January 23, 2021 | 21:43

Overthinking: Linux in Business

I have a tendency to overthink things. I get an idea in my head that takes me down a rabbit hole for much too long, and I just keep trying to figure out the issue and maybe a solution. This month’s thought is using Linux in a business setting.

I’m specifically talking about desktops: users in chairs, glued to monitors, getting on with work.

Most MSPs (by that I mean companies that managed IT for clients) are Windows-centric. They set up Windows servers running Active Directory and industry software and deploy Windows desktops to users. This is the norm for most MSPs.

That and being pretty terrible at networking. I just wish they would hire a proper network engineer.

So Windows is the standard. That’s what users know. But, I don’t think it needs to be that way. My history is in telecom. I’ve moved a lot of users from old key and digital phone systems to more modern VoIP systems. They can be stubborn at first (because humans are pretty bad at change), but really they just want to get work done. If given the tools and proper instruction, they’ll use whatever you hand them. Work needs to get done and they need a paycheck.

So how do we make that happen? What hurdles need to be leapt over with such great force that we redirect a standard of modern business? Here’s what I think:

1. We need user authentication and device management.

So hear me out. Ansible is fantastic. One of my favorite configuration management tools. So is Puppet, Chef, and Saltstack. They absolutely get the job done. That job is treating servers like cattle. You turn a server on, point your config manager to it (or get an agent installed), and everything is automated from there. Bingpot!

Managing desktops is similar, but with one caveat. Users that have little clue about what they are doing are going to be using these machines. It’s like giving each of your cattle a herding dog that only vaguely knows which way a cattle is supposed to go.

Users are going to touch things and change things and click on things and download things. Things happen, they’ll find a magical new way to be confused or run into an issue, and you’ll need to manage that.

Windows has device management built in. Whether through Windows Server or through Intune, it’s built in and mostly does what it says on the tin. You can enforce settings, set security rules, and define applications that must, can, or cannot be installed.

Linux can do this to, but that normally means configuring a dozen separate pieces and getting them to work together. Fortuantely, that’s being worked on by two groups.

The first is Zorin Group. They build Zorin OS, a Linux Distro built to make the transition to Linux from proprietary OSs easy (yes, another one). They provide several UI themes meant to replicate popular systems such as Windows, Mac OS, and Ubuntu. They also build in Wine so you can more readily use Windows apps that you need for business.

At the request of their larger clients, they are working on a new component called Zorin Grid. Zorin Grid is a tool to manage Zorin OS computers as a group. Enforcing settings, apps, and security measures much as an IT person would in a Windows environment. The promise is there, but details are sparse. I assuem that the agent would be built into Zorin OS and activated on demand. They don’t explain how that would work, or how user authentication would operate.

The second option is developed by OpenSUSE. Their project Uyuni is a fork of Red Hat’s Spacewalk and the upstream project for SUSE Manage. This is a product that can be used today, and handles the complete lifecycle of every Linux machine whether server or desktop.

It starts with image management using openSUSE’s Kiwi build system. This allows you to build bare metal, virtual, and container images to be deployed and managed with Uyuni. After your system is up and running, you can run configuraiton tasks against it using Saltstack and monitor it with Prometheus. Surprisingly, they support a large number of Linux distros beyond SUSE’s own enterprise and open options.

The component they don’t mention is end user authentication. My assumption is that they use LDAP and sssd to handle device log ins. Which is a good start, but with the IT world moving to the cloud developers should investigate including SAML and OAuth modules to sssd. This would give auth powers to users running Microsoft365, Google G Suite, and Zoho One. How would that work? I have no idea. I’m not remotely smart enough to know where to start.

2. Where all my business apps at?

There are so many distributions of Linux. So many. They run different package managers and desktop environments and app stores and it’s so complicated. We don’t need yet another UI becuase you don’t like where Gnome is going. We domn’t need 3 different package formats for distributing software (AppImage, Snap, and Flatpak).

I wish all those developers and maintainers would instead focus on end user software. I know. I get it. Business apps are boring, but we need that Linux take on Visio, Quickbooks, Illustrator, etc. We need the boring apps so businesses can keep running. And even better, our config and software packaging is light years beyond anything Windows has. We won’t havce to deal with licensing as much, but when we do, it’s a matter of adding an extra task to the config tool.

Also, the basics are taken care. Evolution is a pretty good Outlook replacement (though it would be nice to have a Qt equivalent), and LibreOffice is clunky but does what it claims (in its defense, Microsoft Office is also clunky).

Here are a few apps that would make Linux an easier sell for businesses:

  • A diagram tool that’s compatible with Visio
  • A real honest to goodness PDF editor (something close to on par with Acrobat Pro)
  • A drop in replacement for Photoshop, Illustrator, and InDesign. The current FOSS options are not professional enough, and this would be an easy fix if Affinity would port their apps to Linux.
  • An email app with close to perfect support for Microsoft 365 and Google G Suite. Hiri is very close to being an great option, but the UI is so different that it would be a hard sell.

3. Industry-specific software and line-of-business apps.

This, this right here is the toughest nut to crack. The other problems above are easily fixed with good documentation and developer support.

In most small businesses today run on software. For many of them, they run software specific to their industry. Dental management, beauty salon management, bookstore POS, and the list goes on and on. So many companies serve the needs of a very narrow selection of clients, and it works great for them! And they write their software on Windows. The only way to challenge that and get those clients over to Linux is to write competing software. Which is easier said than done. Most of these industry softwares are poorly written and clunky, but they got there first and a new FOSS company claiming that their software is on par with the incumbent (even if better written) is a hard sell.

And if that weren’t enough, an even bigger roadblock is line of business apps. These aren’t the kinds of software you buy from a company and hand out. It’s the in-house stuff written by guys that fancy themselves developers. They’re Windows IT guys and they’re going to write Windows programs to keep supporting the Windows users. These seemingly inocuous applications often have humble origins and eventually balloon to become critical pieces of software that cannot change and cannot be replaced. Often because the persona that wrote it originally has left and no one understands how it works, but it works.

And I’ll be frank, I don’t have the solution for them. Industry software can be pushed by sales folks that are good at their job, but line of business apps are that secret trap that cannot be dodged.