Replacing Windows Servers with Linux and Open Source Apps

Hello Experts - I've been trying to start learning how I can use Linux and other open source software to replace more traditional Windows servers and applications.  This would be to both save money and expand my skills.  I've really only handled Windows software in my career and I'd like to change that.  I'm looking for suggestions and ideas that I can check out using free distributions of Linux and open source software.  I thought one area that might be good to start with would be file shares.  Its easy enough for me to spin up a Linux VM but beyond that I don't really know how to get started, especially when it comes to integrating access permissions with AD.  Please send me your suggestions and ideas on how I can start using Linux!
danbrown_IT ManagerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Lee W, MVPTechnology and Business Process AdvisorCommented:
Linux is a great thing to learn, but if you think you'll save money because the software is free, you're making a mistake.  The software may be free of license cost, but it tends to be less user/administrator friendly and you still have to buy technical support.  The community Linux is a part of has a very long history of RTFM for responses to questions.  (Read the F-ing manual).  If you can get good with it, great, but a lot of people are under the impression that because the software is free, it will save them money.  For a select few that's true... for most, it's not.

That said, you can start by putting up a web server, mail server, database server, and file server.  Get them all working with Windows (since you're users are almost certainly going to be using Windows on desktop PCs. As for distros to use, CentOS is a good one since it's basically Red Hat Enterprise Linux.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
danbrown_IT ManagerAuthor Commented:
Ok, fair enough.  A big part of why I'm doing this is just to learn it since so many environments are mixed Windows/Linux now.  The saving money bit is mostly so I can convince the higher ups that its worth taking my time to do it.  I actually have a CentOS VM running now so I can start there.  Keeping in mind that I'm a complete Linux novice, if I wanted to start with a simple file share and integrate AD permissions with it, where would be a good place to RTFM?
Lee W, MVPTechnology and Business Process AdvisorCommented:
File Sharing for Windows systems is typically done using Samba.

I have a network I'm trying to convert FROM linux to Windows now... largely because the linux admin who set it up doesn't want anything to do with the place he OWNS.  Many of the systems do not talk properly and trying to get detailed information about who is has access to what hasn't been easy (despite the docs).  

Again, that said, Linux isn't going anywhere and it is a very capable system - just very complex and learning one doesn't mean you understand another because, for example, you have two different major ways of installing packaged software (RPM and DEB packages) and which one you use tends to depend on which distro you use... Windows is Windows - you learn it, you're done.

Manuals are almost always available for commands (type man command in a console window).  Otherwise, the documentation is almost always available online.  There's no one linux manual, though on larger topics, available books might be a good place to start.

You probably should also learn some scripting... shell scripting and/or Python for example.  Learning Python can translate to Windows as well as there is a python for Windows.
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

Brandon LyonSenior Frontend DeveloperCommented:
I'm not familiar with AD beyond it's general concept but I do have experience with Windows servers and Linux servers. Having experienced both I vastly prefer administrating Linux servers.

The first thing to know is that  most configurations in Linux are done via text editor and command line, whereas in Windows most things are done with GUI. Don't be afraid of the command line.

I would recommend starting with either Ubuntu or Debian. Ubuntu is going to have the most documentation and be the most user friendly. That said, Ubuntu is based on Debian so they work similarly but Debian is more of a long term platform and Ubuntu is more for short term. There are many other distros available each with advantages and disadvantages but that's where I would start.

Windows and Linux have different file paths and directory structures. Learn where stuff should go in Linux rather than trying to copy the structure from Windows. Permissions in Linux are handled differently than Windows. Get comfortable with the concept of super users / sudo and chmod users, groups, etc.

The trickiest parts are going to be VNC / RDP, Samba networking, and disk mounting. Windows handles most of that automagically but Linux does not. It can take a while to figure those out but it's fairly easy once you do.
Lee W, MVPTechnology and Business Process AdvisorCommented:
One clarification:

Windows most things are done with GUI.

