Managing Your SLES Server
Post Configuration Procedures
It is said that "the devil is in the details", this is very true when deploying servers. If you forget a step or two during deployment, it can take you hours (in some cases days) to correct the error. So, before you start connecting clients, adding users, etc. there are a few items that you should probably look into completing. Here is a list of some of the items to take a look at:
/etc/skel - This directory is copied to a new user's home directory when you create the user. It is imperative that you ensure that any directory that you want every user to have, or is required by other components to work properly (especially if you implement Folder Redirection with Windows Clients) is included within the /etc/skel directory.
scripting - GNU/Linux machines are highly scriptable and it can benefit your deployment greatly if you implement some daily or weekly scripts to alleviate the need to manually administer your server. A few items to look at for scripting would be updating any databases (such as Freshclam and SquidGuard definitions), backing up different databases (such as LDAP and MySQL databases) and other mundane tasks such as fixing file permissions and backing up files.
NTP Server - With modern Operating Systems, it is imperative that you ensure that all of the internal clocks of all of your servers and clients are synchronized. To do this it is recommended that you configure a NTP Server on your network. Fortunately Yast has an easy to use Module, "NTP Configuration", that allows you easily configure a NTP Server for your network.
Disable Unneeded Services - Your server may start services that you may not need. It is recommended that you utilize the Yast "System Services" module to do this. A few services to disable may include esound and alsa sound services, the microcode service (when not running Intel processors), novell-zmd (if you do not utilize Zen Works or zen-updater), powersaved, etc.
Configure Power Management - By default SLES utilizes the advanced features of certain processors, including the ability to change the speed of the processor. They may not be beneficial to your environment and you can disable it through the "Power Management" Yast module.
Disable the Graphical Environment - To stabilize your server it is recommended you disable the Graphical Environment from starting upon bootup. To do this, visit the "System Services" Yast module, go to the "Expert Mode" and set the default runlevel to "3: Full multiuser with network". If you need to launch the graphical environment, simply log in as a normal user and issue the "startx" command.
Move the SSH Port - If your server is going to be a presence on the Internet, it is highly recommended that you move the port that SSH listens to from 22 to a random number.
Running GNU/Linux Applications Remotely
One of the greatest strengths of GNU/Linux Servers is the ability to securely run remote applications across any network (including the Internet). In my opinion, this alone nullifies the argument that Microsoft Windows Servers are easier to maintain than GNU/Linux Servers (actually, if you know what you are doing the opposite is true).
Running Remote Apps on GNU/Linux Clients
Most GNU/Linux Distributions include all of the software necessary to remotely run applications from other Servers. For instance to run an application from another server you can simply run the following command:
ssh username@serveraddress -X command
After issuing the command, you will be prompted for the password of the "username" you entered above (either through the command line or a window will pop up). So, in order to run the remote Yast Users Module on the "server1" machine you would enter:
ssh root@server1 -X yast2 users
You can, of course, put this command into a Desktop Launcher so all that you would have to do is Double Click the launcher to manage your Server's Users.
If you dislike the idea of having to enter a password every time you launch a command, you can setup what is called "SSH Key Exchange" so instead of using passwords, the SSH server will utilize encrypted keys instead. To do this, follow the following steps:
SSH KEY Exchange
On the Client Run:
ssh-keygen -b 2048 -t rsa chmod -R go-rxw .ssh/* cp .ssh/id_rsa.pub mykey.pub
Copy that Key to the Server:
sftp root@clientmachine put mykey.pub exit
Finally, on the Server Run:
ssh root@clientmachine ssh-keygen -b 2048 -t rsa cat mykey.pub >> .ssh/authorized_keys2 chmod -R go-rxw .ssh/*
Test the Key Exchange:
ssh -l root servermachine whoami
Running Remote Apps on Microsoft Windows Clients
Configuring a Microsoft Windows Client to remotely run applications off of your server is a little more complicated. The first thing is you have to install all of the required software needed for your Windows Machine. There are various different packages available to do this, however I am going to show you how to use software programs called the Xming X Server and the Putty SSH Client. Both of these applications can be downloaded from the Xming site at http://www.straightrunning.com/XmingNotes/.
To install the software applications, download and run the "Xming Installer" and the "Xming-portable-PuTTY Installer" (the "Xming-Fonts Installer" is not needed for running remote applications). This will install all of the required software packages to your Microsoft Windows Workstation and configure any registry keys that need to be set.
