Having discussed in past articles about
In fact, this article turned out to be mostly theoretical. The problem is that there is nothing new and original in the "domestic" systems. And to rewrite the same thing for the hundredth time, without adding anything new, I donβt see the point. So there will be an assembly and analysis of data regarding import-substituting systems.
Plus, only Viola, Astra ΠΈ Pink. I Red OS Yes
Also, for now, I will skip the point that I leave the entire infrastructure based on Microsoft, and start with the basics - DNS, Directory Service, Proxy Server. And then there will be user-oriented systems and services, such as a mail server, office, chat, etc.
1. Infrastructure
1.1. DNS
DNS-server is presented in all "domestic" operating systems in the form BIND9. Nothing new. And there is nothing complicated in setting up. Only Calculate does not have it in the BIND repository.
DDNS - a little more complicated, but also nothing out of the ordinary here.
ROSA's Wiki has the following
1.2.DHCP
Again, nothing new, nothing complicated.
1.3. Directory Service
1.3.1. Astra Linux Directory (ALD)
It is not possible to include a Microsft Windows OS machine into an ALD domain using regular tools of Microsft Windows OS.
At the same time, as an AD client, Astra is entered into the domain literally
Also, as a domain controller in Astra Linux can act SAMBA 4. This is not a revision of Astra, this is SAMDA in its original form.
1.3.2.ED OS organization of the IPA domain
1.3.3. ROSA directoryThere are mentions on the Internet that ROSA has its own development of ROSA Directory Server. Their wiki has
In general, in the R7 release, all this was cut out. As I understand it, this was due to the fact that Rosa was rebuilt based on CentOS instead of Mandriva, and their Directory was based on Mandriva Directory Server, and just didnβt fit on CentOS.
Therefore, as with all other operating systems, PINK can be installed SAMBA, and use it as a domain controller.
1.3.4. Alt FreeIPA
Almost all "domestic" operating systems on the market have the ability to work as a domain controller based on SAMBA. But SAMBA has a serious limitation when working with Windows based clients:
Samba AD DC functions at the level of a Windows 2008 R2 domain controller. You can enter it into a Windows 2012 domain as a client, but not as a domain controller.
Thus, for the normal operation of Windows servers and workstations, if we need them, and we need them, since there is software that cannot work under Linux (the same CAD packages or outdated software packages for devices that do nothing at all , except for Win XP, it is impossible to install), we need to deploy a domain based on Windows or FreeIPA. Deploying FreeIPA is a rather laborious process, while a Windows-based domain is deployed in a couple of hours. In my case, zero time cost, because I already have a Windows domain. At the same time, Linux can log in using AD. In fairness, I note that Windows can log in through FreeIPA.
This is how I bring up the rationale for why I don't want to give up Microsoft Windows-based domain controllers. I already have it. I see no reason to spend a lot of time and effort retraining administrators who are used to the convenience of the Windows graphical interface to work with text files on Linux systems. Yes, IPA has a web interface, but that doesn't really change things. (Linuxoids will most likely give me quarters for these words, but as a Windows admin who happened to work with Linux, I know what Iβm talking about. I canβt understand how you can love digging into text editors, reading through thousands of lines of code , afraid of being sealed when making changes. Whereas the graphical interface itself will show you everything, prompt, explain, just press the button and enter the necessary parameters. That's it. I spoke out. Shoot!)
Just in case,
1.4. Proxy server
Squid can be found in the repositories of almost all "domestic" operating systems. I don't know about anyone, but I have deployed Squid for a long time. I like.
ROSA did not have a similar article in the Wiki. But there is a lot of literature on configuring Squiid on the Internet. And the setting will differ only in the installation command to the package manager and, possibly, in the location of the config files.
1.5. Monitoring
Zabbix is in the repositories Astra, ROSA, Viola, Red OS. There will be no problems with this, you will only need to export all the necessary information from the product server, and then import it into the new server. Yes, we will lose history, but this is not critical in most cases. In cases where this is critical, you can leave both servers running until the information on the old server becomes outdated and no longer needed. And one moment.
2.User oriented system
2.1. As stated in
2.2. Electronic reporting system OASIS does not work under Linux. Moreover, OASIS does not run on anything other than MSSQL Server. Thus, we need a virtual machine with Windows and MSSQL Server. The Express version will suffice, since the database is small. But you canβt get away from this, since reporting to the FIU and tax is based on this.
2.3. As the web server MS IIS, of course, will not work, you will have to use the ones included in the repositories Apache or Nginx (the latter is in the repositories of ROSA, Alt, Calculate).
Which one is better? You can get acquainted with
Wiki link:
2.4. Corporate chat with authorization through AD. OpenFire or ejabberd. Simple and free.
You can use anything as a chat client, from Pidgin ΠΈ Miranda, which are in the OS assemblies, and ending with something self-written.
