in an HT configuration; however, the scheduler is completely unaware of the logical/physical processor differentiation. The 2.4.18 patch release added some features to the stock scheduler to make it behave better with HT hardware. A 2.4.18+ kernel is strongly recommended for HT configurations. FIGURE 2 TOP RUNNING ON A DELL SYSTEM WITH TWO PHYSICAL PROCESSORS, HT ENABLED Once you have successfully booted the HT configuration, run top. If HT is properly configured, you should see twice as many CPU states as you have physical processors (two virtual CPUs per physical CPU). Figure 2 is an example of top running on a Red Hat 7.3 system (2.4.18) with two physical Xeons and HT fully enabled. Note the CPU states 0–4, indicating the four logical processors. 2.5.x Thread Scheduler Improvements It would be wise to add this as a different boot configuration so that you can boot HT or non-HT. (To create an explicitly nonHT configuration, add the ‘noht’ boot flag.) 3. Finally, reboot the system. Before it restarts, enter the BIOS setup program. Under the processor options you will be able to enable or disable HT. Enable HT, and boot to the 2.4.18 or later SMP kernel with the additional parameters. As is standard in Linux kernel versioning, the 2.5.x versions of the kernel are the development branch that will become the 2.6.x stable releases. The 2.5.x kernel added a number of features to its thread scheduler that should extend the performance improvements of HT even further. A scheduler patch in 2.5.32 introduced the concept of a shared runqueue. The shared runqueue allows two (logical) CPUs, which share resources like cache, to have a scheduler parallel known as a shared runqueue. The shared runqueue may have many applications, but the initial implementation was created specifically with HT in mind. This new concept optimizes the kernel thread scheduler for HT in the following ways: • HT-aware passive load balancing: This feature addresses the physical CPU imbalance problem – one physical CPU may be running two active threads, while a second physical CPU sits idle. Passive load balancing will attempt to schedule new active threads on an idle physical processor. • HT-aware active load balancing: Active load balancing also addresses the physical CPU imbalance problem, this time for currently active threads. If three threads are running on three logical CPUs, and one thread goes idle freeing a physical processor, the scheduler will migrate an active thread from the physical processor running two threads to a physical processor running none. • Thread affinity: Thread affinity is important in SMP as well as SMT systems. Processors use cache memory to hold data and instructions that the processor is using at the moment. By attempting to keep threads scheduled on the same processor, the efficiency of the cache is greatly increased. Moving a thread PREMIER 2003 38 www.LinuxWorld.com Enabling Hyper-Threading in a 2.4 system Given an HT-enabled hardware configuration, use the following steps to enable HT in a 2.4 kernel: 1. First, confirm that your kernel is version 2.4.18 or later, with SMP support. There are many ways to do this, the easiest is to execute the “uname –a” command in a shell. For Red Hat users, Red Hat 7.3 was the first distribution release to support HT, incorporating a 2.4.18 kernel. If you are using another distribution, check the kernel version before attempting to use HT. 2. Next, modify your bootloader (grub or lilo), adding the following parameter to any other boot parameters currently necessary for your system: acpismp=force Hyper-Threading on 2.4.18+ Thread Scheduler Performance testing multithreaded benchmarks under the 2.4 kernel series still shows some wide scatter in the data. This is because the scheduler still cannot make intelligent choices regarding logical/physical processors in many situations. Under some conditions, 2.4 will still schedule two active threads on the same physical CPU, causing performance degradation. This condition is often random, causing data points from multithreaded benchmarks to vary considerably. “Full” HT scheduler support was not incorporated into the kernel until 2.5.32. Hyper-Threading in the 2.5.x Linux Kernel FEATURE between physical processors requires the processor to repopulate its cache from main memory, causing performance degradation. In an SMT system, because the logical processors share cache, the thread scheduler need only attempt to keep threads attached to a physical processor. The scheduler is free to move threads between adjacent logical processors with no performance degradation due to a stale cache. • HT-aware task pickup: This will allow the scheduler to pick up tasks on a perphysical CPU basis, rather than per-logical CPU basis. Task pickup is related to thread affinity above. • HT-aware wakeup: This allows threads that were woken up on active logical processors with an idle sibling to be woken up on the sibling processor. (As you might imagine, sibling processors are adjacent logical processors.) These features work together in the 2.5.32+ kernel to make more efficient use of the new hardware features of HT systems. In addition, the kernel performs in a more consistent manner by continually making optimal use of the processors. The 2.4.18 kernel still performs better as a whole on an HT system, however, it does so in a less predictable manner. Performance Gains Using Hyper-Threading cpuinfo on an HT system The /proc/cpuinfo file recognizes four logical processors with HT enabled on a dual physical processor system. Also note the “ht” flag, indicating a Hyper-Threading processor. processor: 2 processor: 0 vendor_id: GenuineIntel vendor_id: GenuineIntel cpu family: 15 cpu family: 15 model: 2 model: 2 model name: Intel(R) XEON(TM) CPU 2.20GHz model name: Intel(R) XEON(TM) CPU 2.20GHz stepping: 4 stepping: 4 cpu MHz : 2193.407 cpu MHz: 2193.407 cache size : 512 KB cache size: 512 KB fdiv_bug : no fdiv_bug: no hlt_bug : no hlt_bug: no f00f_bug : no f00f_bug: no coma_bug : no coma_bug: no fpu : yes fpu : yes fpu_exception: yes fpu_exception: yes cpuid level : 2 cpuid level: 2 wp : yes wp: yes flags : fpu vme de pse tsc msr pae mce flags: fpu vme de pse tsc msr pae cx8 apic sep mtrr pge mca cmov mce cx8 apic sep mtrr pge mca pat pse36 clflush dts acpi mmx cmov pat pse36 clflush dts acpi fxsr sse sse2 ss ht tm mmx fxsr sse sse2 ss ht tm bogomips : 4377.80 bogomips: 4377.80 processor : 3 processor: 1 vendor_id : GenuineIntel vendor_id: GenuineIntel cpu family : 15 cpu family: 15 model : 2 model: 2 model name : Intel(R) XEON(TM) CPU 2.20GHz model name: Intel(R) XEON(TM) CPU 2.20GHz stepping : 4 stepping: 4 cpu MHz : 2193.407 cpu MHz: 2193.407 cache size : 512 KB cache size: 512 KB fdiv_bug : no fdiv_bug: no hlt_bug : no hlt_bug: no f00f_bug : no f00f_bug: no coma_bug : no coma_bug: no fpu : yes fpu: yes fpu_exception: yes fpu_exception: yes cpuid level : 2 cpuid level: 2 wp : yes wp: yes flags : fpu vme de pse tsc msr pae mce flags: fpu vme de pse tsc msr pae cx8 apic sep mtrr pge mca cmov mce cx8 apic sep mtrr pge mca pat pse36 clflush dts acpi mmx cmov pat pse36 clflush dts fxsr sse sse2 ss ht tm acpi mmx fxsr sse sse2 ss ht tm bogomips : 4377.80 bogomips: 4377.80 OK, you’ve built a Xeon-based HT system. What kind of performance improvement can be expected? Which applications will benefit from HT, and which will suffer? Needless to say, HT is targeted at heavily threaded applications. Single-threaded, compute-intensive applications will see minimal performance enhancements. It should be noted, however, that nearly all modern desktop and server systems make extensive use of threads. Server applications generally process socket IO on a thread-per-socket basis. Desktop applications under X Windows will often be processing socket or disk IO, X calls, and the application code in parallel. To date, performance benchmarks for HT systems have focused on server-side systems. This should not be surprising; Intel only recently released HT on a desktop-focused processor (the recent P4). A Web search will quickly find many papers from the past year detailing performance of HT systems. A recent IBM white paper by Duc Vianney ran several benchmarks both with and without HT enabled on 2.4 and 2.5 kernels. Vianney’s work showed a slight per- formance degradation of single-threaded processes with HT enabled, but performance improvement for the 2.4.19 kernel was approximately 30%. With the enhanced scheduler in the 2.5.32 kernel, the same benchmarks showed a 51% improvement. Data from an upcoming Java Developer’s Journal article exploring heavily threaded Java applications on HT systems indicated typical performance gains of 10–15%, with some tests indicating gains of up to 75% running Java 1.4 on a 2.4.18 HT system. www.LinuxWorld.com 39 Summary SMT is here to stay. As processors become more sophisticated, the raw speed of the processor will become even less of a factor in overall system performance due to added features like HT. Some have speculated that SMT and related technologies will spell the end of the megahertz wars. As with any new hardware technology, software is catching up. Subsequent Linux — continued on page 42 PREMIER 2003 Enterprise SERVER CONSOLIDATION Management Linux Server for A holistic approach to migration PREMIER 2003 Consolidation 40 www.LinuxWorld.com SERVER CONSOLIDATION BY J A H ’J U A N R O G E R S Many businesses are exploiting the cost-effectiveness, stability, and scalability of running applications on Linux, today’s fastest-growing operating system. However, managing multiple distributed applications can be costly and difficult. he performance and costeffectiveness of server consolidation are driving IT personnel to consolidate their databases, Web application servers, and mission-critical applications to the Linux platform. Businesses need reliable hardware and software to ensure the availability and performance of their applications. Successful implementation of Linux applications in server consolidation efforts requires a partner that takes a holistic lifecycle perspective on migrating to Linux and manages Linux applications within a heterogeneous enterprise environment. Linux server consolidation impacts three distinct areas: • Server consolidation planning: IT personnel must be able to extract and evaluate the performance, throughput, and responsiveness of existing workloads to accurately determine which hardware configuration requirements will be needed on Linux. • Coordination of application software deployment: Long before applications are deployed on Linux, installation of software can be a major issue. Businesses must be able to plan seamless software installations, upgrades, and maintenance over hundreds or even thousands of Linux servers. • Service management: Once applications are ported to Linux, IT personnel must be able to measure and assure ongoing return on investment and end-to-end response times. T business cycle, analyze the current service levels, and determine the appropriate workloads to migrate and consolidate. Of key importance are the performance and capacity issues that result after migration. Under- or overconfiguring the target platform can have equally undesirable results. Overconfiguring results in overspending on unnecessary hardware, while under-configuring causes systems performance issues impacting availability and service delivery. Not only is it critical to understand which hardware configuration is necessary on the Linux target, it is equally critical to ensure that the consolidated environment can continue to meet business needs to avoid recurrence of misprovisioning. Some of the critical factors to ensure the success of Linux server consolidation plans are listed here: • Complete understanding of the resource requirements of application workloads considered for migration and consolidation (candidate workloads) • Complete understanding of the business cycle impact on underlying candidate workload resource utilization • Ability to evaluate multiple alternatives to lower IT costs per transaction with associated impact (positive or negative) on service levels • Assurance that ongoing performance of migrated and consolidated workloads will continue to meet service levels • Visibility for all stakeholders who need to see the performance of their workloads throughout the server consolidation process and ongoing thereafter these personnel have the ability to closely forecast the future in terms of the responsiveness and throughput of business applications. It’s not enough to simply trend underlying resource utilization because response time and throughput do not bear a direct relationship to underlying resource usage (such as CPU utilization). In fact, use of such trending typically leads to significant undersizing with concomitant negative impact on business availability post-consolidation and migration. A typical response to the inaccuracies of trending usually leads to significant hardware resource overprovisioning, thereby lowering the ROI of any migration and/or consolidation effort. In many cases, the existing IT environment may have sufficient underlying resource capacity, but be inefficiently used or suffer from response time and throughput bottlenecks. Modeling capabilities are critical in these environments, offering rapid identification of transaction responsiveness and throughput bottlenecks in CPU, I/O, network, and cross-system interdependencies. These modeling capabilities can further build on existing analysis and reporting components to provide information and rapid insight into all the critical planning and analysis activities listed here: • Eliminating overspending on unnecessary hardware resources • Allowing deferral of hardware resource purchase by accurately projecting when upgrades are required in terms of impact on responsiveness and throughput • Allowing easy, quick evaluation of lower cost alternatives (hardware, load balancing, tuning, etc.) • Justifying and scheduling system upgrades A B O UT TH E A UTH O R Moving non-Linux applications to Linux is not as simple as moving databases and applications. To ensure success, customers must understand the underlying resource requirements of workloads on their existing platforms, determine the effects of the Determining if, when, and what additional resources are needed to assure ongoing responsiveness and throughput is paramount. Applications and hardware that scale inadequately will affect business availability. IT personnel must always be aware of the hardware resources and applications in use on their systems. It’s imperative that Jah’Juan Rogers, Sr. is product marketing manager, Linux for BMC Software, Inc. In this role, Jah’Juan is responsible for product strategy and marketing of the BMC Software Linux product line. He is a frequent tradeshow speaker and has presented at BEA eWorld and the CMG Performance Management Show. He also has been published in The Red Hat Journal and Dell’s Power Solutions Magazine. [email protected] www.LinuxWorld.com 41 PREMIER 2003 Server Consolidation Planning SERVER CONSOLIDATION by creating actual versus planned graphs and reports demonstrating need • Ensuring ongoing cost-effective delivery of the right level of service to users and customers – with visible proof • Providing “what if?” scenarios to better determine how workloads and systems will perform under various resource, tuning, and optimization scenarios • Ensuring adequate capacity and required levels of service on an ongoing basis Businesses are not only consolidating from variations of Unix, they are also consolidating Windows environments and migrating to Linux. These businesses require the same types of performance viewing, management, analysis, and planning solutions to help facilitate the ongoing performance optimization and consolidation and/or migration activities. Coordination of Application Server Deployment Many businesses are exploiting the costeffectiveness, stability, and scalability of running applications on Linux. While offering obvious technical and economic benefits, deploying applications to Linux also introduces some unique deployment, system management, security, and reliability challenges. The logistical challenge associated with installing, upgrading, and managing an environment with hundreds (or even thousands) of Linux systems running diverse applications must be addressed efficiently and effectively. Make sure that your solution addresses the following business needs: • Installation and software deployment to Linux Hyper-Threading Linux • Deployment of heterogeneous applications over hundreds or thousands of Linux nodes • Reduction of scheduled maintenance downtime • Reduction of operational costs of a decentralized Linux environment • Controlled interoperability and application software prerequisites when software is upgraded • Improved productivity of the IT staff that is responsible for application installations and upgrades Open Configurations Disparate combinations of the Linux operating system and applications running on Intel or zSeries will cause application implementation issues. Different deployment configurations and permissible methods can provide a flexible and customized environment, but they also make a single, straightforward, standardized, general procedure impractical. The concept behind flexibility is customization – making the system behave the way you want it to, not the way the engineers imagined you’d want it. You need to turn this flexibility into controlled power, not chaos. You need a way to perform specific and simultaneous installations and maintenance tasks on multiple machines, each configured in a way that best fits your business needs. Security Once you have solved the issues of variety, flexibility, and power, the issue of security remains, and if this issue is compromised, the rest of the solution is worthless. Security for the components within the Linux operating system is dependent upon Service Management Service management is the last, but by no means least important, area of Linux server consolidation. Customers must be able to manage their Linux, Unix, and Windows environments from a service-level perspective. If you are consolidating your servers to Intel or zSeries hardware, you need the tools to manage the process from an application perspective. You need to know how your applications are performing from an end-to-end perspective. In other words, you need the answers to the following questions: • How did my application perform before I moved to this hardware? • Is it performing better? • What is my end-to end response time? Overall Enterprise Management for Linux Enterprise Management for Linux (EML) ensures the business availability of Intel and zSeries servers and their applications by solving day-to-day performance problems, tracking long-term performance, and providing an evaluation of existing workloads to assist in server consolidation. EML provides application deployment, end-to-end monitoring, and management for application infrastructure and tools to help measure service levels. LINUXWORLD MAGAZINE WWW.LINUXWORLD.COM formance by a conservative 25% in heavily threaded server applications, there’s an even stronger case for Linux servers over major Unix platforms for data center use on a cost/performance basis. Hyper-Threading technology promises to make the Intel/Linux combination even more attractive to IT managers and systems architects looking to upgrade their enterprise software platforms. — continued from page 39 kernel releases will make more sophisticated use of the available hardware features. Over time, Linux support for HT will mature, resulting in further performance gains. The Linux community is waiting with bated breath for Linus and crew to tackle the final bugs in 2.5.x, and release the 2.6 Linux kernel. After a stabilization period (which could be significant), major distributions will migrate to the 2.6 kernel. All the while, HTenabled hardware will be finding its way into enterprise server racks. When the 2.6-enabled distributions hit this hardware, serverside performance will measurably increase, with no hardware investment whatsoever. Hyper-Threading technology specifically targets performance gains on heavily threaded applications. These applications are most commonly found in enterprise server platforms – application servers, Web servers, Web services platforms, and Java-based systems. Dell, HP (Compaq), and IBM are all putting forth powerful Xeon-based systems with 2–16 processors running Linux. If HT can improve per- PREMIER 2003 the expertise of the personnel or the abilities of the management tool you use. An effective tool should find components that are security hazards and not only warn you of them, but provide an option to automatically replace them with secure components. References • Red Hat kernel version mapping: www.unixgods.org/~tilo/redhat_versions.html • 2.5 kernel: www.kernel.org/pub/linux/kernel/people/rusty/ Hyperthread_Scheduler_Modifications.html • HT-aware scheduler support: http://lwn.net/Articles/8553 • “The Future of the Linux Kernel”: www.linux-mag.com/200301/kernal_01.html • IBM whitepaper on HT performance in 2.4 and 2.5 kernels: www-106.ibm.com/developerworks/linux/library/l-htl • Dell HT paper: http://ftp.us.dell.com/app/3q02-Mor.pdf LINUXWORLD MAGAZINE WWW.LINUXWORLD.COM 42 www.LinuxWorld.com www.linuxworldexpo.com Big Gains in Small Business Linux provides a comprehensive solution for a growing manufacturing company Today Linux is not just about cost savings reported by enterprises, not just about BY M A R KU S KL A U S E R Markus Klauser heads a consulting and systems integration company near Philadelphia. He has been a consultant and integrator specializing in Unix/Linux systems for more than 15 years. [email protected] Currently, Troemner has a homogenized server environment, running exclusively on Red Hat Linux and supporting 110 PC clients. OSAS has evolved along with Troemner, with 17 core and vertical applications available with both graphical and character interfaces. This dual interface capability is unique to OSAS. It offers veteran users at Troemner rapid data entry and information retrieval via the character option. It also provides less-frequent users with the intuitive interface so valued in a GUI environment. Troemner is also utilizing HylaFAX, an open source fax server that provides OSAS Purchase Order faxing as well as MS Windows document faxing. OSAS is written in Visual PRO/5, a language developed and marketed by BASIS International, Ltd. Today, the “open” principle is extended through ODBC access to the OSAS database. As the need has arisen, Linux servers implemented at Troemner have demonstrated the ability to provide a solution in any area. For example, when a leading Troemner customer introduced EDI requirements, Linux proved its ability as a communications-friendly operating system, running automated scripts on a daily basis to perform EDI data exchange with the VAN. Integrated into daily workflow, these scripts provide logging and archiving, e-mail status, and order entry/billing functions. With the more recent prevalence of spam and email–borne viruses, Troemner draws on SpamAssassin and MIMEDefang from among the open source offerings. MIMEDefang integrates real-time e-mail virus scanning at the gateway, using the engine provided by Sophos. This tunable and highly reliable solution was implemented on an entrylevel Pentium machine. Troemner has not been isolated from rapidly expanding file storage requirements. Samba provides file and print services as well as the logon controls of a PDC. While total data is less than 100GB, the growing set of file types (including Word, Excel, PowerPoint, SolidWorks, CadKey, PREMIER 2003 44 www.LinuxWorld.com security demanded by Web servers, and not just about government and academia: Linux is also about Small Business USA. here, in the roots of the U.S. economy, Linux provides a complete end-to-end solution. Providing the same reliability that yields record uptimes running Web servers, Linux also offers 100% availability in its role supporting the areas of application, database, fax, file/print, e-mail, Primary and Backup Domain Controller, SPAM Filter, firewall, antivirus control, intrusion detection, and disaster recovery – all critical core services in any business environment. T Background Founded in 1838 and located in Thorofare, New Jersey, Henry Troemner, LLC, is an ISO 9001–certified company employing more than 150 people. The company is proud of its international reputation for providing the highest quality calibration and certification of mass, pipette, and temperature measurement instruments. Troemner continues to manufacture precision weights and has added an array of laboratory apparatuses to its product line. In 1988, Will Abele, president of Troemner, faced the challenge of finding a comprehensive software package that could support his growing manufacturing A B O UT TH E A UTH O R company. His immediate concern was the software application’s ability to handle the financials, manufacturing control, and company billing. He also wanted to move the payables from a service bureau to an in-house system. Abele chose OPEN SYSTEMS Accounting Software (OSAS) and installed it on an eightuser Linux system. Open Systems is an established software company founded in 1976 on the fundamental premise of providing commercially successful accounting and business software with source code included. Abele’s key reason for choosing OSAS was the availability of its source code. Little did Abele know that the same rationale he applied to his selection of OSAS would be shared by the open source community. The open source concept has enabled Linux to evolve into a mature, versatile, and reliable business operating system. The Troemner Environment www.linuxworld.com Small Business Strategy The VAR had the opportunity to ask Troemner VP John Rowley a few questions on small business strategy. Here’s what he had to say... Why Linux? • It’s a stable, open source platform that allows better scalability and flexibility than NT products. • There are minimal to no licensing fees compared to SCO/Unix and Microsoft NT. • Linux appeals to ownership because it is more entrepreneurial in nature than “Big Business” networking products. • A large network of collaborative resources (the Linux community) exists to deal with programming/implementation issues. What IT concerns face small business today? • We are a small business with thousands of customers. There are not many enterprise solutions for small companies with small IT budgets. Enterprise solution is defined as accounting, CRM, MRP, etc. • Microsoft products have the tendency to lock us into other Microsoft products. • IT costs are growing disproportionately to sales. Customer expectations are driving this without necessarily increasing the amount they purchase. • There’s not enough clear and objective information available in the marketplace for a small company to make IT decisions. Most press is geared toward larger organizations. JPG, and so on) is delivered to MS Windows clients from Linux servers using Samba. In addition, Samba delivers business-critical FoxPro and MS Access databases and the services of HylaFAX to the desktop. The project of delivering these services, previously provided by Novell and NT servers, was accelerated when system response was doubled using Samba on same-generation hardware. After the initial transition, the file server recorded 120-day uptime and bettered both of the previous systems’ everyseven-days preventive reboots. It also eliminated the often badly timed server lockups. When world events re-emphasized the need for data security and disaster recovery, Troemner initiated a project to augment daily, and in some cases twice-daily, backups using Microlite BackupEDGE. Troemner considered offsite backup but deemed the cost per GB prohibitive. The company selected Rsync. Rsync provides a highly efficient file synchronization scheme both on local servers and across the network. Troemner is aware of Linux’s proven ability to provide e-mail and Web services. Email services on Linux provide messaging, calendar collaboration, meeting planning, and contacts sharing to MS Outlook clients. The “turn on and forget” reliability of Linux has also been demonstrated with this solution. Since conversion to e-mail on Linux in www.LinuxWorld.com 2000, perhaps a single reboot was mandated to restore e-mail functioning. This performance ensures Troemner personnel’s productivity and also allows a consultant/administrator to apply resources in constructive tasks. Most recently, Troemner’s Web site was updated with content presented using Apache/MySQL/PHP on Linux. Troemner VP of Operations and IT Manager John Rowley points to the “entrepreneurial nature” of Linux as one of its appeals, and he quickly adds both cost benefits and flawless reliability to the list. Rowley also appreciates the Linux community’s large network of collaborative resources, which provides technical support alternatives – including responses from the product’s authors. While Troemner is nowhere near a pioneer in the adoption of Linux, newsgroups and Web resources provide backup and the reassurance that they are not alone in any situation. Resources • • • • • • • SpamAssassin: www.spamassassin.org MIMEDefang: www.roaringpenguin.com Sophos: www.sophos.com Samba: www.samba.org HylaFAX: www.hylafax.org Microlite: www.microlite.com Rsync: rsync.samba.org Industry Newsletter! The insider intelligence you need to keep ahead of the curve FREE e-Newletters...sign up today! Go to www.SYS-CON.com The most innovative products, new releases, interviews, industry developments, and plenty of solid i-technology news can be found in SYS-CON Media’s Industry Newsletters. Targeted to meet your professional needs, each e-mail is informative, insightful, and to the point. They’re free, and your subscription is just a mouse-click away at www.sys-con.com. Select the Industry Newsletters that match your needs! Choose one – or try them all! LINUXWORLD MAGAZINE WWW.LINUXWORLD.COM 45 The World’s Leading i-Technology Publisher EXCLUSIVE INTERVIEW Talk A with the Father of sendmail Eric Allman on evolution in the IT universe A B O UT E R I C A L L M A N Eric Allman is Sendmail, Inc.’s chief technology officer and cofounder. Eric authored sendmail, the world’s first Internet Mail program, in 1981 while at the University of California at Berkeley. PREMIER 2003 46 www.LinuxWorld.com EXCLUSIVE INTERVIEW I NTE R V I E W BY A L A N W I L L I A M S O N LWM’s deputy editor Alan Williamson recently had the opportunity to speak with Eric Allman about sendmail, open source, and the secret to great software. LWM: It wouldn’t be overstating the case to call you a living legend. How does it feel to be the creator of one of the most used pieces of software on the Internet? Eric Allman: I sure don’t feel like a legend. I have to remind myself sometimes that I haven’t taken the typical career path – it’s always seemed very natural to me. Mostly I’ve worked on what seemed interesting at the time, and that’s served me well. Of course, luck had a lot to do with it too. LWM: Many new technologies have emerged, but still one of the most used communication channels is good old trusted e-mail.What would you attribute this success to? Allman: E-mail fits the needs well. It has immediacy without being demanding (the telephone needs to be picked up right now). There will always be a place for voice mail and instant messaging of course, and to a certain extent IM will replace some use of e-mail, just as e-mail replaced some use of fax and fax replaced some use of postal mail. But none of those technologies went away – far from it. E-mail is also complementary to a lot of these other technologies, and in some cases may even enhance them. For example, as IP telephony emerges I expect to see at least some revival of voice mail – but transmitted via e-mail. LWM: Software goes through many evolutions in its lifetime.With sendmail over 20 years old now, what are the 3 most significant stages sendmail has gone