1

Looking for input from some Linux gurus around here. Let’s say a small organization that is using Windows Server 2022 DC/Hyper-V for everything with Windows AD/DNS/etc., Windows 11 Enterprise for workstations, and even MS365 for office productivity, wanted to make a move to a Linux-centric environment, maybe with something like NextCloud. Where would one even begin? What would it look like to have a Linux-centric environment? Which distro(s) would be viable? Would VMWare essentially be required for VM spin up? What would the domain management (AD) solution look like? Would migration of some sort be possible, or would you just build from scratch?

I am familiar with Linux usage for workstations and have done some things with it here and there, but I don’t necessarily have any enterprise-level experience with it.

I am not looking for debate about whether or not this is a good move, just info regarding what it would look like.

Context: I have been very wary of the continued move toward xAAS and continued diminishing ownership of data by the organization vs. everything essentially being owned by MS. We do good backups, but more and more we’re just entirely dependent on MS for pretty much everything and they hold just about all our data in one way or another. This isn’t the 90’s anymore. I’ve been making a hard u-turn from xAAS and trusting big tech toward privacy, in-house responsibility, and FOSS. We’re not imminently looking at making a change, but we have had some issues with MS and I want to be ready to move away from them if the time does come where it makes business sense. I get that there will be additional manpower/maintenance/legwork. So again, not looking for a debate on the merits, but providing some context for the question.

14 Spice ups
2

Univention - Efficient IT with Open Source software

1 Spice up
3

Perhaps the Linux for Schools Project will give you ideas - Linux Schools . As I remember it the system was designed for schools with the added ability to be suitable for small businesses. It was also meant to be very easy to set up by, shall we say, users who may not have a deep experience of the subject and so it is easy to add modules to the server https://www.linuxschools.com/karoshi/documentation/wiki/index.php/Server_Modules.%20There%20is%20a%20client%20that

There is a client OS that can work with the server and it can function in a mixed OS environment.

Obviously, you will need to evaluate it before seriously considering a switch but it should be an easy place to start with a test set up.

3 Spice ups
4

Like all things Linux, there are various approaches…

IMO, Step one would be getting IT staff with the training to make the changes required.

DNS/DHCP/NTP and other basic networking services are available easily - you’d be building from scratch, not migrating.

VM hosting could be VMWare or KVM - Proxmox seems a popular choice in some circles currently. Existing VMs could be migrated.

Nextcloud for O365 seems possible, but it would be largely migrate the documents and build the structure etc from scratch.

Authentication could be something like FreeIPA, or even Samba. If Samba, you might be able migrate by adding Linux servers to exisiting domain, then removing the Windows ones. Might be a fun lab project, not sure I’d attempt on a working business :slight_smile:

Group policy style controls are pretty thin in comparison to Windows AD on the linux side, depending on what you need. You’d be building it all from scratch.

There are a few ‘office in a box’ style distros out there, that might be the best place to start if you didn’t want to completely roll your own from scratch. I think Admin magazine reviewed a few recently.

Retraining the staff on pretty much everything they touch would be a major expense in time and money.

Not a straight forward thing, or everybody would be doing it already.

5 Spice ups
5

wow this would be a mammoth task to undertake. hope you have your forklift / crane license as this is probably going to need some heavy lifting! but looking around on your favorite search engine for AD replacements (used to be ldap i believe) using “active directory replacement for linux” is something I would spend time researching to see if there is a AD replacement that fits your needs, your skills and budgets.

Servers can be managed by puppet, chef, ansible and webmin (to a degree) - and usermin which can be used with webmin and itergrates well.

depending on your network, if its going to have some windows device that needs a share, then Samba is what you most likely need (after setting up your user management , raid arrays (mdadm) or install the server role for your chosen distro. or else nfs for non windows stuff.

backups can be done with back in time if going cheap and FOSS and is in the ubuntu repo as of 22.10

would suggest a firewall (not just the built in one such as UFW) but a more dedicated one.

In addition, you may want to look at some form of patching regime and which software will allow you to get updates (may need to build own down stream patch repository for your own network ) or write a script for the clients and wack it in the su crontab

Potentially a few of the above may also allow you to create own custom linux image (not sure) but FOG is a reasonable one and allows for pxe for deployment

a network monitoring system, such as nagios or checkmk or other suitable affordable alternative

a vulnerability scanner such as greenbone or nessus

intrusion detection systems / intrusion prevention system such as snort or suricata

depends how deep down the penguin hole you want to go.

hope this helps a litlle. probably a lot of things ive missed but hope this at least gets a ball rolling or other useful and better comments from people who are more knowledgeable in linux from an enterprise level.

just remember to document what the you / team do as this will help iron out any snag points / config changes etc.

5 Spice ups
6

I’m glad I’m not the only one who thought this sounded like months of back breaking labor. You nailed a lot of the big things that are going to take sorting. Another thing to think about is any in house tools that they use to automate things, or any custom connections. AD hooks for syncing things like physical access control systems, or other 3rd party integrations like Workday, Salesforce, etc. Then there’s re-training users on how to replicate stuff that isn’t available in a Linux environment, or acts differently than they’re used to like Outlook Add Ins, Office Templates, Adobe Form generation, and so on.

This seems like a Herculean task, and I do not envy OP for even having to brainstorm it.

3 Spice ups
7

I’ve always wanted to try Zentyal but have not had the opportunity. You might just take a look at it.

4 Spice ups
8

Years ago when our IT budget was really tight, I was considering the same. We kept our MS environment, but integrated some Linux servers back then.

We tested a lot of things from the Turnkey Linux website. I hadn’t been on the site in a while until I checked it out this morning. It looks like it has grown. https://www.turnkeylinux.org/

Hope this is helpful.

2 Spice ups
9

Have worked with zentyal currently have 4 sites running it. Management is rather easy and logically better laid out than MS solution. It is transparent from the client end and you even mange it using MS tools. You can phase your transfer as it allows using as little or as much as you need and works alongside MS servers.

2 Spice ups
10

Does the Developer version of zentyal come with support?

11

I ran Zentyal for YEARS at home on a SFF PC acting as my firewall/webfilter. I used the Community Edition and it was rock solid. Would recommend. I didn’t do any of the AD stuff however but I think you need to start spending for that.

2 Spice ups
12

Community support, you can find almost any topic in the forums quickly…

1 Spice up
13

The AD modules are in the community version as well the difference between community and paid is the support source.

1 Spice up