590 likes | 775 Views
SESSION CODE: WSV318. Living in a Mixed Environment: Integrating Your Heterogeneous Infrastructure. Larry Mead TSP - Platform Modernization Microsoft Corporation. John Kelbley Sr. Technical Product Mgr. Microsoft Corporation. Session Objectives and Takeaways.
E N D
SESSION CODE: WSV318 Living in a Mixed Environment:Integrating Your Heterogeneous Infrastructure Larry Mead TSP - Platform Modernization Microsoft Corporation John Kelbley Sr. Technical Product Mgr. Microsoft Corporation
Session Objectives and Takeaways • Working with Linux in a Windows environment: • Hosting Linux in Hyper-V • File Sharing (SMB and NFS) • Integrating with Linux with Active Directory • Linux application integration • Managing Linux systems • Linux can be effective integrated in a Windows environment
Agenda • Why is a strategy for living with Linux important? • Living with Linux: Start with virtualization • File Sharing – SMB and NFS • Using Active Directory for Linux systems • Sharing applications and data between Linux and Windows • Managing Linux from Windows • Wrap-up and Questions
Realities of Customer Environments • Windows desktops are pervasive • Windows Server is common as well, but data centers also often include business applications running on other platforms • UNIX (AIX, Solaris, HP-UX, SCO), Mainframes (z Series) and midrange (AS/400), and Linux (Red Hat, SUSE, Ubuntu, or one of 300+ others) • Multiple platforms increases cost and complexity • Vintage OS’ on proprietary hardware (IBM POWER, Sun SPARC, Itanium) cost more to run and maintain than contemporary operating systems on new, x86 hardware • Just about everyone is migrating from older UNIX systems and consolidating to reduce costs!
Windows IS the Universal Application Deployment Platform • Windows gives you the most flexible building blocks to deploy ALL applications • Kernel architectural support • Best supports .NET and ASP.NET apps • Environment subsystems (UNIX/Linux source portability) • Virtualization for Linux / UNIX systems directly with Hyper-V • Developer support • Visual Studio and MSDN for .NET • Eclipse, JBoss and Java development/deployment • UNIX/Linux development support via SUA • Open Source Development (MySQL, Zend/PHP, Mono) • Management/Operations support (platform tools & System Center)
Windows Server Architecture: Run All Applications on Windows Common Runtime Support for Applications High Performance Virtualization Windows Linux UNIX Java MySQL/PHP C/C++ .NET Services For UNIX Virtualized Windows / Linux / UNIX on Hyper-V Windows Server Common File System
Interoperability Agenda: Linux can be effectively integrated in a Windows environment
Agenda • Why is a strategy for living with Linux important? • Living with Linux: Start with virtualization • File Sharing – SMB and NFS • Using Active Directory for Linux systems • Sharing applications and data between Linux and Windows • Managing Linux from Windows • Wrap-up and Questions
Linux Runs On and Is Supported on Hyper-V! • At this time only the following distributions are supported: • SUSE Linux Enterprise Server 10 SP2 x86 or x64 • SUSE Linux Enterprise Server 11 x86 or x64 • Red Hat Enterprise Linux 5.2, 5.3, 5.4, 5.5 x86 or x64 • SMP (1-4 vCPU), time sync, heartbeat, and shutdown are here NOW in version 2.1 of the Integration Services (ISs)