through? Allman: The first version of sendmail was actually called delivermail. This was preInternet and depended heavily on all the other mail subsystems (UUCP, Berknet, etc.) having their own queuing. The transition from there to sendmail, which included adding queuing and Internet support, was major. that continues to happen from version to version. So in a lot of ways sendmail has evolved more than made revolutionary changes. LWM: With the advent of MIME, you can pretty much send anything using e-mail. Do you think we’ll still be discussing email, as we know it now, in another 20 years? Allman: Yes, probably. But the public might not recognize it as such. I’m using a PowerBook right now to type this, and it doesn’t look much like the PDP-11 where the first versions of sendmail were developed. But despite the addition of a graphic ...it all comes down to “good engineering” – anyone can do it if they are obsessive enough LWM: sendmail is one of those great pieces of software that you can literally forget about as it “just works.”What’s your secret? Allman: Before I did sendmail, I worked on the INGRES project at Berkeley. INGRES was one of the first Relational Database Management Systems (the other was System R, which evolved into DB2). A lot of the emphasis in DBMS is reliability, recovery, etc., which requires a certain way of thinking about the problem. So I guess it all comes down to “good engineering” – anyone can do it if they are obsessive enough. The second big transition was between sendmail 5 and sendmail 8, which pulled in a lot of ideas that had been added into other versions of sendmail. It was a conscious attempt to remerge the various code lines and modularize a lot of the internals. This transition also added the M4-based configuration system that sendmail has today. I’m not sure there has been a third major transition yet, but there have been some significant jumps that occured over time. I’m a big believer in making many small changes instead of a few large ones when you can. For example, the sendmail 5 to sendmail 8 transition involved a fair amount of modularization in the code, but display, a mouse, networking, larger disks, lower power consumption, and lots and lots of software, it’s still a von Neumann stored program architecture. After all, the holographic messages you see in futuristic science fiction flicks are probably running on SMTP. www.LinuxWorld.com 47 PREMIER 2003 A B O UT TH E I NTE R V I E W E R When not answering your e-mails and working on the next issue of LWM or JDJ, Alan heads up a small team dubbed the “Thunderbirds of the Java industry,” providing on- and offsite rescue for Java projects in trouble. For more information visit www.javaSOS.com. You can also read his blog: http://alan.blog-city.com. [email protected] EXCLUSIVE INTERVIEW Allman: Definitely both. There was certainly a cause-and-effect relationship between the two as well. But it’s also important that, as you noted earlier, sendmail does pretty much “just work” – even if you may not be wild about the configuration language (I’m not at this point). Without that basic reliability people would have moved off it years ago. “Frankly, five years ago I didn’t think Linux was really ready for prime time outside of a deeply technical shop. That’s changed a lot” LWM: Do you think the SMTP protocol should get a major overhaul to combat the new challenges of today’s Internet, such as spam and overly large e-mail attachments? Allman: That sounds like a trick question. I have to say yes, but no. I believe we need to evolve SMTP, but I’m not wild about throwing it out and starting over. Fortunately, the ESMTP structure permits extensions, so I think making the changes we will need is possible without switching to a major new framework. I also think an evolutionary approach is essential to avoid having a commercial entity try to “privatize” e-mail protocols. I think that would lead us back to the bad old days of a fractured network, which is what sendmail was trying to address in the first place. LWM: You are involved with Sendmail, Inc., a commericial venture to support sendmail.What challenges are you facing in providing support for an open source product? Allman: Depending on how you look at it, either a lot or not much at all. We certainly have some instances where people prefer to run open source rather than commercial, and I view that as just fine, although some of our salespeople might not always agree. But the open source gives us market awareness and reputation that just can’t be bought. The biggest challenges we have right now are the same as any company has these days: a sluggish economy. Fortunately, e-mail isn’t one of those trendy things that companies can put off until things improve. Instead, in bad times companies look hard at finding a better, cheaper way of doing things, and standardsbased mail tends to be less expensive than proprietary systems. LWM: It is reported that around 70% of total e-mail transmitted comes in contact with a sendmail gateway at some point in its journey. A significant penentration by anyone’s standards. Do you think this has to do with the fact that sendmail was primarily an open source project or that it was adopted by many of the Unix variants as the preferred mail router? Maybe both? LWM: sendmail has benefited from the explosive growth in Linux over the past decade. How has this changed what you are doing at Sendmail, Inc.? Allman: sendmail has always been written to be extremely portable, so from the point of view of the code base, not much has changed at all. But from the commercial point of view, it’s a major thing. Linux is a Tier 1 platform for us, and that’s significant at a small company. Linux is a major player in the server world, especially for companies that are extremely cost-conscious. Linux has been a major driver in our partnerships with HP and IBM, for example. LWM: What is the most common support call you’ve seen with sendmail? What are the top “gotchas” for most people? Allman: The top gotchas? When they don’t read the documentation, definitely. Seriously, the vast majority of questions are pretty simple ones that are answered in the documentation, such as how you do masquerading, but that’s going to be true on any product. But there are also a lot of nonobvious questions that pretty much run the gamut. People do an immense amount of interesting things with sendmail. LWM: Are you seeing a shift in attitude from the Fortune 500 toward embracing open source technologies, such as sendmail, Apache, and Linux? The History of sendmail — 1979 — — 1981 — — 1982 — — 1993 — — 1998 — — 2003 — Eric Allman releases delivermail ———— delivermail uses FTP to transmit e-mail on the ARPANET ———— delivermail ships with BSD Allman changes the name to sendmail after Bill Joy notes he doesn’t like delivermail ARPANET moves to TCP/IP ———— SMTP Protocol (RFC821) introduced for moving mail around sendmail releases 8.0 with m4 configuration Allman & Greg Olson announce formation of Sendmail, Inc. sendmail installed on approximately 80% of all mail servers PREMIER 2003 References • A Brief History of Mail: www.coruscant.demon.co.uk/mike/sendmail/history.html • Wikipedia: www.wikipedia.org/wiki/eric_allman • Open Source Timeline: www.linuxcertification.com/manpage/timeline.php3 48 www.LinuxWorld.com www.linuxworld.com EXCLUSIVE INTERVIEW Allman: Without a doubt. Not surprisingly, a lot of this results from vendors that they’ve already heard of (notably IBM and HP) throwing their weight behind open source, but a lot has to do with cost consciousness and an increasing faith in Linux. Frankly, five years ago I didn’t think Linux was really ready for prime time outside of a deeply technical shop. That’s changed a lot. LWM: Let’s spool back some 15 years ago – sendmail would have been roughly 5 years old.What was your outlook for the future back then? Did you see sendmail having a limited shelf life? Allman: I didn’t expect it would last this long, although it wasn’t anything particularly to do with sendmail per se. Not much software lasts that long (10 years is a good life span), and I figured it would have had a more ordi- to speak at economics conferences, albeit about open source in general, not sendmail in particular. And it’s just cool to see how they rely on this body of code I wrote. It’s the ultimate in ego strokes when people actually use your stuff – speaking as someone who was raised in academia where success is often claimed because a couple of hundred people read your paper. As for throwing up my hands in horror, let me count the ways.... I think prudence suggests that I shouldn’t be too explicit about the amazingly stupid things that people try to do. Use your imagination. LWM: People and organizations alike are paranoid about security. Should they be? Allman: Arguably, not paranoid enough. Or more precisely, they care too much about things that aren’t all that important and not enough about the things that are important. “It [e-mail] has immediacy without being demanding (the telephone needs to be picked up right now)” nary life cycle. And honestly, if sendmail had just sat on the shelf it would have died a long time ago – bit rot sets in all by itself. Look at the sorts of code that have thrived over a long period of time, for example Unix in all of its derivatives. There has been a huge amount of work done on such code. There has been a direct progression from 6th Edition UNIX (the first kernel I hacked on) to FreeBSD, but there isn’t much in FreeBSD that resembles that predecessor. Similarly, although I can show you code that I wrote for delivermail that is still in sendmail 8.12, there isn’t much of it. LWM: When you go onsite to a see customer, what makes you have a wry smirk? And conversely, what makes you throw your hands up in horror? Allman: For the smirk, probably that only the techies know who I am. I had one case several years ago where a vendor rep came in and told me all about sendmail (getting much of it wrong) without even realizing who I was. I enjoyed letting him chew on his foot for a while. That has changed some since I started Sendmail. Now I get invited www.LinuxWorld.com Some pet examples of mine from both the physical and cyber worlds: firewalls are trusted far too much, in that they are sometimes used as an excuse for having inadequate security inside the firewall. “Hard and crunchy on the outside, soft and chewy on the inside” is the way I’ve sometimes heard it described. On the other hand, people sometimes worry too much about obscure points of cryptography that aren’t going to make much difference in the typical (nonmilitary) world. In the physical world, we aren’t anywhere near as worried as we should be about people stealing our mail from the end of the front path; identity theft is a serious and under-appreciated problem. Subscribe Today! Connect online for fastest service... don’t miss another issue of LWM! SAVE 30% OFF! REGULAR ANNUAL COVER PRICE $71.76 YOU PAY ONLY 49 99 $ 12 ISSUES/YR *OFFER SUBJECT TO CHANGE WITHOUT NOTICE LWM: To your knowledge, what is the biggest installation you know that sendmail is currently deployed in? Allman: I couldn’t even guess. Most of the Fortune 500 run sendmail at least somewhere, although the largest would probably be an ISP somewhere. But ISPs often don’t like to talk about the details of their technologies. LINUXWORLD MAGAZINE WWW.LINUXWORLD.COM 49 LOG ON TO www.LinuxWorld.com The World’s Leading i-Technology Publisher FR FREE FREE LINUX RESOURCE DVD $198 00 Value SIGN UP NOW! Charter Subscription Offer Two Exclusive Offers One Linux Magazine You Can't Do Without! By now, i-technology professionals are aware that Linux is emerging from the back room at a blistering speed. It is headed straight into the boardroom. — SPONSORED BY — As software giants like IBM , HP, Sun, Oracle, and CA strive to make Linux easier for companies to adopt and deploy, LinuxWorld Magazine reflects how the market for Linux solutions is maturing, with insightful articles, features, interviews, and news. LWM editors and contributing writers are all thought leaders in their own right, writing Linux books, giving Linux lectures, and circulating widely within the Linux/ open source world while holding down their real-world day jobs. Finally, a magazine dedicated to the IT managers and business leaders involved with assessing/making the business case for Linux has arrived! Subscribe NOW at our low introductory price and receive a FREE DVD with the complete LinuxWorld.com Archives, Leading Linux Software like Mandrake Linux that you can use right away and more. Receive a FREE copy of our first issue, and you can still take advantage of our Special Offer https://www.sys-con.com/linux/subscr LWM also offers an online version of every print issue through our Digital Edition e-Newsletter. @ One Year - Digital Edition (International Subscribers Only) - $39.99 Includes the electronic edition (.pdf) and a FREE Archives CD of your choice! Other Linux properties offered by SYS-CON Media include Linux Business Week e-Newsletter, www.linuxbusinessweek.com, and LinuxWorld.com e-Newsletters. https://www.sys-con.com/linux/subscribecharterofferLW.cfm Two Year / 24 Issues - U.S. - $89.99 (Save $54.76 off newsstand price) One Year / 12 Issues - U.S. - $49.99 (Save $21.89 off newsstand price) Two Year - Canada & Mexico (airmail) $119.99 (Save $48) One Year - Canada & Mexico (airmail) - $79.99 Two Year - All Other Countries (airmail) - $176.00 (Save $40) One Year - All Other Countries (airmail) - $99.99 ibecharterofferLW.cfm FOR MORE INFORMATION contact customer service at 1 (888) 303-5282, or e-mail [email protected]. INTERVIEW Linux Initiatives at IBM Nobody ever got fired for picking...Linux? Linux is moving into businesses across a broad range of industries, and IBM is a big supporter. In this exclusive LWM interview, Scott Handy, director of Linux Software Solutions for IBM Corporation, shares with editor-in-chief Kevin Bedell his thoughts on the mainstream acceptance of Linux – the past, present, and possible. LWM: IBM seems to be getting behind Linux in a big way.What are some of the major initiatives right now? Scott Handy: We have a very broad focus on Linux for large accounts and for small and medium-sized businesses. Within that, we focus on particular industries – namely retail, finance, public sector (including government), manufacturing, and telecommunications. Linux adoption has been strong in all industries, so there have been cross-industry initiatives as well including e-commerce, CRM, ERP, and accounting software. Overall, we have a broad set of programs starting with a focus on solution providers and in particular application developers. We have an initiative called “Speed Start Your Linux Application” in which we provide free technical support for Linux and IBM software on Linux to developers as well as development tools and software, including the DB2 database, WebSphere Application Server, WebSphere Studio tools, Lotus tools, and Tivoli Management Software. The developer pick-up from the program has been extremely strong. In the past year we’ve had more than 6,500 applications developed using our software on Linux – all of which use WebSphere Studio and the rest of the IBM software family. We also have a direct sales force and Business Partners that cover the customers and customize solutions based on their needs. I think customers vote with their wallets when they buy solutions on Linux, and we’ve had more than 6,300 successful customer engagements on Linux – clearly showing penetration beyond the Global 2000 into small and medium-sized businesses and across a broad range of industries. Kevin Bedell is editor-in-chief of LinuxWorld Magazine. With a degree in engineering as well as an MBA and years of experience as a developer, architect, team lead, and department manager, Kevin has seen all sides of this puzzle. He recently authored a book on Jakarta Struts for SAMS Publishing and is working on a book on Apache Axis for O’Reilly. [email protected] LWM: Why does it make business sense for IBM to commit development resources to projects like Linux that don’t generate license revenue? Handy: There’s a tremendous demand from customers for Linux, and we’re in the business of providing customers with the solutions that they want. The fact that Linux is the fastest growing server operating system in the world validates that customer demand. So we provide development resources to accelerate Linux’s acceptance into the enterprise by helping it mature into a mainstream enterprise operating system. The benefit to IBM is really the solution stack that we put around Linux that customers do buy – which is the software, PREMIER 2003 52 A B O UT TH E I NTE R V I E W E R I NTE R V I E W E D BY KE V I N B E D E L L hardware, and services around the Linux operating system. Most customers do actually buy the Linux operating system, by the way, just not directly from us. We recommend that they buy the supported enterprise versions from Red Hat or one of the UnitedLinux partners. LWM: When IBM purchased Lotus Development Corporation, many corporations felt that it was “safe” to adopt Lotus Notes because IBM was behind it. Are you seeing similar attitudes now that IBM is behind Linux? Handy: I think that’s a good analogy. When we bought Lotus back in 1995, they had about 3 million seats of Lotus Notes. By promoting Lotus in the enterprise we’ve been able to grow that to over 105 million seats, so it’s certainly safe to say that’s been a successful endeavor. We’re now seeing a similar mainstream acceptance of Linux. But I think IBM adds more than just credibility. It also adds solutions around Linux. The Linux operating system is not necessarily a solution and what we bring to the table is our hardware, software, and services, plus our solution providers that deliver applications for Linux. LWM: What do you see as the “value proposition” of Linux for corporations? Handy: Linux’s initial attraction was around price/performance, reliability, and total cost of ownership. It also proved to be very flexible, runs on a wide variety of hardware, and has gained broad industry support. More specifically, the two killer applications that drove its success on the server were Apache for Web servers and Samba for file and print serving. And as customers started there, they were extremely happy with the reliability and performance char- www.LinuxWorld.com INTERVIEW acteristics. Now customers are saying they want to expand that and get those same reliability and total cost of ownership benefits for their business applications. That’s what’s fueling the growth of Linux. LWM: What concerns do managers in general have about adopting Linux? Are these concerns valid? Handy: Usually the first concern we hear is about how to get mainstream support for Linux. And usually that’s just a matter of educating them on the wide variety of support options available. Support is available directly from the distribution companies, and IBM provides direct support for Linux with the same terms and conditions, including 24x7 support, that we provide for IBM operating systems. Next, I think that customers want to adopt Linux but don’t want to reinvent their infrastructure on top of Linux. That’s why we’re seeing such a broad acceptance of middleware on top of Linux, including our DB2, WebSphere, Lotus, and Tivoli products. Sales of those products more than doubled year over year in 2002 because customers didn’t want to reinvent an ebusiness infrastructure on Linux. We are able to provide that infrastructure with software that’s been ported from Unix and Windows and has already been battle tested in real, production customer environments. LWM: If I were a senior technical person who wanted to use Linux, what arguments could I use when I approach my management? Handy: The real Linux momentum started at the senior technical management level. It was a grassroots effort driven by the fact that you could install Linux without a purchase order and without approval from anyone. And those initial pilots and production projects were highly successful and gave those senior technical managers ammunition to expand. A few years ago, we found that CEOs weren’t aware that they had Linux installed when in fact they did. Then, as more and more vendors publicly announced support for Linux, the breadth of Linux projects installed became clear to middle management. The senior technical managers were usually justifying Linux because it provided Unix reliability at Intel price points. www.LinuxWorld.com LWM: Moving up the line, what arguments could middle management use to sell Linux to senior management? Handy: Middle management based decisions on expanding Linux on the success of the initial Linux projects they had. And in fact, Linux was providing Unix reliability at Intel price points. They found they could scale Linux using clusters or server consolidation on larger servers up to and including Linux on the mainframe. Also, as more software became available for Linux (such as IBM’s software portfolio, where we now have more than 75 products shipping on Linux) as well as software from key application providers such as SAP, JD Edwards, and SAS, middle management could more easily integrate Linux into their existing environment. “The unique thing about Linux is the GPL license, which forces all derivatives of Linux to have their source code published” LWM: Is Linux on the radar at the senior or chief executive levels yet? Should it be? Handy: Absolutely! Almost all senior managers either have a Linux plan or are being asked for one because it’s so well known that Linux is being adopted by major corporations around the world – many of which believe they’re getting a competitive advantage using Linux versus the alternatives. It’s only natural that CIOs have a plan for what they’re doing with Linux. LWM: If I were a manager interested in Linux, where is the “low-hanging fruit”? That is, which areas of the business should I look to first when considering adopting Linux? Handy: Managers usually start with a pilot that they move into production. Usually, the pilot applications are for workload consolidation or deploying new applications or workloads. For example, a customer I’m working with now is starting with a JD Edwards application. In our experience, these pilot applications have all been successful. Then they expand Linux to other areas of the business. LWM: Which Linux distributions does IBM support or recommend? Is IBM considering their own distribution? Handy: IBM recommends and supports Red Hat and UnitedLinux, including the distributions from UnitedLinux’s partners. IBM has no plans for its own distribution. LWM: What is the future of AIX? Handy: AIX will continue to expand. In fact, since we started our Linux initiative back in 1999, AIX market share has grown. We continue to see AIX drive further up into more scalable servers – into 32-way configurations and beyond – as well as expanding in the mid-range base. Scott Handy, director of Linux Software Solutions for IBM Corporation LWM: Do you see Linux fragmenting similarly to Unix? What forces might keep that from happening? Handy: No. The unique thing about Linux is the GPL license, which forces all derivatives of Linux to have their source code published. That’s very unlike Unix. Because of that the industry is all sharing the same Linux kernel and for 10 years running has kept to a single code base. LINUXWORLD MAGAZINE WWW.LINUXWORLD.COM 53 PREMIER 2003 INTERVIEW Making Linux Unbreakable, Keeping Linux Open Thanks to the active support of giant companies like Oracle, the Linux OS just goes on getting better and better A B O UT W I M C O E K A E RT S As well as being a member of the distinguished International Advisory Board of LinuxWorld Magazine, Wim Coekaerts is director of Linux Engineering, Oracle Corporation, where he manages a team of talented Linux developers. Wim, Oracle’s Linux liaison, was hand-picked by Oracle chairman and CEO Larry Ellison to lead Oracle’s Linux kernel team and is responsible for ensuring that Oracle works collaboratively with the Linux community. PREMIER 2003 54 www.LinuxWorld.com INTERVIEW INTERVIEWED BY JEREMY GEELAN What’s Oracle's strategy on Linux? LWM sought out the man hand-picked by Oracle chairman and CEO Larry Ellison to manage a team of talented Linux developers and serve as the company’s director of Linux Engineering: Wim Coekaerts. im Coekaerts leads Oracle’s Linux kernel team and is responsible for ensuring that Oracle works collaboratively with the Linux community. LWM wanted to find out in greater detail Oracle’s history, involvement, commitment, and future plans with regard to Linux. W LWM: How long have you personally been involved with Linux? Wim Coekaerts: I’ve been using Linux since 1993, and I became seriously involved in Linux at work when Larry Ellison asked me to build a Linux-based network computer in 1999, a year after Oracle became the first vendor to release a commercial database available for Linux. Today, my team of very talented Linux kernel developers are responsible for ensuring that Oracle works collaboratively with the Linux kernel community. LWM: What’s Oracle’s current commitment to Linux? Coekaerts: Oracle makes Linux Unbreakable, collaborating with Red Hat, UnitedLinux – which includes Conectiva S.A., the SCO Group, SuSE Linux AG, and Turbolinux – and others in the Linux community. Together, we support, test, tune, and improve the Linux kernel to ensure stability, reliability, security, and manageability for all Oracle products on Linux. We believe Linux is a great choice for enterprises and are committed to helping our customers take full advantage of Oracle software on Linux. Coekaerts: As Oracle’s Linux liaison, it’s my responsibility to ensure that we cooperate symbiotically with the Linux kernel community. We embrace and support the open Linux architecture by contributing significant open source code to the Linux community. This helps accelerate the power, performance, ease of use, and dependability of Linux. And we provide enterpriselevel, seamless technical support for Red Hat Advanced Server and all operating systems powered by UnitedLinux. LWM: How does Oracle help its customers take full advantage of Oracle software on Linux? Coekaerts: We’ve made numerous announcements over the years and much progress, underscoring our investment and commitment to Linux. Through our technical contributions, front-line support, initiation of security evaluations on Linux, and strategic partnerships, Oracle makes Linux Unbreakable so customers can safely, securely, and reliably deploy Linux in mission-critical enterprise environments. LWM: What exactly does a “Linux liaison” do? LWM: How about open systems, do they play a role, from an Oracle standpoint? Coekaerts: Open systems play an important role in our strategy, and our work with Linux is a hallmark of this strategy. Over the years, Oracle and our customers have learned a lot about running Oracle on Linux in the enterprise. This knowledge and the opportunity to dramatically reduce IT infrastructure costs are the catalysts behind our decision to provide front-line technical support for the Linux operating system, both Red Hat Advanced Server and UnitedLinux, in addition to Oracle products. www.LinuxWorld.com 55 LWM: Is there any way to actually quantify Oracle’s commitment to Linux, for the benefit of LWM readers? Coekaerts: More than one million Linuxrelated downloads have already been downloaded from our developer network, Oracle Technology Network (OTN), and that number continues to grow. More than 4,000 independent software vendors (ISVs) are using Oracle products on Linux, and 550 ISVs have certified to run their applications on Oracle9i Database on Linux. LWM: What do you think the primary reasons are for the explosive popularity of Linux? Coekaerts: I think that there are many forces behind it but, for me, three primary reasons stand out the most. First, the cost savings. Linux is a lessexpensive alternative to other operating systems. Yes, this is obvious, but worth stating. Since Linux is free, the cost of implementation drops significantly. Second, Linux runs on lower-cost, nonproprietary hardware solutions, so you can deploy on low-cost commodity hardware. Third, Linux is open source, so dependence on a single OS vendor is replaced with greater innovation, freely shared. As with any new, lowcost, nonproprietary solution, it gets cheaper over time. LWM: And how do these advantages translate for Oracle customers? Coekaerts: Our customers benefit from running Linux in many ways. Everyone knows Linux costs less and – thanks in part to Oracle – it’s faster and more reliable than A B O UT TH E I NTE R V I E W E R Jeremy Geelan, editorial director of SYS-CON Media, speaks, writes, and broadcasts about the current state of Internet technology, and about the strategies appropriate to the unrelenting convergence of business, i-technology, and the future. [email protected] PREMIER 2003 INTERVIEW ever before. My team has experienced this firsthand. We run Linux internally at Oracle, which allows us to test and prototype our software on Linux well in advance of new releases, thus ensuring reliability. In addition, my team can develop innovative features for the operating system and immediately share those with the Linux kernel community. LWM: So in other words, you eat in your own kitchen? Coekaerts: That’s right. By running parts of our own business on Linux, we make our own infrastructure more efficient and less expensive. There are several Linux-based pilots and operational systems: for example, Oracle Outsourcing runs a large part of wide; the Oracle E-Business Suite GSI on Linux is five times cheaper and three times faster than conventional Unix/RISC. Looking more closely at Linux inside Oracle worldwide, we run more than 700 mid-tier Linux servers, including most of Oracle University, the Oracle e-mail system, the Oracle Web site, Oracle’s ERP/CRM application middle tiers, and the Oracle File System. In fact, our own development organization uses hundreds of Linux servers, and Oracle even runs its demonstration environment – where performance is critical – on Linux. By the end of Oracle’s fiscal year (June 2003), we plan to have 100% of our mid-tier servers on Linux. Finally, more than 1,000 developers at Oracle use Linux as their development The nice thing about Linux from Oracle’s point of view is that we can prototype OS feature enhancements together with Oracle database enhancements in-house. This allows us to quickly determine if some new idea is feasible to implement or not, and if so, we can create a possible reference implementation for other vendors to pick up, or even show other OS partners how it will benefit them as well. Oracle is actively supporting the Linux open source community by contributing source code for products such as the Cluster File System, driving development of the Linux kernel, and working with the Linux community to provide higher levels of security assurance for the operating system. We recently announced with Red Hat “Oracle is actively supporting the Linux open source community by contributing source code for products such as the Cluster File System, driving development of the Linux kernel, and working with the Linux community to provide higher levels of security assurance for the operating system” their business on Linux. And we recently converted our application demo systems – consisting of several hundred servers – to Red Hat Advanced Server; these demo systems are used by our global sales organization to give demonstrations of our products to prospects, customers, and partners. We’ve discovered that Linux on low-cost, commodity hardware is a proven technology for mission-critical apps such as Oracle E-Business Suite and Oracle9i Database with Real Application Clusters. In fact, we run Oracle E-Business Suite on a Linux/Intel middle tier. This Global Single Instance (GSI) in our Austin Data Center provides mission-critical applications to more than 40,000 Oracle employees world- environment. This shows our commitment