This is not true from my perspective.  Most things CAN be done with the GUI.  Experienced admins do the vast majority of the repetitive tasks via script - these days, PowerShell (available for Linux) but also batch and vbscript.  Some Windows servers don't even have GUIs.  The Windows Server Semi-Annual release channel doesn't even have a GUI - it's all console and remote admin based.
Brandon LyonSenior Frontend DeveloperCommented:
It's good to hear that Windows Server has gotten better about that.
Lee W, MVPTechnology and Business Process AdvisorCommented:
Better? This is not a new development.  This has been the case since NT came out.  Not sure what you had trouble with before, but almost everything has been scriptable since I started with NT 4.  Whether it's with resource kit utilities (often in combination with batch scripting that has been around since before linux existed), vbscript, or PowerShell which was heavily used in Exchange 2007 - over 10 years ago - there were things you HAD to do from the command line in Exchange 2007 because no GUI existed to expose those features...
danbrown_IT ManagerAuthor Commented:
I still run into stuff that can't be done in the Windows GUI.  Been trying to slowly learn powershell but I'm not in it every day so its hard to keep up.
Brandon LyonSenior Frontend DeveloperCommented:
I never said anything about Exchange or vbscript. My experience is mostly trying to use iis with modern web development toolkits. There's no need to fight about it, everyone's experience is different.
Lee W, MVPTechnology and Business Process AdvisorCommented:
I don't consider this fighting.  I'm correcting misinformation.  There's a difference between not knowing how to do something and claiming it can't be done.  Trying to clarify that you're statements concerning Windows inability to do something is incorrect.  You may not have taken the time to learn to do it, but that doesn't mean it can't be done.  

As for learning powershell, there's a book a lot of people recommend - PowerShell in a month of lunches.  I've talked to some powershell folks in a variety of venues and that title keeps coming up.
Lee W, MVPTechnology and Business Process AdvisorCommented:
And as much as I know about Microsoft technologies, it's possible you've tried to do something that truly has no programmatic way of handling... but my point is, those are (and really have been in my experience) few and far between.
Since you're a beginner in Linux, you actually won't save your company any money in the short term.  You'll actually cost them more until you've learned enough to be comfortable with Linux.

I've managed both Windows and Linux systems through scripts and command line over the years.  If you only believed that Windows was done mainly through the GUI, then you've never really learned how to manage Windows.  You were basically an amateur on Windows.  Back in the NT 4 days, you'd download the Resource kits and even in the NT3.5 days you could do many things via the command line.

Windows just had a much better GUI than Linux, so many more people used the GUI and didn't bother to learn the command line.  Back in those days, the Linux GUI would actually break your settings. I specifically remember having to disable and remove the SAMBA GUI on the old Redhat 6.0 so that junior admins wouldn't try to use it, because it would actually wipe the config files and I'd have to go back and copy the backup files into place.

Linux is only easier if you know how to use it.  In terms of TCO, it's pretty close when you actually learn how to script on Windows.  A Windows admin that can script, in addition to learning AD, can actually manage an equivalent amount of systems.  The reason Windows has cost more to manage is because there are far more Windows admins that are amateur GUI only type admins and con only manage 1/3 to 1/10 as many systems because they don't know how to script many simple tasks.  Scripting existed before powershell with batch files and utilities, but now, powershell can do everything for you on the command line with no need for external, 3rd party utilities.
Brandon LyonSenior Frontend DeveloperCommented:
At this point it might help if the original poster says exactly what they want the server to do. Depending on who you ask and what the task is that you're trying to do you're going to get different answers. Some of these comments aren't actually answering his question could be considered off-topic.
danbrown_IT ManagerAuthor Commented:
The primary goal I am trying to accomplish is to include "Linux Admin" on my resume.  I figured I would be able to also save my company a few bucks along the way by possibly switching away from some licensed Windows servers and software and going open source.  I keep eyeing my Websense server at the moment.  I know there are other ways to control and report on internet access, I'm just not sure how to go about switching from Windows/Websense to Linux/pfsense or something similar.  RTFM for a start!
Lee W, MVPTechnology and Business Process AdvisorCommented:
my point is that licensing costs are not the only considerations. be careful thinking linux is free. the cost to support it tends to be higher if you don't know what you're doing
danbrown_IT ManagerAuthor Commented:
Right, I get that, just like anything else with technology.  I think over time the TCO has to go down once I'm competent enough to use it.
TCO will go down once you are familiar enough with it, but until then, it will be higher.

