Linux Small Business Server Distros
Linux Small Business DistrosBy
Admins of small businesses who want to cover all their infrastructure requirements with a single server are the target group of small business servers. In this article, we introduce three Linux distributions that meet this requirement.
In 2000, Microsoft introduced its Small Business Server and practically invented the category at the same time, but the company no longer offers the product today. In the world of Linux, however, a number of servers and platforms wrestle for the favor of small companies that must provide things like print and data services in heterogeneous networks.
Small business servers are tailored to the needs of small businesses with 10 to 50 employees, even if the idea of running all services on a single server is a hair-raising thought for admins of large companies. However, as a rule, they also have access to an extensive battery of tools for deployment, virtualization, backup, and monitoring, as well as a hierarchical team of staff to care for it. If, for example, you forget about theoretical ideals for a contemporary IT organization and take a close look at how small companies really work, the following picture becomes clear: Usually, there’s no full-time administrator. If there is one, it is someone with above-average IT knowledge. Often, an ex-web designer or an electronics/PLC specialist with IT knowledge limited to Windows is given the responsibility.
A common denominator of the products designated as small business servers – in contrast to normal Linux servers – is the availability of management functions through a graphical user interface. A GUI caters to the target group: admins with limited Linux know-how. Often, this takes the form of a web interface.
The market offers plenty of alternatives in this sector. Univention, one of the best known manufacturers, offers Univention Corporate Server (UCS) both as a pure infrastructure solution, as well as with installed applications, such as a Groupware stack . Moreover, a number of third-party products and manufacturers base their products on a certified UCS machine, such as Open-Xchange with their Open-Xchange Advanced Server Edition (OXASE) or the Appliance Edition of Zarafa.
In this article, I look at the Zentyal all-in-one server manufactured by eBox, the ClearOS Community Edition from the Clear Foundation, and the Community Edition of the Resara server. Although I occasionally use UCS as a reference, I will not give a detailed introduction here because it has been covered before .
Zentyal is an Ubuntu-based Small Business Server distributed in the past under the name “eBox.” The product is developed by the Spanish open source company eBox Technologies, and it is available as a free Basic Subscription as well as a Business and Enterprise Edition. Essentially, the differences lie in the number of users and the update services included.
The eBox business model is based on yearly support contracts and the server, which is available with various support levels and complementary services. The current 64-bit Zentyal 2.2-2 Community Edition used for this test is also available in a 32-bit version and as a virtual machine image. According to the Zentyal roadmap, version 3.0 was about to be released at the time of testing, but at the time of writing, it was not yet available. Zentyal 3.0 promises, above all, integration of Samba 4, placing Zentyal in direct competition with UCS and Resara in the area of Windows file services.
Unfortunately, version 2.2, available since September 2011, is no longer up to date as far as software packages are concerned, which in some cases could lead to weaknesses in security. Version 2.2 runs on top of Ubuntu 10.04 LTS, whereas Zentyal v3.0 makes the jump to Ubuntu 12.04 LTS. As an alternative, the beta version 2.3 is available for download.
Building Under Ubuntu
Targeted at small and medium-size enterprises as alternative to Microsoft Small Business Server, the Zentyal server offers numerous functions in the areas of routing/gateway, network infrastructure, collaboration (e.g., Zarafa), security, and communication that can be managed via a web interface. Installation is based on the Ubuntu installer but does without its graphical variation. The Ubuntu Alternate Installer requires no interaction except to specify a user account for the system user, hostname, and desired keyboard layout.
As an alternative to the standard mode, the boot menu offers an expert mode with which experienced Linux users can integrate Ubuntu repositories (e.g., Apt configuration), retrieve updated Ubuntu packages from a network mirror, or manually partition the hard drive. Both variations have entries in the boot menu for installing subscription versions.