to Linux because running our own production systems on it means that we trust and are serious about Linux. PREMIER 2003 56 LWM: How about Oracle’s Linux Kernel contributions? Coekaerts: My group works very closely with Red Hat and UnitedLinux to test and optimize Linux. For example, we collaborated to create a core set of enhancements in the areas of performance, reliability, clustering, and manageability in order to enable Linux to support our customers’ enterprise-class deployments. We believe that our work with Red Hat and UnitedLinux to enhance the Linux kernel will benefit all Linux distributions. an intent to submit Red Hat Linux Advanced Server for a Common Criteria (ISO 15408) evaluation at Evaluation Assurance Level (EAL) 2. This evaluation is expected to enable security-conscious customers in both the public and private sectors to procure an evaluated Linux operating system upon which they can run enterprise applications. LWM: Is there much debugging and Quality Assurance (QA) happening at Oracle? Coekaerts: A lot. We run heavy stress testing on Linux kernels, from production kernels to the new 2.5 development tree, and provide feedback to the community on peformance characteristics – and of course www.LinuxWorld.com INTERVIEW fix bugs where we find them. When we first started to work with the Linux vendors to get Linux enterprise-ready, we had a set of features that included asynchronous IO, big pages support, reducing lock contention in IO drivers, and so on. We helped with the development and debugging of these features and shared our expertise in userland libraries or testcases (e.g., Async IO userland library with test tools) when available. For fun, we even made Firewire driver changes to allow for shared-disk devices and fixed bugs in bus reset handling on Firewire. This is useful to Oracle users because it offers an easy and inexpensive solution for creating a shared-disk setup. A simple thing like this allows people to install and use our database clustering technology, Oracle9i Real Application Clusters, in a test and demo environment. In addition, it helps them understand the features and power behind our database clustering technology without having to purchase expensive equipment first. LWM: Does any one project come to mind as being of special significance? Coekaerts: The most significant project we started last year was to build a Cluster File System for Linux. This makes management of a clustered database much simpler because the file system is easier to work with than raw disks. We’re also looking at Infiniband implementations. And, in keeping with the open source approach, all of this will of course be open sourced. result, Oracle customers on Red Hat Advanced Server or UnitedLinux get improved response and faster resolution of critical issues. As a single support organization, we ensure the highest level of support and availability to our joint customers. Any customer running Oracle products on Red Hat or UnitedLinux should turn to us for support if they have an issue that prevents the smooth operation of their Oracle implementation. We’ll diagnose the issue and work with the OS partner for those cases where the operating system is suspected of causing the issue. For those issues of a mission-critical nature, Oracle will provide a fix to the customer regardless of the source – whether it’s an Oracle, Red Hat, or UnitedLinux issue. And for additional support issues, Oracle will collaborate with the Linux partner so that the customer issue is resolved jointly. All this is done seamlessly for the customer without them having to get involved. It’s important to note, however, that Oracle customers looking to benefit from this front-line support must have a support agreement in place with the Linux distribution. LWM: How about tech support? Coekaerts: One of the great things about our commitment to Linux is our direct, front-line technical support for the Linux operating system. We offer this support for Oracle customers running Red Hat Linux Advanced Server and UnitedLinux, which includes Conectiva Linux Enterprise Edition, SCO Linux Server 4.0, SuSE Linux Enterprise Server 8, and Turbolinux Enterprise Server 8. For DBAs, an elegant bug-free implementation for clusters has been a hurdle, and that’s now been removed. Perhaps the next-biggest hurdle until now has been technical support. We not only certify and support our applications on these Linux distributions, we also support the Linux operating system itself. This is incredibly significant because Oracle, working closely with Red Hat and UnitedLinux, is a single point of contact for customer support. As a LWM: How exactly is Oracle making Linux “unbreakable”? Coekaerts: For 25 years, the Oracle brand has been synonymous with enterprise excellence and our commitment is continuing to grow with “Unbreakable Linux,” which offers a unique combination of innovative technologies – like a modern open source operating system and database clustering technology that dramatically reduces the cost of computing while achieving the highest levels of performance, reliability, and security. We are unique in that no other company in the world provides all your enterprise software and full technical support on Linux. In fact, we also offer thousands of compatible Linux-based solutions from partners. In conjunction with Dell and HP we deliver easy access to high-performance servers that are ready to run Oracle9i Database technology out-of-the-box, allowing customers to deploy high-performance, enterprise-class solutions on the lowestcost hardware and operating system infrastructure available today. Furthering our commitment to Linux, Oracle recently launched the Unbreakable Linux Partner Initiative, which gives financial, technical, and marketing incentives to ISVs delivering applications on Oracle’s www.LinuxWorld.com 57 Unbreakable Linux software infrastructure. ISVs that join the initiative through the Oracle Partner Network get technical and support resources from my team and Oracle’s support organization to help them build their applications. Only Oracle has its complete infrastructure and applications product lines available on Linux, and strategic partnerships with Red Hat and UnitedLinux. Together, Red Hat and UnitedLinux serve more than 95% of the Linux OS server market worldwide. Oracle customers everywhere can now take advantage of our front-line support for the Linux operating system. LWM: Developers, network administrators, and database administrators all have high hopes for Linux, which continues to be the fastest-growing enterprise computing environment.What do you see as the most likely future for Linux? Coekaerts: One of the most important growth areas for Linux today is scalability. In the future, Linux will scale beyond 8 CPUs and we will begin to see 16- to 30way systems with up to 64GB of RAM, not to mention greater support for a larger number of disks. We’ll need to prove that Linux provides scalability beyond 8 CPUs and runs well on large-scale NUMA systems, 16- to 32-way systems with 64GB or more of RAM. And finally, Linux will need to support many thousands of disks and provide features for better network and IO failover. LWM: So what’s coming in the future from Oracle? Coekaerts: In general, clustering and cluster management is an area where Linux still needs improvement, and this is one area where Oracle can contribute our expertise. You’ll also see us concentrating on delivering functionality that Linux still lacks (that other OSs already have), as well as new technologies. And we will continue to work on improving the kernel functionality in an open and collaborative development environment. In short, stay tuned for even greater Linux things from Oracle and from my group! We have cutting-edge technology, and there are many more technical improvements that we can contribute to the Linux OS that no one has yet solved. We look forward to continuing our close collaboration with partners such as Red Hat and UnitedLinux to bring these technical improvements to the masses. LINUXWORLD MAGAZINE WWW.LINUXWORLD.COM PREMIER 2003 SECURITY Taking the Cost Out of Firewalls It pays to know your Linux BY With about $1,000 and knowledge of Linux and networking principles, you can R A M S A M U D R A L A Ram Samudrala is a principal investigator (assistant professor) at the University of Washington. His work has led to several publications in peer-reviewed journals and freely copiable software for molecular and systems modeling (which are being used on high-performance Linux-based computing clusters that he manges). He released an album with the pseudonym Twisted Helices, with the complete album being published online free of any intellectual property restrictions. He is also the author of the Free Music Philosophy and other texts on (and against!) intellectual property, which have been referenced in Forbes, HotWired, and The New York Times. [email protected] The operating system running on the firewall is Linux, and we use the KRUD distribution, version 8.0. The system is installed like any other Linux system, but all Internet-based services are turned off. Linux supports firewalling through its netfilter/iptables subsystem. It will basically let you do anything a commercial firewall can do, and then some, including the functionality of packet filtering (stateless or stateful), all different kinds of NAT (Network Address Translation), and packet mangling. It is extremely powerful, but cumbersome to use. There are packages that provide a cleaner interface to the iptables. One such pack- age that we use is Shorewall, which lets you manipulate the firewall rules using simple configuration files. Our setup is such that each of the gigabit ethernet cards is assigned to three zones: the zone that compromises the external Internet (“net”), the demilitarized zone (“DMZ”), and the local network (“loc”). Using Shorewall, we can specify how traffic is to be routed across the different zones (see Figure 1). Specifically, we allow all connections from machines in the local zone to the net zone. We allow Web and mail access to our Web/mail server(s) located in the demilitarized zone (DMZ); for this reason, all machines in the DMZ are completely mirrored since Web and mail servers, even the most up-to-date versions, could have potential security holes. Depending on your level of paranoia, you can set up the firewall such that you allow access to the firewall only from a console, or from a single host in the local zone. We allow only secure logins, using OpenSSH, from a selected list of trusted hosts in the net zone to a dedicated gateway machine (located in the local zone). The secure logins have to pass a one-time password screen based on OPIE, as well as a permanent password screen, to be able to log in to the gateway machine. The combination of OpenSSH and OPIE for authentication is handled using Linux-PAM. The two-password system is to address the issue of keyloggers who may record a user’s permanent password (which is possible even over a secure connection). Onetime passwords get around this problem, but they are not enough since users have a tendency to store their list of one-time passwords on their computers, and a computer could be stolen/compromised. Thus the only way to gain access to our local network from the Internet is by knowing the list of one-time passwords, and the PREMIER 2003 58 www.LinuxWorld.com have a firewall that provides freedom, flexibility, and optimal security. In this article, Ram Samudrala shares his experience in creating a cost-effective firewall. The Motivation or almost two years, I dealt with a situation where I had access to a gigabit ethernet connection to the Internet, but I couldn’t harness it since I was behind a commercial firewall that only supported 100Mbps. Upgrading would have required thousands of dollars, which, especially in this economy, seemed wasteful. My solution was to create a Linux-based gigabit ethernet firewall that will do the same thing. The beauty of this setup was not only that I could put together the hardware for less than $1,000, but since the software is freely copiable, there are no restrictions on the numbers of users and licenses. It’s clear that gigabit ethernet over copper is going to be the next step in network- F A B O UT TH E A UTH O R ing. Even if you don’t have a gigabit ethernet connection to the Internet, it’s not too expensive to acquire one. It’s also clear that one of the most logical ways to protect yourself from unwanted attack is through the use of a firewall. However, commercial firewall products utilizing gigabit ethernet are prohibitively expensive. The Setup Hardware Configuration The machine I purchased for a firewall is a nice 4U rackmount with an AMD Palamino 1700+ CPU, a MSI KT3 Ultra2 KT333 MS-6380E motherboard, a small hard disk, some memory, and three Intel Pro/1000T Gigabit Server ethernet cards. All the hardware cost less than $1,000. The main thing to note here is that any computer with gigabit ethernet cards should do, assuming that its components work well with Linux (in most cases, they should). Software Configuration rs velope e D : N ATT SECURITY P U P E SoTthe mike permanent password for an authorized user, and making the connection from a list of trusted hosts. The passphrase for the onetime passwords is randomly generated for each user (i.e., the users don’t have a choice as to the passphrase), which is then used to generate a list of one-time passwords that a user keeps. The list can be reset at the whim of the user, with a new random passphrase being used to create a new list. A script to do this is available at (www.ram.org/computing/linux/firewall/otpgen.tgz). t and be... om Go t/odeveloper.sys-con.c http:/ ! D R A HE Calling Sleek Geeks Everywhere! The Bottom Line The Minuses... The downside of such a firewall is that you do need to know your Linux, and be extremely familiar with networking principles. Even though the Shorewall packages simplify management, for optimal security it helps to be familiar with the netfilter subsystem. If your system administrator is familiar with Linux, then this shouldn’t be a problem. Make sure you have your finger on the pulse of i-Technology...bookmark http://developer.sys-con.com today. i-Technology News i-Technology Views i-Technology Th e (n Inte et rn zo et ne ) Comment i-Technology © COPYRIGHT 2003, SYS-CON MEDIA WWW.SYS-CON.COM (D MZ Lo ) (D MZ ca Debate LWM Advertiser Index l ) Advertising Partner Web Site URL Phone # Page # BASIS INTERNATIONAL / OPEN SYSTEMS WWW.BASIS.COM / WWW.OSMCORP.COM BLACKHAT WWW.BLACKHAT.COM 916 853 8555 65 COMDEX WWW.COMDEX.COM 650 578 6900 89 FREE SOFTWARE FOUNDATION WWW.GNUPRESS.ORG 617 542 5942 27 HP WWW.HP.COM/LINUX 888 HPLINUX C4 ISAVIX WWW.ISAVIX.COM 866 472 8849 33 LINUXWORLD CONF. & EXPO WWW.LINUXWORLDEXPO.COM LINUXWORLD MAGAZINE WWW.LINUXWORLD.COM ORACLE WWW.ORACLE.COM/LINUX PERVASIVE SOFTWARE WWW.PERVASIVE.COM/LINUX8 800 287 4383 3 PROMICRO SYSTEMS WWW.PROMICRO.COM 866 646 4276 8 RACKSAVER HTTP://OPTERON.RACKSAVER.COM 888 942 3800 21 VERITAS WWW.VERITAS.COM 15 XIMIAN WWW.XIMIAN.COM/INFORMATION/MGMT3 C3 6 Allow secure access with both one time and permanent passwords Allow only mail and web access Allow only mail and DNS access FIGURE 1 ROUTING TRAFFIC ACROSS ZONES And the Pluses... The amount of flexibility greatly outweighs the Shorewall learning curve, not to mention the cost of creation and maintenance. Another singular advantage over a commercial product is that it’s easy to upgrade the hardware and software at whim. The bottom line is that security is best achieved by a thorough understanding of networking principles and exploits. A Linuxbased firewall gives you the freedom, flexibility, and the opportunity to achieve security in an optimal and economical manner. Resources • • • • • • KRUD: http://tummy.com/krud netfilter: www.netfilter.org Shorewall: www.shorewall.net OpenSSH: www.openssh.com OPIE: www.inner.net/opie Linux-PAM: www.kernel.org/pub/linux/libs/pam 888 303 5282 77 C2 General Conditions: The Publisher reserves the right to refuse any advertising not meeting the standards that are set to protect the high editorial quality of. All advertising is subject to approval by the Publisher. The Publisher assumes no liability for any costs or damages incurred if for any reason the Publisher fails to publish an advertisement. In no event shall the Publisher be liable for any costs or damages in excess of the cost of the advertisement as a result of a mistake in the advertisement or for any other reason. The Advertiser is fully responsible for all financial liability and terms of the contract executed by the agents or agencies who are acting on behalf of the Advertiser. Conditions set in this document (except the rates) are subject to change by the Publisher without notice. No conditions other than those set forth in this “General Conditions Document” shall be binding upon the Publisher. Advertisers (and their agencies) are fully responsible for the content of their advertisements printed in ColdFusion Developer’s Journal. Advertisements are to be printed at the discretion of the Publisher. This discretion includes the positioning of the advertisement, except for “preferred positions” described in the rate table. Cancellations and changes to advertisements must be made in writing before the closing date. “Publisher” in this “General Conditions Document” refers to SYS-CON Publications, Inc.This index is provided as an additional service to our readers. The publisher does not assume any liability for errors or omissions This index is provided as an additional service to our readers. The publisher does not assume any liability for errors or omissions. LINUXWORLD MAGAZINE WWW.LINUXWORLD.COM www.LinuxWorld.com 43 59 PREMIER 2003 FEATURE Linux Virtual Private Networking Fundamentals Choosing the right solution for your network PREMIER 2003 60 www.LinuxWorld.com FEATURE BY J.C. UTTER AND JOSH SNYDER As virtual private networks (VPNs) become the industry standard, more options become available. This article takes a look at what’s out there, including the pros and cons of each solution, to help you decide what’s best for your network. irtual private networks have become the industry standard for secure encrypted networking over the Internet. Most IT departments have either deployed VPNs, or intensified their focus on the deployment of VPNs, as a solution to the high cost of connecting remote and home offices to the corporate network. In parallel with the IT industry’s adoption of VPNs, Linux has emerged as a powerful, high-performance, low-cost network operating system that can be used in a wide range of applications including network firewalls, routers, and servers. Linux is inexpensive to license, and it leverages inexpensive PC hardware. Because of its low cost and high reliability, Linux is one of the most popular VPN platforms for commercial VPN products, as well as for IT departments capable of building their own VPN solutions. To make an educated decision about VPN deployment, it is important to know about the current state of Linux VPN software, and how these technologies can work for your organization. V device uses protocol-based communications to establish a connection to another PC or network device that is also connected to the Internet. This virtual connection or route is called a “tunnel.” All network traffic destined for the remote computer or network device is transmitted through this tunnel. The traffic that passes through the tunnel is automatically encrypted by the transmitting device, and decrypted by the receiving device, which provides the security that makes a VPN “private” in contrast to an unencrypted Internet connection. Remote Access Services (RAS) vs Network Infrastructure If you don’t already know the answer, the first, most obvious question is, “What is a VPN?” A VPN is a virtual private network that allows two or more computers or networks to communicate securely across an unsecured network. This means you can use a VPN to interconnect two private corporate networks securely using the Internet. With this approach, the Internet can be used to connect remote offices in a way that is much less expensive than leasing private data circuits to connect the same remote sites. All VPNs fundamentally work in the same way. First, a PC or similar network device is connected to the Internet. This VPNs are used in two major application areas: RAS (Remote Access Services) and network infrastructure. RAS applications for VPNs focus on providing access to corporate networks for mobile users via the Internet, while infrastructure VPNs focus on creating permanent private connections between different networks using the Internet. The most significant benefit of using a VPN for RAS applications is cost savings. Traditional RAS solutions require the installation of expensive RAS hardware, modem banks, and phone lines inside the corporate network. When a mobile user connects from a new location, he or she uses the same dial-up phone number to connect to the corporate RAS. These dial-up RAS connections are normally made over long distance telephone lines, which gives a corporate RAS the additional incremental cost of the associated long distance charges for each minute of network use (see Figure 1). The corporate RAS is a relatively expensive access solution when you consider the VPN alternative. With a VPN access solution, you need only an Internet connection for your mobile PC on one end, and a VPN server or appliance that is connected to both the Internet and the corporate net- www.LinuxWorld.com 61 VPN Primer work on the other end. The one-time and recurring costs of modem banks and telephone lines that exist in the corporate RAS world are eliminated. In most VPN RAS solutions, the mobile user pays for Internet services through a national ISP that can provide local dial-up access throughout the country. This makes it possible to replace the variable long distance charges of the corporate RAS with the cost of a flat-rate Internet dial-up account. In adition, users of a VPN RAS can take advantage of any Internet access technology, including high-speed broadband. This is a significant benefit when compared to a corporate RAS that’s limited to dial-up speeds (see Figure 2). VPNs are also commonly used in network infrastructure. In contrast with the mobile user’s need to connect from different locations over time, a VPN implemented within the network infrastructure is a permanent, embedded network feature. The VPN is transparent to the end user, and doesn’t require end-user configuration or authentication (see Figure 3). PPTP VPNs Using Poptop for Linux The most popular VPN software for RAS applications under Linux is Poptop, which is based on the PPTP protocol developed primarily by Microsoft. Poptop is easy to set up, and has very low hardware requirements when the number of users remains small. As an RAS solution, Poptop’s greatest strength is the widespread availability of the necessary client software. Microsoft has A B O UT TH E A UTH O R S J.C. Utter is a founder and the president of ImageStream Internet Solutions. He has been writing technical articles for industry publications for over a decade. [email protected] Josh Snyder is a veteran engineer who joined the ImageStream engineering team in 1996. Josh currently specializes in Linux networking applications and VPN technology. [email protected] PREMIER 2003 FEATURE included a PPTP VPN client with every version of Windows since Windows 98. In general, this means that users will not need to install additional software to access a Poptop VPN. On the downside, Poptop suffers from relatively weak security, which is characteristic of all PPTP-based VPNs. Although newer authentication methods have fixed many of the early problems with PPTP, most security experts agree that PPTP should not be used to access private networks that require a high level of security. The management of the Poptop VPN client base can also present problems. All passwords and user names are stored in an unencrypted text file under Linux. If you don’t mind editing this file directly to make changes to user names and passwords, the PPTP approach may offer an acceptable solution. But Poptop’s limited security provisions would be a serious stumbling block to any organization that requires a high level of network security. Although many Linux users have been using Poptop for years, it is losing favor to newer, more secure VPN technologies. Corporate LAN LAN Hub or Switch Remote PC Corporate RAS Telephone Service FIGURE 1 CORPORATE RAS Corporate LAN The Internet Internet Service Remote PC FIGURE 2 PREMIER 2003 Router REMOTE ACCESS USING A VPN Internet Service IPsec VPNs Using FreeS/WAN for Linux IPsec (Internet Protocol Security) is one of the rising stars in the world of high-security VPN protocols. IPsec is an open standard that is supported by many different VPN vendors. IPsec is a very flexible protocol that lends itself to deployment in all types of VPN applications, and it is equally suited to providing the foundation for RAS and infrastructure solutions. FreeS/WAN is a Linux-based implementation of the IPsec protocol. FreeS/WAN is quite flexible, and can be used to create VPN connections with a wide range of hardware and software including Linux routers and servers, Cisco routers, and Windows workstations. But this flexibility comes with a steep learning curve. The complex FreeS/WAN configuration files are difficult to understand and configure. To configure FreeS/WAN properly, you must first determine which traffic you want to forward over the VPN. In even the simplest applications, this can require the configuration of at least four tunnels, which contributes to system complexity. FreeS/WAN also bypasses the normal IP routing facilities under Linux. This makes it impossible to use FreeS/WAN with dynamic routing protocols such as BGP or OSPF to provide dynamic fail-over solutions. LAN Hub or Switch Corporate LAN B Corporate LAN A The Internet LAN Hub or Switch LAN Hub or Switch Router FIGURE 3 Router INFRASTRUCTURE VPN If you or your staff guru can wade through the challenge of using FreeS/WAN, the benefits are considerable. FreeS/WAN is compatible with most IPsec implementations, and it can provide high-speed VPN services with modest hardware requirements. FreeS/WAN is a very secure VPN featuring 168-bit 3DES encryption, and many security experts view FreeS/WAN as the most secure VPN solution available today for Linux. Infrastructure VPNs Using CIPE for Linux CIPE is a lesser-known VPN application for Linux that strives to be an easy-to-use, high-security VPN solution. CIPE can be 62 used to provide infrastructure VPN solutions using Linux, Windows 2000, and Windows XP. Under Linux, CIPE configuration is managed using a simple text file. CIPE works by creating a VPN device that functions like a standard device under Linux. Because a CIPE tunnel works just like any other standard Linux device, it is possible to use CIPE in conjunction with dynamic routing protocols and other routing tools. Only one device interface is required to create a CIPE VPN. This greatly reduces the complexity of VPN configuration when compared to FreeS/WAN. And because CIPE is not designed to support RAS solutions, there is little need to make significant changes to www.LinuxWorld.com FEATURE the software configuration over time. As a result, the relatively static configuration of an infrastructure VPN using CIPE generally mitigates the disadvantages of a system that relies on simple text file configuration. VPN Solutions Using ImageStream Routers If you don’t have the expertise to build your own Linux VPN box, or if you would prefer to deploy a fully tested, commercially supported Linux VPN product, there are a number of manufacturers that can supply complete hardware and software solutions. In this case, we will look at using routers from ImageStream for infrastructure VPN deployment. ImageStream manufactures a wide range of routers that support leased WAN circuits from T1 through OC12, as well as 10, 100, and 1000Mb Ethernet connections. To support VPN applications, ImageStream routers provide fully tested versions of FreeS/WAN and CIPE. Infrastructure VPNs are commonly deployed on a network router. The router is an ideal device for the deployment of an infrastructure VPN, because it is one of the few network devices that performs rule-based packet forwarding, and can make decisions about where and how to forward packets. In an infrastructure VPN, the ImageStream router would be configured to use either FreeS/WAN or CIPE, and the router on the other end of the tunnel would be configured similarly. When both routers are connected to the Internet, and both are properly configured, the devices connected to each remote network will be able to exchange network data as if they were all connected to the same network. Although the Internet is used to transfer data between the sites, the data is encrypted to provide a high level of security and privacy. VPN solutions. All of Cyberguard’s dedicated VPN appliances support user authentication from a central site. Cyberguard’s flagship product is capable of supporting over 2Gbps of encrypted throughput. Dedicated VPN products like this can be deployed at any time, and they work seamlessly with routers like those from ImageStream to provide network security for WAN and LAN traffic. Choosing the right Linux VPN solution for your network will depend on your unique requirements. Poptop may be a good choice for VPN RAS applications that require readily available Windows support with moderate security. At the same time, Poptop is less secure than the alternatives, and should not be used if a network break- “No matter which Linux VPN solution you choose, it’s good to have different choices” Linux VPN Conclusions There are times when an enterpriseclass VPN application will require enough encrypted data throughput that only a dedicated VPN appliance will do the job. Similarly, there are times when the secure management of dozens or hundreds of users will require a commercial VPN solution that is designed to manage and track a large number of authenticated users. In these situations, a dedicated VPN solution will provide the best results. Cyberguard is an example of a Linux VPN appliance manufacturer that offers high-end There are many popular VPN software solutions for Linux including Poptop, FreeS/WAN, and CIPE. Each offers a different mix of security and ease-of-use, as well as different levels of support for RAS and infrastructure VPNs. Poptop leverages the PPTP protocol. Its strengths include compatibility with existing Microsoft Windows VPN client software, and ease-of-use in RAS applications. The main drawback of using Poptop is its moderate level of security, which by most standards would remove Poptop from serious consideration in mission-critical networks that require bullet-proof security. FreeS/WAN, with its strong support for both RAS and infrastructure VPNs, is the most powerful and flexible VPN solution for Linux. FreeS/WAN strengths include wide compatibility among all IPsec compatible VPN devices, strong security, and the highest level of flexibility available in a Linux VPN solution. To its detriment, FreeS/WAN bypasses the standard packet-forwarding system under Linux, which precludes the use of many standard Linux routing applications. In addition, FreeS/WAN is a serious challenge to understand and configure, which is the current price that must be paid to deploy the most flexible and compatible Linux VPN. CIPE is the lesser-known VPN software for Linux that combines ease-of-use with a high level of security for infrastructure applications. CIPE is not designed for deployment in RAS applications, but it is the easiest VPN solution available for highly secure infrastructure VPNs. www.LinuxWorld.com 63 Solutions Using Dedicated VPN Appliances Which VPN? in would represent a significant risk to the organizational mission. If you are looking for a highly secure VPN RAS solution, or if you are specifically looking for IPsec compatibility