Once the software is installed, you can now create what are called ".xlaunch" files. These direct the Xming and Putty applications to remotely connect to your server through SSH, run the application on your server and display that application on your Microsoft Windows Client. Xming does include a "Wizard" to help you create these ".xlaunch" files, but these files are simply text files and can be created using any Text Editor (such as Notepad or Notepad2). An example of an ".xlaunch" file is below:
<XLaunch xmlns="http://www.straightrunning.com/XmingNotes" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.straightrunning.com/XmingNotes XLaunch.xsd" WindowMode="MultiWindow" ClientMode="StartProgram" Program="yast2" ClientStart="PuTTY" PathToProtocol="C:\\Program Files\\XClient\\PortablePuTTY\\" RemoteHost="sles-test.private.lan" RemoteUser="root" Display="0" Clipboard="true" ExtraParams="-dpi 90"/>
The items you need to focus on are the "Program", "RemoteHost" and the "RemoteUser" directives. Simply adjust these to suit your network, then simply launch the ".xlaunch" file by double-clicking on it. If everything is configured correctly, you will be asked for the "root" password and the application should be displayed on your Windows Client.
To make it easier to manage your server there are many utilities available (usually by default) on your Suse Linux Enterprise Server. The utilities that are listed are mainly GNOME based utilities since they seem to run smoother on Windows Clients than KDE based applications.
Nautilus - This is the default file manager for the GNOME Desktop. Remotely running this can be very useful to delete various files/directories such as User Profiles, etc. It is also useful to adjust advanced Access Control Lists (ACLs) when you also install the Eiciel Nautilus extension on your server (included within the Software Development Kit). To ease the administration of your server you can change the default directory from the command line, for instance, to open the profiles directory use "nautilus /var/lib/samba/profiles". Note that you may have to manually stop the Xming application (using the applet by the clock) when you close nautilus, otherwise other remote applications will not launch properly. Alternatively, if you do not need to adjust ACLs, you can utilize other file managers, such as Thunar for remote file management.
GNOME Print Manager - Even though CUPS provides a nice web interface to manage your print jobs, sometimes it is nice to simply utilize an application that does the same job. This way it is much easier to cancel quite a few print jobs at one time, and it might be easier for your advanced users to utilize this program instead of the CUPS web interface. You can launch this application using the gnome-cups-manager command.
Baobab - To keep an eye on your server storage space and which directories are using the most storage space, SLES now includes the Baobab application. This utility will scan a specific directory or filesystem and give you a graph showing where your disk space is being used. To use this command, simply use the "baobab" command, alternatively you can specify which directory to start from, for instance "baobob /home".
GNOME Search Utility - Occasionally you need to search your user's home directories, or your shares for certain types of files. GNOME includes a nice search utility to allow you to do just this. It can be launched using the "gnome-search-tool" command. You can also adjust the "Look in Folder" from the command line using "gnome-search-tool --path=/home".
Yast2 - The "be-all and end-all" application for managing your Suse Linux Enterprise Server is definitely the Yast application and all of it's modules. You can easily run the Yast application remotely by simply using the "yast2" command. However, since it is such as powerful utilitiy you probably want to limit the remote application to specific modules. To do this simply launch each module using "yast2 modulename". Some important modulenames are:
- dhcp-server - Adjust DHCP information, add hosts, etc.
- dns-server - Adjust DNS information, edit zones, etc.
- firewall - Adjust Firewall information, allow services through, forward ports
- groups - Adjust and Add Groups
- http-server - Adjust Apache Web Server configuration
- ldap_browser - Adjust information within the LDAP Database(s)
- mail-server - Adjust Mail Server information (add RBLs, etc)
- nfs_server - Create/Adjust NFS exports
- online_update - Update the Server's Software
- samba-server - Create/Edit Samba Shares, adjust Samba configuration
- sw_single - Install Software Packages on your Server
- sysconfig - Adjust the "/etc/sysconfig" information
- users - Adjust and Add Users on your Server.
- view_anymsg - View Various Logs and Messages on your Server
GNOME Terminal - Finally, if you have knowledgeable administrators, you may wish to allow them to easily launch whatever application they want. You can utilize "gnome-terminal" command for this.
Windows Administration Applications
When managing Samba, you are also given the option of utilizing Microsoft's tools to manage the Domain's Servers and Users. The tools most commonly used for this are Microsoft's Server Manager, Microsoft's User Manager for Domains and Microsoft's MMC.
There can be many benefits (as well as drawbacks) of utilizing these tools. The majority of deployments that I install that wish to utilize these tools are mainly the ones that are upgrading their server Operating System from Windows NT 4 Server. The primary reason for this is the fact that these exact tools are the ones that are utilized in maintaining the Windows NT Servers.
However, most of the time the drawbacks outweigh the benefits of utilizing these tools to their full potential. For instance, to be able to add users to the server through the User Manager for Domains you must implement various scripts within the Samba configuration to actually do the work. This may not be what you want (especially if you utilize an LDAP Backend for your Samba Servers). Even if you do create all of the scripts necessary to fully utilize these tools, many times you may wish to have the finer control of doing these tasks that Yast or other "GNU/Linux Based Apps" may offer you (such as specifying the User's Home Directory, etc.).