After rebooting, the automatic login opens a Firefox window on the Ubuntu system with the login page of the Zentyal administrative web interface, in which admins log in as the system user created during installation. Alternatively, the interface can be accessed from any host in the network via HTTPS. After the first login, the system displays an overview of the available packages. When admins click on one of the five large icons at the top of the screen, the GUI highlights the packages relevant to that topic. Admins can choose any combination of packages needed, and if desired, install them all at the same time, including the free Zarafa version.
A click on Install shows an overview of the packages or package groups selected for installation, which then must be confirmed by clicking OK before Zentyal begins with the installation. This first step takes a bit of time, but it is convenient because admins can assemble a custom-configured small business server.
Most of the preconfigured packages are practical and can be used as-is with no additional configuration. The exceptions are configuration of network interfaces and the like. User input is needed to select the kind of server because, besides the standalone server scenario, Zentyal also offers one for role-based multiserver operation that lets a Zentyal server serve as a (backup) domain controller in an Active Directory domain, for example (Figure 1).
During MTA configuration, administrators can also set the mail domain that is to be used. Finally, as would be expected, you may register a subscription at the end of the package installation. As mentioned previously, the subscriptions not only include vendor support, but also make advanced features available, such as configuring a backup to the Zentyal cloud, using a zentyal.me subdomain for addressing the server directly, or monitoring the most important operating parameters remotely.
After saving the changes, a click on Go to the Dashboard brings you back to the overview page of the configuration interface. The wealth of information could be intimidating at first, but it is easy to understand. A click on security updates under the General Information area will start the first update of the Ubuntu foundation. The functions of the web interface are largely intuitive and quite attractive and usable, reaching a level comparable to Webmin. Moreover, it is completely Ajax-free, always requiring a complete reload of individual pages. The package groups seen during installation are reflected in the UTM, Gateway, Infrastructure, Office, and Communications sections of the navigation panel on the left side.
Network configuration falls under the heading Core, and a click on Dashboard at the top of this group takes you to the overview (Figure 2).
On the Dashboard page, Module Status displays the services managed by the Zentyal server. Modules that have not been started can be activated with Core | Module Status, and other components are added under Core | Software Management.
Infrastructure, Office, and Communications
The Zarafa installation is the quite recent version 7.08-351-78. Any further configuration of the groupware requires that a mail stack be activated and configured. The mail server configuration is found under the Communication section. Here, even configuring an SMTP relay with authentication over the web interface is possible.
To save the mail configuration, the email module must first be installed and activated with Dashboard | Module Status, and Zentyal kindly reminds you of this. However, this setup will only work if the component Users and Groups is present, because Zarafa obtains the mail account quotas from the user dialog.
Once these preparations have been completed, admins can further configure Zarafa under Office | Groupware. When this is done, Zarafa’s excellent web interface can be accessed under the address http://<Zentyal-Server>/webaccess (Figure 3).
In 2009, ClearOS was still distributed under the name “ClarkConnect.” Originally designed as a gateway and router distribution, the range of functionality grew, now giving ClearOS the status of a small business server. Only shortly before the deadline for this issue, the brand new version 6.3 was released, which is also available in combination with free or commercial Zarafa editions. ClearOS is based on CentOS 6.3 and is available in several commercial (ClearOS Professional) and Community versions, either as ISO images for installation or as virtual appliances.
ClearFoundation markets the commercial versions in the form of subscriptions per year and server. They are available as Lite, Basic, Standard and Premium packages, differing in support level and number of pre-installed “Apps.” Worth mentioning here are, for example, the Active Directory Connector, and Google Apps Synchronization or Account Synchronization (master/slave). The differences are explained in the ClearCenter Store. The commercial version of Zarafa, the Collaboration Platform, is also available.
The setup routine of the Community version is based on Red Hat’s Anaconda installer and requires only a little input from the user, such as a password for the root account. After the reboot, ClearOS presents an info page on which to select a standard browser or goes to the specified URL (https://<ClearOS-Server>:81) to log on to the web interface. A direct terminal login with the administrator account is also possible with Go to Command Line. The root account is also required to log on to the web interface, which welcomes the admin with a “Get Started Guide.” Then, a wizard guides you through the most important basic settings, such as whether ClearOS is to be operated in Server (without a firewall), Public Server, or in Gateway Mode – reminiscent of ClearOS’s origins as a router system. After the wizard completes its work, which basically takes care of the configuration of the network interface (Figure 4), the system then requests installation of available updates, which at the time of this test was limited to a few packages for the new version 6.3.
