Oil and Water?
It’s been an interesting week for Interop inside the lab – we’re running an IPSEC interoperability project to test Fedora, OpenSUSE, RHEL, SLES, Ubuntu, and Mandriva with Windows Networking technology, and ran interviews both with the IDMU (Identity Management for Unix) Program Manager and with Paul Moore, CTO of Centrify.
Today I spoke with Jeremy Moskowitz, a Windows/Linux interoperability expert, to get his take on some of the recurring challenges in starting interop projects and why it matters. He’s done a lot of work on the topic of group policy, and writes books and teaches on-site classes for IT professionals.
Sam: What's the main thing that you find people don’t understand about Windows/Linux interop?
Jeremy: People often don’t realize how many points of contact between the two systems you can actually interoperate. I wrote a book with Thomas Boutell, and in 10 chapters we isolated 8 points, including desktop, applications, email, networking and authentication.
Sam: Authentication is an interesting topic – what do you lay out as the main approaches here?
Jeremy: There are a lot of different approaches. For example, if it’s a “mostly Linux” shop that needs to integrate a couple of Windows machines, you’d use OpenLDAP. If it’s a mixed Windows and Linux/Unix shop running Active Directory, integrate Linux & Unix systems as Windows clients.
Sam: Do you cover that in the book? Are you using IDMU to run a Windows NIS master?
Jeremy: When we wrote the book, Win2K3 R2 hadn’t shipped and SFU was a separate application. We decided to write a chapter on updated procedures for Win2K3 R2 as a download from www.winlinanswers.com. It should be available in May, so check back often.
Sam: What do you usually see as the main obstacle in IT shops to do Windows and Linux integration?
Jeremy: Windows and Linux guys in a given company don't talk much – they usually only meet up playing softball on opposite teams at the company picnic.
Sam: Sounds like some cultural interop issues?
Jeremy: There has historically been a religion problem which causes problems in doing these things. I'm a pragmatist - I have Windows running a bunch of systems but my website runs on LAMP. I needed a great web designer and a site he could maintain, and what he knew was PHP.
Sam: What's one great thing people will get out of reading your book?
Jeremy: When I gave my session on interop at LinuxWorld, I asked the audience of about 70 people: “Who here is running Exchange?” 60 people raised their hands. I said, “Keep your hands up. Now drop your hand if you're planning on walking away from your Exchange infrastructure and just to have something that runs on Linux.” One person dropped their hand. Exchange is here and people need to manage it.
So the question is, “How do we use Linux to manage the exchange environment?” In the book we detail an approach that uses a front end Linux server that will, for free, scrub email, scan for viruses, and verify the delivery address for routing across backend mail servers (Exchange, sendmail, etc). You offload things that typically run on the Exchange server and bog it down. By using a Linux box to front-end Exchange, you get more horsepower out of your Exchange server so that you get better performance for what you're paying for.
You can see Jeremy’s new site at http://www.winlinanswers.com, or see other stuff he’s done at http://www.moskowitz-inc.com Jeremy will be answering comments on this thread, so if you have some tough questions about AD interop, OpenLDAP, Samba 3.0, SFU, or related topics, this is the place to ask.
Cheers,
Sam