Is linux ready for the enterprise?
Posted: Fri Oct 24, 2014 5:01 am
I am a long time linux user who has used it professionally as an IT Professional as well as at home. I have just finished documentation about connecting linux to a school wireless network. I thought it might be educational to consider what indications there are that linux is ready for the enterprise.
The network was using PEAP/MSCHAPv2 which are fairly windows centric but have had years of support in linux. The SSL tunnel was secured by certificates from a global CA. The proxy was being supplied by a wpad protocol. These were the results I got:
Compatibility Matrix
I guess this shows up an inherent weakness in the bazaar programming model. The developers often lack resources and generally don't live in an enterprise environment. it is hard to simulate such an environment without resources and it requires a different mindset. On this snapshot, the only one which came in trumps was Fedora with KDE. Mint 17 had fixed the phantom certificate problem but had a nasty inherited bug in NetworkManager which failed to save any proxy settings.
One thing I was extremely surprised about was Fedora with Gnome complaining that the root addtrust certificate required to authenticate the ssl 3.0 session was invalid.
If I had added in OSx, Windows and Chrome OS I would expect each to pass with flying colours. Windows it seems doesn't use PKI rather machine accounts. I hear that the OSx hack for this is to simply run a script to disable the CA Certificate. Android works well but is limited. Chrome OS works well but I haven't fully tested it. This is a reflection of the resources behind them and also that their programmers live in the enterprise.
What do you think?
Cheers Paul
The network was using PEAP/MSCHAPv2 which are fairly windows centric but have had years of support in linux. The SSL tunnel was secured by certificates from a global CA. The proxy was being supplied by a wpad protocol. These were the results I got:
Compatibility Matrix
Code: Select all
Operating System Desktop PEAP/MSCHAPv2 Certificate Proxy comment
Fedora 20 KDE Good Good Good Worked out of the box
OpenSuSE 13.1 Gnome 3 Good Good Good Worked out of the box.
Sometimes fails to save the connection so have to retry.
Android 4.4 Android 4.4 Good Good Medium Have to use hard coded manual proxy
Linux Mint 17 Cinnamon Good Good Poor had to use dconf to set proxy
Xubuntu XFCE Good Good Poor No concept of per connection system wide proxy
OpenSuSE 13.1 KDE Unknown Unknown Unknown Hang on boot on my laptop
Fedora 20 Gnome 3 unworkable unworkable Good Despite hours of trying couldn’t get it to work.
Cr OS 2.4.1290
(Chrome OS) Cr OS Unknown Unknown Unknown Lacked driver support for my laptop
One thing I was extremely surprised about was Fedora with Gnome complaining that the root addtrust certificate required to authenticate the ssl 3.0 session was invalid.
If I had added in OSx, Windows and Chrome OS I would expect each to pass with flying colours. Windows it seems doesn't use PKI rather machine accounts. I hear that the OSx hack for this is to simply run a script to disable the CA Certificate. Android works well but is limited. Chrome OS works well but I haven't fully tested it. This is a reflection of the resources behind them and also that their programmers live in the enterprise.
What do you think?
Cheers Paul