Once this is completed, the Community version requires the administrator to register the installation with a ClearCenter account; otherwise, no further components can be installed. In the process, the server name must be specified; however, in contrast to previous versions, it is no longer forced to include the poweredbyclear.com domain. Instead, the next step allows admins to choose freely the name of the DNS domain – called Internet Domain in ClearOS.
After specifying the time zone, the setup wizard automatically jumps to the Marketplace | Server Apps menu to allow installation of Apps from the ClearCenter Marketplace. This way, admins can add the functions of their choice to the basic package, which, in contrast to Zentyal, is much more limited (Figure 5).
The Clear Marketplace, whether the Community version or a commercial version has been installed, offers a rich range of free and paid apps. However, some – such as Windows Networking, FTP Server, Print Server, or SMTP Server – are basic functions. Apparently, many basic functions from previous versions have been moved to the marketplace.
The “Flexshares” app (Figure 6) is recommended. It not only helps make a shared directory accessible via SMB or FTP but also as a dropbox via the web server.
However, this requires that the “Account Manager” be installed first, which in ClearOS is based on your choice of either OpenLDAP (built-in) or Active Directory. ClearOS offers to install the Active Directory Connector app from the marketplace, which requires that an Active Directory server is running (Figure 7). The configuration of OpenLDAP only requires the desired base domain to be specified.
System administration is usually done via the web interface, but it is also possible on the server monitor, called the “graphical console” in ClearOS.
Compared with Zentyal, the ClearOS web interface looks more modern. At the top of the screen are links to the Dashboard, to the Marketplace, and for Login/Logout. The Dashboard displays current memory usage and provides functions for shutting down and rebooting the server. Navigation through the installed components and function groups can be done either on the navigation panel on the left or with the appealing drop-down menus along the top. The categories Server, Network, Gateway, and System are somewhat more coherent than in Zentyal.
Almost all functions in ClearOS 6.3 are available as apps, which fits well into the GUI concept. Each app shows its icon at the top of the main window of the web interface next to a short explanation, and to the right of that is a User Guide button, which calls up more detailed information. In the space below, the app shows the settings or status of the respective service. An area to the right shows the name of the app, as well as the manufacturer and version number; below that, a note listing Recommended Apps, which lists apps other admins have installed in addition, as well as app dependencies. A click on one of these names is enough to start installing the recommended app.
Next up is the Resara Server, available since March 2011 as version 1.0. However, while writing this article, Resara announced that the company would close for personal and financial reasons. The Resara Server remains interesting, however, because the company intends to make the complete code for all Resara products, including the commercial Resara Server and the Enterprise version, available to the community within the next five months.
For this reason, I have included version 1.1.2 of the Resara Community Edition, available since April of this year, in the comparison. The differences between the Resara Community Edition and the commercial variants, “Resara Server” and “Resara Server Enterprise,” are listed on the download page, although the primary benefit of the paid support is no longer available.
The commercial version also offered multiserver replication, CSV import/update, and server config backup. The Community Edition is license under the GPLv2 and the BSD licenses and is available as either a 1.6GB large ISO images or as VirtualBox OVA image. Version 1.1.2 of the Admin Console is also available on the download page in variations for Windows (EXE, ZIP), Mac OS X, and Linux (32 and 64 bit). In contrast to the other products in this comparison, Resara offers no web-based administration. However, the Admin Console package is only needed if the admin intends to administer the Resara Server from another machine in the network because an Admin Console for the local server is included in the server ISOs.