in a VPN RAS, FreeS/WAN is clearly the best choice. Despite its complexity, FreeS/WAN provides the most flexible VPN solution for Linux, with highly secure support for both RAS and infrastructure VPNs. For infrastructure VPNs, CIPE may be the best choice because it is easy to configure and it provides a high level of security. CIPE also supports standard Linux routing applications, which can be a “make or break” issue with some deployments. No matter which Linux VPN solution you choose, it’s good to have different choices. As each VPN software package places a different emphasis on security, ease-of-use, flexibility, and compatibility, IT professionals reap the benefits of being able to choose the VPN technology most ideally suited to the application. With Linux, you also have the option to build your own VPN solution, or to purchase commercially supported products that are guaranteed to work. In any case, your VPN deployment will benefit from the security and stability that Linux brings to every application in which it’s deployed. Resources • Poptop: www.poptop.org • FreeS/WAN: www.freeswan.org • CIPE: http://sites.inka.de/bigred/devel/cipe.html • Cyberguard: www.cyberguard.com LINUXWORLD MAGAZINE WWW.LINUXWORLD.COM PREMIER 2003 INDUSTRY INSIGHT You’ve Come a Long Way, Unix Reflections on the rich history of Unix Sometimes the irony is so sharp you can cut deli meat with it. As we settle in for a long hot summer and a fall of legal skirmishes between SCO and the rest of the known Linux universe in regards to the patents and other intellectual property surrounding Unix, there’s a certain karmic reckoning to be had in the fact that the very first application that Unix was put to was to assist the Bell Labs Patent department in preparing patent applications. In the dim days of 1970s, when a Digital PDP-11 was the state of the art in minicomputing for a mere $65,000, Unix was just taking its first baby steps at Bell Labs. Dennis Ritchie and Ken Thompson couldn’t have dreamt that this attempt to produce an interactive timesharing system would someday become the lingua franca of server-based computing. The early days of Unix at Bell are full of landmark events. The development of the C programming language. The concept and implementation of pipes. The first file system, inodes and all. It was also at this time, in 1976, that the University of California at Berkeley (UCB) began to participate in Unix development, culminating in the development of 4.2BSD. Meanwhile Bell continued to refine Unix, eventually releasing System 6 and System 7. It was on a Tandy 6000, running System 7 (technically Xenix), that I first really began to play with Unix. In the 1980s, Unix began to be a real player in the computer industry. The 800pound gorilla was, of course, the VMS operating system running on DEC’s VAX minicomputers, but a small rebel company called Sun Microsystems was making head- I James Turner, senior editor at LinuxWorld Magazine, is president of Black Bear Software, as well as director of software development for Benefit Systems, Inc. [email protected] way selling a variant of Berkeley Unix they called SunOS (later Solaris). Also, companies such as HP and Apollo were offering systems running their own varieties of Unix. And Bell (now reconstituted as AT&T) was selling a System 5, running on platforms like the 3B2. But for all its promise, Unix had problems. For one thing, there was little in the way of portability in programs. Binary compatibility was nonexistent, and even recompilation could be an adventure (anyone old enough to remember being asked if your machine was big-endian or little-endian?). And Unix could be as expensive as any of the other traditional operating systems. Into the fray stepped Richard Stallman and the Free Software Foundation. Eagar to provide a not-for-profit version of the Unix operating system, they first needed to build the tools to build the tools, things like a C compiler and parser generator to replace the proprietary versions (we know these tools today as gcc and bison/yacc, among others). And while the FSF toiled away on their OS, a funny thing happened. People started noticing that the FSF versions of the PREMIER 2003 64 A B O UT TH E A UTH O R BY J A M E S TU R N E R Unix tools were often better than the commercial versions, and free! For example, Sun charged $10,000 for their C compiler, but gcc worked just as well. But as years dragged on with no OS in sight from the FSF, the commercial implementations continued to be the only game in town outside VMS and the upstart called Windows. It would fall to an unassuming Scandinavian, not the FSF, to change the Unix world forever. No one reading this magazine needs to hear the story of how Linus Torvalds started working on an open source Unix kernel as a personal project, and ended up spawning the most widely adopted non-Microsoft operating system in the world. But it’s worthwhile to note what made Linux so special. For one thing, it could run on low-cost Intel-based PCs, the same kind that people bought to run Windows. That meant you didn’t need to spend a fortune on hardware if you didn’t want to. Also, even across different hardware platforms (say an IBM 3090 and a Dell laptop), the source code remained compatible. And inside the same platform, even different vendor releases like Red Hat and SuSe could run each other’s programs. The other breakthrough was making it open source, which meant that the people most motivated to fix problems and add new features (the people encountering the bugs and needing the features) were empowered to do so. If you had a critical problem, you didn’t need to wait for a vendor to decide it was important enough to fix. You could fix it yourself. Today, Unix (both in proprietary implementations such as Solaris and open versions such as Linux and FreeBSD) is the 800-pound gorilla of the server market, big enough to make Microsoft scramble for market share in Europe, and big enough to make companies like SCO try to grab a piece of it. Truly, a long way from two Bell engineers scrounging for a computer to whip up a new operating system. LINUXWORLD MAGAZINE WWW.LINUXWORLD.COM www.LinuxWorld.com LICENSING Show Me the License BY M I KE O L S O N Buying open source software at your company? Make sure you’ve got the right license... If the software you’re considering is an operating system, like Linux, then the Mike Olson, one of the original authors of Berkeley DB, is a technology industry veteran with more than 20 years of experience in engineering, marketing, sales, and business management. Mike was named president and CEO of Sleepycat in 2001 after serving as vice president of sales and marketing. Prior to Sleepycat, he served in technical and business management positions at database vendors Britton Lee, Illustra, and Informix. Mike holds BA and MA degrees in computer science from the University of California at Berkeley. [email protected] Don’t get me wrong. The GPL is a good thing. But there are no examples of profitable GPL-only software development companies. Profits are a company’s oxygen. You don’t want to bet your company’s success on a vendor who follows a business model on life support. The exceptions are companies such as mine, Sleepycat, that have innovated on the GPL and offer dual-use software licenses. MySQL and Trolltech are two others. We’re all profitable and growing. I think the license makes the difference. Under a dual-use license, software is still available to customers with a GPL-like software license. However, these licenses also give customers a choice to pay for a commercial license that is less restrictive than the GPL. Basically, it allows customers to use open source software in closed, proprietary products. For example, Trolltech customer IBM wanted to use Trolltech’s Qt libraries (a toolkit for faster development of graphical user interfaces). IBM engineers didn’t have the authority to share the source code with their customers. But Trolltech’s commercial license gave IBM engineers the freedom to develop and distribute applications without opening the source code. Unlike the GPL version of Trolltech’s product, the commercial license version didn’t require the distribution of the source code. Sleepycat customer Cisco Systems wanted a quick way to provide name and address lookup in its high-performance network router products. Cisco wanted to use Sleepycat’s Berkeley DB product, but wanted to protect the intellectual property of their networking products. Cisco paid a fee to license a version of Sleepycat’s Berkeley DB that wasn’t restricted by the GPL. Cox Communications, one of the largest cable network companies in the U.S., chose to implement the commercial version of the MySQL RDBMS to avoid the legal restrictions of the GPL and to get the support and warranty of the commercial version. Dual-use licenses give customers the freedom to choose if and how they distribute the source code. The licenses also help to create stable software companies with profitable business models. Berkeley DB, MySQL, and Qt did not start with their current dual-use licenses. The licenses, like the software, evolved through an analysis of both customer feedback and company balance sheets. Though Sleepycat, MySQL, and Trolltech arrived at roughly the same licensing model, the companies came at the problem from different directions. Trolltech was an early pioneer of dualuse licenses. While their commercial license stayed the same, their noncommercial-use license evolved over time to meet cus- PREMIER 2003 66 www.LinuxWorld.com GNU Public License (GPL) is good for your business. If it’s an application or a software ingredient, then the GPL may be bad for your business. ere’s why. While Linux operating system vendors such as Red Hat and SuSE benefit from the GPL, application vendors do not. Red Hat will be able to provide businesses with Linux software and support for years to come. Even if they go out of business, there are literally thousands of developers, as well as every major IT company in the world, ready and willing to support your GPL software. Most GPL’ed applications, on the other hand, have very small developer communities outside the companies that support them. Any organization buying application software under the GPL risks losing vendor support if the company fails. Be prepared and understand the risk. The business model has to work. H A B O UT TH E A UTH O R LICENSING tomers needs. “We changed the free edition license from binary only to QPL, and then finally to the GPL,” said Haavard Nord, CEO of Trolltech. “Our current dual license gives Trolltech customers maximum flexibility while preserving a strong and profitable software development business model.” Berkeley DB was originally available from UC Berkeley under the popular open source Berkeley Software Distribution (BSD) license. When we decided to form a business around Berkeley DB, we looked at the BSD license closely. The BSD license would give our customers flexibility. It would allow them to freely embed Berkeley DB in hardware or software products and distribute their product without restriction. However, the BSD license would also allow our customers or any developer to take our code and create their own products without our permission or payment. We would create our own competition. We decided to begin the business with a dual-license strategy. MySQL started with a commercial license. According to their CEO, Marten Mickos, “MySQL moved to the GPL in the summer of 2000 to help MySQL gain wide DR. MIGRATION adoption. At the same time, we introduced a dual license strategy, which has been great for business.” Haavard, Marten, and I recognize that our businesses need a license like the GPL. It’s good for our businesses. Our products and our customers benefit from this type of license. A license like the GPL brings two things: it helps our products gain wide adoption and it makes it easier to manage a consistent, unified code base by forcing any changes to be open source and available to us. MySQL has more than 4 million active database deployments. Qt has deployments in the tens of millions. We estimate that Berkeley DB has over 200 million deployments. In all cases, that’s a lot of people using our software. A wide user base means the product is tested by more people, which leads to stable products with good performance. A wide user base also means lower training costs for our customers. Their developers are familiar with our APIs and other programming approaches. GPL-like licenses also help to maintain product consistency by preventing closed, proprietary branches. We call this phenom- LINUXWORLD MAGAZINE WWW.LINUXWORLD.COM It’s truly impressive how much you can do in this OS without making any changes to your existing computing environment. It is an excellent way for you to get a taste of Linux for no more investment than your time. In my tests I dropped the CD into my CD drive and rebooted on three different x86 systems. In every test KNOPPIX recognized the hardware on my systems and booted in about one minute. Additionally, I was able to save and edit files on my hard drive and in one case repair a system that no longer functioned properly. Figure 3 shows the KNOPPIX operating system running Open Office, Konqueror (as a Web browser), Konqueror (as a file browser), KMail (a mail client), and GAIM (Instant Messenger). The machine used for the demo is a 425MHz AMD K6-2 processor with 64MB of RAM. Notice the hard drive icons on the desktop. These hard drive partitions are both damaged, but KNOPPIX still booted making it possible to retrieve critical files. —continued from page 31 lection of applications is a good representative sample of those that would be available to you free of charge when you start to utilize Linux as a desktop computing system. • Konqueror file and Web browser: This very functional browser is as close to a Linux equivalent of Microsoft Explorer as there is; it works as a system file browser and as a Web browser. Additionally, its ability to anti-alias fonts makes the look as smooth and rich as any Web browser on the market, and better than most. • Mozilla Web browser: KNOPPIX 3.1 includes Mozilla 1.0. I selected Mozilla from the Internet Apps menu and browsed to some sites. In contrast to Konqueror, it doesn’t have anti-aliased text. • OpenOffice.org: The OpenOffice.org source code initially includes the technology that Sun Microsystems has been developing for future versions of their StarOffice software, an alternative to Microsoft Office. • K Office: An open source office suite comparable to Microsoft Office. • X Multimedia System (xmms): A popular multimedia software package developed for Unix operating systems running X11, it can play back MP3, AVI, MPEGs, and many other multimedia formats. • GNU Image Manipulation Program (GIMP): A fully featured graphic editor that rivals that of the Adobe family of graphical editors. • Network connectivity tools: Internet connection software kppp (an Internet dialer), pppoeconf (DSL), and isdn-config. • Utilities for data recovery and system repairs: Even some for other operating systems’ networks, and security analysis tools for network administrators. www.LinuxWorld.com enon forking, and it’s always bad news for customers because it creates many different versions of essentially the same product. To understand the problem this creates for customers, let’s take a look at what happened to Unix. There are many different versions of Unix and most are similar. Each version of Unix has small, proprietary enhancements that vendors added to create product differentiation. Solaris, AIX, HP-UX, SCO, and BSD are not binary compatible and do not share a common management framework. Customers are forced to spend money to maintain different applications on different operating systems. The Linux kernel is released under the GPL and unlike the Unix kernel, there is only one mainstream version of the Linux kernel. There is also only one popular version of Berkeley DB and Qt. Dual-use licenses may appear more confusing at first. However, this new type of licensing can bring your business more benefits than any single license can. Before buying your next piece of open source software, check the license. Are You Ready to Migrate? It’s understandable that you may not be loading Linux on every desktop in your organization tomorrow. However, good IT managers would be remiss in their responsibilities if they weren’t at least doing the appropriate research into viable alternatives to their existing infrastructure. I also agree that the jury is still out on the long-term future of Linux; it’s much less popular than Microsoft. However, early adopters of the technology may well find that they are regarded as visionaries and applauded for improving their computing environments while contributing to their organizations’ bottom line. LINUXWORLD MAGAZINE WWW.LINUXWORLD.COM 67 PREMIER 2003 FIRST LOOK Introducing the Linux 2.6 Kernel Technical improvements will accelerate adoption The Linux 2.6 kernel is expected to be released this summer, bringing not only a huge improvement in performance but also big cost savings to the many enterprises ready to migrate from Unix. Dave Fuller brings more than 25 years of data center technical and marketing experience to his current position leading the technical marketing group at OSDL, where he participates in both the Linux kernel stabilization project and the Data Center Linux working group. Prior to OSDL, Dave led IT activities at a start-up focused on Web commerce. At Sequent Computer Systems, he played key roles in technical services and oversaw technical sales support for the company’s AsiaPacific and Latin American operations. [email protected] A fast and deep entry into the market would be a distinct change from what happened with Linux 2.4, when adoption took longer than the industry anticipated. This time around, however, the development community, including OSDL, has tested the kernel so extensively that we believe adoption will come much, much faster. There are eight reasons why CIOs will decide to upgrade to a Linux distribution based on 2.6: seven related to performance and the eighth, and critical, factor being cost. At OSDL, we divided the key 2.6 kernel feature improvements into seven categories: performance, scalability, availability, clustering, I/O, management, and serviceability. We found that Linux systems based on the 2.6 kernel will scale better on bigger machines. This provides the opportunity to replace more proprietary Unix servers and to consolidate workloads on bigger Linux systems. But it’s not just the technical features; the clincher is the cost savings that these features will make possible for large organizations. Businesses can save big money by implementing the new Linux kernel on Intel architecture–based servers. Amazon’s move from Solaris to Linux on HP NetServer systems helped Amazon slash its PREMIER 2003 68 lready the subject of intense scrutiny, this new kernel will be the first major revamp of the Linux kernel in two years. We at Open Source Development Labs (OSDL) have worked with Linux developers and together completed more than 4,000 tests on publicly available development versions of this kernel. In recent months, we have run the development kernel, known as 2.5, in our production environment with servers, achieving more than 30 days of continuous uptime. The 2.5 kernel will transition into 2.6, and OSDL is committed to its rapid adoption in the market. (OSDL is a global consortium backed by Computer Associates, Fujitsu, Hitachi, HP, IBM, Intel, NEC, and other major vendors.) A A B O UT TH E A UTH O R BY D AV E F U L L E R technology capital budget more than 25% in the first year alone. There’s more: businesses can achieve lower training costs, and additional savings can be found as Unix technical staff can easily port their skills, procedures, and even many applications to Linux. To borrow an insight from Clayton Christensen’s book, The Innovator’s Dilemma (HarperBusiness, 2000), Linux is a disruptive technology. The new kernel is going to allow Linux to pass Christensen’s “good enough” test. This means that many organizations are going to begin moving their core data center operations over to Linux. It gets the job done for a lot less money. As proprietary architectures yield their performance advantage to Linux, Linux becomes “good enough” for most workloads. Scalability “Does Linux scale?” is often the first question an IT manager will ask when evaluating whether Linux can replace an enterprise Unix server. Our tests indicate that the Linux 2.6 kernel will scale much better than the 2.4 kernel. Most of the development of the 2.4 kernel was done on singleprocessor systems with some testing on dual-processor and larger systems. The larger 8- and 16-way machines are supported, but the 2.4 kernel isn’t really aimed at those system sizes. With the 2.6 kernel, performance is dramatically improved on large machines. www.LinuxWorld.com FIRST LOOK What Is the Kernel? The Linux kernel is the core of a Linux system. It is only a small part of the large number of files that are installed on a server’s hardware. Programs like Web servers, databases, application servers, mail servers, compilers, text editors, image editors, and word processors are not part of the Linux kernel. The kernel controls access to system resources such as • CPU • RAM • Monitor, keyboard, mouse • Disk drives, CD-ROM drives • Tape drives, printers, and other peripherals and ports • Network access There are two types of Linux kernels, development and production (or stable). Development kernels end in an odd number (e.g., 2.3 or 2.5). Production kernels end in even numbers (e.g., 2.4 or 2.6). This numbering scheme divides Linux users into two categories. The first category consists of developers and testers, who use the odd-numbered kernels, which are changing and may be unstable. The second category consists of production users, who use even-numbered kernels, which change as little as possible. Although there will be some settling of the fine points of kernel feature implementation and a deferral of features that aren’t ready for production, a look at the 2.5 kernel will give a fairly good view of what the 2.6 kernel will become. As part of OSDL’s charter we provide outside developers access to enterpriseclass machines. Testing on multiprocessor machines is a vital part of the Linux development process and has resulted in an improved scheduler, kernel native threading, and overall refinement of the locking granularity. We also did a lot of testing of these larger machines with databases, which are a classic resource-intensive, business-critical workload. OSDL provided the Database Test Suite, a fair-use implementation of Transaction Processing Performance Council (TPC) benchmarks. These database performance test results comparing the Linux 2.4 kernel to the Linux 2.5 kernel are freely available from OSDL at www.osdl.org/projects/performance. The source code for the tests is also available for developers. Stability “Is Linux stable on larger systems?” is probably the second most frequently asked question. OSDL put a lot of time and resources into testing the Linux 2.5 kernel through the Linux Stabilization Project. A description of the tests and results is available at www.osdl.org/projects/26lnxstblztn/results. Based on these tests and our www.LinuxWorld.com experience with the 2.5 kernel, we expect that the Linux 2.6 kernel will be more stable than the Linux 2.4 kernel was when it was released. There is a companion project to test scalability in a repeatable scientific environment. OSDL’s Scalable Test Platform (STP) and Patch Lifecycle Manager (PLM) provide the Linux development community with an open, easy-to-use resource for testing custom kernels. STP works as the testing engine. PLM makes it easy to manage developers’ patches against stock kernels. With a consistent set of hardware and test suites, developers can test new features in a controlled environment. Planning for the Future Because of the improvements in scalability, stability, performance, and availability in the kernel, Linux has reached the level where it can replace more expensive Unix servers. IT managers need to evaluate Linux suitability for their data centers based on the features it will have at the time of deployment. The rapid development of Linux adds some challenges to plans to adopt it. IT managers need to become familiar with the improvements to the 2.6 kernel, determine suitability for their enterprise, and 69 insist on these features when preparing Request for Proposals (RFPs) or making a purchase. The Linux 2.6 kernel will support more hardware platforms, bringing businesses savings in reduced management costs through a reduction in the number of operating systems under management. Instead of a variety of Unix versions, businesses can standardize on Linux on a range of hardware architectures. Most of Linux runs on industry-standard Intel architecture servers, available from almost every vendor, including Dell, HP, IBM, and NEC. Linux also runs on mainframes from IBM and Fujitsu, PowerPC-based servers from IBM, and Itanium-based servers from HP. When IT managers plan for the future, they should keep in mind that Linux server use is growing and Unix server use is shrinking. According to industry research firm Gartner, hardware vendors shipped over 425,000 servers with Linux last year, up from 286,823 in 2001. During the same time period, shipments of Unix machines fell 9%. Due to technical improvements in the 2.6 kernel, we anticipate that this trend will accelerate. Many more companies will follow Amazon’s early lead and realize significant cost savings by migrating from Unix to Intel architecture hardware. With the release of the new kernel, OSDL is refocusing much of its work on end-user Global 2000 corporations. We’re interested in learning more about your plans to use Linux. What challenges remain before you are prepared for production deployment? With classic disruptive technologies, much like the original personal computer, we know that adoption of “good enough” technology accelerates in new and surprising ways. Tell us what your plans are for Linux. We invite your organization to participate with OSDL in making Linux ready for your enterprise. For More Information Learn more by visiting www.osdl.org, the OSDL site. Here you’ll find information on Carrier Grade Linux, Data Center Linux, OSDL Database Test Suite, Linux Stabilization Project, Scalability Test Platform, Patch Lifecycle Manager, and much more. LINUXWORLD MAGAZINE WWW.LINUXWORLD.COM PREMIER 2003 INTERVIEW Taking Geek of Out Linux the A B O UT M I C H A E L R O B E RT S O N Michael L. Robertson is the founder and chief executive officer of Lindows.com, a consumer software company that creates choice in the marketplace. Robertson served as chief executive officer and chairman of the board at MP3.com (www.mp3.com) since March 1998. As the mastermind of MP3.com, Robertson established the largest collection of digital music in the world, amassing more than 1 million downloadable MP3 files. Robertson also spearheaded change in corporate business music services and put the power of CD creation in the artists’ hands by offering a host of support technologies and services. If you’re looking for a David and Goliath story, you don’t Lindows violates Microsoft’s trademark on the Windows name. need to look any further than Michael Robertson, CEO of We had a chance to talk to Michael about the future of Linux Lindows.com. As the first major player trying to sell Linux on the desktop, the struggle to de-geekify the operating sys- desktop computers in a retail environment, he’s felt the full tem, and what it’s like to go up against the largest software wrath of Microsoft’s fury, including a lawsuit claiming that company in the world. PREMIER 2003 70 www.LinuxWorld.com INTERVIEW INTERVIEWED BY JAMES TURNER LWM: A lot of companies seem to be hiding the fact that they’re basing their products on Linux – for example, set top boxes. Is this part of your strategy? Michael Robertson: If you look at our 4.0 version, our instant messenger is Gnome based, and it’s Gaim. Our office suite is StarOffice. Our browser is Mozilla. But rather than drown the user with all these crazy terms and names, we say “Hey, the instant messenger is really neat because you can connect to more than one network at a time. Hey, the browser’s really super because the fonts look great and you can suppress popups.” We’re focusing on the features, not the technical history. This is an approach that the Linux community really hasn’t seen yet, and we probably take a little extra heat because of that. People think that we’re slighting the Mozilla team or the Gaim team because when we talk about the instant messenger, we talk about the features, not that it’s written by the Gaim guys. Linux to the masses, and right now it’s an elitist product because you need too much technical knowledge to get up to speed. James Turner is president of Black Bear Software as well as the director of software development for Benefit Systems, Inc., and senior editor of LWM. James has written for Wired, Christian Science Monitor, and other publications and is working on his third book on open source development. [email protected] LWM: Do you think that Linux still has an “only for geeks” reputation that hurts it? Robertson: Oh sure, absolutely. Look, the features we focus on are boring and nonsexy to the technical crowd. For example, our research found that new users often get lost using Linux because different programs end up dropping them in different places when they do open or save commands. And they end up with files all over their hard disk that they can no longer find, that are buried in /usr/sbin. To technical people, that’s a silly sort of issue to bring up, but it’s the kind of thing we focus on a lot. The Linux community says, “Ah, that’s for babies. Just teach ’em how to use the find command and move on.” And we’re saying, “No, no. What we have to do is recompile hundred of programs to normalize them so they all use /MyDocuments.” So when someone says open, or someone says save, it always goes to the same spot. Those are simple things that are really discounted by the Linux community, but in our minds they’re key to making this a mass-market movement. We’re trying to bring desktop LWM: What has been your experience in selling Linux to a broad retail chain? Robertson: We’re constantly learning. For example, in 4.0, the first time you run it a beautiful multimedia demo comes up automatically and says “Welcome to desktop Linux, here’s what the icons on the desktop do, here are some basic functions,” things like that. Because even though the changes are relatively minor for those coming from an XP environment or a Mac OS 10 environment, there are enough of them that users get a little distraught when they first sit down. So we’ve gotten smarter and smarter about what’s needed to take it to a wider audience. We’ve been selling computers, both online and through mail order. And we’ve been using this as sort of a test bed to learn about users – learn where they have support issues and learn where we can do a better job. Where we’re going this summer is into retail, in a big way. You’re going to be able to walk into major retailers and see computers on the shelves with desktop Linux preinstalled. That’s really where Linux needs to go to reach the masses. So we’ve used our online experience and our mail-order experience; we do all our own technical support, so when someone calls up and says “I’m stuck, it didn’t work like I thought it would,” we’re taking note of that. We’re getting smarter and making a more polished product that better suits the mass market. We really believe that our 4.0 release is ready for the mass market. There are all sorts of consumer-friendly changes that aren’t technically sexy, like normalizing file paths, embedded tutorials in Flash, instructional videos all throughout the OS. And there are even more substantial features, like when somebody plugs in a