What is it that you want to do first?  Web server?  Login Server?  Mail server?  You'll also need to learn to secure your linux system.
danbrown_IT ManagerAuthor Commented:
Good question, that's what I'm trying to figure out now.  So, looking at my environment here is a rough sketch of what I'm running:

Barracuda - proprietary OS, filtering emails
Server 2008 - Running Sepialine Argos to capture print job activity
Server 2012 - file/print
Server 2012 - primary DC
Server 2008 - Exchange 2010
Server 2008 - hosting ProEst, commercial estimating software
Server 2008 - WSUS
Server 2008 - hosting Trend Micro AV
Server 2012 - secondary DC
Server 2012 - Vcenter
Server 2012 - Veeam
Server 2012 - hosting Deltek Vision
Server 2008 - Websense

That's basically what I have to work with in terms of finding a Windows system to replace with Linux.  Most of the software we're running requires a Windows server so I'm thinking the file server might be a good choice, at least for some of the shares.  It would need to work with AD permissions somehow.  I'm leaning towards picking a smaller share like HR and starting there.
Lee W, MVPTechnology and Business Process AdvisorCommented:
Competent enough is not a high enough bar in my opinion.  And Think about it - the ease of use of Windows compared to a, for example, $800 license fee that lasts 8 years before you really should upgrade (unless there's a new feature you want)... That's $100 per year.  If this company is big enough, then the ease of use should EASILY be worth the $100.  Keep in mind, what happens when you get hit by a bus?  How easy is it for someone to come in, understand what you've done and take over, keeping the business running.

Before you migrate your production systems to linux, make sure you understand it and that it provides similar functionality.  I'm migrating one client AWAY from linux because the linux systems in place don't support such basic things as versioning snapshots (which Windows has provided for 15 years in VSS).  There are products you can look at like FreeNAS which may support that.  But keep in mind you're now going to start complicating your environment with multiple systems interacting in a way they really weren't designed for.  I've also found it tricky figuring out the permissions Samba and Linux have assigned.  Now this could just be the implementation I'm forced to work with, but it could also be deficiencies in the technology.

I also think you're underestimating the amount of knowledge and skill required to do have an effective linux implementation.  The guy who put in the one I'm migrating from seems to know it pretty well and yet it's a mess.

With regards to your servers:

Server 2008 - Running Sepialine Argos to capture print job activity - You're probably not replacing this unless there is a linux version... (I'm not familiar with the product but is this really needed?  What does it do for you?  Why is this information needed?
Server 2012 - file/print - In larger businesses, this should be a separate server.  In smaller ones, there's really no problem in this sharing a server with a Domain Controller.  You could possibly do away with this server.
Server 2012 - primary DC - Ok
Server 2008 - Exchange 2010 - I have not heard of / seen a product with all of Exchange's features that runs on Linux.  MAYBE you don't need them, but if there's one thing I've learned over the last 20 years, people may claim email is not THAT important as long as it's there... but the screams I get from folks when it's down... and the complaints I have about the Linux mail system we're hopefully getting rid of - simple things like setting an Out of Office is impossible for the end user.  Now that's the system this client has implemented... I know there are some that SHOULD provide this functionality on Linux, but that's the kind of chaos you could be in for.  You could just move to a cloud version (Office 365) and get newer technology and get rid of the server.  Of course, if you don't always need the latest and greatest, you can also use an on-prem system for 8 years or so before migrating to something newer and that CAN (isn't necessarily but CAN) be cheaper than Office 365/cloud based email.
Server 2008 - hosting ProEst, commercial estimating software - Again, unless there's a linux version, you're not replacing this.
Server 2008 - WSUS - you could just switch to Windows Update.  Or run this off another server like the AV server... why separate this?
Server 2008 - hosting Trend Micro AV - you could use a system that doesn't require an on-prem console (Trend is awful in my opinion - well, I love them because they make me a lot of money cleaning up their mess... but awful as far as a quality product goes).
Server 2012 - secondary DC - Do you understand AD backup and restore?  REALLY understand it?  If so, GOOD, glad to see you have an additional DC.  If you don't, then it's more dangerous having this.  Instead you should probably just be doing image backups of your primary.
Server 2012 - Vcenter - Switch your virtualization platforms if you want to save money.  Hyper-V is free.
Server 2012 - Veeam - Switch your backup platforms - from what I understand Veeam basically requires a server to backup.  I use Altaro and backup from the Hyper-V host.  No additional licenses needed.  (I just removed the need for two servers for you by doing this).
Server 2012 - hosting Deltek Vision- Again, unless there's a linux version, you're not replacing this.
Server 2008 - Websense - you use this by choice.  From what I understand about WebSense, it can be a Linux appliance.  

