Ramblings from another nerd on the grid
We’re a little over halfway done with the Interop Road Show I helped create. Last week Matt Hester did a simulcast of the live event from Chicago. Although he did a great job, I wanted to capture the demos with Camtasia v6.0.2 and provide some high quality audio and video of the demos, so here they are.
A Party of Protocols
There are a number of ways to invite Linux, UNIX, and OS X to the Windows Server Active Directory party. The operating systems we use today will interoperate in many ways because each includes some level of common protocol support. Support for HTTP is an obvious protocol they all share. SMB is also commonly used for access to Windows file system shares. In the UNIX world, NFS ruled the ether for years. Thankfully directory and security protocols like LDAP and Kerberos have also become common in the desktop and server operating systems.
There are pros and cons to any approach to integrating heterogeneous environments. Usually this means there will be tradeoffs on functionality. Thankfully, there is a robust market out there to lower the number of tradeoffs and attempt to provide near seamless coexistence and integration.
For those of you that get TechNet Magazine, you probably noticed the December 2008 issue devoted to this subject. You also probably noticed it isn’t necessarily trivial to do everything you might set out to accomplish. As Matt likes to say, get some sleep, get up early, and eat your Nerdflakes because you are going to need them.
I shopped the partner market. I wanted to see if there were some products you should consider that ease the pain. There are and you should by all means evaluate the products from Centrify, Quest, Likewise and others. You’ll notice I am using Centrify DirectControl.
The main reason for that is simple. Linux, OS X and UNIX and Windows include support for authentication, directories and file sharing. That capability is built into the OS. However, if you want to do desktop management, you really need help from an additional set of agents and code. You’ll see what I mean in demo number three below.
Adding SUSE Linux to Active Directory (AD)
In the video just below, we are going to add a SLED 10 SP2 virtual machine to the contoso.com domain. We’ll first check and verify the vm is able to find the domain controllers and that we have good connectivity. Then we’ll join the domain and reboot the vm. Check it out.
Now that our workstation vm is a citizen of the contoso.com domain, we can start doing the stuff that would be a normal next step. For instance, we would want to verify user principals from AD can login on the Linux machine and use it. We would also want to check the security model and verify share and file permissions are working as expected. Checkout this next video on that subject.
Bow to Group Policy
Now that we can see networking, authentication and security is working properly, we can start to take advantage of the management infrastructure. For this demo, we are going to make a simple change to the SLED 10 SP2 GNOME settings to verify Group Policy Object (GPO) settings are flowing from Windows to Linux.
There is obviously a lot more to this subject, but as you can see, interoperability between Windows Server 2008 and a number of other server and desktop operating systems is quite good. You can do this the easy way, or you can do it the not so easy way. It’s really going to depend on your needs. If you have no need for desktop management via group policies, then you should investigate the native integration possibilities. If you have more advanced management needs to get the wild wild west tamed, then I would highly recommend looking at the partner tools.
FYI, if you are looking for the demos for session 2 and session 3, go checkout http://blogs.technet.com/keithcombs/archive/2008/12/17/running-lamp-on-windows-server-2008-webcast-and-screencasts-now-available.aspx.
Although the demos we do in the live event are slightly different, this will give you a pretty good overview of how open source software runs on Windows Server 2008.
We've improved matters quite a lot since December, so be sure to checkout the web platform installer at http://www.microsoft.com/web/downloads/platform.aspx. It certainly simplifies all of the manual steps you see me do in the screencasts.
And for those of you that want to download the videos and watch offlline, right mouse click the following links then use the "SAVE AS" menu item to save locally. Enjoy.
Thanks for showing such a detail level demonstration of how Centrify DirectControl can integrate Linux with Active Directory; it is ironic to see a Microsoft person demo'ing SUSE :)
What about the other way around? Would it be possible to have a Linux machine as a DC with Windows clients? I'm not talking about a Samba server but a real DC with AD and Group Policies.