Flash drive or a USB hard drive or CD-ROM, it pops up on the desktop. That’s never happened before in desktop Linux. www.LinuxWorld.com 71 PREMIER 2003 A talk with Michael Robertson, CEO of Lindows.com A B O UT TH E I NTE R V I E W E R INTERVIEW LWM: Making it more plug-and-play? Robertson: Absolutely. When someone plugs in a wireless card or even a USB wireless adapter, it shows up on the desktop ready to use, ready to configure and connect them to the network. So there are substantial features we’re bringing to the market in an effort to close the gap between Linux and XP. LWM: So the words “recompile the kernel” should never enter the user’s vocabulary. Robertson: Exactly. In fact, we don’t want them to hear the word kernel. We want it to be, “You click here for your browser, you click here for your IM, and if you want more software, click on the Click and Run icon and go get it.” We look at it this way. 30% of the servers running today are Linux based. People are choosing Linux because it’s affordable, powerful, and stable. All those same features are now available on the desktop side, so you’re going to see, over the next few years, that same 30% on the desktop. LWM: One of the most persistent knocks against Linux is that the desktop applications still aren’t there.When do you think that major players like Intuit and Adobe will start porting to Linux? Robertson: I don’t think you need to have those folks to bring Linux to the masses. I think a year ago, that was a very valid point, that the software wasn’t there. But that’s no longer true. Yes, there are certain holes, but the majority of the larger holes have been filled with very capable products. So you talk about Intuit – hey, we’d love to have Quicken on desktop Linux. We don’t. But we do have a product called Money Dance, which is very capable and does all the core functions, like online banking. So there are products, be they commercial or open source, that are filling the gaps. I think that complaint was a valid I’m confident that desktop Linux will have a 30%-plus market share One of the features we’re unveiling with 4.0 is a one-click major version upgrade. We’re taking users from version 3.0 to version 4.0 with one click of their mouse. This isn’t a 3.0 to 3.1–type upgrade with a couple of security patches; this is a full upgrade with a new kernel, new video drivers, you name it. New browser, new instant messenger, new e-mail client, everything. And that happens with one click. PREMIER 2003 Robertson: First of all, it’s important to assess where things are today. If you have a Microsoft product, it doesn’t mean you get to call Microsoft. You have to pay Microsoft if you want to call them and talk to them. The point here is that there’s no free support from Microsoft; in fact, if you want to call Microsoft there’s no one to call. The interesting dynamic here is that if you buy our office suite, which happens to be StarOffice, you actually get free telephone support in 24 languages, which you don’t get if you buy Microsoft Office. So the ironic twist here is that the new kids on the block, the StarOffices of the world, have said, “We have to provide better support than Microsoft to be able to win customers over.” There’s an interesting flip here, that you can get free support from a Linuxbased software developer, be it the OS or the application, often as part of the basic license, without having to engage in any service contract. If you do need additional support beyond that, of course, there are lots of organizations that you can pay to get that. And because a lot of the software is open source, you’re not beholden to any one company who can charge you whatever they want. Bottom line, there’s better support options for desktop Linux out of the box today. LWM: Some recent reports have indicated that while Linux has a lower deployment cost than Windows, it may have higher support costs. Robertson: That's propaganda from Microsoft. When you commission a study, pay them enough money and they’ll come up with any conclusion you want. Let’s look at the numbers. Microsoft makes 1 billion dollars of profit per month selling two products, the OS and the office suite. Now Microsoft can come up with all the studies they want saying they’re cheaper than the alternative, but it’s complete nonsense. LWM: For a medium- to large-size company contemplating a transition to Linux, one of their concerns is going to be,“Who is our IT support safety net?” LWM: For an enterprise, what would be the advantages to moving to a desktop Linux strategy? Robertson: Cost. Cost is the number one reason. You can expect to spend oneeighth of the cost of a Microsoft PC for a similarly equipped desktop Linux PC running Lindows OS. The second advantage is much easier maintenance and support. And I say that because they never have to deal with serial numbers, activation codes, 72 www.LinuxWorld.com complaint maybe 12 or 18 months ago, but I don’t think it’s a valid complaint anymore. INTERVIEW Putting Lindows to the Test product databases; they never need to deal with any of that because most of our products are flat-fee licenses. That’s the accounting, logistical side of things. There’s also the technical side of things; if you were here, I could show you how I can set up a new computer, click one button, and install 14 programs that we use as a standard distribution here at Lindows.com. You can’t do that on Microsoft, right? Set up your computer, click one button, and say “OK, you’re ready to go.” There are dramatic upfront savings, and then on the technical front and logistical front, additional savings and advantages for desktop Linux. LWM: Microsoft is allegedly engaging in a “kill Linux at any price” strategy. Robertson: Every major company that has partnered with Lindows.com has received a phone call from Microsoft, and that phone call has tried to extort, entice, or terrorize that person into not working with desktop Linux, specifically with Lindows.com. I’m glad this is finally coming to light, it’s not just in Asia, it’s all over the world. Listen, if you’re making a billion dollars of profit every month, you have a lot of money to throw around to kill any potential competitor, and that’s what they do. One of the things that’s so incredible is that Linux is making such strides without having major corporate backing. And that should send a message to everyone out there: “Microsoft, you can fight it all you want, but you’re trying to push back the tide.” Lindows desktop I ntrigued by the claims that Lindows was simple to install and use, we tried it ourselves. Because the 4.0 release is not yet available, we conducted the test using version 3.0. To make things a bit tougher, the test was conducted on a Toshiba Satellite 1805-S204. Because notebooks are notoriously difficult to install Linux on, we thought it would add a little challenge to the test. To say that the install was quick and easy was an understatement. When the install CD was placed in the drive and the laptop booted, the installer led us through the entire process in less than 10 minutes. Take that, Windows XP. When the laptop was rebooted, the system started up with a friendly series of help screens, eventually depositing us at the desktop with almost everything working. Although the installer hadn’t configured the wireless network card in the PCMCIA slot, it was a matter of seconds to configure it using the network wizard. For comparison, it took two days, several kernel rebuilds, and the installation of several auxilary packages to get it working under Red Hat 9.0. The only thing that didn’t work out of the box was the audio subsystem, which is evidently not supported for this laptop under Lindows yet. It is available in Red Hat 9.0, and we’ll have to see if the new 4.0 release of Lindows handles it. Installing additional packages through Lindows’ “Click and Run” system was indeed fast and easy. LindowsOS connecting to Microsoft Windows machines over a network. Sun StarOffice 6.0 can view and edit Microsoft Excel, Word, and PowerPoint documents – and save them in their native format. Conclusion: Lindows does what it promises, offers a fast and bulletproof install of Linux with a user-friendly interface. LWM: Where do you see Lindows.com in five years? Robertson: I’m confident that desktop Linux will have a 30%-plus market share. Here’s why: pick any industry in the world, I don’t care, look around your office. Whether there’s a pair of shoes in the corner or a Pepsi on your desk, there’s always room for a low-cost provider. That goes for any industry except for software, except for the OS. And that’s going to change. Linux is going to be Southwest Airlines of IT. They may not have the majority of the business, but they have a significant piece of the business. Where do I hope we’ll be? I hope we’ll be the leader in securing that 30% market share. I think the impact of desktop Linux in five years will not be measured just in the market share that Linux has, but in structural cost changes that Microsoft is going to be compelled to do to blunt the impact of desktop Linux on their business. LINUXWORLD MAGAZINE WWW.LINUXWORLD.COM www.LinuxWorld.com 73 PREMIER 2003 BUSINESS APPS Ensuring Availability of Applications on Linux The right solution for your business You’re taking the plunge – moving your business applications to Linux to join BY B O B W I L L I A M S O N have correctly identified your business availability needs. those who have already realized significant cost savings by deploying commodity servers and an open source operating environment. You have one lingering doubt: Will you get the same level of application availability in your new $50,000 environment that you enjoy in your existing $500,000 environment? Reasonable concern. After all, you get what you pay for. Or do you? n the past, the cost and complexity of high availability (HA) solutions made economic sense only for elite business networks and for systems running high-end mission-critical applications. The building of highly available and protected systems required purchasing specialized hardware and implementing proprietary interfaces. Those who could not afford such a solution tolerated a certain amount of system downtime. I The Cost of Downtime Today’s businesses and customers require HA solutions across the board, at an affordable price. A global business needs 24-hour access to information 365 days a year. In an Internet service model, organizations must anticipate customers arriving at their Web site and business partners interacting with their systems at any hour of any day. For many businesses the words “regular business hours” have no meaning. The cost of downtime, whether unplanned or scheduled, can have substantial negative revenue impact – in terms of immediately lost business and productivity, as well as the subsequent effect of a potential loss of customer loyalty and confidence (see Table 1). What does one hour of critical system downtime cost your business? Can you afford this loss? In today’s Web-enabled economy, customers who can’t access a Web site or service they desire are only a click away from a competitor! High Availability Clustering as a Solution Bob Williamson, vice president of engineering at SteelEye Technology, has over 20 years of experience in the design and development of high availability solutions on Linux, Windows, and Unix platforms. Bob is a frequent contributor to industry journals and is a regular speaker at trade shows and conferences worldwide. [email protected] There is a solution. By combining commodity Intel servers with Linux and HA clustering solutions, businesses can achieve between 99.99% and 99.999% uptime for business-critical applications at a fraction of the cost historically associated with proprietary RISC-based systems. Thus, you can plan on between just 8 and 55 minutes of downtime, for both planned and unplanned outages, for an entire year. And this is for everything – from your mail server to your business-critical financial management or manufacturing systems. There are a number of HA solutions available for Linux. Choosing one that meets your business objectives is simple if you know a few key points about HA and PREMIER 2003 74 A B O UT TH E A UTH O R What Level of Availability Is Right for My Business? To understand the HA needs of your business, use the following questions to do a self-assessment: • Among my applications and services, which can I least afford to have unavailable to users and customers? • For each of these, what is the actual monetary cost associated with each hour of downtime? • To protect against this loss, what am I willing to spend? • How long would it take me to get the most critical business functions operational following a disaster hitting my data center? • Should I invest in an HA solution that enables me to resume business operations in minutes rather than days following some catastrophic event? With this data on hand, you can identify your availability needs and make more informed decisions regarding the investment your business requires to ensure the uptime that your customers and business partners demand. Selecting the Most Appropriate High Availability Solution The Availability Equation, Trestore = Tdetect + Trecover, illustrates how the total time required to restore an application to usability is equal to the time it takes to detect that an application is experiencing a problem plus the time needed to perform some recovery action. This equation introduces the key concepts of HA clustering: problem detection and subsequent recovery. In essence, HA solutions monitor the health of business application components www.LinuxWorld.com BUSINESS APPS and, upon detection of problems, take actions to restore them to service. Because the objective of deploying an HA solution is to minimize downtime, working to reduce detection and recovery times is key among the tasks of the solution that you choose to deploy. Since today’s applications are in fact combinations of multiple technologies, as you survey the options available, be certain to understand the technology used to detect and recover from all outage types including server, storage network, application, and database. Each has a direct impact upon service restoration times. Local Detection and Recovery One technology factor that is critical to providing the fastest possible restoration time is the ability to perform “local detection and recovery.” In a basic clustering solution, a number of servers are connected together and configured such that one or more servers can take over the operations of another in the event of a server failure. The server nodes in the cluster continuously send small data packets, often called heartbeat signals, to each other to indicate “I’m Alive.” In simple clustered environments, when one server stops generating heartbeats other cluster members assume that this server is down and begin the process of taking over responsibility for that server’s domain of operation. This approach is adequate for detecting failure at a gross server level. However, in the case of problems that do not cause the interruption of heartbeat sig- nals, server-level detection is not just inadequate, it can actually magnify the extent and impact of an outage. For example, if Apache processes hang, the server may still send heartbeats even though the Web server subsystem has ceased to perform the system’s primary function. Rather than restart just the Apache subsystem on the same or a different server, a basic serverlevel clustering solution would restart the entire software stack of the failed server on a back-up server, thereby causing interruption to other users of the server as well as extending the time to recover. Advanced clustering solutions provide a broad range of additional mechanisms to detect problems at a more granular level and enable recovery actions to be tailored to specific problems. Using local detection and recovery, advanced clustering solutions deploy health monitoring agents within the individual cluster servers to monitor individual system components such as a file system, database, user-level application, IP address, etc. These agents use heuristics specific to the system component being monitored so that they can predict and detect operational issues and then take whatever recovery action is most appropriate. Often, the most efficient recovery method is to stop and restart the problem subsystem on the same server. This is much faster and has far less impact, and it’s therefore a less costly recovery method than migrating all application components to a standby server. By detecting failures at a more granular level than simple serverlevel heartbeats, and by enabling recovery ................................................................................................... Business .....................................................................Operation Average Cost per Hour of Downtime Communications: ...............................................Converged Services $10.0 million Financial: ......................................................Brokerage Operations $6.45 million Financial: ........................................Credit Card/Sales Authorization $2.6 million Corporate Infrastructure:..........................................................ERP $780,000 Media: ......................................................................Pay Per View $150,000 Transportation: .....................................................Airline Ticketing $89,500 Media: ...............................................................Event Ticket Sales $69,000 TABLE 1 THE COST OF DOWNTIME SOURCE: GARTNER, DATAQUEST, AND OTHERS www.LinuxWorld.com 75 within the same physical server, the time required to restore an application to user availability is greatly reduced. Make certain that the HA solution you deploy can support local detection and recovery. Scalability and Flexibility There are a number of additional criteria against which you should measure any HA solution. The ability of the solution to scale and flex as your business needs change is key. Within the world of HA clustering there are many dimensions of scalability and flexibility. For example, two methods exist for making your business data available to all nodes in an HA cluster: shared storage and data replication. Each is appropriate for certain environments, but how do you decide which is right for you? As important as deciding this is ensuring that the solution you choose can support both shared storage and replication configurations – so that regardless of how your business needs evolve, the most appropriate storage configuration can always be deployed and the option to make any application highly available remains always open. All HA solutions support shared storage configurations where the data needed by clustered applications resides on either directly attached SCSI or fiber-attached storage devices. All nodes in the cluster can access the storage device and as the cluster software migrates applications between servers during recovery, data paths between servers and the storage device are automatically reconfigured. While a shared storage configuration may be the correct choice for a number of deployments, there are some considerations that will make it less than ideal for others. Primary among these is the expense of purchasing, deploying, and maintaining a shared storage configuration. With prices ranging from several thousand to several hundred thousand dollars, small to medium-sized businesses as well as branch and departmental organizations may find shared storage to be cost prohibitive. An alternative is to make use of data replication technology so that any data required by the application being protected is stored in the internal disks of all systems within the cluster. All writes of data to the primary disk of the system actively running PREMIER 2003 Level of Protection BUSINESS APPS Two Node Data Replication LAN 2 to 4 Node Failover SCSI LAN n Node Failover Fiber Channel SAN Disaster Recovery Cluster Replication WAN Breadth of Capability FIGURE 1 One-to-Many Clustering – Granular Flexibility SPECTRUM OF CLUSTER CONFIGURATION the application are replicated to the disks of systems acting as standby nodes. This way, if the standby node should need to take over for the primary system, all required data is available locally. The cost and complexity of shared storage is eliminated while still allowing for full HA. In addition to cost, another factor in deciding whether to deploy a shared storage or a data replication cluster is the geographical distance between the nodes. Both SCSI and fiber have distance limitations that for practical purposes limit the placement of nodes within the cluster to a LAN environment. If you’re deploying a cluster between two locations across a WAN to provide disaster recovery protection for one of your sites, then you will make use of data replication to mirror your business data between the two facilities. So, data replication technology plays two roles: it enables you to deploy an HA cluster at a lower price point and it supports the building of a stretch cluster across geographies for disaster recovery purposes. Be certain that the HA clustering solution you choose supports data replication clusters as well as conventional shared storage. With both data replication and shared storage configurations available, you can decide where among the clustering schemas shown in Figure 1 you should enter the HA world. By choosing a solution that can accommodate all deployment scenarios, you ensure that as your needs change, you can deploy the best solution for your environment. Another scalability factor to be considered is the number of nodes that can be supported in a cluster. Entry-level HA solutions limit you to a single two-node cluster, typically in active-passive mode. While this does provide a level of increased availability by the addition of a standby server, it can still leave you exposed to application downtime. PREMIER 2003 Active-active in a two-plus server HA cluster environment thereby offers the important advantage of not requiring an idle, standby server for every active cluster member. The ability to fully exploit the resources of every server in an HA cluster simultaneously provides greater protection and increased return on investment in valuable server resources. The Value of Active-Active Configuration In a two-node cluster configuration, if one server is down for any reason, then the single remaining server becomes a single point of failure. However, by deploying three or more nodes clustered together, you not only gain the ability to provide higher levels of protection, but you can also build configurations that are highly scalable. Two examples of such cluster configurations are commonly referred to as Many-to-One and One-to-Many. In a One-to-Many configuration, the domain of responsibility of the failed server is divided among a number of other servers in the cluster. In addition to enhancing overall availability by distributing points of failure, this approach of splitting a primary server’s responsibilities in combination with active-active configuration offers significant economic benefits that further marginalize the cost of HA. This is because the ability to failover individual services in active-active mode to multiple servers eliminates the requirement for a potentially large and therefore more costly server to be provisioned purely for the purposes of providing backup in the event of failure. Many-to-One Clustering – Increasing ROI In a Many-to-One configuration, a single standby server backs up a number of active servers (see Figure 2). If any one of the active servers should fail, the standby node will take over its operation. However, if a second active node should fail, that server’s workload would then also become the responsibility of the single backup server, thereby requiring it to be able to work in an active-active mode. FIGURE 2 MANY-TO-ONE CONFIGURATION 76 Summary Deploying business-critical applications on Linux makes tremendous economic sense and establishes an economic model that supports the business case for HA solutions across a much broader range of business systems than could be justified for proprietary technical environments. This ability to reduce costs while enabling organizations to build out their IT infrastructures is a key factor accelerating the adoption of Linux. In making the decision as to which HA clustering solution you should deploy, the first step is to understand your business HA needs. Once your current requirements are determined, it is vital to understand that these requirements will most likely change over time. Your selection criteria therefore will ideally incorporate the ability to evolve and make changes without requiring technology reinvestment or incurring disruption to users and customers caused by the need to reengineer to your environment. Occasionally, basic solutions can suffice. But given the reality of “you get what you pay for” it is better still to explore the full range of technical possibilities and make your selection based upon meeting current requirements while providing flexibility for the future. LINUXWORLD MAGAZINE WWW.LINUXWORLD.COM www.LinuxWorld.com www.LinuxWorld.com The Leading Magazine for Enterprise and IT Management LinuxWorld Magazine Regular features include: Advice on Linux Infrastructure Detailed Software Reviews There is no escaping the penetration of Linux into the corporate world. Traditional models are being turned on their head as the open-for-everyone Linux bandwagon rolls forward. Linux is an operating system that is traditionally held in the highest esteem by the hardcore or geek from the “if it’s broke, then fix it yourself” attitude. Hardware Advice $ Latest News That Matters boardroom. Yet until now, no title has existed that explicitly addresses this new hunger for information from REGULAR ANNUAL COVER PRICE $71.76 YOU PAY ONLY Recruiting/Certification Advice Major corporations including IBM, Oracle, Sun, and Dell have all committed significant resources and money to ensure their strategy for the future involves Linux. Linux has arrived at the OFF! Migration Advice CEO Guest Editorials developers of the world. With its roots firmly seeded in the open-source model, Linux is very much born SAVE 30% Case Studies the corporate arena. LinuxWorld Magazine is aimed squarely at providing this group with the knowledge and background necessary to make decisions to utilize the Linux operating system. Look for all the strategic information required to better inform the community on how powerful an alternative Linux can be. LinuxWorld Magazine does not feature low-level code snippets but focuses instead on the higher logistical level, providing advice on hardware, to software, through to the recruiting of trained personnel required to successfully deploy a Linux-based solution. Each month presents a different focus, allowing a detailed analysis of all the components that 99 49 12 ISSUES/YR *OFFER SUBJECT TO CHANGE WITHOUT NOTICE SUBSCRIBE TODAY! WWW.SYS-CON.COM OR CALL 1-888-303-5282 make up the greater Linux landscape. FOR ADVERTISING INFORMATION: CALL 201 802.3020 OR VISIT WWW.SYS-CON.COM LINUXWORLD® IS THE REGISTERED TRADEMARK OF INTERNATIONAL DATA GROUP, INC. SYS-CON IS USING THE MARK PURSUANT TO A LICENSE AGREEMENT FROM IDG The World’s Leading i-Technology Publisher INTERVIEW Who Owns ? Unix An exclusive interview with esr A B O UT E R I C S. R AYM O N D Eric S. Raymond is an observer-participant anthropologist in the Internet hacker culture. His research has helped explain the decentralized open source model of software development that has proven so effective in the evolution of the Internet. His own software projects include one of the Internet's most widely used e-mail transport programs. PREMIER 2003 78 www.LinuxWorld.com INTERVIEW I NTE R V I E W E D BY KE V I N B E D E L L Eric Raymond has the unique ability to focus on low-level technical details while at the same time tracking the highest-level technology trends. His book The Cathedral This is also an attempt to send a powerful message to potential future litigants: it’s not safe to mess with the open source community because we can bite back. and the Bazaar is both a great history of early Linux development and a great introduction to the workings and the culture of the open source community. Eric (who is often referred to simply as ‘esr’) has been associated with the Unix community for 20 years. He’s contributed code to different versions of Unix, spoken frequently as an open source advocate, and has a new book coming out – The Art of Unix Programming. Eric is president and cofounder of the Open Source Initiative (OSI). n response to the SCO lawsuit, Eric (with consultant Rob Landley) wrote the “OSI Position Paper on the SCOvs.-IBM Complaint.” This position paper addresses in detail SCO’s claims of intellectual property ownership over Linux. The paper has been widely read and is considered by many to be the best analysis of the topic available. In short, the paper addresses the question, “Who owns Unix?”. LWM was able to catch up with Eric on the day of the Novell announcement that SCO did not own the patents or copyrights to Unix. I LWM: In a nutshell, what exactly is SCO trying to do? esr: What they were trying to do, I think, was shake IBM down for a payoff or a buyout offer. That has blown up in their face, especially now that Novell has made a public statement that all but accuses SCO of lying about the disposition of the IP. But now they have to play this losing hand out to the end – because admitting that they knew they didn’t have a real case to begin with might land their management in jail for fraud and harassment. LWM: So tell me about the position paper you developed.Why did you and Rob Landley write it? esr: I was trying to do two things really. www.LinuxWorld.com One, I was trying to give IBM ammunition. Two, I knew the open source community would have to respond to SCO’s attack sooner or later, and that it would be better if it was sooner – before SCO’s propaganda (if any) had time to take hold. But part of why I was upset didn’t have anything to do with Linux. I’m actually an old Unix developer – back to 1982. I wasn’t one of the original developers of Unix (though I’ve contributed code to Linux and the BSD Unixes), but I know those guys and they know me. The SCO complaint was insulting. It was SCO claiming that they owned all the code that we wrote – and then using that claim to harm Linux. LWM: What’s happening with your “No Secrets” effort? esr: I’m trying to prove that the proprietary Unix vendors don’t have any trade secrets. Right now I have enough people willing to sign affidavits about having uncontrolled read access to Unix source code that I can show there’s been a pervasive failure to enforce even the minimum level of nondisclosure required to maintain trade secrecy. Thousands of people who have seen the Unix source code were never under nondisclosure. This is the kind of evidence that destroys trade-secrecy status. If SCO continues, I’ll get enough signed affidavits to prove that they have no trade secrets. 