So looking at your server list, I'd consolidate to:
Server 2008 - Running Sepialine Argos to capture print job activity
Server 2008 - hosting ProEst, commercial estimating software
Server 2012 - file/print/DC
Server 2008 - Exchange 2010
Server 2008 - WSUS/hosting Trend Micro AV
Server 2012 - secondary DC
Server 2012 - hosting Deltek Vision

Remove Veeam/VMWare with Altaro/HyperV
Remove Websense with appliance.

So basically, you're doing all this work to get rid of what... Exchange?  You can almost certainly consolidate services and almost everything else has to stay...?
Lee W, MVPTechnology and Business Process AdvisorCommented:
Now licensing depends on your configuration.  Are you clustering?  If not, you would need exactly 4 Windows Server licenses to support the 8 systems I'd bring you down to.  If you cluster, then you need 8.  Over 8 years, $4000 in licensing costs really isn't that much in my opinion... especially for a company large enough to have the infrastructure you have... and how much will the training of you cost them?  And will that last or will you leave the company in 3 years or something like that.  Keep in mind, you still want to use supportable systems, which means buying support from your linux vendor... erasing any perceived savings.
danbrown_IT ManagerAuthor Commented:
Interesting point about the support.  I do of course maintain that for things like websense but not on the OS.  I've visited other IT people in different companies (which is how I got turned on to all this) and most were using software like pfsense without support and just relying on message boards like this to resolve issues.  If I have to pay licensing for it then the savings pretty much go away.  My company does offer reimbursement for training but its a fairly small amount yearly which I apply to college credits right now.  I'd be pretty much on my own trying to figure all this out.
Lee W, MVPTechnology and Business Process AdvisorCommented:
I use Untangle myself.  In general, I don't have a concern about using products based on linux when the product is an appliance - like pfSense, Untangle, etc.  And as I cautioned, I have found the Windows community a lot more accepting of offering help without snarky RTFM comments.  Windows folks seem to get the idea you're probably asking because you have an issue with a production system that needs solving NOW.  You don't have time to RTFM... linux folks tend to be more condescending about the technology and your lack of understanding something they know well.  It's not a rule, but a broad generalization.  Heck, I once had an employee at Untangle chastise me in their forums... and that's a commercial linux product!
danbrown_IT ManagerAuthor Commented:
I should stress, this whole enterprise is for me to learn Linux and the potential cost savings (which seems to be dwindling!) are just a way to sell the idea to my management.  Looking at jobs around me, most environments are mixed so not having any experience with it is a hindrance to my career.  My experience is limited to doing a Linux OS install in VMware which is pretty trivial and so far getting RDP access to the server from my Windows laptop.  After reading all of this I think it would be smart to just start with learning the basics first and then trying to figure out how I can get something running in production.
danbrown_IT ManagerAuthor Commented:
In a perfect world I'd work in an environment that had an expert or two that I could learn from but most of the jobs I've had it was just me including where I am now.  Maybe it makes more sense to take a position with a MSP where I can get exposed to this stuff as an amateur and learn it on the ground from someone who knows it well already.  Its getting harder and harder to learn on the fly by myself as I get older.
Brandon LyonSenior Frontend DeveloperCommented:
I don't see anything in particular in that list which would necessarily benefit from Linux. You might be able to convince management using a few different arguments:

