Linux Mint Forums

I am a long time linux user who has used it professionally as an IT Professional as well as at home. I have just finished documentation about connecting linux to a school wireless network. I thought it might be educational to consider what indications there are that linux is ready for the enterprise.

The network was using PEAP/MSCHAPv2 which are fairly windows centric but have had years of support in linux. The SSL tunnel was secured by certificates from a global CA. The proxy was being supplied by a wpad protocol. These were the results I got:

Compatibility Matrix I guess this shows up an inherent weakness in the bazaar programming model. The developers often lack resources and generally don't live in an enterprise environment. it is hard to simulate such an environment without resources and it requires a different mindset. On this snapshot, the only one which came in trumps was Fedora with KDE. Mint 17 had fixed the phantom certificate problem but had a nasty inherited bug in NetworkManager which failed to save any proxy settings.

One thing I was extremely surprised about was Fedora with Gnome complaining that the root addtrust certificate required to authenticate the ssl 3.0 session was invalid.

If I had added in OSx, Windows and Chrome OS I would expect each to pass with flying colours. Windows it seems doesn't use PKI rather machine accounts. I hear that the OSx hack for this is to simply run a script to disable the CA Certificate. Android works well but is limited. Chrome OS works well but I haven't fully tested it. This is a reflection of the resources behind them and also that their programmers live in the enterprise.

What do you think?

Cheers Paul

thanks Xenopeek for the edit and move....

betchern0t wrote:I am a long time linux user who has used it professionally as an IT Professional as well as at home. I have just finished documentation about connecting linux to a school wireless network. I thought it might be educational to consider what indications there are that linux is ready for the enterprise.

The network was using PEAP/MSCHAPv2 which are fairly windows centric but have had years of support in linux. The SSL tunnel was secured by certificates from a global CA. The proxy was being supplied by a wpad protocol. These were the results I got:

Compatibility Matrix

Code: Select all

Operating System  Desktop      PEAP/MSCHAPv2  Certificate  Proxy    comment
Fedora 20         KDE          Good           Good         Good     Worked out of the box
OpenSuSE 13.1     Gnome 3      Good           Good         Good     Worked out of the box.
                                                                    Sometimes fails to save the connection so have to retry.
Android 4.4       Android 4.4  Good           Good         Medium   Have to use hard coded manual proxy 
Linux Mint 17     Cinnamon     Good           Good         Poor     had to use dconf to set proxy
Xubuntu           XFCE         Good           Good         Poor     No concept of per connection system wide proxy
OpenSuSE 13.1     KDE          Unknown        Unknown      Unknown  Hang on boot on my laptop 
Fedora 20         Gnome 3      unworkable     unworkable   Good     Despite hours of trying couldn’t get it to work. 
Cr OS 2.4.1290
(Chrome OS)       Cr OS        Unknown        Unknown      Unknown  Lacked driver support for my laptop

I guess this shows up an inherent weakness in the bazaar programming model. The developers often lack resources and generally don't live in an enterprise environment. it is hard to simulate such an environment without resources and it requires a different mindset. On this snapshot, the only one which came in trumps was Fedora with KDE. Mint 17 had fixed the phantom certificate problem but had a nasty inherited bug in NetworkManager which failed to save any proxy settings.

One thing I was extremely surprised about was Fedora with Gnome complaining that the root addtrust certificate required to authenticate the ssl 3.0 session was invalid.

If I had added in OSx, Windows and Chrome OS I would expect each to pass with flying colours. Windows it seems doesn't use PKI rather machine accounts. I hear that the OSx hack for this is to simply run a script to disable the CA Certificate. Android works well but is limited. Chrome OS works well but I haven't fully tested it. This is a reflection of the resources behind them and also that their programmers live in the enterprise.

What do you think?

Cheers Paul

I think that
What do you do as an IT professional that you can't set up an internet connection without GUI? Your basically comparing GUI automatic configuration tools... Seems irrelevant in the enterprise world where you're likely going to have network specialists doing more complex work then writing a config to connect to a protected network... Unfortunately I think this is a whole lot of testing for nothing, as it pretty much misses the point.
There is a pretty decent chance those servers you were trying to connect to were running some form of linux/unix.

What DE or distro you are running is pretty irrelevant.
You basically tested the wrong thing.

There are a hand full of different utilities that can be used to connect to the internet, and all you really did was test which distro has the nicest default setup for home users.... But on any of those distros, you could just run the setup that works, its just a matter of knowing what is needed to connect to your network and configuring that.
Use what ever desktop you want, the only real difference is the network applet and 3rd party GUI config tools... You can setup a working internet connection before X is even started and then what ever network connection that exists will just be passed on to what ever X session you start.

"enterprise" basically means that they are going to have their own secured network, and are going to be doing a lot more config then just trying to establish an internet connection, so regardless of distro the appropriate tools can basically be installed and the config copied over and it will have internet independant of what internet is running.

scryan wrote:

betchern0t wrote:You basically tested the wrong thing.

Linux Servers don't have desktops.

Not true, all windows server have desktops.

Sent from my SGH-T889 using Tapatalk

vl1969 wrote:Not true, all windows server have desktops.

Sent from my SGH-T889 using Tapatalk

Cute answer. Linux Servers don't have desktops.

Habitual wrote:

scryan wrote:

betchern0t wrote:You basically tested the wrong thing.

Linux Servers don't have desktops.

Not sure, I am assuming that your quoting me to agree, adding that testing desktops makes no sense since servers won't have one anyways...

If that is the case, In the OPs defense "enterprise" doesn't have to mean a server right? It just means business use, so a workstation with a desktop that does document editing/email/graphic software/ect could very likely have a desktop.

STILL, I would expect the network connection could/would be configured plain text outside of the desktop and copied to each machine to establish a connection?

This is what distributions like RHEL are for. Comes in both Server and Workstation form and will work in these environments fine.

There is a difference between free 'consumer' distros and 'enterprise' distros. I could not imagine a company using something like Linux Mint instead of paying for the yearly subscription. Don't forget, enterprise NEED support and RHEL has very, very good support. It really is this simple, which is why some places even switched to Ubuntu, Canonical have paid support.

Then there's the fine line between full paid support and parallel support with distros like CentOS...

MartyMint wrote:Then there's the fine line between full paid support and parallel support with distros like CentOS...

Isn't CentOS now in a partnership with Red Hat?

http://community.redhat.com/centos-faq/

var wrote:

MartyMint wrote:Then there's the fine line between full paid support and parallel support with distros like CentOS...

Isn't CentOS now in a partnership with Red Hat?

http://community.redhat.com/centos-faq/

Somewhat...yes. Their devs have a fairly free reign, though.