Living with Linux
by Brian Auger (netConnect) -- 4/15/2004
Brian Auger explains why the Howard County Library switched to a Linux client environment
In 1998 the Howard County Library, MD, upgraded its terminal-based public workstations with PCs that ran Windows 95 and Dynix's PAC for Windows product. Like IT staff in other libraries, we took a number of measures to ensure the security of the equipment and networks, relying on CMOS passwords, login scripts, and different iterations of menuing and security software configured to prevent customer mishaps—intentional or otherwise.
While the measures worked, the setups required frequent modifications as different components were upgraded. The problems only grew as we began migrating to Windows NT in 1999, then recommended by Dynix, our library system vendor. Variations in video and NIC drivers made network maintenance and upgrades a hassle. It took ages to power and boot up equipment—just to provide users with an Internet browser.
At a demonstration of the then-forthcoming Dynix Horizon system in 1999, we were struck by the claim that, under Horizon, a customer workstation would only require an Internet browser to provide full access to the catalog and account management tools. If that were true, we would be able to eliminate all the problems inherent in maintaining multiple Windows operating systems (OS)—patches, drivers, and fixes—by simply migrating to a Linux client environment.
The clincher for us came as we increasingly had to install security fixes for our many workstations running Windows NT. We could have upgraded to a later version of Windows that automatically installed updates and fixes. But this would have required a cash outlay for the upgrade and additional memory. We would still be left with an operating system that had far more features and overhead than necessary.Security in design
Linux seemed like the perfect OS because it is stable and, as a multiuser OS, is built from the outset with security in mind. An early hurdle was to get the user interface to look and work as much as possible like the familiar Windows interface. We found that the Gnome, a UNIX and Linux desktop suite and development platform, would provide us with a friendly and intuitive graphical user interface. We were confident our users would feel at home with Gnome, but the real challenge lay in creating a custom experience for users that would prevent mishaps, security lapses, and configuration changes.
Key to meeting this challenge was our creative and persistent staff and the adaptability of the Linux kernel—the most fundamental part of an OS. You can think of the various Linux distributions (e.g., Red Hat, SuSe, or Mandrake) as generic operating systems, similar in this way to Microsoft Windows XP. Each Linux distribution is built on the same Linux kernel. What distinguishes Linux from Windows is the flexibility it offers a skilled user in adapting it to very specific needs. Our two Linux luminaries, Michael Ricksecker (network specialist) and Luis Salazar (network engineer) created a kernel and resulting user desktop that closely mimic not only the look and feel of a Windows desktop and browser but lack the unnecessary bells and whistles that come with a standard Windows installation.Build your dream house
Think of an operating system as a suburban house. With Windows, you get a very nice house with every imaginable feature included. Many of these features you will never use or need and, unless you are fabulously wealthy, would prefer not to have inflating your mortgage payments.
With Linux, you can make any number of modifications to the house—adding, eliminating, and/or combining features to get just the house you want. Carrying the analogy a little further, we were able to make our house—already quite secure—supersafe by nailing windows and doors shut and by adding attentive guards.
The "Windows house" works best on at least a Pentium III. In contrast, our "Linux house" works perfectly well on a simple Pentium II. In addition, we were able to omit features that we didn't want to have to support. This brought down the "mortgage" even further.
Our migration produced one profound benefit: we can continue using older equipment not otherwise suited to newer versions of Windows and invest the dollars into additional public workstations rather than replacement workstations.La vida Linux
Information technology staff are pleased that the current version allows for networked upgrades and revisions. Because of this, they do not have to "touch" each machine to perform an upgrade or configuration change. Public service staff appreciate that the workstations turn themselves on and off each day in response to a network command. They also appreciate the automatic cache and cookie clearing after three minutes of disuse.
We no longer get anxious when we hear of yet another security threat to Windows. If you have any PCs with Windows 98, 95, or NT, you know how much time you have invested in the past six months installing security patches as a result of these threats.
Yes, we could have upgraded all our equipment to Windows XP to take advantage of its automatic security patch installer. But we estimated that it would have cost more than $35,000. That would have covered the academic license upgrades, memory enhancements, and the replacement of 14 older Pentium II PCs that would not support the migration. We would have still had to pay for, install, and configure antivirus software as well as third-party security tools to prevent user mischief. And after all that, we would not have added a single user seat.The user experience
Users can browse to any Internet site that does not require Internet Explorer. Sites with Flash®, Java®, and Acrobat® content are fully accessible. Customers can change print settings and can print to network printers. They can download and view web content in Microsoft Word®, Excel®, and PowerPoint® formats using the installed OpenOffice® suite. They can download content to their floppy diskettes.
