Back in Control

County government regains control of IT infrastructure by migrating from Windows to Red Hat Enterprise Linux

Industry/Solution: State and Local Government
Challenge: Regain control of ineffective and fragile network infrastructure
Solution: Software: Red Hat Enterprise Linux with Red Hat Network
Applications: Backup, Security, Monitoring, Authentication, E-mail, Web Access, Internet Services, Scripting, Databases, Storage and VoIP
Hardware: Dell PowerEdge Servers
Benefits: Increased reliability and control of a distributed infrastructure at a significantly lower cost.

This story is available in the following languages: [  ]

Located in south western Iowa, Pottawattamie County is home to 87,800 citizens. Like many state and local governments, Pottawattamie County constantly strives to increase the efficiency and reliability of its services that are increasingly delivered through technology. The Pottawattamie County Information Technologies Department (PCIT) is committed to providing strategic vision and leadership in information technologies, improving and streamlining services, and effectively implementing solutions to the County and its constituents.

They needed an operating system that was stable, secure, and highly configurable. They chose Red Hat Enterprise Linux.

Challenge

Prior to Thomas Broniecki’s tenure as the Director of IT, which began in December 2002, Pottawattamie County’s IT infrastructure was in desperate need of a complete rebuild and redevelopment. The network infrastructure consisted of five Microsoft Windows NT 4.0 servers. PCIT’s resources were structured so that the County had little visibility into the network operations. Particularly disturbing was that the operating system would no longer be supported after December 2004.

Security was also a growing concern. “Our primary server was partially exposed to the Internet, and with numerous vulnerabilities inherent in the system, we could not ignore the constant security risk,” said Broniecki.

Unplanned downtime was a recurring problem. In many cases, such as with their proxy Internet server, PCIT saw sluggish performance and often a complete lack of functionality. “On a number of occasions, things would just stop functioning out of the blue, and it was generally resolved by a combination of reinstalling software and restarting the server,” said Anthony Kava, Senior Network Administrator.

But the biggest challenge facing Pottawattamie County was the lack of control they had over their IT infrastructure. Multiple critical applications were installed on only a few separate machines, “so when one server went down, everyone went down,” reported Broniecki. “The configurations were a mess, and backups were completely insufficient.”

PCIT knew that in order to fulfill their mission of bridging business strategies and the information systems that support them, they must regain control of their infrastructure. “We really wanted a true distributed model,” said Broniecki.

Solution

Along with Broniecki, newly chosen members of PCIT had considerable experience with Red Hat Linux and were confident that it would provide a basis for the distributed infrastructure that Pottawattamie County required and insisted on. In researching Linux distributions, Pottawattamie County looked for three things: stability, security, and configurability. Red Hat Enterprise Linux with Red Hat Network on Dell PowerEdge servers fulfilled their requirements.

“From a technical standpoint, we’ve found that Red Hat Enterprise Linux and other open source solutions could almost always meet the business needs and performance of proprietary alternatives,” Broniecki said. “Better still, most services could be replaced in a manner that was not noticeable to the user, yet met the requirements PCIT insisted on.”

PCIT began migrating from the five Microsoft Windows NT 4.0 servers by creating Red Hat Enterprise Linux servers for ISC-BIND, ISC-DHCP, Samba and Squid/NAT. This task started with the DNS and Samba server replacing the MS WINS services, followed by DHCP replacing MS DHCP services. MS Proxy services were then replaced by the NAT/Squid server, allowing uninterrupted network connections. This was possible by passing DHCP information, including route and DNS settings, to all workstations prior to the cut over. PCIT then used login scripts to remove MS Proxy settings on the workstations. These servers created an appropriate foundation for a true distributed network, commensurate with enterprise-level organizations. Later PCIT added redundant servers for failover conditions.

The next phase for PCIT was to replace the MS RAS service with a Red Hat Enterprise Linux server offering PPP authenticating to the existing domain. Using PAM with WinBind (a part of the SAMBA package), they are able to integrate PPP authentication across the server out to the existing legacy WIN NT 4.0 domain. Web hosting services were then migrated from a Microsoft IIS server to a Stronghold server including Webalizer for Web statistics. This allowed for the hosting server to be moved internally, secured by the firewall server until a hardware firewall was deployed. Internal hosting provided the versatility to accomplish advanced scripting, and real-time Web access to data and information through PERL, PHP and DB connectivity.