79 LWM: And what is IBM’s position on all this? esr: You’ll have to ask IBM that. I’m their ally in this, not their spokesperson. LWM: For readers who may be unfamiliar with your work in this area, can you share some of your background with open source and Linux? esr: I wrote the foundational paper on open source development, ran the meeting where the term “open source” was invented, and have been one of the community’s principal ambassadors to the rest of the world for the last five years. I am the president of the Open Source Initiative, one of the community’s two leading advocacy organizations. LWM: What is the position of the Open Source Initiative on this issue? esr: We believe SCO’s claims are utterly without merit. In much of their complaint they seem to be, plainly and simply, lying through their teeth. We have published a detailed rebuttal at www.opensource.org/sco-vsibm.html. It looks even stronger than it did in light of Novell publicly announcing that they, not SCO, own the Unix patents. LWM: So, who owns Unix? esr: Legally, it’s very unclear. Novell holds the patents. The OpenGroup owns the trademark. The copyrights are in some A B O UT TH E I NTE R V I E W E R Kevin Bedell is editor-in-chief of LinuxWorld Magazine. With a degree in engineering as well as an MBA and years of experience as a developer, architect, team lead, and department manager, Kevin has seen all sides of this puzzle. He recently authored a book on Jakarta Struts for SAMS Publishing and is working on a book on Apache Axis for O’Reilly. [email protected] PREMIER 2003 INTERVIEW weird limbo – first Novell came out and said they owned them, but SCO now claims to own them under the terms of Caldera’s deal with Novell and Novell is keeping mum. The one thing we do know is that the transfer of the copyrights (if any) was never recorded with the U.S. Patent and Trademark Office. That has interesting legal implications, and may be the reason SCO hasn’t come out and made an explicit copyright-infringement claim in the lawsuit. Ethically, OSI’s position is that Unix belongs to the distributed development community that wrote it. SCO’s threats broke the tacit understanding that kept us from asserting this for 30 years. It used to be that we agreed not to fuss over the fact that AT&T or Unix Systems Labs or Novell or SCO were claiming to own the code as long as they agreed not to fuss over the fact that every senior Unix developer had a technically illicit copy of the source code in his hip pocket. (http://biz.yahoo.com/prnews/030528/law05 9_1.html) basically admitted they’ve got no grounds to sue anybody but IBM. SCO have since changed their minds, but I think this is just bluster. Furthermore, the various lawyers I’ve talked with agree that it’s just bluster. When you think you have a strong case in court, you don’t fight it in the media. SCO would scare me worse of they weren’t huffing and puffing. LWM: If you were a manager in a company considering using Linux for a first project, would this lawsuit impact your decision to give Linux a try? esr: Not at all. Ignoring the occasional FUD storm is part of the job. LWM: In your book The Cathedral and the Bazaar you describe the Linux development process as being like a bazaar, where all kinds of people with all kinds of interests “Legally, it now appears that Novell still owns Unix. They have the patents, and they’re claiming to hold the copyrights as well” Everybody took code from everybody. AT&T used Berkeley and Xenix code and got called on it during a 1993 lawsuit. Truth is, the rights picture is so tangled that nobody’s theory of ownership would stand close scrutiny of the source code’s history. The law of intellectual property doesn’t handle this kind of situation well. The equitable thing to do would be to just give up, throw it open, and admit it belongs to the hackers. LWM: What do you see as the potential downside risk for companies using Linux? Will SCO try to sue everybody? esr: The risk dropped to zero last May 28 with Novell’s announcements. SCO’s response are developing different pieces. Is Linux development still that way? How has it changed? esr: If it has changed, it has changed by becoming more conscious and better organized. I played a part in that by giving people language with which to reflect on what they’re doing. LWM: What do you think will happen with this suit? Any idea how long it might be before it becomes clear what’s going to happen? esr: They can’t win, not in front of a judge with any brain cells operating – and the word on His Honor Dale Kimball is that he’s a sharp guy. Timeframe? Who knows. These things can drag on for years. LWM: How can the Linux community ensure that Linux stays free of IP claims in the future? Can there be a process instituted that ensures this doesn’t happen again? esr: See my “No Secrets” page for an example of what network activism can do (www.catb.org/~esr). I’ve collected nearly 100 responses, with at least 40 people willing to sign affidavits. I think we can prove that there are no trade secrets in Linux. I think we can use the same methods to turn up prior art in patents cases. LWM: Switching gears a bit, in the IBM -vSCO analysis on the OSI Web site (www.open source.org/sco-vs-ibm.html), you referred to a “seismic shift” occuring right now in the software industry. Can you explain what you meant? esr: I already have. Readers should go to www.opensource.org/sco-vsibm.html#seismic for the story. LWM: Will all applications eventually be open sourced? Which kinds might not? esr: I don’t think it will be all – there are economic circumstances in which closed source makes sense, though they’re not common. I think “most” is a fairly safe bet, though. I’ve discussed this at length in my paper “The Magic Cauldron.” LWM: What will the software industry look like in five years? esr: A lot like the legal profession does now, I think. Independent software firms will be like law firms, partnership organizations of professionals. Other programmers will work in-house at corporations the way that corporate lawyers do now. Programmers in general will be operating from a common open source base; secrecy will be a feature mainly of legacy software. Regarding outsourcing and offshore development – one thing you can’t outsource is getting inside a customer’s mind. You can’t move face-to-face, person-toperson communications and design offshore. You can outsource cookie-cutter code, but I predict a lot of companies are going to discover they’re paying for large portions of code that don’t match their requirements. One of the things we know is that the most effective ways of writing software involve a series of interactions – a succession of prototypes – using continuous feedback. You can’t do that if your customer’s in Teaneck, New Jersey, and your developers are in Bangalore. LINUXWORLD MAGAZINE WWW.LINUXWORLD.COM PREMIER 2003 80 www.LinuxWorld.com International Web Services Conference & Expo Web Services Edgeg SEPT. 30 -- OCT.2, 2003 3rd Annual • Take in tutorials covering .NET & Web services • Listen to success stories ER REG ISTY! TODA -3058 • Evaluate case studies & best practices 02 ge 01-8 CALL 2s-con.com/ed d • Experience hands-on labs y an www.ster by September 5th Regis 2003 WEST Santa Clara, California A U G U S T SAVE Up To $200 KEYNOTE SPEAKERS Vermeulen Magee Litwack CTO VP, Oracle 9i Senior VP Schmidt VP, Systems Integration Education Sponsors: Event Sponsors: Owned and Produced by: SPECIAL INSERT: WEB SERVICES EDGE 2003 DELIVERING .NET, NET JAVA JAVA, MAC OS XX, AND XML TECHNOLOGIES Media Sponsors: 2 0 0 3 www.WBT2.com 43 SPECIAL INSERT: WEB SERVICES EDGE 2003 SEPT.30 ---OCT.2,2003 Santa Clara Convention Center FEATURES & ATTRACTIONS 3 Days Packed with Education and Training Keynotes & Panel Discussions from Industry Leaders 60 Hard-hitting and Informative Seminars FREE Web Services Workshop Presented by Oracle FREE .NET Tutorial with Microsoft’s Russ’ Tool Shed Java University Certification Training Industry-Leading Certification Programs FREE IBM Web Services Tutorial “Birds of a Feather” Discussions Round Table Discussions Opening Day Welcome Reception SAMS Meet the Authors Hot Topics Lounge ore Compelling Case Studies & Best Practices m For Hands-On Labs Featured Product Demonstrations Exhibit Floor featuring more than 40 companies and hundreds of products Real-time SYS-CON Radio Interviews CEO CTO Software Developer CIO Software Engineer IT Director 44 Development Manager Project Manager isit v tion com a . rm info -con ys call s . ww or w WHO SHOULD ATTEND 9 6 0 3 2 0 8 201 Application Developer Technical Director Analyst/Programmer IT Manager Technical Architect Team Leader Java and Java-based marks are trademarks or registered trademarks of Sun Microsystems, Inc., in the United States and other countries. SYS-CON Publications, www.WBT2.com A Inc., Uis G U S Software T 2 Consultant 0 0 3 independent of Sun Microsystems, Inc. All brand and product names used on these pages are trade names, service marks or trademarks of their respective companies. Allan Vermeulen John Magee David Litwack John Schmidt CTO, Amazon.com Sept. 30 10:00 a.m. “Web Services Foundations” Allan Vermeulen, CTO and vice president at Amazon.com, directly oversees the Platform Technologies group. This group is responsible for guiding Amazon.com's technology architecture, including building and acquiring foundational components. Prior to his move to Amazon.com, Vermeulen was CTO and vice president of development at Rogue Wave Software. He holds a PhD in systems design engineering from the University of Waterloo. Vice President, Oracle9i Application Server, Oracle Oct. 1 10:00 a.m. “J2EE Development on the Grid” John Magee is vice president of Oracle9i Application Server and Oracle9i Developer Suite at Oracle. Mr. Magee has over 14 years of experience in the enterprise software industry and has held positions in product development, product management, and product marketing. In his current role, he manages technical product marketing for Oracle’s application server and development tools products, and is responsible for evangelizing Oracle technology initiatives around J2EE, XML, and Web services. Senior Vice President,Web Application Development Products, Novell Sept. 30 2:00 p.m. “Business Integration and IT” Keynote Panel David A. Litwack is senior vice president of Web Application Development Products, responsible for the development and advancement of Novellís secure Web services strategy. Mr. Litwack assumed his current position in July 2002 following Novellís acquisition of SilverStream Software, a company for which Litwack had served as president and CEO since 1997. Leader of Systems Integration and Middleware, Best Buy Co. Sept. 30 2:00 p.m. “Business Integration and IT” Keynote Panel John Schmidt is the chairman of the Methodology Committee for the EAI Industry Consortium and leader of systems integration and middleware at Best Buy Co., a leading specialty retailer of consumer electronics, personal computers, entertainment software, and appliances. Jon Bosak Dave Chappell Distinguished Engineer, Sun Microsystems Jon Bosak organized and led the W3C working group that created the XML specification and then served for two years as chair of the W3C XML Coordination Group. At Sun, where he holds the title of Distinguished Engineer, Mr. Bosak sponsors projects intended to advance XML technology. He is currently chair of the Universal Business Language (UBL) Technical Committee of OASIS. VP, Chief Technology Evangelist, Sonic Software Dave Chappell is the vice president and chief technology evangelist for Sonic Software. He has more than 18 years of industry experience building software tools and infrastructure for application developers, spanning all aspects of R&D, sales, marketing, and support services. Dave has also been published in numerous technical journals, and is currently writing a series of contributed articles for Java Developer’s Journal. Hotel & Travel Reserve Your Hotel Room Now At The Westin Santa Clara! The Official Conference Hotel of Web Services Edge West 2003 The Westin Santa Clara 5101 Great America Parkway Santa Clara, CA 95054 Arrangements have been made with the Westin Santa Clara, which is conveniently located at The Santa Clara Convention Center. Specially reduced rates have been secured at this luxury, full-service hotel. Single Occupancy Room: $165.00 Double Occupancy Room: $165.00 SPECIAL DISCOUNTS AVAILABLE A U G U All rooms are quoted exclusive of applicable state and local taxes which are currently 9.5% as well as the California State Tourism Tax of 0.045%. The above rates are group rates and are available for Web Services Edge 2003 delegates, over the show dates of September 28 – October 3, 2003, only. To learn more about The Westin Santa Clara you can contact the hotel directly or you can make your reservations by calling Expo Travel International at (800) 829-2281 or (201) 444-0060 (direct). Fax reservations to (201) 4440062. Credit card information is required to guarantee reservations and expedite confirmation. Confirmations will be mailed directly from the hotel, Anne Thomas Manes Research Director, Burton Group Anne Thomas Manes is a research director at Burton Group, a research, consulting, and advisory firm. Anne leads research for the Application Platform Strategies service. Named one of NetworkWorld's “50 Most Powerful People in Networking” in 2002, and one of Enterprise Systems Journal's “Power 100 IT Leaders” in 2001, Anne is a renowned technologist in the Web services space. Anne participates in standards development at W3C and OASIS. 2 0 0 3 President, JBoss Marc Fleury, PhD, is chief technical officer for Telkel, Inc. He is the leader of the JBoss project (www.jboss.org), which is an open source EJB server. Marc is based out of Silicon Valley and founded the project upon leaving Sun Microsystems. He was one of the main developers behind JBoss 1.0 and 2.0. Marc is the “keeper” of the project. He founded the Jboss Group, a company regrouping the elite developers of Jboss to consult around Jboss. To make online reservations: Hotel Arrangements Are Easier Than Ever! You have your choice – contact the hotel directly or call us. The Official Conference travel agent, Expo Travel International. www.expotravel.com by September 12, 2003. Official Conference Travel Agent: time permitting. All changes and cancellations should be made directly through Expo Travel International. Reservations received after September 12, 2003, will be accepted on a spaceavailable basis only, at the special rate, if available. Contact Information: The Westin Santa Clara Reservations: Tel: 408 986-0700 Fax: 408 980-3990 Take advantage of the Early Bird and Preregistration values available right now, or save even more with a group of 5 or more. For special group discounts contact Michael Lynch at [email protected], or by phone at (201) 802-3058. S T Marc Fleury SPECIAL INSERT: WEB SERVICES EDGE 2003 KEYNOTES & HIGHLIGHTED SPEAKERS Expo Travel International Toll Free: (800) 829-2281 Tel: (201) 444-0060 Fax reservations to (201) 444-0062 Driving Directions to Westin Santa Clara from San Jose Airport: Highway 101 North. Exit at Great America Parkway/Bowers. Turn Right onto Great America Parkway; hotel is about 1.5 miles down on the right side. PRODUCED BY www.WBT2.com 45 TUESDAY, SEPTEMBER 30 JAVA .NET REGISTRATION 9:00AM – 9:50AM The Next Phase in Evolution of J2EE 10:00AM – 10:50AM Keynote - “Web Services Foundations” - Allen Vermeulen, CTO and Vice President, Amazon.com 11:00AM – 6:00PM EXPO OPEN 2:00PM – 2:50PM Keynote Panel Discussion - Business Integration and i-Technology 3:00PM – 3:50PM Ant Applied in “Real World” Web Services Smart Devices in the Enterprise Developing Applications with SWT Using the Mobile Internet Toolkit Web Services Orchestration 4:00PM – 4:50PM Introduction to ROTOR ID, Please. The Case for Giving Web Services an Identity 5:00PM OPENING NIGHT RECEPTION 8:00AM – 4:00PM REGISTRATION Using WSE 2.0 9:00 AM – 9:50AM Building Interoperable Web Services Using WS-I Basic Profile Morning Keynote - “J2EE Development on the Grid” - John Magee, Vice President, Oracle9i, Oracle 11:00AM – 4:00PM EXPO OPEN 2:00PM – 2:50PM Keynote Panel Discussion - Interoperability: Is Web Services Delivering? JUnit: Testing Your Java with JUnit Using Portable .NET WS-BPEL JDK1.5: The Tiger ASP.NET with Mono UDDI: Dead or Alive? Squeezing Java Using WSE with IBM’s Web Services Tool Kit Web Services Choreography, Management, and Security - Can They Dance Together? Success Story: Eiffel, .NET, and Design by Contract for the Financial Industry Strategies for Securing Web Services .NET IDE’s Web Services Progress Report Windows SharePoint Services The Seven Habits of Highly Effective Enterprise Service Buses (ESBs) 3:00PM – 3:50PM 4:00PM – 4:50PM 8:00AM – 4:00PM REGISTRATION Leveraging AOP in JBoss 9:00 AM – 9:50AM THURSDAY, OCTOBER 2 Web Services Management 10:00AM – 10:50AM 5:00PM – 6:00PM 10:00AM – 10:50AM 11:00AM – 11:50AM Technical Keynote Apache Axis 12:00PM LUNCH 1:00PM – 1:50PM Meeting the Challenges of J2ME Development 2:00PM – 2:50PM Keynote Panel Discussion - Summit on Web Services Standards 3:00PM – 3:50PM 4:00PM – 5:00PM 46 WEB SERVICES 8:00AM – 4:00PM Empowering Java and RSS for Blogging WEDNESDAY, OCTOBER 1 SPECIAL INSERT: WEB SERVICES EDGE 2003 Conference at-a-Glance www.WBT2.com Simplifying J2EE Applications BizTalk 2004 See www.sys-con.com for more information Integrating Java + .NET See www.sys-con.com for more information See www.sys-con.com for more information REGISTER BY SEPTEMBER 5th — SAVE UP TO 2$200 A U G U S T 0 0 3 Introduction to Xforms MAC OS X Introducing OS X (Panther) What's New? Workshop FREE Web Services presented by October 1, 2003 Securing Your XML and Web Services Infrastructure UBL - The Universal Business Language Standards-Based Enterprise Middleware Using XML/Web Services Programming Rich User Interfaces Using Cocoa Quick Applications Using AppleScript Java and OS X: A Perfect Marriage SHARPEN YOUR SKILLS, DEVELOP YOUR CAREER Web services? You’ve read all the ins and outs about it. You think you have the concepts pretty well figured out. Now you are not sure where and how to start developing your first Web service. Get the answer at this free Web services workshop offered by Oracle as part of its Oracle Developer Days roadshow! Oracle’s workshop is specifically designed to get you started with your first Web service project, with a combination of presentations and hands-on labs that take you deep into the technology and let you put in action what you’ve learned. Oracle’s experts will be available throughout the workshop to answer all your questions and assist you while you are going through the labs. The workshop gives tips and techniques on how best to develop and deploy Web services and addresses topics such as RPC and Document Style Web services, static and dynamic invocation, stateless Web services and more. The second part of the workshop is dedicated to the new J2EE API for Web services available as part of J2EE 1.4. XML and Enterprise Architecture: Technology Trends Enterprise Java and OS X Using XML Schemas Effectively in WSDL Design Developing Web Services Using WebObjects Canonical Documents for Your Business: Design Strategies Cocoa, Carbon, Java: Application Frameworks for OS X (When to Use What) XML and the Fortune 500 Securing OS X Applications XML at Work in ‘Fortune 500’ Companies Xserve: Ease of OS X and Power of Unix Going through the hands-on labs at your own pace, you will learn how to publish a Java class as a J2EE stateless or stateful Web service, publish a session EJB as a J2EE Web service, and publish a J2EE Web service using JAX-RPC. Space is LIMITED to the first 100 attendees. Register now for this FREE workshop. Computers will be provided by the Oracle Developer Days team with all the necessary software, so there’s no need to bring your own computer. SPECIAL INSERT: WEB SERVICES EDGE 2003 XML AGENDA 7:30-8:00 am – Registration 8:00-9:00 am – Session #1 – Best Practices for Web Services Development & Deployment 9:00-10:00 am – Lab #1 – Publish a Java Class as a J2EE Stateless or Stateful Web Service 10:00-10:50 am – John Magee, VP, Oracle – Keynote (BREAK) 11:00 am-12:00 pm – Expo Floor Time 12:00-1:00 pm – Session #2 (WORKING LUNCH) – J2EE APIs for Web Services 1:00-2:00 pm – Lab #2- Publish a Session EJB as a J2EE Web Service 2:00-2:30 pm – Expo Floor Time (BREAK) 2:30-3:00 pm – Lab #3- Publish a J2EE Web Service Using JAX-RPC PRESENTERS XML Schema Best Practices OS X for the Unix Developer See www.sys-con.com for more information Introducing Quartz: 2D Graphics for Apple See www.sys-con.com for more information See www.sys-con.com for more information Arun Srinivasan, Director of Product Management, Java Tools, Oracle Rob Clark, Director of Product Management, J2EE, Oracle Mike Lehmann, Product Manager, Web Services, Oracle9iAS and Oracle9i JDeveloper, Oracle FREE Oracle Tutorial when you register for a VIP Pass Guarantee your seat when you register for a Full Conference Pass Register Online at www.sys-con.com/edge PROGRAM SUBJECT TO CHANGE www.sys-con.com/edge • 201-802-3058 2 0 0 3 A U G U S T www.WBT2.com 47 SPECIAL INSERT: WEB SERVICES EDGE 2003 48 REGISTRATION FORM CONFERENCE: Sept. 30 – Oct. 2, 2003 EXPO: Sept. 30 – Oct. 1, 2003 Santa Clara Convention Center • Santa Clara, CA THREE WAYS TO REGISTER FOR CONFERENCE 1) On the Web: Credit Cards or “Bill Me.” Please make checks payable to SYS-CON Events. 2) By Fax: Credit Cards or “Bill Me” 201-782-9651 3) By Mail: 135 Chestnut Ridge Road, Montvale, New Jersey 07645, Attention: Registration Please note: Registrations are not confirmed until payment is received. Please complete sections 1, 2, 3 and 4 1 YOUR INFORMATION (Please Print) Mr. Ms. First Name ________________________________Last Name __________________________________________ B. Business/Industry Title __________________________________________________________________________________________ ❑ Computer Software ❑ Computer Hardware and Electronics ❑ Computer Networking & Telecommunications ❑ Internet/Web/E-commerce ❑ Consulting & Systems Integrator ❑ Financial Services ❑ Manufacturing ❑ Wholesale/Retail/Distribution ❑ Transportation ❑ Travel/Hospitality Company ______________________________________________________________________________________ Street ________________________________________________________________________________________ Mail Stop ______________________________________________________________________________________ City __________________________________________________________________________________________ State________________________________Zip ____________________Country __________________________ Phone ________________________________________________________________________________________ Fax ____________________________________________E-Mail ________________________________________ 2 4 A. Your Job Title ❑ CTO, CIO, VP, Chief Architect ❑ Software Development Director/Manager/Evangelist ❑ IT Director/Manager ❑ Project Manager/Project Leader/Group Leader ❑ Software Architect/Systems Analyst ❑ Application Programmer/Evangelist ❑ Database Administrator/Programmer ❑ Software Developer/Systems Integrator/Consultant ❑ Web Programmer ❑ CEO/COO/President/Chairman/Owner/Partner ❑ VP/Director/Manager Marketing, Sales ❑ VP/Director/Manager of Product Development ❑ General Division Manager/Department Manager ❑ Other (please specify)____________________________ PAYMENT METHOD: (Payment in full due with registration) Check #_______________________________________ Amount of Check $ ______________ Visa MasterCard American Express Discover Name on card_________________________________________________________________ Card #______________________________________________ Exp. Date______________ Signature_____________________________________________________________________ Billing Address (if different from mailing address) _______________________________________________________________________ 3 PLEASE INDICATE YOUR CONFERENCE CHOICE ❑ Total Registration fee $____________ By 9/5/03 GP Gold Passport Good for all three days of the .NET, $1,295.00 Web Services, XML, Java, and Mac OS X Tracks, including preferred seating for the Oracle, IBM and Microsoft Russ’ Toolshed Tutorials, Keynotes, Panel Discussions, and your choice of One Sun Microsystems Java UniversitySM Class Select one: ❑ Architecting Web Services Using J2EE (Oct. 1) ❑ Java 2 Platform: Architect Certification Fast Path (Oct. 2) Before 9/26/03 Onsite $1,395.00 $1,495.00 3D Three Day Conference (Does not include Sun Java Education) $1,195.00 $1,295.00 $1,395.00 ❑ 2D Two Day Conference (Does not include Sun Java $1095.00 Education) (select any two days: ❑ Tue. ❑ Wed. ❑ Thurs.) $1,195.00 $1,295.00 ❑ 1D One Day Conference (Does not include Sun Java™ Education) $595.00 (select any one day: ❑ Tue. ❑ Wed. ❑ Thurs.) $595.00 $695.00 ❑ JU1 Sun Java™ University Class $695.00 Select one: ❑ Architecting Web Services Using J2EE (Oct. 1) ❑ Java 2 Platform: Architect Certification Fast Path (Oct. 2 ) $695.00 $795.00 ❑ JU2 Sun Java University Class $1,195.00 Attend both Architecting Web Services Using J2EE (Oct. 1) and Java 2 Platform: Architect Certification Fast Path (Oct. 2) $1,295.00 $1,395.00 ❑ VIP PASS FREE Good for access to the Exhibit Floor, Keynotes and Panel Discussions, Product Demonstrations, and your choice of (Select one): ❑ Microsoft Russ' Tool Shed (Sept. 30) ❑ How to Develop, Deploy, and Manage Web Services Using IBM Tools (Sept. 30) ❑ Web Services Workshop presented by Oracle (Oct. 1) FREE $50.00 ❑ EO Expo Only FREE FREE $50.00 CANCELLATIONS, SUBSTITUTIONS, REFUNDS Fax written request to SYS-CON Registration 201-782-9651. Requests for refunds received prior to August 29, 2003, will be honored, less a 10% handling charge; requests received after August 29, 2003, and before September 12, 10,000 or more 5,000 – 9,999 1,000 – 4,999 500 – 999 100 – 499 100 or less Location 01 ❑ 02 ❑ 03 ❑ 04 ❑ 05 ❑ 06 ❑ Company 01 ❑ 02 ❑ 03 ❑ 04 ❑ 05 ❑ 06 ❑ D. Please indicate the value of communications and computer products and services that you recommend, buy, specify, or approve over the course of one year: ❑ ❑ ❑ ❑ $10 million or more $1 million – $9.9 million $500,000 – $999,999 $100,000 – $499,999 ❑ $10,000 – $99,999 ❑ Less than $10,000 ❑ Don’t know E. What is your company’s gross annual revenue? ❑ ❑ ❑ ❑ $10 billion or more $1 billion – $9.9 billion $100 million – $999 million $10 million – $99.9 million ❑ $1 million – $9.9 million ❑ Less than $1 million ❑ Don’t know F. Do you recommend, specify, evaluate, approve or purchase wireless products or services for your organization? 01 ❑ Yes 02 ❑ No ❑ If you require special assistance covered under the Americans with Disabilities Act, please call 201-802-3058 by www.WBT2.com September 16, 2003. Government/Military/Aerospace Health Care/Medical Insurance/Legal Education Utilities Architecture/Construction/Real Estate ❑ Agriculture ❑ Nonprofit/Religious ❑ Other (please specify) _______________________ C. Total number of employees at your location and entire organization (check all that apply): Check or Money Order Enclosed (Registration confirmed upon receipt of payment) Charge my ❑ ❑ ❑ ❑ ❑ ❑ G. Which of the following products, services, and/or technologies do you currently approve, specify or recommend the purchase of? ❑ Application Servers ❑ Web Servers ❑ Server Side Hardware ❑ Client Side Hardware ❑ Wireless Device Hardware ❑ Databases ❑ Java IDEs ❑ Class Libraries ❑ Software Testing Tools ❑ Web Testing Tools ❑ Modeling Tools ❑ Team Development Tools ❑ Installation Tools ❑ Frameworks ❑ Database Access Tools / JDBC Devices ❑ Application Integration Tools ❑ Enterprise Development Tool Suites ❑ Messaging Tools ❑ Reporting Tools ❑ Debugging Tools ❑ Virtual Machines ❑ Wireless Development Tools ❑ XML Tools ❑ Web Services Development Toolkits ❑ Professional Training Services ❑ Other [Please Specify] ___________________________________________________ SYS-CON Events, Inc., and SYS-CON Media make no warranties regarding content, speakers, or attendance. The opinions of speakers, exhibitors, and sponsors do not reflect the opinion of SYS-CON Events and SYS-CON Media and no endorsement of speakers, exhibitors, companies, products, or sponsors is implied. Speakers, sessions, and schedule are subject to 2003, will be honored less a 20% handling change without prior notice. charge. No requests for refunds will be honored after September 12, 2003. Requests for substituNo solicitation by anyone other than tions must be made in writing prior to official exhibitors, sponsors or marketing September 26, 2003. No one under 18 is Such behavior is permitted to attend. No warranties areA madeU G Upartners S Tis permitted. 