Monday, April 7, 2014

[infosecinstitute] How to Migrate an Entire Office from Windows to Linux

More and more, small, medium, and even large businesses are migrating from Microsoft products. Many of them are ridding themselves of Microsoft completely.

If you were to ask those IT departments why, they’ll give you a number of different reasons.
A motivating factor for many businesses is how the Linux kernel is much more secure than Microsoft’s Windows NT kernel. That’s not just because a lot more malware targets Windows client and server editions. It’s also because the Linux kernel, a derivative of the Unix kernel, was built for multiuser environments from the very beginning. It’s certainly possible to crack a machine that uses the root authentication system, but it’s way more difficult.
Some of those businesses deal with sensitive data, such as those in the medical or financial fields.
But even businesses in less data-sensitive industries would prefer their clients and servers to not get infected by malware and not get cracked, because even a little bit of downtime can be expensive.
It doesn’t help that Microsoft spies on user activity when default settings in Windows XP, Vista, 7, 8, Server 2003, 2008 and 2012 aren’t changed.
Another motivating factor for many businesses is expense. Microsoft product licensing fees vary greatly according to which software packages are purchased, and for how many clients and servers. But the Linux-based alternatives to Microsoft products, from OSes, to servers, to productivity applications and more, are often completely free of charge, and legally so.
As of this writing, the most popular Linux distro in the server room, Red Hat, is still free of charge for the OS installs. Red Hat makes their money mainly with commercial client support. But when businesses use Red Hat and pay them for support, they still find it’s much more affordable than the equivalent in software licenses from Microsoft.
And the money saved goes beyond sticker prices.
Linux-based OSes seldom need rebooting during patching, or other procedures. Microsoft OSes usually need rebooting to apply updates and system changes. A lot less rebooting means a lot less downtime, and in business, time is money.
IT professionals with extensive experience with both Microsoft products and Linux can vouch for how Linux computing is a lot more stable.
There are a lot of reasons for that. But a major one is the structure of their respective file systems.
Each new version of NTFS fragments less than previous versions. Still, the default file systems used in the Linux world, such as ext4, rearrange file fragments dynamically. So, fragmentation is pretty much unheard of.
When I run a defrag on a Windows client or server, even in the latest OSes with impressive hardware specs, I always leave the machines to defrag before I generate any further user input. I’ve learned from experience that if I try to do anything with those machines, beyond interfacing with daemons that use very little memory and few CPU cycles, I’m going to be very frustrated with the speed, to say the least.
So, using file systems that don’t require defragmentation also saves a lot of time. And time is money!
When Microsoft started to insist on the Metro/Modern UI in Windows 8 and Server 2012, many sysadmins were pissed off. Yeah, you can still pull up cmd.exe in Server 2012. But it takes more steps, and it’s not intuitive to launch the command line in the new GUI. And for many of the functions sysadmins and network admins would do in a GUI, many find it takes them longer, even once they’ve become very familiar with Metro/Modern, its “hot corners”, and its keyboard shortcuts.
Sure, Windows 7 and Server 2008 and earlier use GUIs we’ve become accustomed to, which are more intuitive, and not optimized for touchscreen. But at some point, Microsoft is going to stop supporting those OSes.
For other services, such as email and productivity, Microsoft is now starting a big push for SaaS (software as a service.) Businesses usually would prefer to be able to buy software outright, because it’s more convenient and saves them money in the long run.
So, it’s time to say a kind “no thank you” to Microsoft salespeople. Your business can do that, no matter what its size. I’ll explain how.
Step One: Take a Hardware Inventory
Create a list of the hardware your clients and servers use, and categorize everything. The particular CPUs and memory types aren’t important for x86 Linux compatibility. But how powerful the CPUs are, and how much memory those machines have, are important when choosing Linux distros and software packages. And 64-bit machines should preferably be running 64-bit OSes.
Standard USB or PS/2 mice and keyboards usually don’t need any special drivers, they’re plug-and-play in the Linux world.
Compatibility concerns are usually for very specialized hardware, or expansion bus devices such as graphics cards.
Because NVIDIA is a member of the Linux Foundation, recent NVIDIA graphics cards usually have native Linux drivers. You’ll have a lot less luck with their AMD/ATI counterparts. If you were to replace any AMD graphics cards with their machine compatible NVIDIA equivalents, you’ll probably still save a lot of money if that’s what you need to do to migrate to Linux.
With any hardware components though, it’s best to verify if they have Linux drivers, and for which distros.http://www.linux-drivers.org/ is an excellent resource you can use.
Cisco hardware usually supports Linux OSes out of the box. Go to Cisco’s website to double check for specific Cisco networking devices.
Step Two: Take a Software Inventory
Which applications and software functions must be used in your business? Make a list.
Windows software, for most functions, have Linux-compatible equivalents, both open source and proprietary.
