Answer the question
In order to leave comments, you need to log in
What is the best way to manage a heterogeneous infrastructure (Linux, Windows, etc)?
Need your advice and experience. I have been administering OS and networks for 5 years. Of course, this is mainly Windows Server (MS AD, Exchange, etc.). In addition, I have a Linux course certificate (took a couple of courses on Stepik), deployed several services in a non-combat environment (including LAMP, nginx, etc). That is, I have general, superficial knowledge about the system. The last job had a large infrastructure of 17 subdomains, ~500 workstations, ~100 servers. There was practically no Linux (only postfix and mysql\postgre). I see\understand\know the general logic of building an infrastructure based on Windows, how it happens. In a nutshell - we raise the domain and DC, configure network interfaces, install the necessary services (AD + DNS, DHCP, etc.), set up user accounts in AD, enter the working computers of employees into the domain, etc.
It so happened that in literally 2 weeks I will get a job at another workplace with a completely different, heterogeneous infrastructure - there is Linux (to a greater extent, with all sorts of DevOps tools like Docker, GitLab, etc.), and Windows (to a much lesser extent - 1-2 hosts) and MacOS (boss' laptop). The company is small, but promising (so far it has 20 people). The following questions are of concern:
1) Can you please tell me the general logic of building a network in Linux? Do I need to raise a domain, as in Windows, in order to create users later, etc.?
2) What is the best way to combine all this and on the basis of what, what management tools to use - MS AD\Samba\FreeIPA\OpenLDAP\Ansible\etc? Your experience.
3) And if you look at the prospect of further expansion - which way is better to choose? (To raise a domain based on MS AD and then somehow manage Linux hosts from it or be limited to some open-source unix tools)? What is the best way to do this (steps, tools, etc.)?
4) In your opinion, is it worth using clouds (AWS, Azure, Yandex, etc) in this chain? In what cases would it be optimal?
In general, all this is somehow chaotically spinning in my head, I don’t even know where to start. If it's not difficult - tell me what and how. If it’s difficult, then just poke “where” and “what” you can read.
Thanks in advance to everyone who pays attention.
UPD:After a long discussion with colleagues, I concluded for myself that the most suitable scalable solution would be to deploy an MS AD domain (there is already a server). And gradually drive the machines there according to different OUs (a separate OU for Linux and for windows). Enable authorization for Linux users through a bunch of SSSD + Samba4. Later later enable SSO. Move away from OpenLDAP gradually. Windows desktops can be configured via group policies, Linux via Ansible, . But this is in the plans, but how it will be in practice, time will tell! Thanks again to everyone who helped sort this out .
Answer the question
In order to leave comments, you need to log in
If an enterprise needed a domain, they would probably have implemented it in some form before you. LDAP is usually used for a single credential storage system. To lift AD/DC only for the sake of it - search.
It is not clear from your story whether Linux is used as desktop machines. If yes, you can manage them in the same way as servers - Ansible, Chef etc. True, it is not clear what you mean by "manage" in this case - roll updates, install new packages?
1. The first rule is not to run ahead of the locomotive. Don't run behind. Drive. Hence - do not create problems for yourself in advance. We increase the number of services, work on entropy. Everything is working? 20 cars? ssh, rdp, vpn.
2. The second rule is not to be nervous, inspire confidence in others, solve problems as they come. People don't need your admin goodies: AD, WSUS, Ansible, etc. They need everything to work and if something falls off, it quickly recovers. Think about a second, third reservation. Spare Internet channel, spare virtual servers, switches, disks. NAS inside and NAS outside, in the cloud, etc. (I am silent about backups)
3. Create simple but necessary services for people. Do you already have a Jaber server in-house for local chat? Openfire+LDAP and people will appreciate it.
4. A good thing will not be called HELL. You have 1 (HR has one! windows machine). Why win-domain?! To be comfortable? To be lazy? I repeat: ssh, rdp, via vpn over a cup of coffee in the morning in a cafe. Google somehow probably manages without a domain, Apple too (I hope I don't know for sure ;)
Sorry for some harshness.
If "mainly Linux, DevOps and that's all" - no need to drag practices from the Windows world here, this is extra work. So - MS AD by. OpenLDAP for user storage, configuration storage system (eg Ansible) for everything else. Ansible under Windows is being actively sawed now, although everything is redundant for a couple of Windows hosts, and manual configuration is the fastest and most reliable solution. But if you already know how to use Windows, then wrap Windows in AD, probably, here you know better what to do with it so that it is as easy and convenient to work as possible.
Someone else's cloud infrastructure is chosen when it is cheaper than one's own. Those. To answer this question, you need to calculate the budget.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question