SUSE Linux Desktop Moves Ahead

What's New?

SLED 11 leverages all the updates found in openSUSE 11.1 to bring a fully up-to-date distribution to the enterprise. In addition, SLED 11 includes a number of Novell developed features, such as the AppArmor application security tool, specifically targeted at enterprise users. It also includes proprietary applications like Adobe Acrobat Reader, not typically included with an open source distribution.

Single-click install is another new-to-SLED 11 feature that makes installing application programs a breeze. We tested this out with the just-released MonoDevelop 2.0. There are actually three options on the download page, and you'll need to pick the openSUSE 11.1 button for SLED 11. Version 2.4 of the core Mono components were also released this week. The download page has instructions for using the zypper command line tool to add the mono repository and perform the upgrade with three instructions.

The default file system has changed from ReiserFS to ext3 with SLED11. There are some basic differences between the two, including maximum individual file size. For ext3 that number is 2 TB and shouldn't be an issue for the typical desktop user. ReiserFS supports file sizes up to 1024 TB or 1 EB (Exabyte) and would make sense in a server-based environment.

Installation

The entire process takes less than 30 minutes start to finish. After the first boot we ran into a minor problem with broadcom wireless networking in that we couldn't see any networks. This required a driver downloaded from the Broadcom site. Once that's obtained you simply double click on the file, and installation happens automatically.

This is a known issue, and Novell support identified it right off. SLED 11 uses Novell's update service to provide automated security and program updates. This requires an activation code that you get from Novell. You will be prompted during the installation process for this code although you can choose to skip that step and configure the service later. You'll also need an active Internet connection to complete the registration process.

Another feature carried over from the previous version has to do with Windows networking interoperability. By default SLED has the firewall turned on and all interfaces assigned to the "external" zone. This is the highest level of protection and essentially blocks the ability to browse a Windows network. There are several ways to fix this issue depending on your approach to security. You could just turn off the firewall, but this isn't a recommended best practice. The easiest way is to set your network interface to the internal zone. This probably works fine for a wired connection but not the best idea for a laptop you use to connect to public WiFi. The third option is to set a few firewall rules to open up the proper ports for Windows networking, but this one requires some understanding of port numbers and the firewall configuration tool.

SLED 11 has a definite high intensity focus on security, and it includes both SELinux and AppArmor. With that in mind it's important to note that basic SELinux (Security-Enhanced Linux) capabilities have been added but not enabled in the base distribution. While the capabilities have been added, Novell is not offering direct support for this configuration at this time.

Novell's AppArmor product ships as an integral part of SLED 11. From the SLED 11 release notes: "The AppArmor intrusion prevention framework builds a firewall around your applications by limiting the access to files, directories, and POSIX capabilities to the minimum required for normal operation. AppArmor protection can be enabled via the AppArmor control panel, located in YaST under Novell AppArmor." Note that you should use only SELinux or AppArmor; don't use both at the same time.

Should you choose to implement this feature you should take heed to the following statement: "The AppArmor profiles included with SUSE Linux have been developed with our best efforts to reproduce how most users use their software. The profiles provided work unmodified for many users, but some users find our profiles too restrictive for their environments."

Bottom Line

This release of the SLED product brings features from the latest distributions to a fully-supported enterprise offering. If you were a previous SLED user it had to be hard to watch the innovation happening with openSUSE and not have the same features available for use. The increased emphasis on security should help get the product more notice from the decision makers that count.


Comments

Post a Comment

Popular posts from this blog

ISRO All Set To Launch Bhuvan Mapping Service Today!

Hailed as the Google Earth killer, Bhuvan is an indigenous mapping system developed by ISRO to focus only on the Indian sub-continent. The Indian Space Research Organisation (ISRO) is all set to unveil today its new mapping service Bhuvan -- considered to be a tough competitor to Google Earth and Wikimapia. Bhuvan, which means 'earth' in Sanskrit, will allow users to have a closer look at any part of the subcontinent barring sensitive locations such as military and nuclear installations. Dr G Madhavan Nair, chairman, ISRO will launch the Bhuvan webportal at a function today in the presence of Prithviraj Chavan, minister of state in the Prime Minister's Office. Developed by ISRO, Bhuvan allows users to zoom far closer than the aerial view from a chopper. Bhuvan will be able to deliver high resolution imagery data of the order of five metres. On the other hand, Google Earth shows details up to 200 metres distance and Wikimapia up to 50 metres. Bhuvan will focus only on the I
Read more

Manage your Active Directory from Linux with adtool

Active Directory is one of those Microsoft tools that so many have no choice but to use. Although I much prefer LDAP because it is so much easier to set up and manage. But for much of the enterprise world Active Directory is the tool used. Does this mean you are locked into managing Active Directory from a Windows machine? No. If you are a creature of the command line you can manage your AD from the Linux command line. It’s not that difficult and, in the end, will give you many more options to keep your AD server managed. Of course it is not just a matter of working on the Linux end of things. There is one issue to settle on the MS end. You have to activate Secure LDAP on your AD Server. This process goes beyond the scope of this article, but the steps are pretty clear. Enable SLDAP Here are the steps to enable Secure LDAP on your Windows 2003 AD server (I will leave out the details): Create an Active Directory domain controller certificate request. Create a Certification Authorit
Read more

Can VLC 1.0 change the world?

VLC 1.0 has about 6 million downloads since its launch a few days ago, and the number was climbing at over 11 per second at last count. I have had VLC for a few years, and you may be wondering what the big deal is. Start with the fact it breaks all the assumptions we’ve had about the proprietary video world. It reads anything , and ignores everything producers try to put in front of your video experience. On a Netflix DVD it will skip the previews, for instance. As Matt Asay notes, VLC records as well as plays video so you can hoard everything Anne Hathaway has ever done on your hard drive. It can be used as a server to stream video to others. Even while VLC may be a better player than what you have under Windows, its heritage is Linux, and open source. It’s licensed under the GPL V.2 and is compatible with the open source Ogg Theora codec. It supports many other codecs as well. The VLC team is aware they have something special. They have ditched their old logo, a roadside traff
Read more