1. Learning Linux would help you to support a mixed platform environment (ie Apple and Windows as well as the rarer Linux). This helps with talent acquisition because they can use whatever tools they're familiar with and be more productive using them.
2. Linux is more secure by default and is more security oriented. That's not to say Windows can't be secured and that Linux can't be vulnerable, it's just a general statement.
3. Linux is performant on lower power older hardware, letting the hardware be reused and reducing costs where applicable.
4. You already mentioned networking software and hardware like PFSense. This is where Linux shines with no Windows or Apple equivalent. Learning Linux would let you use valuable time-and-resource-saving tools you couldn't otherwise use.
5. You already mentioned fileservers, that's another great place to start. Any computer can become a cheap networked file storage system with Linux. Windows can do that too but it's not really designed for that.
6. Linux is more stable than Windows, especially with LTS distributions. Again this doesn't matter in most cases but there are some cases where it really helps (hardware uptime for example). Again Windows can be stable too, it's just less stable in the long term.
7. Licensing costs can be a factor. Yes that factor can be mitigated by the cost of Linux training or support, but that isn't necessarily the case.  Your results may vary but you can do cost-benefit calculations beforehand to see what might work better for you. Note that LibreOffice replacing MS Office isn't really a valid thing but it can certainly supplement it.
8. There are reasons large companies like Amazon, Google, and even Microsoft use Linux. You might want to search for the reasons they use it and then see if any of those reasons apply to you. For example, certain types of Linux can have significantly less latency than Windows. Other types can have significantly larger resource pools than Windows. Most people don't need those features but some people do.

PS: Contrary to earlier advice from others in this thread, Hyper-V is not as capable as its competitors. My personal recommendation is to NOT use Hyper-V. Yes its free but so are other options. The only feature I can recommend it for is that it integrates well with Windows. YRMV.
Lee W, MVPTechnology and Business Process AdvisorCommented:
PS: Contrary to earlier advice from others in this thread, Hyper-V is nowhere near the quality of any of its competitors. I HIGHLY recommend NOT using Hyper-V. Yes its free but so are other options. The only feature I can recommend it for is that it integrates well with Windows.

Could you base this on some facts please?  (And post them)

I've run Hyper-V in production for years - it's VERY stable.  And there are MANY people doing it too.  It also offers features that VMWare lacks or charges significantly extra for (such as replica).  While there may be some SLIGHT performance differences, the vast majority of small businesses (and medium ones won't really see a benefit from those differences).  Hyper-V fully supports several linux distributions and Microsoft works directly with those distributions to increase capabilities and reliability on a regular basis.  VMWare ESXi is a fine system.  But you're showing lack of knowledge of the product with your previous statement.
Lee W, MVPTechnology and Business Process AdvisorCommented:

If you're just trying to convince your employer to train you in something you don't know, you're doing your employer a disservice if you successfully migrate their technology for no significant company benefit.  

I applaud the desire to learn new technologies and systems, but I would encourage you do so using your own time and resources.  One of the ways I learned as much as I know was by building my own home network - no I didn't need Active Directory at home, of course not.  But I got myself a subscription to Technet back in the day and built it anyway.  I setup a cluster at home.  Who needs a cluster at home!?!?  I didn't need one... but I wanted to see one work and I built it.  

