Implementing LMN alongside a windows network (school) - aiming for full migration in 1 year

Greetings from London UK! I am very happy to have found you. I am sorry I don’t speak German at all

I am researching solutions for a small primary school to extend the life of existing computers, add new computers and introduce open source to them. I have some questions which I hope you can answer please!

I will write the full details but here is a TL:DR

I am the network admin but not senior engineer level. I have experience with windows network management and VMs. I currently run a windows server 2012 with hyperV

Here are my questions, forgive me if I have not read the manuals in enough detail yet!

Can i run LMN as a VM in hyperV purely for managing linux clients? (All networking and firewall etc is already managed by windows servers)

Will it provide restriction policies of any kind if run like this?

Can I map network shares and create local users (I only need 7 users - each class uses the same account) either before making the image or after deploying using LMN management console?

Can i use any linux distro? I like Ubuntu 16 (and have tested Ubermix 3.5) but it does run too slow on netbooks

I am testing using android on netbooks - could LMN manage these or are they too custom?

I see that i can build dual boot images (windows and Linux) - could i do the same with android and linux?

Full details:

We have a windows network (server 2012 and windows 7 clients) and a managed wireless network
The strategy is mobile:
60 netbooks which can go anywhere in school on wireless
A bunch of ipads (managed my meraki MDM)

Static computers
15 classrooms with desktops PCs
8 touch screen Desktops
8 Admin Desktops and laptops

Due to support ending for W7 we have to refresh. The netbooks will not take W10 (BIOS too old). Similar with Desktop PCs

We have budget but not enough for a complete refresh - this is a perfect opportunity to introduce open source by extending the life of existing computers

My plan is to use lightweight linux (and android if possible but there are multiple issues) on the netbooks and buy small SSDs for them to help with speed

Our netbooks are great but old (2011) - N450 atom dual processors and 2GB RAM - they will cope with Ubermix3.5 but browsers like chrome and firefox are slow.
They are however good with Lubuntu
Youtube videos are only good at 360p whatever you run

Staff computers need to dual boot windows and Linux to help with making the transition

We have a good server and 1 year left on a MSVL contract. I would like to be in a position in 1 year to move completely to Open Source. Some admin staff may still need windows and this is manageable on a few computers

If this works out I want to use this school to showcase open source to other schools

I would welcome your general advice as well as specific answers to my questions

Still reading? The following is more for interest

Due to the popularity of chromebooks netbooks are back in fashion however this is serious competition for linux making progress in education
(Yes we can and will buy android tablets but they do not cover all use cases. Simply not having an attached keyboard can sometimes rule them out)

I am testing Android and chromium based operating systems on the netbooks (such as the android x86 project, Prime OS, Chromium Fyde Cr Os) with a view to managing them from Meraki MDM

The deal breakers are:
NFS of some kind - this is the hard one
Free or affordable open source office apps - there are a few but integration with NFS is rare
Management systems and restriction policies - Meraki MDM is good but not fully tested - I would like to use something like LMN

It goes without saying that I do not wish to use google accounts for everything from user accounts to managing printers to file storage. Or pay £30 per year per device for the privelige.

For 10 years the price point of a netbook/tablet has been around £300. Yet a 10 year old netbook with an SSD will fly with android or light linux. By now we should have £150 tablets and netbooks that can be easily deployed in the classroom without lock in and yearly management fees

Many thanks!

Lloyd

Hi Lloyd,

Greetings from London UK! I am very happy to have found you. I am sorry
I don’t speak German at all

no problem, as long as you can cope with our no native speaking english
and my bad spelling (its bad in german too …).

I’ll try to answer some of your Questions:

It should be posible to run lmn in a hyperV (not sure if anyone has done
this yet, but it should work).

The lmn is designed to act as Domain Controller. It might be possible to
map „foreign“ shares, but i do not have experiance with that (not sure
if you want to do this).

We provide a full grown solution which is intended to run as the sole
provider of networking services (login, shares, printing, access): thass
why we also provide a Firewall.
So the normal setup is, that the firewall is the Gateway to the internet
(or to your Windows network) and is shielding the whole „inner“ network
(we call ist Green) from the outside. Everything takes Place behinde
this Firewall.

