Likewise Blog
0
Congratulations to team Ubuntu who today shipped Lucid Lynx Desktop and Server editions. As many of you know Likewise Open 5.4 ships as part of Lucid Lynx. We’ve worked on a number of customer projects with the Canonical team and we continue to see growth of the Linux platform in all areas of the enterprise.
I frequently get asked about the state of affairs in the Linux world both relative to the platform vendors and relative to the degree of penetration of Linux as a desktop and server platform.
I’ll focus briefly on the Linux desktop. There are three types of Linux desktop projects that I’ve observed:
The Technical workstation. Often engineers, sometimes former Solaris, HP/UX, and AIX users, have also spent time with Windows before moving to Linux. What Linux variants? We’ve seen it all: RHEL, SLED, Ubuntu are all represented; we also see Debian, CentOS, and Fedora. This group of users are almost always unabashedly enthusiastic about using Linux and have talked to me at length about the virtues of Linux as a viable desktop platform.
The Single Task Worker. Usage includes vertical markets such as call centers, manufacturing, and retail. Usually multiple workers share a single computer and the security settings as managed by the company are fairly restrictive. I have spoken to users on several of these projects that were unaware of the details of the underlying operating system. Their interest was usually in the application that they use to accomplish their job instead of the platform itself.
The Information Worker. Linux is clearly not a mainstream platform for the information worker today. There is, however, a non-trivial number of early adopter organizations that are experimenting with new platforms and hosted applications in a way that is quite different than the dominant paradigm today — Microsoft Windows + Office. Many of the interesting projects that I’ve seen involve desktop virtualization. Some organizations are experimenting with allowing users to choose whatever platform they want including Windows, Mac, and Linux while they provide a tightly controlled virtual desktop environment. There are some very interesting intersections between the desktop, virtualization, and cloud computing.
Likewise gets involved with these projects because organizations want to leverage the infrastructure they have put in place to manage their Windows desktops. Almost always this includes Active Directory both for authentication and as well as using group policy to enforce various security policies and settings. With Likewise they can bridge their Linux and Mac users directly into Active Directory.
If I look to our customer base, we usually wind up with the Linux administrator as a big Likewise fan. By using Likewise, they are able to offload authentication and account management issues to the same helpdesk that already supports the Windows desktop infrastructure. We also allow them to integrate familiar Unix tools like Sudo into Active Directory which can be a powerful and highly scalable solution. One of our customers told me this was “the best of both worlds” from her perspective. From the users point-of-view, we help organizations take a big step in the direction of single sign-on which means less complexity for the user.
Today’s complex IT environments face security and identity threats of all shapes and sizes. Many government agencies and business organizations combat these threats with stronger authentication methods. Government directives and industry regulations mandate that these organizations take appropriate measures to properly secure their IT infrastructure.
A new major component in an upcoming Likewise Enterprise release is support for two-factor authentication (T-FA or 2-FA) using smartcards, providing enhanced security for secure login using domain credentials provided by Active Directory.
Two-factor authentication is a key security process where two distinct factors are used in conjunction to authenticate a computer user. 2FA is typically the sign-on process where a computer user has to prove his/her identity with two distinct proofs, such as a password or pin (something the user knows) and a smartcard or token (something the user has).
Check out this video demonstration by Likewise CTO Manny Vellon on how two-factor authentication with a smartcard provides strong authentication for a Red Hat Enterprise Linux user.
Let us know what you think of this new feature at info@likewise.com!
Professionally speaking, the past sixteen months have been, for me, some of the most exciting at Likewise that I can remember. Today was the culmination of the combined effort of our entire engineering team as we announced that Likewise-CIFS is the integrated SMB/CIFS solution for Windows client support on some Hewlett-Packard StorageWorks products.
What makes this announcement special to me personally is not the fact that a major vendor has chosen Likewise; we’ve already established ourselves in the AD authentication bridge space with companies such as Isilon, DataDomain/EMC, VMware, and Citrix. What makes the HP announcement particularly meaningful to me is my personal involvement in the HP partnership. Over the past several months I’ve gone through all the daily status meetings, bug triages, late night debugging sessions, and the general things that go with enterprise scale software development. Having worked at HP prior to coming to Likewise in 2005, I’m glad to see company endeavors succeed, particularly now that I have new friends amongst HP engineers.