Reality Check: ISs Not Required to run on Hyper-V • Hyper-V device emulation works for most operating systems (with less performance) • Key hardware components are emulated: • Video = S3 Trio64 SVGA “like” VESA • Network = Intel / DEC “Tulip” 21x4x • IDE = Similar to that on Intel 440BX • Microsoft does not provide support for these operating systems, but they likely work! Open Solaris SCO UNIX Other Linux
Linux on Hyper-V Demonstration John Kelbley Senior Technical Product Manager Microsoft DEMO
Virtualization - with non-VSS Guest OS For any OS or application that is not internally VSS-aware: • Linux • Windows 2000 • Windows with Oracle • Windows with LOB app • Hibernate OS to dump memory / CPU to VSV • Snap with VSS • Resume OS Virtual Machine1 Virtual Machine 2 Windows 2000
More info on Linux with Hyper-V • WSV305 - Deploying, Virtualizing, and Managing Linux and UNIX with Hyper-VTuesday (tomorrow!) 8:00AM – 9:15AM - Rm 356 • John’s Blog (interop and administration)http://blogs.technet.com/enterprise_admin
Agenda • Why is a strategy for living with Linux important? • Living with Linux: Start with virtualization • File Sharing – SMB and NFS • Using Active Directory for Linux systems • Sharing applications and data between Linux and Windows • Managing Linux from Windows • Wrap-up and Questions
Multi-protocol (SMB/NFS) file access • Shares on Windows Server can be accessed by UNIX based clients over NFS v2/v3. • Suitable for user and group folder shares. • Windows Server supports multi-protocol access to same share – SMB & NFS. • Windows Server 2008 R2 introduces ‘drop-and go’ access for UNIX clients – Unmapped Unix User Access (U3A) UNIX to Windows identity mapping SuSE Linux 10 NFS v2/ v3 Solaris UNIX-based NFS clients SMB / SMB 2 Windows Server 2008 R2 Active Directory / AD LDS Windows 7/Vista Windows-based SMB clients
‘Services for NFS’ Overview • Network File System (NFS) is a file sharing protocol like CIFS / SMB / SMB2 • Originally created by Sun Microsystems and later converted into an IETF RFC • Customers with heterogeneous environments (UNIX/Windows/Mac) • Use NFS for file sharing across platforms • Microsoft ships NFS server & client with support for NFS v2/v3 protocols • Server for NFS – part of the File Services role
WMI Provider • WMI namespace – ‘root\msnfs’ • Available WMI classes: • MSNFS_Server • MSNFS_Client • MSNFS_UserNameMapping • MSNFS_ClientGroup • MSNFS_NetGroup • MSNFS_ClientLock • MSNFS_Export • MSNFS_ExportFencing • Enables remote management of NFS server & client • Can (for exmple) list NFS shares in PowerShell with gwmi –namespace root\msnfs –class MSnfs_Export
Windows Server 2008 R2 is the File store ! • Single wizard to provision SMB & NFS shares • File Classification Infrastructure – Expire files (move to cheaper storage) • Quotas - effectively allocate available storage space to end-users • File Screening - optimize storage utilization on file server (block MP3s!) • Storage Reporting - Understand how storage is being utilized
Don’t forget… SMB works with Linux too!(how I do my Linux Physical to Virtual migrations!) • Lots of tools available - simplest way (I’ve found) • DD • VHDTool • http://blogs.technet.com/enterprise_admin/archive/2010/05/13/linux-p2v-with-dd-and-vhdtool-easy-and-cheap.aspx
FYI, NFS Client is available in Windows 7! • Enable via Control Panel….