Singular server backups were then consolidated into a central backup system utilizing Red Hat Enterprise Linux running Arkeia backup software. Now all backups are handled by Arkeia interfacing with a LTO tape library system, providing enterprise-level granularity to data backups. This solution allows for growth and expansion within PCIT’s server and data communications infrastructure.

Kava said “Previously PCIT’s Microsoft Exchange Server was directly exposed to the internet and its dangers. Now Sendmail running on Red Hat provides the ability to preprocess incoming mail at the gateway level and scan for viruses and other potential hazards.” This step also provides the ability to internally relay incoming mail to one of two destinations: the legacy Exchange Server or the new Scalix server that will replace it in the PCIT environment.

Scalix, a Red Hat Ready Partner, provides an enterprise-class e-mail and collaboration suite that rivals Microsoft Exchange on the Linux platform. Besides the advantage of relying on a Linux-based system for e-mail and calendaring, Scalix also allows PCIT users to continue using the familiar Microsoft Outlook client application as well as access all of their data from a convenient Web interface.

In the past there was no monitoring system for PCIT’s computational assets and other hardware. Outages could go undetected for hours at a time. The need for real-time detection of outages and network issues was fulfilled by implementing MRTG graphing, Nagios monitoring, and Snort IDS. These combined packages provide PCIT with the ability to scrutinize data to such a degree as to satisfy the strictest of expectations.

The County has begun using MySQL server in place of Microsoft SQL Server in some of its newest projects. The ability to house complex databases on Red Hat Enterprise Linux servers is currently being used by both internal and internet-accessible web services. The complete control available to the County, thanks to the new Linux environment, has led to the internal development of custom web applications to fit the specific needs of employees and the public. Previously such projects would require expensive outsourcing to develop limited products that only increase reliance on outside vendors.

One critical issue PCIT encountered in their migration to Red Hat Enterprise Linux was supporting some Microsoft Windows 2003 dependent applications. Centralized authentication throughout the organization is a huge benefit for both users and PCIT administrators. The PCIT team concluded through research that they could run Kerberos and OpenLDAP on a Linux authentication server for authenticating users. This approach supported the use of Microsoft Active Directory features for desktop workstations, but kept the network under Red Hat control. Kerberos and OpenLDAP running on Red Hat Enterprise Linux provide authentication services for both Windows and Linux clients. The versatility of Linux allows even custom Web applications to share this single sign-on functionality. Instituting this step was possible because even Windows resources are made to rely on PCIT’s Red Hat Enterprise Linux authentication server by forging a trust relationship between Microsoft Active Directory Services and th Linux-based Kerberos realm. This in turn keeps the focus on PCIT’s 14 new Enterprise Linux and not their three new application-dependent Windows 2003 servers.

Future technology projects will no doubt benefit from a Red Hat Enterprise Linux infrastructure, including a sweeping IP telephony upgrade project. While the hardware platform for the VoIP project remains unclear, all current plans require the voice system to be able to interface with PCIT’s local network. To this end the Asterisk PBX system and its AGI interface running on Red Hat Enterprise Linux will provide extensive IVR and voicemail capabilities that can interface with PCIT’s e-mail collaboration suite and MySQL databases. “Even at the individual phone level our Red Hat OpenLDAP servers can provide directory information for on-screen dialing. Without Red Hat our technology projects would be disjointed and increasingly more expensive to implement.” Kava reiterated.

“Red Hat Enterprise Linux and Stronghold have provided a solid platform to run almost all mission-critical tasks that were previously performed by Windows machines,” said Broniecki. For example, PCIT has achieved quicker response times, greater control, and less expense with the open source proxy server Squid, a package that ships with Red Hat Enterprise Linux, than the county had ever seen before their migration from the expensive Microsoft Proxy Server.

Red Hat Network has been an efficient way for PCIT to keep their servers up to date and secure. “We have been pleased with Red Hat’s quick response to bug fixes and security issues,” Broniecki commented. “We all sleep easier knowing that Red Hat Enterprise Linux and its updates are thoroughly tested before they are released to the general public.”

With Red Hat Enterprise Linux, Pottawattamie County has created a true distributed model with primary servers for computational workflow and identified backup servers for failover. Because of increased scrutiny in the open source development process, security breaches are less of a threat. The flexibility inherent in the open source model has allowed for new tools that increase performance, manageability, and overall security. And PCIT is finally in control of their technology infrastructure.

This entry was posted under Government, Dell, Red Hat Enterprise Linux, North America, Red Hat Network. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.