The Resara Server is also based on Ubuntu version 10.04 LTS, like Zentyal. The installation process does not require the admin to do any more than complete the guided or manual partitioning, set up a user account, and choose the language and keyboard layout. After installation, Resara boots up an ordinary Ubuntu System with an icon on the desktop to start Resara’s Admin Console. A wizard for further configuration of the small business server also starts automatically after the first boot (Figure 8).
The first step concerns network configuration; however, it adopts the data from the basic foundation Ubuntu configuration. After configuring the time zone, the admin must specify the host and domain names. The administrator’s password defined in the next step is only valid for the Resara server, whereas the Ubuntu system is accessed as usual with the username specified during installation of the foundation system.
Afterward, the wizard offers to make Resara the DHCP server, asking the admin to specify the desired IP range. Subsequently, the wizard completes the Samba configuration without further user input.
The Admin Console (Figure 9) serves mainly to configure Samba, DHCP, and DNS and manage user accounts.
On the Server tab, Samba can be stopped or restarted. That’s it. Resara is mainly focused on Windows file sharing.
Thanks to Samba 4, Resara can provide a real Active Directory-compatible Windows domain that supports all AD user/computer policies, as well as Microsoft Management Tools. The Admin Console provides three predefined groups: Domain Admins, Domain Users, and Domain Guests, to which new users must be added before they can log in to a Windows domain.
Resara keeps all other details of the Samba/AD configuration hidden from the users. Experienced users will search in vain for the Heimdal (Kerberos) and OpenLDAP services in the context of AD; both are part of the Samba 4 implementation.
A Windows client can only log on to the Windows Resara domain with a domain-compatible version of Windows (i.e., not Windows 7 Home Edition). The process of switching from local login to domain operation should be familiar to Windows administrators: Click on Control Panel | System and Security | System and then on Change settings under the Computer name, domain, and workgroup settings section.
However, the network settings of the respective client must be checked to ensure that it can resolve the DNS entries from the DNS zone of the Resara domain. For this, the Resara Domain Controller must be specified as the DNS server in the network settings. Additionally, the Resara operator must also become administrator on the Windows system and configure the current time.
In the Main
Characterizing the Linux-based small business servers named in this article is easy: Zentyal and ClearOS are designed as typical all-rounders. Functionality can be customized by administrators to fit their individual needs.
Both of these servers offer a web interface for management and are available in a community version as well as various commercial versions. The interface makes a more professional impression in the Red Hat/CentOS-based ClearOS, whereas the Zentyal GUI is rather reminiscent of the no-frills Webmin.
Under Zentyal, the desired package groups are already chosen during installation, but more functions can be added later. ClearOS comes as a minimal system and relocates all functions in apps that are installable via the Marketplace. ClearOS currently only supports use of the commercial Active Directory Connector app to dock onto an existing AD domain. Zentyal has promised AD integration for the upcoming version 3.0, which should be available by the time this article is published.
For the Resara Server, Samba 4, or the realization of an Active Directory-compatible (Windows) domain, is the focus of the product philosophy. However, Resara is the only candidate that offers a native admin tool for all major OS platforms and does without a web interface.
 “Zarafa on the Univention Corporate Server” by Thomas Drilling, ADMIN, Issue 06, 2011, pg. 44
Thomas Drilling has been a full-time freelance journalist and editor for science and IT magazines for more than 10 years. He and his team make contributions on the topics of open source, Linux, servers, IT administration, and Mac OS X. Drilling is also a book author and publisher, advises small and medium-sized enterprises as an IT consultant, and lectures on Linux, open source, and IT security
Report from the X-Force group says attackers are using TOR to hide their crimes
Future Firefox extensions will be compatible with Chrome.
Better read this if you bought your computer before 2011
Users should upgrade to the new version as soon as possible
Xen project announces a privilege escalation problem for Qemu host systems
Attackers can compromise an Android phone just by sending a text message
PC vendor will pre-install Ubuntu on portables in India.
More embarrassment for Adobe's embattled multimedia tool
Mozilla’s script blocker add-on could be putting malware sites on the whitelist.
The Internet community officially banishes the notoriously unsafe Secure Sockets Layer protocol.