Ubuntu

Ubuntu Desktop in an Enterprise Setup

Registered by Ballock

Corporations deploying Ubuntu Desktop instances face a number of issues in adopting it in their environment. The major pain is Microsoft tools that mostly dominated the backend infrastructure - Active Directory, Exchange, LiveMeeting, Office and other.

Blueprint information

Status:
Complete
Approver:
Jason Warner
Priority:
Undefined
Drafter:
David Partain
Direction:
Needs approval
Assignee:
None
Definition:
Approved
Series goal:
None
Implementation:
Informational Informational
Milestone target:
None
Started by
Jason Warner
Completed by
Jason Warner

Related branches

Sprints

Whiteboard

Use of a Microsoft Active Directory for user authenticate, group
management, etc. This is not available out of the box. pam_sssd exists
in the community-supported repository and is a good candidate for
"adoption" by Canonical to improve the enterprise-readiness of the solution.

Ubuntu-only solutions (e.g., a tight coupling to Landscape) are not an
option.

The Ubuntu calendaring experience (when speaking with Exchange) is
terrible. There is work ongoing that Canonical should promote and even
sponsor. We use T-bird with Lightning and the client being developed at
http://www.1st-setup.nl/wordpress/?page_id=133 is what we are using.

Key management of the hard drive encryption solution (dm-crypt) should
not be something we need to glue together ourselves.

Work needs to be done to make automated installations (with, for
example, hard drive encryption) needs to be improved for the enterprise.
 LiveCD without hard drive encryption is simply not an option in an
enterprise environment.

LiveMeeting is a show-stopper. Our hope is that an HTML5 client for
Lync would solve this problem.

Office document formats is definitely a big enterprise issue.

[mpt] See also <https://blueprints.launchpad.net/ubuntu/+spec/servercloud-q-samba4-interface>.

[EtienneG] SSSD would be my recommendation for an AD authentication/IdM solution. However, I think the focus on interoperability with Microsoft-proprietary technologies (in particular Exchange) is misguided. It puts the onus on us to play catch-up with a moving target. The focus should really be on how to do without Microsoft proprietary technologies altogether, and enable open alternative where we can shine. Otherwise, beside full-disk encryption, I think 802.1x on wired network, 2factor authentication, and kerberization of clients and services would be good topic to cover.

[dmitrij.ledkov] Encryption is a priority. I agree with EtienneG on proprietary technologies. Samba4/ActiveDirectory is where I would draw the line, it is some form of ldap/kerberos, 802.1x. Other technologies such as Exchange Server is IMHO out of scope, use Open-Xchange for example. Similar with LiveMeeting, use something else e.g. google hangouts / Skype.

[jjesse] I'm hoping you guys don't try to boil the ocean on this w/ looking at Encryption, trying to displace Exchange and LiveMeeting. All things people have been trying to do for awhile, let's start working with the OEMs and VARs that already have products that are already in use in the enterprise. See my blog for more ideas: http://jjesse.wordpress.com/2012/06/14/another-look-at-ubuntu-and-the-enterprise/

(?)

Work Items