Ask any Linux aficionado why the desktop hasn’t seen more
converts, and you’ll probably get a blank stare. The answer depends on your
perspective. For enterprises, it often comes down to support and
interoperability. In its first release Novell’s SUSE Linux Enterprise Desktop
(SLED) made great strides at addressing both issues. Cost as an issue
definitely comes down on the side of SLED when you compare what you get
(including productivity apps like Open Office and Evolution) to a similarly
equipped Windows-based system.
Inertia would no doubt be another big reason. It’s hard to
get an established IT organization to move away from an existing platform
without some really compelling reason. Security and vulnerability to
Windows-based virus attacks might just be the wedge that helps to crack open
the door. Novell hopes to capitalize on this with a targeted informational
effort, painting the picture of a Linux-based desktop environment totally
immune to the Windows-based attacks.
Novell provided a pre-loaded HP EliteBook 2530p for our
evaluation. The notebook as tested came with an Intel 1.86 GHz Core Duo
processor, 3 GB of memory and 160GB, 7200 RMP SATA hard drive. It also has a
mobile broadband chip although drivers for the device aren’t ready yet for SLED
11. The extended battery gave us over 5 hours (not an exact measurement) of
usage with a single charge. Overall, the experience on this laptop with SLED 11
was snappy and fully functional.
SLED 11 leverages all the updates found in openSUSE 11.1 to
bring a fully up-to-date distribution to the enterprise. In addition, SLED 11
includes a number of Novell developed features, such as the AppArmor application
security tool, specifically targeted at enterprise users. It also includes
proprietary applications like Adobe Acrobat Reader, not typically included with
an open source distribution.
Single-click install is another new-to-SLED 11 feature that
makes installing application programs a breeze. We tested this out with the
just-released MonoDevelop 2.0.
There are actually three options on the download page, and you’ll need to pick
the openSUSE 11.1 button for SLED 11. Version 2.4 of the core Mono components
were also released this week. The download page has
instructions for using the zypper command line tool to add the mono repository
and perform the upgrade with three instructions.
The default file system has changed from ReiserFS to ext3
with SLED11. There are some basic differences between the two, including
maximum individual file size. For ext3 that number is 2 TB and shouldn’t be an
issue for the typical desktop user. ReiserFS supports file sizes up to 1024 TB
or 1 EB (Exabyte) and would make sense in a server-based environment.
We used a Lenovo S10e to test the installation process. The
entire process took less than 30 minutes start to finish. After the first boot
we ran into a minor problem with wireless networking in that we couldn’t see
any networks. This required a driver downloaded from the Broadcom site.
Once that’s obtained you simply double click on the file, and installation
happens automagically. For the S10e you’ll need the KMP PAE deb file. Be sure
to scroll down to the SLED 11 section to get the right file.
This is a known issue, and Novell support identified it
right off. SLED 11 uses Novell’s update service to provide automated security
and program updates. This requires an activation code that you get from Novell.
You will be prompted during the installation process for this code although you
can choose to skip that step and configure the service later. You’ll also need
an active Internet connection to complete the registration process.
Another feature carried over from the previous version has
to do with Windows networking interoperability. By default SLED has the
firewall turned on and all interfaces assigned to the “external” zone. This is
the highest level of protection and essentially blocks the ability to browse a
Windows network. There are several ways to fix this issue depending on your
approach to security. You could just turn off the firewall, but this isn’t a
recommended best practice. The easiest way is to set your network interface to
the internal zone. This probably works fine for a wired connection but not the
best idea for a laptop you use to connect to public WiFi. The third option is
to set a few firewall rules to open up the proper ports for Windows networking,
but this one requires some understanding of port numbers and the firewall
SLED 11 has a definite high intensity focus on security, and it includes both SELinux and AppArmor.
With that in mind it’s important to note that basic SELinux (Security-Enhanced
Linux) capabilities have been added but not enabled in the base distribution.
While the capabilities have been added, Novell is not offering direct support
for this configuration at this time.
Novell’s AppArmor product ships as an integral part of SLED
11. From the SLED 11 release notes: “The AppArmor intrusion prevention
framework builds a firewall around your applications by limiting the access to
files, directories, and POSIX capabilities to the minimum required for normal
operation. AppArmor protection can be enabled via the AppArmor control panel,
located in YaST under Novell AppArmor.” Note that you should use only SELinux or AppArmor; don’t use both at the same time.
Should you choose to implement this feature you should take
heed to the following statement: “The AppArmor profiles included with SUSE
Linux have been developed with our best efforts to reproduce how most users use
their software. The profiles provided work unmodified for many users, but some
users find our profiles too restrictive for their environments.”
This release of the SLED product brings features from the
latest distributions to a fully-supported enterprise offering. If you were a
previous SLED user it had to be hard to watch the innovation happening with
openSUSE and not have the same features available for use. The increased
emphasis on security should help get the product more notice from the decision
makers that count.
It’s hard to argue with facts like straight up cost
comparisons. SLED 11 includes everything a typical business user needs to get
their job done for one annual subscription cost of $120. That number may vary
depending on number of seats and the level of support. SLED 11 is definitely
worth the look as a solid enterprise-ready desktop platform.
This article was first published on Linux Planet.