Efficiently Manage & Secure Linux Systems for Government Agencies (or Anyone Else For That Matter)
I’ve got two (rhetorical) questions for government IT folks; then I’ll share a few thoughts.
Question #1: What’s the mantra of today’s government IT workers? Usually, it’s the tired cliché of “doing more with less” while spending as little money doing it, too. Unfortunately, this is easier said than done and causes lots of headaches and issues for IT workers.
The problem stems from the simple fact that people are expected to be experts at everything or become an expert very quickly. If you haven’t seen the article from Business Insider about being an expert, then go check out http://www.businessinsider.com/expert-parody-video-2014-4.
Sometimes, people just want to get their job done efficiently and leverage tools that do just that.
Question #2: What’s a big operational issue for IT these days? “Security” usually tops the list but not everyone is a security expert. This is a problem. The security team is usually quite skilled but you might not be able to apply that to your situation. For example, these folks probably know how to handle certificates, securely configure firewalls or do SSL debugging, but they have limited (or zero) experience applying that knowledge to Linux systems since they’re traditional Windows administrators.
Where does that leave the typical system administrator? Usually, between a rock and a hard place, but it doesn’t have to be that way for Linux administrators.
Open source solutions exist to provide tools to “do more with less” while keeping “security” in mind. One such example is SUSE Manager 2.1, which was recently released.
SUSE Manager is a supported, enterprise-grade version of the open source project called Spacewalk. Other derived products exist but this is unique because:
- SUSE Manager allows customers to provision, monitor and maintain SUSE Linux Enterprise Server, Red Hat Enterprise Linux and CentOS.
- SUSE Manager plugs into Microsoft System Center Operations Manager (SCOM) for a single desktop experience.
More details are found on SUSE’s product pages but some notable highlights are:
- Automated Linux server management to increase productivity. SUSE Manager can manage tens of thousands of servers with bare-metal provisioning, while keeping systems adhering to baseline “gold” images, controlling the distribution of patches and packages on your schedule and providing great reporting for those routine security audit requests.
- Reduced complexity of Linux systems management, no matter if your systems exist in the cloud, are virtualized or run on different hardware architectures.
- Secures your workloads and ensures compliance. SUSE Manager uses OpenSCAP, an Open Source version of the Security Content Automation Protocol (SCAP), to perform configuration and vulnerability scans. These enable easy comparisons between the various SCAP scans, which lets you examine your organization’s SCAP content and the implementation details for compliance checks. Common Vulnerabilities and Exposures (CVE) searching for risk assessment and mitigation has also been enhanced.
- Move from Red Hat Enterprise Linux to SUSE Linux Enterprise. Transitioning is easy because SUSE Manager can manage both distributions. You can replace Red Hat Network Satellite with SUSE Manager easily while retaining data and configurations and re-using customized scripts, templates and processes.
Looping back to the two questions, I hope you can see that SUSE Manager could help your organization “do more with less” while getting your Linux-based security issues under control. Support for multiple Linux operating systems and inclusion into Microsoft’s SCOM are key to getting things done while not having to be an expert in everything.