Hi, Nick:

On Wednesday 06 October 2010 11:56:48 Nick Douma wrote:
> Hi,
>
> > I tested puppet coupled with a version management system (git for me).
> > Seems pretty good for linux servers only. I don't know for windows
> > servers.
>
> I seem to notice that about puppet now too, after reading part of the
> docs. The windows support is not yet mature (or present). For my
> project, windows support is needed though.

As I already told, your best bet is managing Windows on its own. Have a look
at System Center Configuration Manager
(http://www.microsoft.com/systemcenter).

You might find it cumbersome, expensive, hardware intensive and unable to
integrate with anything else but itself but it's the way to go.

Surely whoever took the decision of going Microsoft took that into account
when calculating its ROI, didn't he?

Cheers.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 201010061635.08452.jesus.navarro@undominio.net">ht tp://lists.debian.org/201010061635.08452.jesus.navarro@undominio.net

On 05/10/10 22:38, Nick Douma wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Thanks for all the great responses to my vague question :P. I think I
have a good starting point for my research on this subject.

If anyone has some more pointers, feel free to give them!



You appear to be about to reinvent Active Directory. There's quite a bit
of material around the Net concerning that. Look particularly at Group
Policy within domains.


--
Joe


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: 4CACBA90.4080205@jretrading.com">http://lists.debian.org/4CACBA90.4080205@jretrading.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Joe,

> You appear to be about to reinvent Active Directory. There's quite a bit
> of material around the Net concerning that. Look particularly at Group
> Policy within domains.

I indeed did check briefly, but came to the conclusion that LDAP was
mostly suited for authentication, because it's not really possible (or
supported by the various applications) to store the complete
configuration in LDAP, as I initially did expect. The tips on Puppet and
Cfengine seem to match more what I want to do. That is defining in LDAP
that "there is an Apache vhost with these general parameters" and
letting Puppet/Cfengine handle the actual creation of the config file.

If I'm wrong, please correct, as I started this discussion to learn :P.

- - Nick

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkysvlkACgkQkPq5zKsAFigicQCfTEX2AcACIK z4ARFR5xkdo9aA
1aMAnjSqD370aj3Y9txJPcV68E2sfZK/
=QcKK
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4CACBE5A.5020703@nekoconeko.nl">http://lists.debian.org/4CACBE5A.5020703@nekoconeko.nl

On 06/10/10 19:22, Nick Douma wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Joe,


You appear to be about to reinvent Active Directory. There's quite a bit
of material around the Net concerning that. Look particularly at Group
Policy within domains.


I indeed did check briefly, but came to the conclusion that LDAP was
mostly suited for authentication, because it's not really possible (or
supported by the various applications) to store the complete
configuration in LDAP, as I initially did expect. The tips on Puppet and
Cfengine seem to match more what I want to do. That is defining in LDAP
that "there is an Apache vhost with these general parameters" and
letting Puppet/Cfengine handle the actual creation of the config file.

If I'm wrong, please correct, as I started this discussion to learn :P.



Sorry, I didn't mean to suggest any implementation details, just that MS
have been doing this for many years now, and there may be aspects of
Group Policies that would interest you. While LDAP may not be the way to
store detailed configurations, it lends itself well to the creation of a
hierarchy of policies.


Also, if you do implement this for Windows machines, by way of remote
registry writing, you may need to avoid stepping on the toes of the
local policies. If you are working with domain machines, you will almost
certainly need to alter the domain policies themselves rather than try
to fight the domain controllers for mastery of the computers.


It took MS a while to get this to an acceptable stage, and there are
still a few oddities, but there's no reason not to pick up any tips you
can from them. And before anyone jumps in, I have learned considerable
respect for Microsoft's programmers, and considerable sympathy for the
way they are treated by the marketing men.


--
Joe


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: 4CACE11D.1020602@jretrading.com">http://lists.debian.org/4CACE11D.1020602@jretrading.com