How to manage enterprise network of Linux machines?

linux

I work at the university. In my institute we have six computer laboratories used for teaching. Each lab has almost 20 computers, which gives over 100 machines total. Computers have either Windows XP or Windows 7 Eneterprise operating system. We use Symantec Ghost to manage all the computers. Each computer has a Ghost client installed, which allows to control computers over network. Every six months we restore a master image on one of the computers in a lab, update that image and distribute it over the network to all computers in a laboratory. Thanks to Ghost client this is done automatically with just a few clicks.

Recently I suggested that it would be good to have Linux installed in the laboratories. The administrators were concerned that we would not be able to manage that many computers if each would have to be updated manually. The question is: how to manage such a huge network of Linux machines in an automated way?

To make the description of our network more complete I'll add that all students have their accounts (about few thousand users) on a central server. These are accessed via LDAP. To use a computer in laboratory each student has to log in using his own account.


Solution 1:

As previous answers say, you have very powerful tools like Puppet, chef, cfengine for advanced configuration management.

But if you want a tool that can do installations, easily manage configurations, deploy systems from templates, apply updates, or remotely execute custom scripts... you can try an integrated solution like SpaceWalk, which is the open-sourced version of the RedHat Satellite. Note that it can work with other distributions, not only Redhat!

I've personally used the commercial version to manage more than 1000 hosts.

Solution 2:

The keyword you are looking for is configuration management. This is provided by several tools: Chef, Puppet or CFEngine, for example.

With those tools you can divide your servers to groups, and then perform tasks to single servers, single groups, or several different servers / groups, or all the servers simultaneously. Tasks like "Add package X to group www-servers", "Change /etc/resolv.conf DNS servers from group database servers", whatever you need to do, will be more trivial to perform after the initial shock you encounter due the sheer amount of things you can do with CoMa software.

For user account management I say use the LDAP you already have, Linux fully supports that and is about the only sane way to do anything in a bigger environment.

One more alternative: you did not mention what distro you use, but if it happens to be Red Hat Enterprise Linux, you can use their Red Hat Network for managing software upgrades in a more granular way, among other things it can do.

Solution 3:

If the updates is the only concern then auto-update of software packages is in place for a long time. The only possible problem is a switch to the next release that occurs not really often. Tough it may be performed even remotely (with some not big effort it may be automated for a number of stations). As for other management tasks like account management - you already have LDAP

Related

Folder permissions, red x on user object
Back up and restore Active Directory password per user
SSH Error: unknown key type '-----BEGIN'
Is it possible to run a command on windows server from Linux?
Software RAID underneath ESXi datastore
How can I perform a syntax check on an .htaccess file in a shared hosting environment?
Maximum number of users on Linux
attaching usb dongle to KVM VM
"500 OOPS: vsftpd: refusing to run with writable root inside chroot()" - login failed on Debian
Purchasing a license for enterprise GNU/Linux
Why do tracert latencies not add up to ping latency?
How to configure postfix to only send to whitelisted addresses?