NFS v4.1 client for Windows • Microsoft funded research project • (NFS 4.1 & pNFS capable standalone Windows client) • Center for Information Technology Integration (University of Michigan) • Prominent member of the NFS Open Source community • First NFS v4.0 and v4.1 Linux implementations • Linux NFS maintainer • Instrumental in starting pNFS effort in the industry • Details (CITI website): • http://www.citi.umich.edu/projects/nfsv4/windows
Agenda • Why is a strategy for living with Linux important? • Living with Linux: Start with virtualization • File Sharing – SMB and NFS • Using Active Directory for Linux systems • Sharing applications and data between Linux and Windows • Managing Linux from Windows • Wrap-up and Questions
Active Directory Integration: "Age Old Question" Problem: Customer wants to integrate non-Windows systems into Active Directory Solution: Active Directory offers integration options either thru customization or third-party applications
Five Valid End States for Integration • AD/Kerb for AuthN, Linux for AuthZ • AD/Kerb for AuthN, AD/LDAP for AuthZ • AD/LDAP for AuthN, Linux for AuthZ • AD/LDAP for AuthN and AuthZ • AD/Kerb trust with Linux Kerb realm for AuthN only
Best Practice • Active Directory – End State 2 • Kerberos authentication • LDAP for authorization • Directory consolidation, simplified provision/deprovision, single password, common policy… • Do-it-yourself ( Customization) • Commercial products exist
3rd Party Tools for AD Integration • Centrify – “Direct” Suite • UNIX / Linux / VMware • Application support including SAP, Jboss, WebSphere, Oracle, DB2, and others • Quest Authentication Services • Formerly VAS (Vintella) • Likewise • Active Directory and GPO supportfor Linux as well as SSO
Linux/AD Integration Example Kerberos/LDAP Kerberos/LDAP Windows Desktops Windows Server 2008 R2 MMC and PowerShellUsers and Computers Snapin Active Directory Kerberos/LDAP MMC Snapin or Just PowerShell Scripting AuthenticationAuthorization Linux AD Client Library Linux Service Daemon NSS PAM LAPD Proxy NIS Proxy API NSS PAM YPBIND(NIS) ldapsearch(LDAP) Linux SYSTEMS Linux System Auth & Authz
Customization Option • This is a Do-it-Yourself Project • Requires cross-platform skills ( Linux, Windows) • Requires time • Requires money and resources • And sometimes requires luck !!! • But it can be done….
Setting up Kerberos • Step 1: Create Linux user accounts in Active Directory • Step 2: Create Linux workstation accounts in Active Directory • Step 3: Create Keytab files for the Linux workstations • Step 4: Transfer & install the keytab file on the Linux Workstation • Step 5: Configure the pam.conf file • Step 6: Configure the krb5.conf file
LDAP Setup for Linux • Step 1: Extend AD or AD/LDS schema to hold Linux authZ information • Step 2: Provision Linux users and groups • Step 3: Configure Linux ldap client to connect to AD • Step 4: Configure nss_ldap to use appropriate attributes in AD
PAM • Settings are typically found in /etc/pam.conf or multiple files in /etc/pam.d/ folder • Different settings for different applications (console, telnet, ftp, ssh, etc.) • Typical /etc/pam.conf file: # If the user can authenticate with S/Key, that's sufficient; # allow clear password. Try kerberos, then try plain Linux password. login auth sufficient pam_skey.so login auth sufficient pam_opie.sono_fake_prompts login auth requisite pam_cleartext_pass_ok.so login auth required pam_Linux.so try_first_pass login account required pam_Linux.so login password required pam_permit.so login session required pam_permit.so
NSS • Settings are typically found in /etc/nsswitch.conf • “Databases” or data source locations are listed in the order they are to be used • Configuration sources are defined and mixed in with authentication and authorization options • Typical /etc/nsswitch.conf file: # The entry '[NOTFOUND=return]' means that the search for an entry should stop if the search # in the previous entry turned up nothing. Note that if the search failed due to some other # reason (like no NIS server responding) then the search continues with the next entry passwd: files ldapnisplusnis shadow: files nisplusnis group: files ldapnisplusnis hosts: files dns netgroup: files nis automount: files aliases: files nisplus
Integrating Linux Security with Active Directory Larry Mead Platform Modernization Microsoft DEMO