What can they not do? Consider for a moment the range of options available through the Windows Control Panel—scanner settings, administrative settings, sounds and audio devices, and speech, just to name a few. These are unavailable to the casual user of one of our workstations. With the exception of some session-specific configuration opportunities like "number of copies to print," unnecessary features and options are simply gone from the user's perspective.
Most of our customers do not suspect a thing is "different" from their normal online experience. They cannot boot from a floppy. They are unable to infect a machine with a virus from a floppy disk or the Internet, because most viruses are Windows-specific and because our kernel will not allow a user's executable program to run.
In addition, the security settings we have built in preclude users from installing files to the system hard drive or reading them from a floppy diskette. They cannot make changes to the operating system or to any files on the hard drive. Nor can they install or configure software like Instant Messenger or spyware. At this time—and we doubt we will try to "fix" this—they cannot play games that require Shockwave®.More open source
We have dubbed our custom Linux distribution "LuMix" after its creators: Luis Salazar and Mike Ricksecker. Each public workstation, in addition to LuMix and its custom Gnome desktop, has three other pieces of open source software: the Mozilla Browser, version 1.3; Xpdf, version 0.3; and Flash for Linux.
The latest Mozilla browser is a full-featured Internet browser built on the source code from Netscape. It is available for a variety of operating systems. Those who try it appreciate its ability to automatically scale printed pages to fit completely in "portrait" mode as well as its built-in pop-up/pop-under ad elimination. Xpdf is an Open Source Acrobat file renderer that correctly displays and prints files saved in the universal .pdf format. Flash for Linux allows Linux users to correctly play files originally created for the Macromedia Flash format.Linux forever
We continue to expand our use of Linux. In future versions of LuMix, we plan to add time limits. This will allow public services staff to get out of the business of metering access during periods of heavy demand. Instead, a new user will log into an available workstation but be limited during peak times to a set amount of time.
We are migrating our staff circulation and information desk workstations to versions of Linux and the Gnome desktop that will allow staff access to more features, programs, and functions. This will benefit your information technology personnel by having to apply fewer Windows patches. Staff will appreciate the addition of StarOffice on every back room machine. (StarOffice is the commercial cousin of OpenOffice and has additional features like thesauri and the ability to create Acrobat-compliant files.)
Investigate the application of Linux solutions in your library; it may be a good investment as Linux becomes the operating system of choice for servers.
Offer opportunities to your IT staff to begin or enhance their Linux expertise by rebuilding older PCs to run Linux. Let them build firewalls, bulletin boards, and intranets with Linux and other open source solutions. Encourage them to take courses.
If you are intrigued with the Linux option but do not have the staff expertise to get it going, look into companies like the Userful Company that make available low-cost turnkey solutions for public access terminals using Linux.
Brian Auger (brian.auger@HCLibrary.org) is Associate Director, Howard County Library, Columbia, MD
Howard County Library: Six libraries, five million circs
Howard County Library operates six full-service library branches, including a Central Library, in a suburban setting between Baltimore and Washington, DC. It is a countywide system with centralized management and service delivery. Last year it circulated over five million items. The library offers over 200 public access PC workstations, each of which provides the catalog (Dynix's Horizon Information Portal) and full Internet access.
The system's IT department maintains the networks, PCs, operating systems, printers, and other equipment. Their colleagues in the automation department administer the Dynix-based system. Internet access comes from Maryland's Sailor network via a 10Mb fiber drop in the Central Library. The Central Library also houses the many servers that provide Dynix, email, and web services to the system. Branch libraries are connected via T1 frame relays.
While Dynix is currently running in HP-UX and some of its ancillary services are running in Windows NT (Horizon Information Portal 2.1 and TeleCirc II), the IT staff have been moving every other server to Red Hat® Linux. This process began a few years back by configuring older PCs into branch library firewalls. Linux-based file and print servers followed. Subsequent central server replacements and upgrades have been to Dell Poweredge® servers running Red Hat®. We are cheered by Dynix's plans to support Linux in future versions of its flagship Horizon product.
Copyright © 2004 Henry Hartley - GNU Free Documentation License