I will list many of the major Linux equivalents for Microsoft and third-party Windows software. If you find there’s a specialized application you need that only runs in Windows, it’s highly possible that you can run it in Wine, especially if it’s client-side and doesn’t require Direct X. Wine isn’t virtualization, it’s a Windows emulation layer. Visithttp://www.winehq.org/, where there’s extensive information about which Linux and Unix distros can run Wine, and which Windows applications run well in Wine.
For productivity, you’ll find that you can easily replace the Microsoft Office suite with the LibreOffice suite. Writer substitutes Word, and can open and create .doc and .docx files, even the most recent versions. Calc replaces Excel, with similar full .xls and .xlsx support. Impress replaces Powerpoint, and native Powerpoint slideshows and presentations are also fully compatible. There’s also Draw for diagrams, and Math for non-spreadsheet calculations. And my colleagues have had no problem with importing Access databases into Base.
There are a multitude of Linux email clients which have most or all of the features of Microsoft Outlook, depending on the version of Outlook you’re comparing particular Linux email clients to. Mozilla Thunderbird is among the most popular. Yes, Mozilla, the developers of Firefox.
If you use a Microsoft Exchange server, that’s a little trickier. But it’s possible to leave Exchange behind, and not miss anything! Zimbra, Kolab and Citadel are some well-established Exchange substitutes. And now there’s an Exchange substitute that developers say is 100% compatible. Zentyal was launched in October 2013. It can run either as a standalone OS, or in Ubuntu Server. You can start a free trial of Zentyal to see if it works for your business before you decide to buy it. You can also get full information and support from Zentyal’s website at http://www.zentyal.org/ A few Exchange substitutes support many Sharepoint features, as well. It’d be worthwile to do your research.
If your business does graphic design, you’ll probably find that GIMP works great as a full-featured substitute to Adobe Photoshop. Photoshop proprietary files, brushes and filters can usually be used in GIMP with no problems. If your graphic designers really prefer Photoshop’s GUI, GIMPshop replicates the interface to a T. GIMP and GIMPshop are supported by most Linux distros.
If you run web servers, why are you still using IIS instead of Apache? I’ve done web development since the mid-1990s, and I’ve also penetration tested websites and services. There are way more IIS vulnerabilities than Apache vulnerabilities.
As far as web development is concerned, there are many impressive substitutes to Adobe Dreamweaver. Komodo, Bluefish, and Eclipse are a few.
Of course, if you use popular PHP on MySQL CMSes like WordPress, OS compatibility isn’t an issue, because their backends typically run in web browsers.
Most of the best open source and proprietary web browsers run natively in Linux, such as Firefox, Opera and Chromium, the open source version of Google Chrome.
For FTP file transfer and file server management, FileZilla is my favorite client, but there are many others, too.
Linux is less prone to malware. Still, malware can infect any platform that gets outside data from anywhere, either off of a network like the Internet or from removable media. ClamAV is an open source Linux antivirus shield, and I strongly recommend you run it on all of your Linux client and server machines.
Both VMWare and Oracle VirtualBox offer excellent virtualization solutions that are native to Linux. Goodbye, Hyper V!
Step Three: Take a Test Run
Red Hat and SUSE Enterprise are two of the most common Linux server distros. Client-side, Ubuntu/Debian and variants, plus Linux Mint and Fedora are all very popular.
If you need help with choosing Linux distros, http://distrowatch.com/ is my favorite resource.
When you’ve chosen your server and client-side distros, take a test run on individual machines first. Most Linux distros these days can be tried without having to install them to a hard drive or virtual machine by running a Live DVD or USB stick. Visit each distro’s website for further information.
For major Linux application substitutes, try them in a virtual machine running the distro of your choice. Also, test your various server daemons in virtualized Linux first. Run Windows applications in Wine in a virtual Linux. If you give a virtual Linux enough disk space and memory, you can test Wine seamlessly for how well it’ll run Windows applications in that distro.
During the testing process, you may find that you change your mind about which distros and applications you’ll choose. Also, you may want to see how Linux drivers work with your hardware components.
Step Four: Make Backups
Backup all crucial data and files that you need to use. Idera Server Backup is an excellent solution for backing up and restoring data as you make the move from Windows to Linux.
If you have NTFS or FAT32 partitions with only media or documents, you can clone them, and they’ll be well supported by many distros.
Step Five: Do the Move!
Order support for your new Linux server OSes whenever applicable. Then, make sure you can reserve some system downtime.
If your office operates from Monday to Friday, you can probably do the full migration during the weekend. If your office operates seven days a week, you can do the migration in a night or a few.
If your office runs 24/7, you’ll have to do the migration in stages. You may have to migrate servers one at a time, and migrate departments group by group. So, some work gets paused, but most of your business will run during the entire migration process.
Congratulations! You’ll now find that your business gains functionality and security, all while saving lots of money.
Resources
http://resources.infosecinstitute.com/migrate-entire-office-windows-linux/

No comments:

Post a Comment