Agenda • Why is a strategy for living with Linux important? • Living with Linux: Start with virtualization • File Sharing – SMB and NFS • Using Active Directory for Linux systems • Sharing applications and data between Linux and Windows • Managing Linux from Windows • Wrap-up and Questions
Application and Data Integration with Linux • Application Integration • Legacy • New Development • Cloud • Data Integration • FreeTDS • ODBC • JDBC
Interoperability Scenarios • Seamless Linux / Windows Interoperability • Linux / Windows cross-platform management • Leverage existing Linux skills • Linux to Windows Application Portability
Interoperability levels • Maximize previous investments • Interop with existing platforms • Leverage existing knowledge, skills • Maximize code reuse • Lower costs • Reduce cost of administration, management • Minimize cost of migration • Quick return on investment • Minimize risk • Flexibility to leverage old & new platforms • Predictable migration effort, quantified risk • Commitment & long-term support from vendors
SUA Architecture UN I X S D K (gcc) X11 Windows UNIX Applications Windows Apps Windows Apps Open Source tools: Apache, Tcl/Tk, bash, etc. Windows GUI SUA/Interix UNIX shells UNIX, XPG, POSIX.2 commands & utilities Windows command Shell Windows system admin, commands & networking 3rd Party Windows APIs UNIX /POSIX APIs Win32 Subsystem Interix Subsystem Windows Kernel win32k.sys NFS Client NFS Server FAT Other device drivers NTFS CDFS Hardware Abstraction Layer X11 R6 server Motif • More than 2,000 UNIX API calls • pthread • X11R6 • Utilities • More than 350 tools and utilities
Subsystem for UNIX Applications (SUA) • Command line environment • Shells, admin tools, scripting tools, etc. • Application SDK and runtime support • POSIX.1, POSIX.2, most of UNIX98 • Pthreads, X11R6 • Visual Studio integration for SUA apps • Full compile/debug support • Can compile C and C++ apps
Maps POSIX commands to Win32 • BASH scripting environment • GNU development tools • Includes X Server • SSH • 32 bit only – works on 64 bit Windows in 32 bit mode
Integrating Legacy Linux Style Applications with .NET Larry Mead Platform Modernization Microsoft DEMO
Data Integration • SQL Server options on Linux and UNIX • FreeTDS – Legacy interface for Perl • ODBC – Both commercial and Open Source • JDBC – Microsoft provides JDBC driver for Linux and UNIX • Other data sources • Flat files • Queuing systems • C-ISAM and DISAM • Third party data sources
Agenda • Why is a strategy for living with Linux important? • Living with Linux: Start with virtualization • File Sharing – SMB and NFS • Using Active Directory for Linux systems • Sharing applications and data between Linux and Windows • Managing Linux from Windows • Wrap-up and Questions
Before we get too far along… • MGT26-HOL - Monitoring UNIX/Linux with Microsoft System Center Operations Manager 2007 R2 (Hands-on Lab ) • Introduces Operations Manager 2007 Cross Platform Extensions Beta • Learn to install & configure • Explore different views, reports, monitoring capabilities • Understand available tasks to manage non-Microsoft operating systems • Lab presents monitoring of SUSE Linux, although other Unix/Linux systems can be monitored, including: • HP-UX® 11iv3 (PA-RISC and IA64) • Sun Solaris® 10 (SPARC and x86) • Red Hat® Enterprise Linux® 5 • SUSE® Linux Enterprise Server 10 SP1
System Center can manage your mixed environment! • Open Standards enable monitoring in SCOM and integration in general • OpenPegasus = open-source implementation of the DMTF CIM and WBEM • WS-Management (WS-Man) = DMTF open standard defining SOAP-based protocol for the management of servers, devices, applications and Web services
Module Details New component for Cross Platform Existing v3 or SP1 component Outside dependency HealthService OpsMgr Built-in Unix/Linux functionality SSHModules WS-ManModules SFTPModules WS-Man WinRM Putty Library Enumerate Get Invoke Execute Cmd Session Transfer File WS-Man CIMOM SSHDaemon CIMOM OpenPegasus 2.9 with WS-Management Support OpsMgrProviders OSResources OpsMgrProviders OSResources
Partner Management Packs Virtualization Web Servers Communication Servers Database Servers Application Servers
Partners extend System Center • Quest (for example) for configuration management
PowerShell • PowerShell is THE Windows Shell • Similar construction to Linux shells - except it works with objects, not text • Can run PowerShell from Interix • Can run Interix commands from Powershell • Analogs: http://blogs.msdn.com/powershell/archive/2008/03/23/select-string-and-grep.aspx