As you've already pointed out, Linux is free (of licensing costs), so setup some VMs - use VMWare or use Hyper-V - heck use both and learn both!  Setup your own mail system for you and your friends.  Setup file servers and print servers, and web servers, oh my!  But do it at home - or on your laptop.  Join user groups, watch youtube videos, make friends in IT.  If you're doing this because you want to make money, you'll make some money, but you'll never be great.  You'll be good at best.  If you're doing this because you LOVE doing this, then you could be great as you learn more and more.  Linux or not.
Brandon LyonSenior Frontend DeveloperCommented:
Lee W, your toolsets and mine are different. Hyper-V doesn't integrate with the tools I personally need to do my job such as Vagarant and UnRaid. I never said Hyper-V  was unstable. You asked me to be specific about features but immediately after that you were vague about what features VMWare charges significantly more for? VMWare is not the only competitor. See also QEMU, Virtualbox, KVM, Xen, etc.
Lee W, MVPTechnology and Business Process AdvisorCommented:
I will agree our required toolsets can be different... but in that case, you should not be making misleading statements as you did.  The types of virtualization provided by some of those options are different.  Hyper-V has been making huge leaps on a regular basis - you do realize Docker has been a part of Hyper-V for nearly TWO YEARS now, right?  VirtualBox is a type 2 hypervisor and not something anyone should be running a business network off of (development, sure, business, no).  

How was I being vague? I cited one major one right there:
(such as replica)
Lee W, MVPTechnology and Business Process AdvisorCommented:
As a developer, you likely have little use for VM replication. As an admin it's a HUGE deal and very important for DR.  And it works EXTREMELY well.
Linux is more stable than Windows, especially with LTS distributions.  
That is a biased statement that indicates that you don't really know any Windows.  A well managed Windows systems is as stable as any well managed Linux system.  If you're seeing unstable Windows systems in your work, then that's more of a reflection of the sysadmins ability than Windows.
Brandon LyonSenior Frontend DeveloperCommented:
As a developer, you likely have little use for VM replication.

Not true.

That is a biased statement that indicates that you don't really know any Windows.

No, it's not, though perhaps stable was the incorrect phrase to use. Uptime is what I meant and I mentioned it later in that paragraph.
Lee W, MVPTechnology and Business Process AdvisorCommented:
So your problem is the PATCHING model used that requires a reboot.  Microsoft would like to change this, rest assured, but if you're a programmer you SHOULD have an understanding how difficult it can be fundamentally alter the way the system works while maintaining the functionality and reliability.  

Strictly speaking, the only issue with Uptime in most Windows systems I work with is patching.  Some years back - using a 2003 server with Exchange, SQL, File and Print, IIS, AD (basically a non-SBS SBS server) managed to escape patching for more than 9 months and was ROCK SOLID running on a dual core CPU with 2.25 GB of RAM.  You have a right to complain about the patching model - MANY people do, including Microsoft.  But you really should be trying to watch what you're saying and say what you mean.  I've tried to be fair in my analysis of Windows and Linux and I think I've been encouraging and offering good suggestions on how to learn while keeping the employer in mind and not being selfish in the goal.  I feel like you've continually misspoken at best and been flat out wrong at worst.  This does the asker a disservice.  PLEASE, continue to participate but be FAIR in what you know and what you don't and what you're issues are with.
Brandon LyonSenior Frontend DeveloperCommented:
Agree to disagree. I'm leaving the thread now. Good luck to danbrown_, I hope you find the answers you're looking for. I'm sorry this thread got very off-topic.
The Goal posts seem to keep moving when someone proves the next item wrong.  Linux is useful for certain tasks and Windows is useful for others.  It's not better, just different.  There is no panacea.

more than 9 months and was ROCK SOLID running on a dual core CPU
That's pretty good.  I usually never kept Windows server up more than 4 months because a kernel patch required a reboot.  Just like Linux, if you know which service to stop, you can patch those without a reboot.  Only patches to Kernel and it's modules required a reboot.  Some weren't so critical, but I usually patch them so I had fewer patching issues later on.

Kpatch is relatively new and not everyone installs it.  Uptime is a terrible metric, suggesting you didn't patch a critical kernel process and only ran that patch without rebooting to apply it, basically leaving linux vulnerable to hacks.  Back in the 90s, that was the metric because nobody was really attacking Linux, not necessarily because it was more secure.

SUSE has zypper ps to let you know which process needed restarting and there were frequent kernel patches that required reboots on Linux.  If someone tells me they have several years uptime now, I'd just assume they haven't patched and are possibly incompetent.  If they don't have Kpatch, then they are definitely incompetent, unless they're in some industry that requires certification for change process (e.g. Medical equipment), and in those cases, the systems should never be on the internet.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.