2 0 0 3 cause for expulsion without refund. regarding the content of sessions or materials. X WINDOWS Cross-Platform Integration with X Windows Creating a transparent mixed environment for users Change is scary. If you tell a user that you’re going to wipe his hard disk and BY H E R M A N V E R K A D E Herman Verkade is a UK-based independent consultant who specializes in the management of large-scale heterogeneous environments. Over the past 22 years he has worked mostly with financial institutions in the UK, the U.S., and continental Europe. [email protected] with access to applications running on both platforms simultaneously. I decided to investigate whether the same would be possible with Windows and Linux. The goal was to leave the users’ PCs still running Windows, but give them access to applications running on a remote Linux machine using X Windows. Linux GUI applications are all based around X Windows. When the graphical environment starts on a Linux machine, an X server is started, serving the keyboard, mouse, and screen to X client applications. The clients communicate with the server over pipes, or a TCP/IP connection to the local host, with a protocol called X11. X11 is also suitable to run over a network connection to/from another host. Client applications look at the DISPLAY environment variable to find the X server that they need to display to. Many programs also accept a –display commandline qualifier to redirect X11 to another X server. X11 is a platform-independent protocol, so the X server can just as easily run on a machine with an operating system that is different from that on the client. I set out to run applications on a Linux machine with an X connection back to a Windows PC. The client applications are there, and need no modification, so the quest was on for an X server for Windows. There are a number of commercial packages on the market that achieve this. I looked for a port of the open source X system (XFree86), but found that it would only work with Cygwin, which is a complete Unix-like environment for Windows. That seemed somewhat complex, so I tried the commercial packages first. I got evaluation copies of X-SecurePro from Lab-Tam, and Exceed from Hummingbird. The latter is much better known, but is also far more expensive. Both packages provide an X server and a variety of other Unix-like tools such as NFS, telnet, and so on. Both also provide a GUI starter program that will connect to a remote machine using rsh, rexec, or telnet and execute a command to start an application that connects back to the Windows PC for its X server. The X server in both products can be run in two modes: full-screen or multiwindow. In full-screen mode, a single large window is displayed on the Windows PC, which is an entire desktop in which the X client applications will create their windows. This is great to run an entire Linux desktop under Windows, but this wasn’t what I was looking for for my mixed environment. In multiwindow mode, each X client application is displayed in its own window, with a standard Windows title bar with the normal Windows buttons on it. For a mixed environment this is what’s required. For my tests, I wanted to run a standard xterm window, the GNOME Terminal, www.LinuxWorld.com 87 PREMIER 2003 install Linux, he is going to be scared witless. No matter how good the new operating system is, and no matter how much preparation you put into it, your user is going to be scared of the change. So, why not first give him access to a few Linux applications without actually installing Linux on his machine? here are various ways to give your user community access to Linux applications, without wiping the hard disks of their PCs. The most commonly used ones are to give a user a second PC which runs Linux, to install a dual-boot environment with Windows and Linux, or to install Linux into a virtual PC environment such as VMware. But none of these methods provide a smooth and transparent mixed environment because the user will need to explicitly switch between the Windows and Linux environments. Back in the old days, I managed mixed VMS and Unix environments. Although these two are very different platforms, both supported X Windows. Using the network capabilities of X, I was always able to create transparent mixed environments, where users would have only one workstation, but T A B O UT TH E A UTH O R X WINDOWS OpenOffice.org, and Evolution. I found neither of the X packages working satisfactorily out of the box. xterm worked without problems, as this is a very basic X11 program that does not require any unusual fonts or extensions. The GNOME Terminal was not so good. The terminal window was displayed using a font that was too small, making it very difficult to read, and the menu items were badly rendered, making it all very ugly (see Figure 1). OpenOffice.org and Evolution were treated with some double-spaced font that takes up so much space that it becomes completely unusable (see Figure 2). FIGURE 1 UNTIDY FONT RENDERING USING COMMERCIAL X SERVER PACKAGES To be fair to these products, it’s very likely that these problems can be resolved. X11 is a base protocol for getting requests and responses over the network from a client to a server and vice versa. To display a string of text on the screen, the X client simply requests the string to be displayed with certain font parameters in a certain position on the screen. The X server then looks for an appropriate font file and ren- ders the text for display on the screen. In addition, many extensions have been created, mainly for graphics-intense applications, aimed at reducing the bandwidth usage of X and offloading complex actions from the client to the X server. But for this all to work, there needs to be a match between what the X client requires and what the X server has to offer. In my case the right fonts were not supplied with the X server, and the applications also complained about certain extension modules not being available in the server. If you can find the fonts and the required extension DLLs, then both products can probably be made to work in the scenario described above. But as this was a no-budget project to see how easy (or difficult) it was, I couldn’t afford the time to look into these. Instead, I decided to try the XFree86 Cygwin port. Cygwin is a Unix-like environment for Windows that consists of a DLL that implements most Unix system calls and maps them to existing Windows API calls, and a set of tools and commands ported within this environment. With Cygwin it is possible to take Unix/Linux source code, compile it on Windows against the Cygwin DLL, and then run it as Windows applications. Some of the tools ported in this manner by Cygnus are the gcc compiler and the XFree86 system, as well as various shells and shell commands. All Cygwin modules are installed with a single installer. The setup program is downloadable over the Web. When started it asks which packages you want to download and/or install. XFree86 is simply one of the options available from this setup program. It took a wee while to download the packages, but they were untarred in no time, and my system was ready to go. There is no need to configure X as is required on Linux. There is no need to select a graphics driver and such, as XFree86 on Windows simply works with the generic Windows Graphics API. Therefore it uses whatever graphics card driver is installed for Windows itself. Older versions of XFree86/Cygwin supported only full-screen mode, but earlier this year an option was added to support multiwindow mode. The X server is started by a batch file called startxwin.bat. As an entire Unix-like environment (based on GNU), Cygwin also provides a bash shell and a good set of Unix commands. The default version of startxwin.bat makes use of this and also starts an xterm with a bash shell running locally. If you want to run Unix shell scripts on Windows, then Cygwin is also useful just for that. Next, I telneted to a Linux machine and typed: xterm –display eno:0 & (‘eno’ is the name of my Windows desktop machine). First, I got an “access denied” message. The default security in XFree86 does not allow remote applications to display on the server. A simple xhost + FIGURE 2 in the locally running bash shell fixed that. The xhost program adds entries for remote machines to the allowed list, and the “+” simply allows everything under the sun. Not a good setting for a production environment, but for my testing it was sufficient. Back to the xterm command, and now a beautiful xterm appeared on my screen with a bash shell under Linux. Next was the GNOME Terminal application. No problems at all with this X server, as the correct fonts were used, making it look exactly the same as it does on Linux. Of course this is not much of a surprise because the applications on the Linux machine were expect- DOUBLE-SPACED FONTS DO NOT LEAVE A LOT OF SPACE IN EACH WINDOW PREMIER 2003 88 www.LinuxWorld.com X WINDOWS FIGURE 3 A FULLY INTEGRATED WINDOWS DESKTOP, WITH FILE MANAGER, A BASH SHELL IN AN XTERM RUNNING LOCALLY, AND A PERFECTLY DISPLAYED INSTANCE OF EVOLUTION, WHICH IS RUNNING REMOTELY ON A LINUX MACHINE Client vs Server Newcomers to X11 often get confused by the fact that the concept of “client and server” appears to be the wrong way round. In fact, it is not. Let me explain. The concept of client-server technology is shown in a very basic diagram (see Figure 4). The yellow box on the left is a server process, running on one machine, serving a resource to a number of client processes running on the computers on the right. I’ve shown three computers running a total of four client processes, two red ones and two blue ones. In the case of database client-server technology, the computer on the left is a server-class computer with Server Client large amounts of disk space and probably hardware Computer Computers RAID, which provides a database resource to applicaFIGURE 4 CLIENT-SERVER TECHNOLOGY tions running on the machines on the right, which are most often workstations or PCs. The database server on the left serves its database to the client applications on the right. In this picture the user will usually sit at the machines on the right. In the case of X11, the computer on the left is again running the server process, but the resources served are a keyboard, a mouse, and one or more screens. It serves these resources to client applications running on the computers on the right. The concept of client and server is the same, but the nature of the resource being served now means that the user sits at the computer on the left. The X server runs on a machine with keyboard, mouse, and screen(s), such as a workstation or PC (or even a diskless thin client), while the X client applications run on other machines on the network, which may be other PCs, or server-class machines without graphics capability, or even blade servers. The designations of “client” and “server” remain the same in that client applications make use of a shared resource provided by a server process. It is still a case of multiple clients accessing a single server. The difference is that the user sits on the “other end” of the client-server division, because it is the keyboard, mouse, and screen that are the served resource. ing to run against an XFree86 server and all the required fonts and the extension module are available in the Windows port. I then set out to run OpenOffice.org and Evolution. As far as graphics were concerned both ran fine, but I found that not all windows were appearing on my Windows machine. After a bit of investigation I figured out that if I started Evolution from my telnet session using the –display command-line parameter, then some of the windows were still appearing on the remote machine where the program was running. Evolution starts a number of subprocesses, and the display parameter was not passed on to these. However, when running Evolution from my remote xterm window everything worked fine. When you run xterm with the –display parameter, a bash shell is started inside it, and the DISPLAY environment variable is set to point to the server and screen specified on the command line. Evolution looks at this and connects to the right server. All its subprocesses inherit the variable and now also display to the same screen. Using XFree86/Cygwin I am able to create an environment in which I can run local Windows applications and remote Linux applications that all display in their own window on the PC (see Figure 3). That part of the transparency is achieved quite easily. The only missing bit is a simple tool to start a remote application, as provided by the commercial packages. Using telnet and xterms is not quite the mechanism I want to give to users. I’ll need to do a bit more searching on the Net for this, or if that fails I’ll write one and publish it under the GPL. Once that is achieved, I will be able to give users access to Linux applications to let them see for themselves how beautifully they work. Once they are used to those, I can start thinking about giving them the full Linux operating system on their desktop machines. By then, they will be familiar with the applications and the change to a complete open source environment will be a lot less scary. References • The XFree86 Project: www.xfree86.org • Cygwin/XFree86: http://cygwin.com/xfree • X11: www.x.org • Hummingbird Exceed: www.humming bird.com • Lab-Tam X-SecurePro: www.labtaminc.com LINUXWORLD MAGAZINE WWW.LINUXWORLD.COM PREMIER 2003 90 www.LinuxWorld.com A LIMITED TIME SAVINGS OFFER FROM SYS-CON Media SUBSCRIBE TODAY TO MULTIPLE MAGAZINES AND SAVE UP TO $400 AND RECEIVE UP TO 3 FREE CDs! RECEIVE YOUR DIGITAL EDITION ACCESS CODE INSTANTLY WITH YOUR PAID SUBSCRIPTIONS 3-Pack Pick any 3 of our magazines and save up to $27500 Pay only $175 for a 1 year subscription plus a FREE CD • 2 Year – $299.00 • Canada/Mexico – $245.00 • International – $315.00 6-Pack Pick any 6 of our •Choose the Multi-Pack you want to order by checking to it below. •Check the number of years you want to TO next order. •Indicate your location by checking either U.S., or International. •Then choose which ORDER Canada/Mexico magazines you want to include with your Multi-Pack order. ■ Linux Business & Technology U.S. - Two Years (24) Cover: $143 U.S. - One Year (12) Cover: $72 Can/Mex - Two Years (24) $168 Can/Mex - One Year (12) $84 Int’l - Two Years (24) $216 Int’l - One Year (12) $108 Save: $63 + FREE $198 CD Save: $32 Save: $48 + FREE $198 CD Save: $4 Save: $40 + FREE $198 CD Save: $8 You Pay: $89 / You Pay: $49.99 / You Pay: $119.99 / You Pay: $79.99 / You Pay: $176 / You Pay: $99.99 / Save: $55 + FREE $198 CD Save: $22 Save: $48 + FREE $198 CD Save: $4 Save: $40 + FREE $198 CD Save: $8 U.S. - Two Years (24) Cover: $360 U.S. - One Year (12) Cover: $180 Can/Mex - Two Years (24) $360 Can/Mex - One Year (12) $180 Int’l - Two Years (24) $360 Int’l - One Year (12) $180 You Pay: $169.99 / You Pay: $149 / You Pay: $179.99 / You Pay: $169 / You Pay: $189.99 / You Pay: $179 / Save: $190 + FREE $198 CD Save: $31 Save: $180 + FREE $198 CD Save: $11 Save: $170 + FREE $198 CD Save: $1 U.S. - Two Years (24) Cover: $216 U.S. - One Year (12) Cover: $108 Can/Mex - Two Years (24) $240 Can/Mex - One Year (12) $120 Int’l - Two Years (24) $264 Int’l - One Year (12) $132 You Pay: $129 / You Pay: $89.99 / You Pay: $159.99 / You Pay: $99.99 / You Pay: $189 / You Pay: $129.99 / Save: $87 + FREE $198 CD Save: $18 Save: $80 + FREE $198 CD Save: $20 Save: $75 + FREE $198 CD Save: $2 ■ Wireless Business & Technology You Pay: $99.99 / You Pay: $69.99 / You Pay: $129 / You Pay: $89.99 / You Pay: $170 / You Pay: $99.99 / Save: $68 + FREE $198 CD Save: $14 Save: $63 + FREE $198 CD Save: $6 Save: $46 + FREE $198 CD Save: $8 U.S. - Two Years (24) Cover: $168 You Pay: $99.99 / U.S. - One Year (12) Cover: $84 You Pay: $69.99 / Can/Mex - Two Years (24) $192 You Pay: $129 / Can/Mex - One Year (12) $96 You Pay: $89.99 / You Pay: $170 / Int’l - Two Years (24) $216 You Pay: $99.99 / Int’l - One Year (12) $108 Save: $68 + FREE $198 CD Save: $14 Save: $63 + FREE $198 CD Save: $6 Save: $46 + FREE $198 CD Save: $8 ■ .NET Developer’s Journal U.S. - Two Years (24) Cover: $144 U.S. - One Year (12) Cover: $72 Can/Mex - Two Years (24) $192 Can/Mex - One Year (12) $96 Int’l - Two Years (24) $216 Int’l - One Year (12) $108 You Pay: $89 / You Pay: $49.99 / You Pay: $139 / You Pay: $79.99 / You Pay: $170 / You Pay: $99.99 / Save: $55 + FREE $198 CD Save: $22 Save: $53 + FREE $198 CD Save: $16 Save: $46 + FREE $198 CD Save: $8 ■ WebSphere Developer’s Journal ■ XML-Journal U.S. - Two Years (24) Cover: $168 U.S. - One Year (12) Cover: $84 Can/Mex - Two Years (24) $192 Can/Mex - One Year (12) $96 Int’l - Two Years (24) $216 Int’l - One Year (12) $108 ■ U.S. ■ Can/Mex ■ Intl. ■ U.S. ■ Can/Mex ■ Intl. ■ U.S. ■ Can/Mex ■ Intl. ■ ColdFusion Developer’s Journal ■ Web Services Journal U.S.- Two Years (24) Cover: $168 U.S. - One Year (12) Cover: $84 Can/Mex - Two Years (24) $192 Can/Mex - One Year (12) $96 Int’l - Two Years (24) $216 Int’l - One Year (12) $108 ■ 1YR ■ 2YR ■ 1YR ■ 2YR ■ 1YR ■ 2YR ■ WebLogic Developer’s Journal You Pay: $79.99 / You Pay: $39.99 / You Pay: $119.99 / You Pay: $79.99 / You Pay: $176 / You Pay: $99.99 / ■ Java Developer’s Journal U.S. - Two Years (24) Cover: $144 U.S. - One Year (12) Cover: $72 Can/Mex - Two Years (24) $168 Can/Mex - One Year (12) $84 Int’l - Two Years (24) $216 Int’l - One Year (12) $108 Pick a 3-Pack, a 6-Pack or a 9-Pack ■ 3-Pack ■ 6-Pack ■ 9-Pack U.S. - Two Years (24) Cover: $360 U.S. - One Year (12) Cover: $180 Can/Mex - Two Years (24) $360 Can/Mex - One Year (12) $180 Int’l - Two Years (24) $360 Int’l - One Year (12) $180 You Pay: $169.99 / You Pay: $149 / You Pay: $179.99 / You Pay: $169 / You Pay: $189.99 / You Pay: $179 / Save: $190 + FREE $198 CD Save: $31 Save: $180 + FREE $198 CD Save: $11 Save: $170 + FREE $198 CD Save: $1 ■ PowerBuilder Developer’s Journal You Pay: $99.99 / You Pay: $69.99 / You Pay: $129 / You Pay: $89.99 / You Pay: $170 / You Pay: $99.99 / Save: $68 + FREE $198 CD Save: $14 Save: $63 + FREE $198 CD Save: $6 Save: $46 + FREE $198 CD Save: $8 U.S. - Two Years (24) Cover: $360 U.S. - One Year (12) Cover: $180 Can/Mex - Two Years (24) $360 Can/Mex - One Year (12) $180 Int’l - Two Years (24) $360 Int’l - One Year (12) $180 You Pay: $169.99 / You Pay: $149 / You Pay: $179.99 / You Pay: $169 / You Pay: $189.99 / You Pay: $179 / Save: $190 + FREE $198 CD Save: $31 Save: $180 + FREE $198 CD Save: $11 Save: $170 + FREE $198 CD Save: $1 magazines and save up to $35000 Pay only $395 for a 1 year subscription plus 2 FREE CDs • 2 Year – $669.00 • Canada/Mexico – $555.00 • International – $710.00 9-Pack Pick 9 of our magazines and save up to $40000 Pay only $495 for a 1 year subscription plus 3 FREE CDs • 2 Year – $839.00 • Canada/Mexico – $695.00 • International – $890.00 OFFER SUBJECT TO CHANGE WITHOUT NOTICE Subscribe Online Today www.sys-con.com/2001/sub.cfm www.LinuxWorld.com 91 PREMIER 2003 LUGs Linux User Groups For more information go to www.linux.org/groups United States Big Bear City, CA Big Bear Linux User Group http://www.weak.org/buug San Diego, CA San Diego Linux Users Group http://www.sdlug.org Cerritos, CA Cerritos Linux User Group http://www.cerritoslug.org San Diego County, CA Linux System Administrators http://www.LxSA.org Chico, CA Chico State Linux User's Group http://cslug.ecst.csuchico.edu San Francisco, CA Bay Area Linux Users Group http://www.balug.org Mobile, AL South Alabama Linux User Group http://www.salug.org Davis, CA Linux User Group of Davis http://www.lugod.org Montgomery, AL Montgomery Area Linux Users http://www.malu.org Eureka, CA HUMLUG http://humlug.org San Francisco, CA San Francisco PC Users Group Linux SIG http://www.sfpcug.org/sig/linux.html Alaska Fremont, CA East Bay Linux User Group http://www.eblug.org Alabama Birmingham, AL Birmingham Area Linux Users http://deepfog.net Huntsville, AL Linux Users of North Alabama http://luna.huntsville.al.us Alaska Alaska Linux Users Group http://www.aklug.org Fairbanks, AK University of Alaska Fairbanks Linux User's Group http://linux0.cs.uaf.edu Juneau, AK Juneau Linux Users Group http://juneau-lug.org Arizona Flagstaff, AZ Linux Users of Northern Arizona http://luna.flagstaff.az.us Phoenix, AZ Phoenix Linux User Group http://plug.phoenix.az.us Prescott, AZ Linux Users Group of Yavapai http://www.lugy.net Sierra Vista, AZ Cochise Linux Users Group http://www.cochiselinux.org Fullerton, CA Orange County Linux User Group http://www.oclug.org Los Angeles, CA Linux Users Los Angeles http://www.lula.org Los Angeles, CA Los Angeles Linux User Groups http://www.lalugs.org Los Angeles, CA University of Southern California Linux Users Group http://sclug.usc.edu Mission Viejo, CA South Orange County Linux Users Group http://www.soclug.org Monterey, CA Monterey Peninsula Linux User's Group http://mplug.psychogeek.net Tucson, AZ Tucson Free Unix Group http://tfug.org North Hills, CA San Fernando Valley Linux User Group http://sfvlug.org Yuma, AZ Yuma Linux User Group http://ylug.linuxorbit.com Palmdale, CA Antelope Valley Linux Users Group http://www.avlug.org Arkansas Conway, AR Central Arkansas Linux Users Group http://www.carlug.org Little Rock, AR Little Rock Linux Users Group http://www.lrlug.org California Berkeley, CA Berkeley Unix User Group http://www.weak.org/buug Berkeley, CA Cal Berkeley Linux Users Group http://www-callug.cs.berkeley.edu Palm Springs Area, CA Coachella Valley Linux Users Group http://www.cvlug.org Boulder, CO Boulder Linux Users Group http://lug.boulder.co.us Colorado Springs, CO Pikes Peak Linux Users Group http://pplug.org Denver, CO Colorado Linux Users & Enthusiasts http://clue.denver.co.us Fort Collins, CO Northern Colorado Linux Users Group http://www.nclug.org San Francisco, CA U.S.S. Augusta Ada http://trek.starshine.org Connecticut San Jose, CA San Jose State University Linux Users Group http://sjsulug.engr.sjsu.edu New Haven, CT Southern Connecticut Open Source User Group http://www.scosug.org San Jose, CA Silicon Valley Linux User Group http://www.svlug.org New London, CT * Eastern Connecticut Linux User Group http://www.eclug.net San Luis Obispo, CA Cal Poly Linux Users Group http://www.lug.calpoly.edu North Haven, CT * Southern CT Open Source User Group http://www.scosug.org Santa Barbara, CA Santa Barbara Linux User Group http://sblug.borg-cube.com Norwich, CT Eastern Connecticut Linux Users Group (ECLUG) http://www.clintonpublic.org/eclug/i ndex.html Santa Clarita, CA Santa Clarita Valley Linux User Group http://www.scvlug.org Delaware Santa Cruz, CA Santa Cruz Linux User Group http://linus.got.net Dover, DE Lower Delaware Linux Users Group http://www2.delawaremicro.com Santa Cruz, CA Santa Cruz Microsoft Alternative User Group http://www.scruz.org New Castle, DE New Castle Linux Users Group http://www.jjsheeran.com/LUG.html Santa Monica, CA Santa Monica Linux User Group http://oceanpark.com/lug Newark, DE LUG @ The University of Delaware http://www.lug.udel.edu Santa Ynez Valley, CA Santa Ynez Linux Users Group http://www.rentatek.com/SYLUG District of Columbia Manassas, VA Linux User’s Group of Manassas http://www.tux.org/lugman Stockton/Modesto, CA Central Valley Area Linux Enthusiasts http://www.cvale.org Pasadena, CA San Gabriel Valley Linux Users Group http://www.sgvlug.org Sonoma County, CA North Bay Linux Users Group http://nblug.org Redlands, CA LUGIE http://www.rdfoerster.com/LUGIE Torrance, CA Lilax http://www.lilax.org Roseville, CA Roseville Linux Users Group http://www.rosevillelug.org Van Nuys, CA The Linux Labs User Group http://www.thelinuxlabs.org Sacramento, CA Sacramento Area Linux Users Group http://wwww.saclug.org Berkeley, CA Berkeley Unix User Group http://www.weak.org/buug PREMIER 2003 Colorado N. Potomac, MD DCLUG--Washington DC Metro Area Linux User http://dclug.tux.org Bethesda Maryland, VA Washington DC Linux User Group http://www.tux.org/dclug Florida Broward, FL Florida Linux User Xchange http://www.flux.org Cape Coral, FL Southwest Florida Linux Users Group http://www.swfglug.org 92 Central Florida, FL Linux Enthusiasts And Professionals, Inc. http://www.leap-cf.org Daytona Beach, FL Daytona Beach Network Users Group http://www.dabnug.org Florida, FL Ardella Baptist Church, FL Your Linux User Group (YourLUG) http://www.yourlug.org Fort Lauderdale, FL Florida Linux User Xchange http://www.flux.org Fort Walton Beach, FL Emerald Coast Linux Users Group http://www.eclug.org Gainesville, FL Florida Linux Users - FLU http://www.linuxusers.org Jacksonville, FL Jacksonville Linux Users Group http://www.jaxlug.org Lakeland, FL YourLug http://www.yourlug.org Melbourne, FL Melbourne Linux User Group http://www.mlinux.org Miami, FL Miami Linux Users Group http://www.mialug.org Orlando, FL Linux Enthusiasts and Professionals (LEAP) of Central Florida http://www.leap-cf.org Orlando, FL University of Central Florida Linux User Group http://pegasus.cc.ucf.edu/~linux Pensacola, FL Pensacola Linux User Group http://www.pcolalug.org Tampa Bay, FL Suncoast Linux Users Group http://www.suncoastlug.org Columbus, GA Chattachoochee Area Open Source http://chaos706.org Dublin, GA Dublin Georgia Linux Users Group http://members.tripod.com/~carrere/linux Loganville, GA LawLUG http://www.lawlug.com Hawaii Hilo, HI Big Island Linux Users Group http://cs.uhh.hawaii.edu/BILUG Honolulu, HI Linux & Unix Advocates & Users http://luau.hi.net Honolulu, HI Linux Business Network Users Group http://linuxnetworks.org/ Honolulu, HI Mid-Pacific Linux Users Group http://www.mplug.org Idaho West Palm Beach, FL Pensacola Linux User Group http://www.pbclug.org Coeur d'Alene, ID North Idaho Linux User Group http://www.nilug.org Georgia Idaho Falls, ID Linux in Idaho Falls http://www.linif.org Athens, GA University of Georgia Linux User Group http://www.uga.edu/~chugalug Mountain Home AFB, ID Mountain Home Linux User Group http://mhlug.linuxorbit.com Atlanta, GA Atlanta Linux Enthusiasts http://www.ale.org Pocatello, ID Idaho State University Linux Users Group http://inconnu.isu.edu/index.shtml Atlanta, GA Linux Users Group at Emory http://luge.cc.emory.edu Rockland, ID American Falls /Rockland Linux User Group http://arlug.dcdi.net Atlanta, GA Linux Users Group at Georgia Tech http://www.lugatgt.org Twin Falls, ID Magic Valley Linux Users Group http://www.magiclug.org www.LinuxWorld.com LUGs Kansas Massachusetts Manhattan, KS K-SLUG http://www.k-slug.org Amherst, MA Hampshire College LUG http://bork.hampshire.edu/~hclug Missouri/Kansas, KS Kansas Unix & Linux Users Association http://www.kulua.org Amherst, MA Western Massachusetts LinuxUnix User's Group http://www.wemalu.org Newton, KS Newton Linux Users Group http://www.geocities.com/SiliconVal ley/Code/2768 Boston, MA Boston Linux & Unix http://www.blu.org Mississippi Danvers, MA Saint John's Prep LUG http://www.sjp-lug.tk Jackson, MS Linux Users Group of Jackson http://lugoj.org/index.php Mansfield, MA SE Massachusetts Linux Users Group http://www.semalug.org Lafayette-Oxford-University, MS Lafayette-Oxford-University Linux Users Group http://loulug.cs.olemiss.edu Carson City, NV Carson Douglas Linux Users Group http://kearneylug.org Worcester, MA Clark University linux users Group http://linux.clarku.edu Mississippi, MS South Mississippi Linux Users Group http://www.smlug.org Las Vegas, NV Las Vegas Linux User Group http://lvlug.org Wichita, KS Air Capital Linux Users Group http://www.aclug.org Kentucky Bowling Green, KY Western Kentucky University Linux Users Group http://linux.wku.edu Indiana Evansville, IN University of Southern Indiana LUG http://linux.usi.edu Fort Wayne, IN Three Rivers Linux Group http://members.tripod.com/fwlug/fw lug.html Gary to Laporte, IN Northwest Indiana Linux User Grou http://www.nwilug.org Goshen, IN GLUG http://www.goshenlug.org Illinois Chicago, IL ChicagoLand Linux Users Group http://clug.chicago.il.us Indianapolis, IN Central Indiana Linux Users Group http://www.cinlug.org Chicago, IL Enterprise Computing Professionals Association, US http://www.encompassUS.org Indianapolis, IN Indianapolis Linux User Consortium http://www.inluc.org Chicago, IL Illinois Institute of Technology Linux Users Group http://host61.grad.iit.edu/lug North-Central Indiana, IN ChugaLugIN http://www.angelfire.com/in2/chuga lugin Des Plaines, IL ULTRA (at Oakton Community College) http://student.oakton.edu/ultra Fairview Heights, IL Southern Illinois Linux Users Group http://www.silug.org Galesburg, IL Linux Users' Group Galesburg Area http://www.lugga.org O'Fallon, IL Southern Illinois Linux Users Group - Metro East http://www.silug.org Palatine, IL NorthWest Chicagoland Linux User Group (NWCLUG) http://nwclug.harpercollege.edu/htt pd/html/index.html Quad Cities, IL QCLUG http://www.qclug.org Rock River, IL Rock River Linux User Group http://linux.rockriver.net Springfield, IL Linux Users of Central Illinois http://www.luci.org New Albany, IN Indiana University Southeast Linux User Group http://www.iuslug.org South Bend, IN Michiana Linux Users Group http://www.mlug.org South Bend, IN Notre Dame Linux Users Group http://www.ndlug.nd.edu Terre Haute, IN Rose-Hulman Users of Linux http://www.rosehulman.edu/Users/groups/RHUL/H TML/index.html West Lafayette, IN Purdue University Linux Users Group http://expert.cc.purdue.edu/~plug Iowa Ames, IA Ames Area Free Unix Group on Information Technology http://www.aafugit.org Cedar Falls, IA CedarLUG http://www.cedarlug.org Cedar Rapids, IA Eastern Iowa Linux User groups http://www.crlug.org Des Moines, IA Central Iowa Linux Users Group http://www.cialug.org www.LinuxWorld.com Lexington, KY Lexington Professional Linux Users Group http://lplug.org Worcester, MA Worcester Linux Users Group http://www.wlug.org Louisville, KY S+LUG, Louisville http://www.maysville-linux-usersgroup.com Michigan Ann Arbor, MI The Washtenaw Linux User Group http://www.lugwash.org Maysville, KY Maysville Linux Users Group http://www.slug.louisville.edu Big Rapids, MI Ferris State University Linux Users Group http://galileo.tucker-usa.com/~lug Louisiana Detroit, MI Metro Detroit Linux Users Group http://www.mdlug.org Baton Rouge, LA Baton Rouge Linux User Group http://www.brlug.net Flint, MI Genesee County Linux Users Group http://www.gclug.org New Orleans, LA New Orleans Linux User Group http://www.nolug.org Lake Charles, LA Lake Charles Linux Users Group www.lclinux.org Grand Traverse, MI Grand Traverse Linux Users Group http://www.gtlug.org Shreveport, LA Shreveport - Bossier Linux Users Group http://www.sblug.org Kalamazoo, MI Kalamazoo Linux User Group http://www.kalamazoolinux.org Maine Kentwood, MI Grand Rapids Linux Users Group http://grlug.org/zope/grlug Westbrook, ME MeLUG South http://south.melug.org Lansing, MI Greater Lansing Linux Users Group http://www.gllug.org Maryland Muskegon, MI Muskegon Area Linux Users Group http://www.malug.org Annapolis, MD Annapolis LUG http://linuxlovers.dhs.org Traverse City, MI Grand Traverse Linux Users Group http://www.gtlug.org Baltimore, MD Baltimore Linux Users Group http://www.BaltoLUG.org University of Michigan, MI UMLUG http://www.umich.edu/~umlug Blue Ridge, MD Blue Ridge Area Linux Enthusiasts http://www.brale.org Minnesota College Park, MD Linux Web Linux User Group http://www.linuxweb.org Duluth, MN Twin Ports Linux Users Group http://linux.trapped-under-ice.com Columbia, MD Columbia Area Linux Users Group http://www.calug.com Mankato, MN MSU, Mankato Linux User Group http://krypton.mnsu.edu/~msulug Glen Burnie, MD Glen Burnie Linux User Group http://gblug.linuxorbit.com Macalester College, MN Mac LUG http://maclug.dhs.org Minneapolis, MN Twin Cities Linux Users Group http://www.mn-linux.org Laurel, MD Laurel-Beltsville Linux User Group http://laurellinux.org Leonardtown, MD The Penguin Club http://free.prohosting.com/~lugsm Moorhead, MN Fargo Moorhead LUG http://fmlug.org Silver Spring Montgomery Blair Linux Users Group http://mblug.mbhs.edu Northfield, MN Northfield Linux Users Group http://norlug.org 93 Duluth, MN Twin Ports Linux Users Group http://linux.trapped-under-ice.com Rochester, MN K-lug http://k-lug.org University of Minnesota, MN Twin Cities Linux Users Group http://www.mn-linux.org Nebraska Kearney, NE Kearney Linux User Group http://kearneylug.org Lincoln, NE OLUG http://www.olug.org Lincoln, NE Star City Linux User Group http://linux.dbw.org Omaha, NE OLUG http://www.olug.org Nevada Reno, NV Reno Linux User Group http://www.rlug.org Mississippi State, MS BullyLUG http://www.bullylug.org Tupelo, MS Linux Users of North Mississippi http://www.linuxgod.net Missouri Blue Springs, MO Blue Springs Linux Users Group http://bslug.solve.net Columbia, MO Mizzou Linux Users Group http://www.mlug.missouri.edu East-Central Missouri, MO East-central Missouri Linux Users Group http://www.mo-biz.com/~linuxusr New Hampshire Concord, NH CentraLUG http://www.centralug.org Nashua, NH Greater New Hampshire Linux User's Group http://www.gnhlug.org New Jersey Bellmawr, NJ South Jersey Linux Users Group http://sjlinux.org Branchburg, NJ New Jersey Linux User Group http://www.njlug.org Hazelwood, MO Hazelwood Linux Users Group http://www.sluug.org/~hzlug Cherry Hill, NJ Cherry Hill Linux Users Group http://www.chlug.org/home.php Independence, MO Independence Linux Users Group http://www.ilug.org Hamilton, NJ Hamilton Linux User Group http://www.hamlug.org Kansas City, MO Kansas City Linux User Group http://www.kclug.org Highland Park, NJ Rutgers University Student Linux User Group http://ruslug.rutgers.edu Missouri/Kansas, MO Kansas Unix & Linux Users Association http://www.kulua.org Newark, NJ RUNLUG Rutgers University Newark: Linux Users Group http://penguin.rutgers.edu Springfield, MO Ozarks Linux Users Group http://www.ozlug.org New Brunswick, NJ Rutgers University Student Linux Users Group http://ruslug.rutgers.edu Springfield, MO Southern Missouri Linux Users Club http://www.smluc.org Passaic County, NJ Passaic County Linux Users Group http://devplug.org St. Louis, MO Missouri Open Source Linux Users Group http://www.moslug.org St. Louis, MO St. Louis Linux Users Group http://www.stllinux.org St. Charles, MO St. Charles Linux Users Group http://www.sluug.org/~cfit/stclug Montana Bozeman, MT BozemanLUG http://www.bozemanlug.org Billings, MT Yellowstone Valley Linux Users Group http://lug.cotcomsol.com Princeton, NJ Linux Users Group/In Princeton http://lugip.princeton.edu Princeton, NJ LUG/IP http://www.lugip.org Princeton, NJ Princeton PC Users Group http://www.ppcug-nj.org/sigs/linux Ridgewood/Hawthorne, NJ New Jersey Sleepless Linux User Group http://www.njslug.org Scotch Plains, NJ LUNICS http://www.acgnj.org Voorhees, NJ SLUG http://slug.happyduck.org —continued on next page PREMIER 2003 LUGs New Mexico North Carolina Albuquerque, NM New Mexico Linux User Group http://www.nmlug.org Asheville, NC Western North Carolina Linux Users Group http://www.wnclug.org Gallup, NM Gal-lug http://gallug.org Las Cruces, NM Mesilla Valley LUG http://www.zianet.com/mvlug Rio Rancho, NM DIALUG http://www.linuxlots.com/~dialug New York Briarwood, NY Briarwood Linux User Group http://www.geocities.com/bwlug Brooklyn, NY New York Linux Users Group http://www.nylug.org/home/index.shtml Buffalo, NY Niagara Frontier Linux Users Group http://www.nflug.org Buffalo, NY University at Buffalo Linux Users Group http://ublug.freehosting.net Capital District Region of NY CDLUG - Capital Disctrict Linux Users Group http://cdlug.net Farmingdale, NY Long Island Linux User Group http://www.lilug.org Johnson City, NY Southern Tier of New York Linux User Group http://www.stnylug.org Long Island, NY Long Island Linux Users Group http://lilug.org Marist College, NY Mid-Hudson Valley Linux Users Group http://mhvlug.org New York City, NY Linux User Group of New York http://www.luny.org New York City, NY New York Linux Scene http://www.nylxs.com Boone, NC Appalachian Linux Users Group http://lug.appstate.edu Burlington, NC Piedmont Linux User Group http://www.netpath.net/linux Charlotte, NC CharLug http://charlug.org Durham, NC Duke University Linux User Group http://www.duke.edu/web/dulug Greensboro, NC LUG @ GTCC http://home.triad.rr.com/gtcclug Mayodan, NC The Rockingham County Linux Users http://rock.lug.net Morganton, NC Foothills Linux Users & Enthusiasts http://www.hci.net/~flue New Bern, NC New Bern Linux Users Group http://www4.coastalnet.com/nblug