Our maybe most importaint feature ist linbo: providing a small linux
(linbo) as agent on the Client managing the bootprocedure and providing
images for the client: windows and linux: not android.
linbo is just 35MB in size and will boot by PXE over the network:
partitioning the client and creating, uploading (publishing) and
downloading/syncing Images.

It ist possible to customize the linuxmuster-cleint Package for
different lnux distributions: some have done that befor. But it is work,
that you might safe by just using our community provides image of ubuntu
14.04 or 16.04.
Those are very easy to get (one comanndline on the server) and to deploy.

Useraccounts are managed on the server by sophomorix.
Usually we use one account per user (even in primary schools: i look
after two primary schools).

Gerally you should know, that there are two major Versions out there at
the moment:
the ready to use Version lmn 6.2
the beta Version of lmn7

The Beta is not documented yet in full und there are still features missing.

There is a english translation of your schoolkonsole in the version 6.2,
but i dont know if someone has testet it in the last 2 Years.

I hope i have shed some light to your questions.
Keep asking

Yours
Holger

Thanks for the quick reply Holger! Your English is great!

Do you think it will be more work trying to make LMN run on the same windows server/subnet than setting up a dedicated box?

I could test. I have a Proxmox VE server which i can create VM for LMN - is there a suitable image of 6.2 I can use please? (iso, img, raw, qcow2, can import ova I believe as well)

Ii it possible to install only the management parts and not the firewall and network services?

If not then:

Does LMN need to provide DHCP and DNS servers in order to communicate with clients and Linbo? Can these be turned off or configured static if windows servers provide these services

Can the firewall be turned off? If not then will it block any clients attempting to reach the LMN server that have externally configured IP addresses

How much work is it to configure Linbo to load different distros? I used to use WinPE to do the same thing with an RM based windows network

Many thanks!

Lloyd

Another question - sorry!

We are looking at sourcing new netbooks pre installed with linux - would LMN be able to manage these without reinstalling via Linbo?
I realise they would not have the recovery cache or dual boot

Thank you!

Hi Lloyd,

you can image any existing installation with linbo including
preinstalled netbooks.

If you aren’t so familar with linbo, you could create an image with
clonezilla, acronis or whatever is your preferred tool for such tasks.
Then you cound partition the netbooks disk with linbo and play back your
image. To integrate your image into lmn you need to install the packages
from the lmn repo. Because of some redesign of lmn’s website, i just
cant’t find the link - who can help?

Jürgen

Hi Lloyd,

Do you think it will be more work trying to make LMN run on the same
windows server/subnet than setting up a dedicated box?

it depends on what you want from the lmn.
Which feature do you want to use?

Right now i think you only want to use linbo with linux-clients.
Are those Cleints supposed to be joined to your existing Windows Domain?

I could test. I have a Proxmox VE server which i can create VM for LMN -
is there a suitable image of 6.2 I can use please? (iso, img, raw,
qcow2, can import ova I believe as well)

we have images in ova Format which should work in proxmox

Ii it possible to install only the management parts and not the firewall
and network services?

depends on what you want to use.

If not then:

Does LMN need to provide DHCP and DNS servers in order to communicate
with clients and Linbo? Can these be turned off or configured static if
windows servers provide these services

still depends: sorry

Can the firewall be turned off?

if you dont want to use our internet filter an interne on/of Features
from your webbased management system.

If not then will it block any clients
attempting to reach the LMN server that have externally configured IP
addresses

i did not get that.
external IPs inside the Network?
You want to mix up the lmn green network with an windows Domain network?
This will not work.

How much work is it to configure Linbo to load different distros?

copy 15 lines in a config file and alter them acording to your wishes.

I used
to use WinPE to do the same thing with an RM based windows network

linbo is way beyoned that: especially when you use linux based Clients.

Yours

Holger

Thank you both Holger and Jurgen! And thanks for your patience with my questions

Features i want from LMN:

I need to deploy linux on 60 netbooks, manage software packages, user accounts and restrict access to system settings, map network drives (external windows CIFS shares) and printers (network printers)

If everything works well and the school adopts then after 1 year I will rebuild the server from bare metal with the full LMN install: Zen hypervisor etc and remove windows completely

So if IP address allocation and DNS and gateway are all managed by windows servers can i still configure LMN to work?