Milestones like this announcement are good times to review where we’ve been and where we plan to move towards in the future. In January 2009, Likewise began an initiative that would become Likewise-CIFS, the SMB/CIFS file server component of the Likewise Open project. Even though I’ve worked on another SMB server in the past, Likewise-CIFS was really a brand new start. The server’s multi-threaded architecture and modular components allowed us to parallelize much of the initial work, which was extremely important because the entire file server was being written from scratch.
To fully appreciate the difference between where we started in January 2009 and where we are now in April 2010, it’s best to examine the heart of Likewise Open–the code itself. A quick glance at the repository from git://git.likewiseopen.org/likewise-open shows around 6800 commits. That means that over the 337 working days (discounting weekends but including holidays) in the last 16 months the project has averaged about 20 commits per day. Of course commits in and of themselves do not necessarily equate with improvement. How many of the 6.8K commits added new code and new value? Looking strictly at new components, we can conservatively say that a minimum of over 360,000 lines of new, handwritten C code has been added. That doesn’t even include the 130,000 lines of C# code included in the Likewise Management Console that was made available under the LGPL last year.
If you aren’t a programmer, these numbers probably contain little meaning. In that case, let’s talk about features. In the past year, the following is a list of some of the new things that have been added to Likewise-CIFS:
- A complete SMBv1 implementation compatible with Microsoft Windows 2000 and later clients as well as Apple’s OS X 10.5+ and Linux desktops
- SMBv2.0 when serving Windows Vista/7/2008 clients
- Zero Copy support in the SMB server for faster reads and writes
- Scalability up to 50,000 connections on modest commodity hardware
- A GSSAPI NTLM mechanism for application developers desiring to integrate in Windows authentication frameworks
- A user space file system driver implementing Windows compatible byte range locks, opportunistic locks, share modes, security descriptors, and change notification.
- Server-side support for named pipes (necessary for integration with Windows RPC services)
- Privileged user management via the Likewise Security Authority’s (lsassd) local provider
- Managing all Likewise services from a central service control interface
- Central configuration management using the Likewise Registry
All this describes the road we have traveled thus far. What about our future plans? Will the next twelve months be as exciting as the past sixteen? I believe so and here’s why. There’s several what I call “point” features still remaining for the file server. Things like Distributed File System (DFS) support and consolidation roots, Access Based Enumeration (ABE), Shadow Copies, and Alternative Data Streams (ADS) are isolated, individual features with a high degree of end user visibility.
But these are really just enhancements. What broad initiatives do we have in play for the coming year that would match the scale of writing a new SMB file server from scratch? We have several ideas already in discussion which I hope to be able to share in the coming months. But sufficient to say that our path forward is to continue to build upon the Likewise Open platform base that we’ve put into play. The way forward is up–to build upon the foundation already laid.
Likewise Open & Likewise Enterprise can now use the Kerberos 5 credentials you receive when you login to your Windows desktop. These credentials streamline your work flow by allowing you to access network shares and printers across your environment without prompting you for your username and password. This is often referred to as “seamless single-sign on”.
Previously at Likewise we have linked to a third-party compiled PuTTY–a SSH client for Windows–as a way to use your Kerberos 5 credentials. Unfortunately, this version was old and had incomplete support for the Kerberos 5 standard.
We now have our own version of PuTTY that includes complete Kerberos 5 (GSSAPI) support allowing seamless single sign-on to Linux and Unix machines. You can now access your Linux and Unix resources via SSH just as easily as accessing a Windows file server or printer in your enterprise. We have tested this version of PuTTY against our supported platforms and can validate that it works seamlessly with both Likewise Open and Likewise Enterprise 5.3.
Download the Likewise version of PuTTY to start accessing your Linux and Unix servers via SSH using SSO today.
Back to top