Raleigh, NC Linux Users Group at North Carolina State University http://www.linux.ncsu.edu/lug Shelby, NC Shelby Linux Users Group http://www.swoopee.com/lug Wake Forest University, NC Piedmont Linux Users Group http://ricardo.ecn.wfu.edu/~plug North Dakota Fargo-Moorhead, ND Fargo-Moorhead Linux User Group http://fmlug.org Ohio Plattsburgh, NY Plattsburgh Linux Users Group http://lug.cf-media.com Akron, OH Akron Linux Users Group http://alug.adg.org Poughkeepsie, NY Mid-Hudson Valley Linux Users Group http://mhvlug.org Bowling Green, OH Bowling Green Student Linux Users Group http://alug.adg.org Rensselaer, NY Capital District Linux Users Group http://cdlug.net Akron, OH Akron Linux Users Group http://www.bgslug.org Salamanca, NY LUG.SWNY.net http://swny.net/lug Stony Brook, NY Linux Users Group @ Stony Brook http://www.ic.sunysb.edu/clubs/lugsb Syracuse, NY Syracuse Linux Users Group http://syrlug.org Syracuse, NY Syracuse University Linux User Group http://slugs.syr.edu Stony Brook, NY Linux Users' Group @ Stony Brook http://www.sinc.sunysb.edu/Clubs/lugsb Tappan, NY Westchester Linux Users Group http://www.linuxpcug.org Philadelphia, PA Drexel University GNU/Linux Users Group http://www.duglug.org Mansfield, OH North Central Ohio LUG http://www.ncolug.org North Canton, OH Canton Linux Enthusiasts http://cantonlinux.org Oberlin, OH Oberlin Linux User Group http://www.oberlin.edu/~olug Oxford, OH The Miami Unix Collective http://www.muc.muohio.edu Toledo, OH Toledo Area Linux Users Group http://www.talug.org Oklahoma Norman, OK Norman UNIX Liberation League http://www.ou.edu/student/null Canton, OH Canton Linux Enthusiasts http://linux.ifip.net Cincinnati, OH Cincinnati Linux Users Group http://www.clug.org Cleveland , OH Case Western Reserve University Linux Users Group http://cwrulug.cwru.edu Cleveland, OH Cleveland Linux User Group http://cleveland.lug.net Oklahoma City, OK OKC PCUG Linux SIG http://LinuxSIG.org PREMIER 2003 Puerto Rico Austin, TX Austin Linux Group http://www.austinlug.org Puerto Rico Linux Puerto Rico http://www.linux-pr.com Austin, TX Central Texas Linux User Group http://www.ctlug.org Rhode Island Beaumont, TX SouthEast Texas Linux Users Group http://www.setxlug.org Greenville, SC Upstate Carolina Linux Users Group http://www.smwc.com/linux Ashland, OR Rogue Penguins Linux Users Group http://www.rplug.org Rock Hill, SC Winthrop University Linux Users' Group http://feynman.winthrop.edu/winulug Corvallis, OR The Mid Willamette Valley Linux User Group http://mwvlug.org South Dakota Eugene, OR Eugene Linux Users Group http://www.euglug.org Black Hills, SD Black Hills Linux User Group http://www.geocities.com/bhlug/bhl ughome Eugene, OR Open Source Users Group at the University of Oregon http://cs.uoregon.edu/open Rapid City, SD Black Hills Linux User Group http://www.geocities.com/bhlug/bhl ughome Portland, OR BizNix http://www.biznix.org Sioux Falls, SD Siouxland Linux Users Group http://www.kopland.org/forums Portland, OR Portland Linux User Group http://www.pdxlinux.org Tennessee Tillamook, OR Tillamook Linux User Group http://www.geocities.com/elflakosr Chattanooga, TN Chugalug http://www.chugalug.org Clarksville, TN Clarksville Linux Users Group http://www.cllug.org Pennsylvania Altoona, PA Altoona Linux Users Group http://www.altoonalug.org Knoxville, TN Knoxville Linux Users Group http://www.utklug.org Bethlehem, PA Lehigh Valley Linux Users Group http://thelinuxlink.net/lvlinux McMinnville, TN McMinnville Linux and Unix Users Group http://www.utklug.org Central Pennsylvania, PA Central Pennsylvania Linux User Group http://www.pa.net/cplug Memphis, TN Group Of Linux Users in Memphis http://www.cllug.org Doylestown, PA Bucks County Linux Users Group http://www.bclug.org Harrisburg, PA Harrisburg Unix Users Group http://www.huug.org Austin, TX ACC-LUG http://www.geocities.com/aibanhamano/Opensource/acc.html South Carolina Oregon Columbus, OH Central Ohio Linux User Group http://www.colug.net Pittsburgh, PA Western Pennsylvania Linux Users' Group http://www.wplug.org Rhode Island, RI Ocean State Linux Users http://www.rilinux.org Tulsa, OK TCS Linux SIG http://tulsa.sourceforge.net Gettysburg, PA GB-LUG http://gblug.mine.nu Amarillo, TX Amarillo Linux Users Group http://www.alug.org Providence, RI Rhode Island Linux Users Group http://www.rilug.com Oklahoma City, OK Oklahoma City Forum http://www.okcforum.org Cleveland,, OH North East Ohio Newbie Linux Users Group http://www.neonlug.org Philadelphia, PA Philadelphia Area Linux User Group http://www.nothinbut.net/~plug Providence, RI Rhode Island Free Unix Group http://www.rifug.org Research Triangle Park, NC Triangle Linux Users Group http://www.trilug.org New York City, NY New York Linux Users' Group http://www.nylug.org Rochester, NY Linux Users Group of Rochester http://www.lugor.org Lancaster, PA Lancaster Co. Linux Users Group http://www.lancaster-linux.org Dayton, OH Dayton Microcomputer Association Linux Special User Group http://www.dma.org/linuxsig Nashville, TN Nashville Linux Users Group http://www.nlug.org 94 Brownsville, TX Brownsville LUG http://unix.utb.edu/~blug Corpus Christi, TX Corpus Christi Linux Users Group http://www.cclug.org Dallas, TX North Texas Linux User Group http://www.ntlug.org Fort Worth, TX Fort Worth Linux Users Groups http://www.fwlug.org Galveston, TX Coastal Area of Texas Linux Users Group http://www.catlug.org Hillcrest, TX Heart of Texas Linux User Group (HOTLUG) http://www.hotlug.com Killeen, TX Killeen-Fort Hood Area LUG http://members.aol.com/killeenlug/ index.html Vermont Burlington, VT Small Linux Users Group of Vermont http://www.slug-vt.org Midland, TX Permian Basin Linux Users Group http://www.pblug.org Virginia Nacogdoches/Lufkin, TX Unix Users of Deep East Texas http://www.uudet.org Arlington, VA Yorktown High School Linux Users' Group http://yhslug.tux.org Texarkana, TX Texarkana Area Linux Users Group http://kroushl.freeshell.org/talug/ind ex.php Blacksburg, VA Virginia Tech Linux Users' Group http://www.vtluug.org Waco, TX Heart O' Texas Linux User Group http://hotlug.org Chantilly, VA Northern Virginia Linux Users' Group http://novalug.tux.org Charlottesville, VA Charlottesville Unix Users Group http://www.chuug.org Utah Green River, UT Green River Linux Users Group http://www.greenriverutah.com/lug.shtml Logan, UT The Free Software and GNU/Linux Club http://linux.usu.edu Ogden, UT Ogden Area Linux User Group http://www.oalug.com Provo, UT BYU Unix Users Group http://uug.clubs.byu.edu Fairfax, VA Fairfax Linux User Group http://www.dhankhar.com/servlet/fo rum/listforums Falls Church, VA Linux User's Group of Northern Virginia http://www.tux.org/novalug Richmond, VA Richmond VA Linux Users Group http://www.rivalug.org Salem, VA Roanoke Valley GNU/Linux User Group http://www.rvglug.org Texas Provo, UT Provo Linux User Group http://www.plug.org Staunton, VA Shenendoah Vallery Linux Users Group http://www.xerosystems.com Abilene, TX West Texas Linux Users Group http://www.wtlug.org Salt Lake City, UT Salt Lake Linux Users Group http://www.sllug.org Tidewater, VA Tidewater Unix User Group http://www.twuug.org www.LinuxWorld.com LUGs Nanaimo Nanaimo Linux Users Group http://www.nanlug.org Peterborough Peterborough Linux User Group http://www.plugintolinux.org Nelson Kootenay Area UNIX Group http://kaug.netidea.com Toronto Toronto Linux Users Group http://tlug.ss.org Penticton South Okanagan Linux Users Group http://www.solug.org Wingham Midwestern Ontario Linux Users Group http://www.molug.org Prince Rupert North Coast Linux User Group http://www.citytel.net/~gnielsen/linu x2.html Quebec Gatineau Linux-Outaouais http://www.linux-gatineau.org Valley Internet Providers South Okanagan Linux Users Group http://www.solug.org Montreal Linux-Québec http://www.linux-quebec.org Vancouver Vancouver Linux Users Group http://www.linux.bc.ca Montreal Montreal Linux User Group http://www.skalir.net Victoria Victoria Linux Users Group http://www.vlug.org Montreal Montreal Regional Linux Users Group http://www.mrlug.org Manitoba Winnipeg Manitoba UNIX User Group http://www.muug.mb.ca West Virginia Morgantown, WV Morgantown Area Linux and Free Software Community http://www.morlug.org Parkersburg, WV Mid-Ohio Valley Linux Users Group http://www.movlug.com Potomac Region, WV PotLUG http://www.geocities.com/potlug Washington Bellevue, WA Tacoma Linux User Group http://www.taclug.org Bellingham, WA Bellingham Linux Users Group http://www.blug.org Kingston, WA Kitsap Penninsula Linux Users Group http://www.kplug.org Olympia, WA Olympia Linux Users Group http://chuckwest.org/olug Seattle, WA Greater Seattle Linux Users http://www.gslug.org Seattle, WA Linux User Group at University of Washington http://students.washington.edu/ linuxug Silverdale, WA Kitsap Penninsula Linux Users Group http://www.kplug.org Spokane, WA Spokane Linux User Group http://www.spokanelinux.com Tacoma, WA Tacoma Linux User Group http://www.taclug.org Wisconsin La Crosse, WI La Crosse Linux Users Group http://www.lclug.com Madison, WI Madison Linux Users Group http://www.madisonlinux.org Milwaukee, WI Milwaukee Linux Users Group http://www.mlug.net Waukesha, WI Waukesha-Area Linux User Group http://www.digitalsimplicity.com/walug Trois-Rivières Linux Trois-Rivières http://linuxtr.ampr.org Winnipeg Prairie Linux User Group http://www.openfarm.org Saskatchewan Winnipeg Winnipeg PC User Group Linux Forum http://www.wpcusrgrp.org/~sig/Linu x/ New Brunswick Moncton Moncton Linux Users Group http://monctonlug.sourceforge.net Newfoundland Corner Brook Western Newfoundland Linux Users Group http://www.cornet.nf.ca/lug Yukon Territory Mexico City Mexico Linux User Group http://www.linux.org.mx Yukon Territory Yukon Linux Users Group http://users.yknet.yk.ca/linux Villahermosa GULTab: Grupo de Usuarios Linux de Tabasco http://linuxtabasco.tripod.com Mexico Chihuahua Nationwide See site for more details GLUCH http://www.gluch.org.mx Aguascalientes Grupo de Usuarios de Linux en Aguascalientes Mexico http://www.geocities.com/gpolinagsmex Distrito Federal See site for more details Grupo de Usuarios de Linux Mexico http://www.cofradia.org Atizapan de Zaragoza Grupo de Usuarios Linux ITESMCEM http://linux.cem.itesm.mx Ecatepec GULFI http://www.fib.unam.mx/gulfi Chihuahua Grupo Linux Chihuahua http://www.gluch.org.mx Ciudad Juarez Grupo Software Libre Ciudad Juarez http://mx.groups.yahoo.com/group/ GSLCJ Colima UNICO http://usuarios.lycos.es/linuxcolima Mexico See site for more details Grupo de Usuarios Linux ITESM CEM http://linux.cem.itesm.mx Nayarit See site for more details Grupo Nayarit de Usuarios de Linux http://www.gnul.org Hermosillo Grupo de usuarios de Linux del Pitic http://www.gulp.org.mx Regina Linux Operating System Users of Regina http://www.losurs.org Hermosillo, Guaymas, Obregon ANCrae.ORG http://www.ancrae.org Saskatoon Saskatoon Linux Group http://www.slg.org Iguala Grupo de Usuarios de Linux del Estado de Guerrero http://guerrero.linux.org.mx SIAST Wascana Campus Linux/Open Source Users of Regina, Sask. http://www.losurs.org Mexico City GUL Grupo de Usuarios de Linux UPIICSA http://linux.librosyarte.com.mx Nuevo Leon See site for more details Grupo de Usuarios de GNU/Linux de Monterrey http://www.gnulinux.org.mx Puebla See site for more details Grupo de Usuarios de Linux en Puebla http://www.linuxpuebla.org About LUGs St. John's St. John's Linux Users Group http://www.slug.nf.net In order for the Linux movement to continue to flourish, the St. John's St. John's Linux Users Group http://www.cs.mun.ca/~slug/ proliferation and success of local LUGs is an absolute requirement. Nova Scotia Because of the unique status of Linux, the local LUG must provide Canada Halifax Nova Scotia Linux Users Group http://www.nslug.ns.ca some of the same functions that a “regional office” provides for large Alberta Ontario computer corporations like IBM, Microsoft, or Sun. LUGs can and must Calgary Calgary Linux Users Group http://calgary.linux.ca Gravenhurst and Sudbury Northern Ontario Linux Users Group http://www.freewebs.com/nolug train, support, and educate Linux users, coordinate Linux Lethbridge Lethbridge LUG http://llug.linux.ab.ca Wetaskiwin The Wetaskiwin Users Group http://www3.telus.net/WetaskiwinLUG British Columbia as a liaison to local media outlets like newspapers and television. Kingston Kingston Linux Users Group http://www.klug.on.ca Kitchener KWLUG http://www.kwlug.org Tri-Cities, WA Tri-Cities Linux User Group http://www.3clug.org Duncan Cowichan Valley Linux Users Group http://www.cowlug.org London Western Linux User Group http://www.westernlug.org Vancouver, WA VWLUG http://www.basichelp.com/linux Kamloops KamLUG http://lug.kamloops.net Ottawa Ottawa Canada Linux Users Group http://www.oclug.on.ca Whidbey Island, WA Whidbey LUG http://www.wlug.net Kelowna Kelowna Linux User Group http://oklug.hwy97.com Owen Sound Bruce-Grey Linux Users Group http://bglug.8m.com www.LinuxWorld.com consultants, advocate Linux as a computing solution, and even serve Hamilton Hamilton Linux User Group http://hlug.mohawkc.on.ca If your group isn’t included in our list, please e-mail [email protected] SOURCE HTTP://WWW.LINUX.ORG/GROUPS 95 PREMIER 2003 As Linux is moving in everywhere within enterprise computing – in embedded solutions, on the desktop, in distributed applications, and on mainframes – NEWS Linus Urges Enterprise Users of Linux: ‘Get Started Bug-Testing on the 2.6test Beta Release’ The Linux community has begun the race to get 2.6 ready as a production kernel, and in a meeting room below the main floor of the Mandalay Bay Convention Center in Las Vegas last month, LinuxWorld Magazine was present to see Linux history being both made and discussed. On the podium were gathered not just Linus Torvalds, fresh from releasing on July 13 a test release of the new 2.6 kernel – officially called “2.6test” – but also a handful of the most influential open source collaborators in the world, such as the chairman of VA Software Larry Augustin, the director of Linux International Jon “maddog” Hall, and the CTO of SuSE Linux AG Juergen Geck. The topic of the session was “The Future Linux: 2.6 and Beyond” and Torvalds was naturally called upon to open the discussion, which he did by giving a brief explanation of 2.6test. “What I released on Sunday is a first beta test,” he said. “Called 2.5 while it was a development kernel, as it has been for the last two years, it’s now – as everyone here knows – called 2.6.” “The biggest changes most people in the enterprise will notice,” Torvalds added, “will be the huge increases in scalability. There are great improvements too to the desktop experience,” – which is incidentally how Torvalds uses the kernel. “When you have a desktop that does a lot of things at the same time but you don’t even notice as a user that the machine is doing a lot of things at the same time, that’s ideal. Maybe it slows down, but it remains very smooth and you don’t even notice.” Then Torvalds made the most important point of all, directing it at the business community. “I would say to people who already use Linux, including companies: if you don’t put this new release through its paces and test it for bugs, the problems that you’ll see in the release kernel will come as a nasty surprise to you, because this is going to be the next production kernel. “So have your MIS people see what the PREMIER 2003 the Linux Business Week News Desk brings you all the latest developments. new kernel does for you under your load,” he advised, “and if there are any issues let us know and we’ll fix it for you.” Asked whether the 2.6 kernel offers expanded hardware support (e.g., for USB), Torvalds said that all the USB development has always been done under 2.5 (the development kernel), including support for a lot of host controllers and support for external devices. “Developers are working on drivers, testing them,” he said. “We’ve even back-ported these drivers to the old stable kernels, e.g., 2.5.” LinuxWorld Magazine will, of course, keep you posted on progress on the new kernel. Linux Competency Center Opens Its Doors in New York City Sybase has strengthened its ties to Linux by opening a new “Linux Competency Center” in New York City and announcing that it is expanding its alliance with Red Hat. Sybase’s entire global Linux professional services practice will now have this center as its central reference point, with its NYC location sure to fuel speculation that what Sybase wants above all is to snag the financial services firms as they migrate to Linux, which one by one – following Merrill Lynch’s lead – they seem certain to do as they seek to lower the total cost LWM Meets Sam Greenblatt... Computer Associates’ “Mr. Linux” – Passionate Mixer of Oil and Water Meeting for any length of time with the man tapped by farsighted Computer Associates CEO Sanjay Kumar to act as the Islandia, New York-based company’s open-source pathfinder and visionary is an experience that few people recently have been able to fully appreciate…and even fewer to achieve. Every hour of Greenblatt’s day and every day of his week is consumed – that is, for once, not too extreme a word – with Linux. Because CA, uniquely in Greenblatt’s view, is that rara avis, a commercial software business that has realized that open source innovation isn’t just an interesting adjunct to the commercial paradigm: it is going to be the undoing of every major player today who remains in (what he would view as) denial. “People familiar with the dynamics of commercialized computing ask me how many developers will support such-and-such a Linux solution, and I tell them, four hundred thousand – but I can’t put a name to a single one of them! “For business leaders used to even a major Linux company like Red Hat, say, having just two hundred or so developers, this leads to a certain amount of consternation,” Greenblatt reports, with a wry smile. This, he believes, is a good indicator of the gulf that exists between what he habitually refers to as “the community” (Greenblatt’s shorthand for the worldwide open source community) and the mainstream business world. But it’s a bridge across which the mainstreamers are suddenly almost falling over themselves to rush. “Linux was just ‘discovered’ this spring,” Greenblatt says. “It’s as if we’re all suddenly rock stars,” he adds, astonishedly. But it isn’t in reality astonishing to him. After all, Greenblatt has personally helped bring Linux to exactly this climax. Fired by the “rush,” the sheer exhilaration and pride he felt when he one day saw his own code, in his most active programming days, being used in a high-profile commercial context by a national retail bank chain, Sam Greenblatt vowed to do his utmost – whenever the opportunity presented itself – to expand the overall number of talented developers who could experience such a rush. Open source innovation being unleashed in the world of real-world business is a vision that still excites him just as much today as it did when he accepted Sanjay Kumar’s invitation to head up, for CA, what is today formally called the Linux Technology Group. As CA’s senior vice president and chief architect, Greenblatt has built a tight-knit, devoted team within CA. Such are the persuasive powers of CA’s “Mr. Linux” that, for example, at a special 96 www.LinuxWorld.com AROUND THE of ownership of their information management assets. The Linux Competency Center will include expert technical resources and financial services specialists. “It also houses the capacity to test and troubleshoot Sybase products – from database to mobile and business intelligence applications – on Linux,” Dr. Raj Nathan, senior vice president and general manager of the company’s Infrastructure Platform Group, tells LWM. Nathan explains the center is going to be offering on-site support, and will include a range of hardware and software platforms from Dell, Egenera, HewlettPackard, IBM, Intel, Red Hat, and Sun. As the first vendor to deliver an enterpriseclass RDBMS on Linux, back in 1999, LINUXWORLD Sybase is well placed to extend its partnership with Red Hat, too: henceforth Sybase is to be a Red Hat Premier ISV Partner. Sybase and Red Hat will also be working together in the future on engineering development, training, and support, and the two companies will exchange technology roadmaps in order to coordinate activities. ‘Layaway Linux’ Makes Its Debut in the Marketplace Take IBM’s WebSphere Internet infrastructure software, stir in Linux, and add IBM’s own advanced Power4 microprocessor – widely acknowledged to be at least a generation ahead of competing chips – and what you have is the single software/hardware package that Big Blue believes can CA World session last month called “The Future of Linux: 2.6 and Beyond,” he was able to muster on stage not just Linus Torvalds and Jon “maddog” Hall, president of Linux International, but also Larry Augustin, president and CEO of VA Software, the Sunnyvale, California-based company he founded in 1993 as a Ph.D. student in electrical engineering at Stanford University, and also the CTO of SuSE Linux AG, Juergen Geck. Quite a lineup. Augustin is, like Greenblatt, a walking testimony to the potency of collaborative software development. He was the visionary SAM GREENBLATT behind SourceForge.net, the largest open SVP AND CHIEF source development site on the Internet. Like ARCHITECT Hall and Torvalds, he most likely has one or COMPUTER ASSOCIATES two reservations about the chalk-and-cheese, INTERNATIONAL oil-and-water mixture that CA’s Linux Technology Group is championing. Aside from this session, CA World had no fewer than 104 other sessions devoted to Linux, from “Intelligent Consolidation: Reducing Your Total Cost of Ownership Today” to “Using IT Resource Management Products on Linux.” All types of Linux implementation were discussed – embedded, desktop, distributed, and mainframe. Linux is a building to the construction of which more than 400,000 developers have brought a stone. It is a collective endeavor that, in its next phase, is 100% certain, so far as Greenblatt and his colleagues are concerned, to become the operating platform of first resort for business, leveraged by Global 1000 corporations, leading ISVs, and major platform providers on a completely worldwide basis. Linux is the product of open innovation, and it is to the successful meshing of the open-innovation model with the making of an honest profit by adding value that Greenblatt will be addressing all his considerable talents over the next 10 to 15 years – which is approximately how long it will take, he feels, to see the demise of each and every existing software giant…with the sole exception of forward-looking companies that, like CA, embrace the open-innovation model here and now. www.LinuxWorld.com 97 NEWS and will help companies improve IT performance while simultaneously containing costs. IBM has announced that its marketleading WebSphere Application Server will now support IBM eServer pSeries and iSeries machines running both Linux and the Power4 microprocessor. “This new packaging of a Linux-based application server is further evidence of how quickly the market for Linux solutions is maturing,” says LinuxWorld Magazine editor-in-chief Kevin Bedell. “It is similar to Microsoft’s decision 10 years ago to bundle Word, PowerPoint, and Excel into an ‘Office Suite’ – it looks like IBM is taking the logical next step in making Linux even easier for companies to adopt and deploy.” IBM has also announced that the WebSphere software will be included in a new offering from IBM Global Financing that will allow qualified U.S./Canadian customers to defer payments until January 2004 at no charge, or to choose special low financing rates. “Layaway Linux” makes its debut, in other words. The program applies to all IBM Software products that are purchased on a one-time charge basis. Contracts in the U.S. must be signed by September 30, and in Canada by September 15. “The new WebSphere software advances IBM’s distinction as the only company that can support customers’ use of Linux across every major server platform,” Tom Inman, vice president, IBM WebSphere Foundation and Tools, tells LWM. Whereas Microsoft Windows applications (as Inman didn’t say – but might as well have said) can only run on Intel-based servers. The marketplace, as it always does, will decide. ‘Choice in Linux Distros Is Healthy,’ Linux Experts Agree One question on everybody’s mind when they are thinking about Linux and how it will fit into the enterprise mold is whether the number of known distributions – believed to have reached approximately 130 – is helping or hurting Linux. A handful of the Linux world’s most influential activists recently gave their viewpoints on that issue at CA World in Las Vegas. LinuxWorld Magazine was there. PREMIER 2003 NEWS Juergen Geck, CTO of SuSE Linux AG, agreed that the question of whether Linux was likely to fragment, until there are 50 flavors of Linux like there were 20 to 30 flavors of Unix, is a very common one. “My take on the issue,” he said, “is that it won’t happen though because SuSE, for example, doesn’t own Linux, neither does Red Hat. Whereas Solaris exists because Sun Microsystems tries to produce a best of breed. “SuSE doesn’t benefit from deviating from 2.6,” he added. “And that’s true for all the different distro vendors.” Jon “maddog” Hall, one of the key luminaries who has helped Linux as an OS to the considerable heights it has already reached today, offered a slightly different perspective by drawing attention to the existence of LSB, the Linux Standard Base. “With 150 different Linux distros all made from the same kernel and the same libraries, what’s needed is that you have to say which ones you are going to guarantee. So the Linux Standard Base was an attempt to create a standard for every single architecture.” It was in 1997 that some of the member companies in Linux International, he explained, saw that type of a problem, the AROUND THE divergence of different distros. “So LI formed the Free Standards Group to create standards for each architecture and help binary compatibility. It recognizes that there can be innovation underneath a particular standard. The Linux Standard Base has done a very good job of specifying a standard that can then be innovated underneath of. It continues to grow and emerge, expanding the coverage, and as time goes on I hope that hardware will eventually say, for example, ‘needs Intel LSB compatible 2.5 or higher’ on it.” Linus Torvalds offered a refreshingly quirky take on the issue, maintaining the spirit of pioneering that has of course made Linux what it is. “I am a huge believer in the idea that Linux competes within itself,” he said. “That keeps everyone honest. A lot of these 130 distros are a little oddball – some are only used by Bob and his 5 friends. But that’s OK because sometimes Bob did something right and his 5 friends become 50. Then 5,000, and so on. “Clearly 130 distros is not practical for a middleware vendor,” Torvalds concluded, “so in that sense what everyone does is just to ignore most of them, and end up with just a few things. Even with the top 2 or 3, mind Linux – the Poster Boy of ‘Open Innovation’ In the Spring 2003 issue of the MIT Sloan Management Review, an assistant professor at Harvard Business School in Boston, Henry W. Chesbrough, wrote an article entitled “The Era of Open Innovation” in which he asks the sweeping question: Is innovation dead? His answer – that, actually, innovation is alive and well – makes mention of recent advances in the life sciences, including revolutionary breakthroughs in genomics and cloning. But he also brings open source software into the picture, by explaining the sea of change in the way companies generate ideas and bring them to market, which he characterizes as a shift from a model of what he calls “closed innovation” in which enterprises generate their own ideas, then develop, manufacture, market, distribute, and service those ideas to a new model, that of “open innovation.” As in many other industries, in the world of software development the internally oriented, centralized approach to R&D is becoming obsolete and instead useful knowledge is widely disseminated. New ideas must therefore be used with alacrity or they will be lost. The role of R&D extends far beyond the boundaries of the enterprise and companies must now harness outside ideas, such as those of the open source Linux community, to advance their own businesses while leveraging their internal ideas outside their current operations. That fundamental change, says Chesbrough, offers novel ways to create value – along with new opportunities to claim portions of that value. He has written a book in an attempt to provide a fuller description of the open innovation model, Open Innovation: The New Imperative for Creating and Profiting from Technology (Harvard Business Press). We suspect at LinuxWorld Magazine that it must be on many shelves in key technology strategists’ offices at companies such as IBM, HP, Oracle, Computer Associates, and the like. PREMIER 2003 98 LINUXWORLD you, folks working in the enterprise space find it confusing to have a choice. I always believe ultimately that we should think of it as being like politics. Choice in operating systems is kind of confusing. But it is better to have choice than not to have choice.” How Far Can Linux Go? LWM Asks the Experts… Linux has come far, but how much further can it go, will it go, might it go? Is there a “glass ceiling” to its reach? Linus Torvalds, Open Source Development Lab Fellow: “As to whether there’s a ‘glass ceiling’ so far as Linux is concerned, a barrier consisting of particular applications that companies require and that Linux can’t supply, I used to think there was. I used to think that operating systems only worked well for technical applications. But we passed that point so long ago with Linux that I no longer think there’s a glass ceiling. There may be a practical ceiling, where you have apps with social purpose needs. The point of OS is to have people come together.” Sam Greenblatt, SVP and Chief Architect, Computer Associates International: “If there is a limit, we haven’t seen it yet. When I see Linux running both a PlayStation and an automobile, and on some of the largest institutions in the world like Shell Oil, I don’t know where it’s going to end. There’s no ceiling, and no floor either. We now have Linux on cellphones as well as Linux on six of the top ten largest supercomputers on Earth. Success breeds success, and Linux breeds Linux.” Michael Evans, VP Channel Sales & Development, Red Hat: “I have a friend who is CTO of a tech company and his job involves talking to large business customers on a daily basis. Twelve months ago he would ‘pitch’ Linux, because that was an objective of the company. Now he is still doing the same thing, but the first question he is being asked now, before he even thinks of pitching anyone, is ‘What is your Linux story? How can you help us get to Linux faster?’” www.LinuxWorld.com That’s why Ximian® created Red Carpet™ Enterprise™, the secure and centralized solution for enterprise software management you deploy completely behind your corporate firewall. It slashes your company's total cost of ownership by automating software updating and version control for Linux servers and desktops. Use it with leading Linux distributions like Red Hat, SuSE, Mandrake, Debian and more. Red Carpet Enterprise will change the way you look at Linux. Learn more. Get your free copy of "Linux Software Management 2003" at www.ximian.com/information/mgmt3 Ximian is a registered trademark and Red Carpet and Enterprise are trademarks of Ximian, Inc. © 2003 All rights reserved. Enabling Enabling Enterprise Enterprise Linux Linux the Linux solution for all sizes Linux solutions that reduce IT complexity, Linux — powering the growth of your business. Call 1-888-hplinux to speak with an HP Linux specialist now, or visit www.hp.com/linux. increase agility, and deliver security all backed by 24x7 HP support services. Whatever your IT needs and size, HP has a Linux solution customized to your needs.