2.5. Mail server. As I have repeatedly mentioned, I like Zimbra. It can be deployed on the basis of RELS.
There are also packages in the OS repositories postfix/exim/dovecot.
Concerning the Rosa setup. Their wiki has
You can also consider the option of proprietary software in the form of "MyOffice server" or "CommuniGate Pro". But I don't like this option. At least because it's paid. On the other hand, support is good, it is a guarantee. But given that almost all administrators can guarantee the health of the mail server, the need for support is questionable. And if CommuniGate is a proven software, then MyOffice was created in 2014, and I personally have concerns about the number of bugs that can still be caught in this system. With all this, the price of both products, in my opinion, is unreasonably high.
2.6. Π Π΅Π·Π΅ΡΠ²Π½ΠΎΠ΅ ΠΊΠΎΠΏΠΈΡΠΎΠ²Π°Π½ΠΈΠ΅ in distributions presented bacula. Customizing this monster is a whole epic. There are a lot of materials on this issue, but still it is a whole work. But Bacula is a powerful and extremely useful multi-platform tool.
Official website of the Bacula web-interface project
Taking into account the fact that Alt is the official partner of Bacula in Russia, we can hope that relatively fresh versions of this distribution will appear in their repositories.
2.7. About mail client Thunderbird, presented from all the "domestic" operating systems, I will not say anything.
2.8. About web browsers Mozilla Firefox, presented in all "domestic" operating systems and Yandex.Browser, which can be installed on all "domestic" operating systems, I will also keep silent.
2.9. Office suite.
2.10. 1C: ENTERPRISE. For example,
Wiki Astra has
The ROSA Wiki has
The Alt Wiki has
3. ΠΠ°ΠΊΠ»ΡΡΠ΅Π½ΠΈΠ΅
Well, what can I say after studying the information related to import substitution? All this is profanity. This in no way eliminates imports, it in no way cancels dependence on foreign developers. It simply replaces one with another, allowing you to feed not foreign uncles, but ours, domestic ones. Sales taxes will go to the state treasury, this is a plus. But most of the money will end up in the hands of already rich βuncles and auntsβ, and will not reach trust funds, this is a minus. Any enterprises like βNew Cloud Technologiesβ that declare that βtheir goal is not to get rich on the import substitution program ...β actually pursue this very goal, otherwise there would be no such statements, there would be no lawsuits in the courts and statements to the Federal Antimonopoly Service. They would not take a piece of LibreOffice and repaint it under "Own Office".
To take a free product, already made by someone, finish it a little and sell it under the guise of your own, in my opinion, at least a little nae ... swindle. No, they, of course, made protection systems, encryption is there, that's all, they brought everything under the FSTEC certification ... But these are still not products made by them. With the exception of QP OS, Cryptosoft did everything by itself. And because of this, they will have compatibility problems, with the lack of software for their OS, bugs that have not been caught, etc. and so on. But they did. Alt did before the hype with import substitution, they are also great, they did not do it for the sake of momentary profit, in good faith, because they earned money on what was not the main stream.
Itβs not just that I write the word βdomesticβ in quotation marks, since there are only one or two domestic systems. There is only one operating system. What kind of βimport substitutionβ we are talking about remains a mystery.
No, in general, if you really want to and spend a lot of time and effort, then you can raise the infrastructure and most services on Linux. But for this you need to retrain or change windows administrators, and make them red-eye into application settings text files. But 90% of these systems will not be domestic, they will be free and, in rare cases, slightly repainted. With boring wallpapers. In general, all this fuss looks like expensive nonsense. If
4. What to do?
Cry and inject ... There is an order - you must do it, otherwise they will punish you. How they will be punished is unknown. The problem is that no one knows how the results of the import substitution program will be checked, including those who will check. There is no data on the ability to use software from the OS repositories. Can it be used? It is forbidden? Everyone uses - so you can? But it is not in the register of the Ministry of Telecom and Mass Communications - so it is impossible? There are no answers to these questions. But someone reported using the same LibreOffice, which is part of the OS. Ride. What about Zabbix? The one that is included in the repository - you can, but if you download the same version from the officials - you canβt? Etc. and so on. And where is the logic here?
As a result, it remains only to bring the share of software used to the established indicators, spend a lot of money on its purchase and support, and train employees to work with new software for them. There is an opinion that βthe severity of Russian laws is compensated by the optionality of their implementationβ, but to hope for this is such a thing ...
5.PS:
While I was writing these articles, I had to shovel through so much information that I wonder how I kept it all in my head. And I'm glad that the series of articles has come to an end. There was only an article about QP OC, which I promised to write to their representative in exchange for the opportunity to touch the distribution. Perhaps later there will be something else about iron as part of the same import substitution, but so far this is a pitchfork on the water.
I hope that the information collected and analyzed by me will help someone in the difficult task of switching to βdomesticβ software. Thank you all and see you again.
Source: habr.com