CAS18543

Migration from a Windows Environment to a SUSE® Linux Enterprise based InfrastructureLiberty Christian School

Don VosburgSystems Engineer

dvosburg@suse.com

don.vosburg@libertyonline.org

2

Who is Liberty Christian School?

• Private school located in Anderson, IN, USA

• Established 1976

• About 600 students in preK-12

• Two campuses - Elementary and MS/HS

The “before” picture

4

LCS Technology Summary - 2009

• ~100 PC’s, 40% running Windows XP Home

• No Classroom accessible PC’s or Laptops

• Two low-end Dell servers hosting files– Each with a single desktop-class 250GB hard drive– All users with all rights to all shares

• No imaging - all software individually installed on any PC as needed

• Self-hosted proprietary email solution with no effective spam filtering

5

LCS Network Summary in 2009

• Wireless point-point connection between schools unreliable, slow (2 miles apart)

• Single IP addressed, flat Class C network, causing excess broadcast traffic, limited devices

• Low-end Linksys firewall at edge of a single Internet connection, limited flexibility and monitoring

• No connections faster than 100Mbps

6

LCS User technology - 2009

• No centralized domain – Each user defined on the computer(s) they might use– No centralized printer administration or definition store

• One student desktop lab in each building, no student access beyond that

• No internally managed DNS – local host access defined on each PC by IP address

• Proprietary content filter over-blocking, rendering Internet usage not worth the wait

Creating a better infrastructure

8

Infrastructure on SUSE Linux Enterprise Server

• SUSE Linux Enterprise standardized throughout– Consistent enterprise-grade linux– Both SUSE Linux Enterprise Server 11 and 12– Hosting bind DNS for internal name resolution

• Samba/openLDAP domain– LDAP mirrored between facilities– Apache Directory Suite to view/manage LDAP– Samba 3 style domain– Logon script for group-based drive mapping– Documents redirected to network home– Centralized printer and driver management– Windows 7, 8.1, 10 client machines– Users added/managed with YaST

9

• KVM virtualization– added to allow more flexibility and hardware

independence– Live migration key to staying current– Hosting Linux, Windows, and FreeBSD

• iSCSI Storage– SAS drives in a standard server

• Linux HA– OCFS2 Clustered file system, hosting KVM virtual

machines– Clustered web server in each school– VM’s managed by the cluster– One node can be lost and facility runs as normal

Infrastructure on SUSE Linux Enterprise Server

10

Clonezilla imaging• Golden images of Windows machines

– Applications loaded based on function– Modified for our environment with registry and policy

changes• DRBL server in each building

– Running on Ubuntu LTS– Multicast image deployment

• Clonezilla USB for more portable imaging– Parted Magic USB stick for launching clonezilla or

gparted

11

Network infrastructure with pfSense

• FreeBSD based networking software– Deployed on standard hardware or VM

• Class B 10.X.X.X/16 net in each building• Two pfSense routers across leased fiber• Firewall enabling hundreds of outbound connections• Integrated filtering with squid/squidguard• Excellent web interface• Annotated rules• NAT mapping to allow remote access for faculty/staff• DHCP servers for each facility• Two firewalls, each running as a clustered 64-bit VM

12

Additional solutions at LCS

• Leased 100mbps fiber between campuses ($)• Google Apps for Education

– 3000 available accounts– Unlimited storage for each account– GADS - synched with LDAP

• Microsoft Volume Licensing ($)– For Windows desktops and Office

• Ninite ($)– Manage deployment/updates for flash, java, PDF reader,

VLC Media player, etc.

• Freshdesk helpdesk software• PowerSchool ($) School Information System

– Runs on its own “appliance”

13

Hardware choices

• Use Ebay for commodity hardware– Average desktop costs ~$100 per unit

– Standardized on Dell, HP, Lenovo enterprise PC’s

– Server costs kept low - ~$400– Augment with memory upgrades, disk, NIC’s we install

ourselves– GB interfaces added to switches

• Netgear ProSafe networking hardware– Managed GB switches– Managed wireless AP’s

• Multiple 1500kva UPS’s• Recycle older technology

14

Network Diagram (created in Dia)

Screenshots of Admin tools

16

Cluster View

• First-level bullet (24pt)– Second-level bullet (20pt)

– Third-level bullet (16pt)

– Fourth-level bullet (14pt)

17

Firewall view

18

Monitoring Console - Icinga2

19

Zmanda Backup

20

Thank you.

Live Look at the network

Network today

22

Open Source solutions at LCS• SUSE Linux Enterprise standardized throughout• bind DNS server• KVM virtualization • Samba/openLDAP domain• Linux HA clustering• Imaging with Clonezilla and Parted Magic• Firewall, content filter (squidguard), DHCP, routing with

pfSense • Icinga2 monitoring/notification server• Amanda network backup• UltraVNC remote control

23

LCS Technology Today

• Student Google accounts from grade 5-12• 500 Chromebooks, 50 laptops, 150 desktops• Centralized domain synced with Google Apps• Clustered servers, centralized storage,

– virtualization with cluster-managed live migration

• Business-class Internet connections in each facility, managed by clustered VM’s

• Content filtering that is fast and minimally intrusive• Network monitoring/notification for all servers and

network devices and services• Student team working on major projects during

breaks

24

Featured in News

25

Thank you.

Any questions?

Unpublished Work of SUSE. All Rights Reserved.This work is an unpublished work and contains confidential, proprietary, and trade secret information of SUSE. Access to this work is restricted to SUSE employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of SUSE. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.

General DisclaimerThis document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. SUSE makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for SUSE products remains at the sole discretion of SUSE. Further, SUSE reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All SUSE marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.