The benefits of ubiquitous Linux

Security

IT staff must constantly scramble to keep legacy platforms up to date with patches and service packs designed to meet emerging security threats. While the media is full of news about exploits in Microsoft Windows and Internet Explorer, what most reports fail to capture is the range and diversity of systems under threat and the spiraling effort needed to secure them. As companies embrace Linux, IT teams find they can trade a proprietary mishmash that relies mostly on obscurity for an open, standards-based platform.

Rather than relying on one large vendor and a multitude of smaller ones for security patches, IT staffers can turn to peer-level support, community resources and their own expertise to address emerging security threats. And, because all implementations of Linux -- from servers to desktops to embedded -- use the same open-source IP stacks, Ipchains firewalls, SSH/SSL, security modules and other mechanisms, administrators can reuse hard-won expertise in one environment across their entire infrastructure.

Customization

In both midsize and large organizations, IT teams frequently customize operating systems to meet corporate needs and IT goals. It is common to produce "golden master" CDs for Linux installation and provisioning that are based on commercial or free distributions (such as Fedora Core or Ubuntu) that contain only packages and functionality that have been vetted by the IT team as supported and supportable.

It is more difficult, technically and license-wise, to perform the same slimming and trimming on proprietary operating system platforms, but it's not impossible. Linux opens the possibility of comparable or sometimes even greater customization. For example, many thin-client suppliers offer Linux-based configurations with a wide range of customization options for security and bandwidth optimization.

Couple these commercial offerings with open-source projects like the Linux Terminal Server Project and PXES, and IT managers can choose between buying dedicated thin-client hardware and recycling existing hardware.

The option of customization extends to other kinds of devices. Many, but not all Linux-based devices allow varying degrees of customization, from adding user programs to updating software components to reflashing the entire system image. GPL-required inclusion of source-code facilitates roll-your-own customization, but many devices also feature manufacturer- or community-based customization projects and Web sites.

Examples include the Asus Computer International, D-Link and Cisco-Linksys wireless storage and routing devices; the Buffalo Technology (USA). LinkStation and TeraServer; the Cyclades-TS100 device server; 3Com's OfficeConnect SecureRouter and OfficeConnect virtual private network, to name a few.

In the case of the Linksys WRT54G (which I have here on my desk), you can turn a simple router/firewall into a powerful security appliance. Distributions and patches exist to add features like Secure Shell, Wonder Shaper, L7 regexp iptables filtering, Frottle, parprouted, BusyBox, custom Dynamic Host Configuration Protocol and dnsmasq, PPTP server, static DHCP address mapping, OSPF routing, external logging, and support for client, ad hoc, access point and WDS wireless modes.

Enterprise application platform

In theory, IT teams tasked with building and rolling out end-to-end enterprise applications can depend upon interoperability among operating systems and middleware across core, edge and client devices. For example, a project might need to pull together legacy Unix-based corporate data stores, Microsoft Windows XP utility and messaging servers, Windows desktop machines of various vintages and fielded client devices running Palm OS and Java, all glued together with a mix of dedicated routers and access equipment based on proprietary platforms like IOS and VxWorks.

In practice, such interoperability, when it does exist, depends on hard-won expertise in platform particulars at each tier and node. This greatly increases the complexity, cost and risk of any end-to-end endeavor. Across diverse platforms, there is no single "glue" paradigm (not even Java).

While Web interfaces increasingly dominate the client-to-edge portion, a diverse set of back-end platforms and infrastructure types still presents a hard slog for developers and IT managers.

As Linux spreads across the infrastructure, the dream of building reusable and redeployable applications and middleware edges closer to reality.

Today, Linux is a large, even dominant force at the core and edge of the enterprise, ubiquitous in the data center and in infrastructure, and it's making inroads on the corporate desktop and in phones, handhelds and other clients. As OSDL and community projects continue to close technical gaps and remove barriers to deployment, Linux will increasingly provide a viable platform for business-critical, end-to-end enterprise applications.

Bill Weinberg is senior technology analyst at Open Source Development Labs, a nonprofit, vendor-supported organization that helps companies use Linux.