Are the linux clients identified by MAC address for any features?

Linbo sounds like exactly what I am looking for. I am familiar with clonezilla and imaging

I am trying to work out the best course of action to start with,

• Trying to configure LMN with windows servers handling networking services
• Setting up a separate server
• Nested VM: ie installing Xen as a VM and assigning it its own IP range and NIC

Thoughts?

Many thanks again!

Lloyd

Hi Lloyd,

what I don’t get is, why you want to test Android and chromium based OSes when vanilla linuxclients do give you NFS, free office and (e.g. with LINBO) a management system. I would not waste a minute in trying all the alternatives you mention if I can also install an ubuntu on the hardware. But maybe I misunderstand and your whole point is avoiding the Android thing.

As far as I understand the rest of the thread, I would suggest you better check which of the components of the windows network you really need that can’t run in the „green“ lmn network. I would not recommend etching out LINBO and turning off DHCP+DNS on the lmn-server just to make it run inside your windows network. I think someone has done that but that is far beyond what everyone else in this community does.
so, in a nutshell:

no, i would not do that, rather:

why not map network drives that do not come from the windows CIFS shares but the linux CIFS shares? printers can be handeld by the lmn-server too, leaves the manage software packages: If you had only linux clients from tomorrow on: no problem.
If you want a transition from the windows clients to linux: thats what I did:

• completely replaced the windows server side with the lmn
• retained the windows on the client, although as dual boot with linux
• later made booting linux the default
• later removed the windows client (xp then) when the usage was below recognisable
  which does not mean, teachers complained about not having windows anymore.

keeping the windows on the client side meant that I imaged the windows xp using linbo although I am not sure if I freshly installed a windows XP or reused the already installed one. Life is easier since Windows is gone and I only have to manage one client image.

If this works out I would be happy to see the translation part of the main components to be revived. We nearly translated the documentation for the 6.2 version and the management console was translated as well.
In the v7 the management console starts off english and exists in german and french but for the documentation we stayed with german as the base language and need to translate sooner or later…

Tobias

Hi Lloyd,

well, now i see clearer.

I have a sugestion for you.
linbo is very versatile. It does not need the client to run in the lmn
green network.
As far as i understand what you want i woul sugesst you try out a
setting, wich i have in my school for two Notebookcarts. One Cart runs
with Windows 7 an linux (17 Laptops Lenovo T61) the other has only the
(same) ubuntu image (16 Laptops).
These Laptops are not synct through network: usually they are not synced
at all (only if need be which only happens, whenn their Partition is run
out of space).
Ubuntu is very robus: so you dont need to sync it all the time (like you
should do with windows, which can be manipulated more easily … and then
there are the viruses).
When i want to deploy a new Image, i hook those laptops up to the lmn
Network, deploy the Image and put them back in the cart.
My sugestion is: build a seperate Network with a seperate server running
lmn. It can be located inside your windows Network (just for getting
Internet access). It might be an normal Client (with 8 or more GB RAM)
running the server, or it runs on your hyperV Server, but connecting to
another network (by VLAN or seperate Networkkart).
This Network exists only in one room. Hook up a 24 Port switch, hook up
23 Clients and sync them.
After syncing, linbo resides in its own (cache) Partition and can run as
standalone: e.g waiting on boot for 3 seconds, then starting ubuntu
without sync.
You want to reset a client: use the three seconds wo boot linbo instead
of ubuntu and sync: no need to connect it to the lmn network.

How does that sound?

yours

Holger

Thanks for your suggestions Tobias and Holger!

From what you are saying and my own further investigation trying to run LMN alongside our windows network will not work

Unfortunately at the moment i cant replace our windows servers with LMN as the admin staff are too dependent on it and it provides too many windows services to swap out at this time (including packages, antivirus server, VAMT etc etc)
I have to do curriculum first

However Holger your idea does help. In fact I had just decided that the easiest way to start is to simply deploy an image using any tools like WDM or clonezilla server and a gigabit switch (setting up any user accounts, shares and printers beforehand)

I could run 2 separate networks (we used to: one for admin the other for curriculum). I will look into it!

Yes I would be happy to help with translation if this works out!

Many thanks again

Lloyd