As anyone in IT can tell you, Linux has invaded the server room. The operating system is running file servers, print servers, content delivery systems, global caching servers, data archives, VPN servers — you name it. There’s a very good chance that the big iron that composes the backbone of your company’s digital world is powered by Linux.
Chances are also good that it’s not on many of your desktops, if any.
Microsoft Windows continues to rule the enterprise on the desktop. Any inroads made against it have come from macOS X, typically in marketing and creative divisions. Relatively few companies consider the option of Linux on the desktop. But in recent years Linux distributions have become far more sophisticated and user-friendly, and the cost of deployment can be a fraction of more traditional large-scale desktop installations. Linux is often viewed as more secure, too. PC World calls security “one of Linux's many advantages over Windows” and offers five reasons why it is more secure.
It’s a great time to explore enterprise-friendly Linux desktop options. Below are five worth considering.
- Red Hat Enterprise Linux Desktop
- SUSE Linux Enterprise Desktop
- Ubuntu desktop for the enterprise
- Linux Mint
- Trusted End Node Security (TENS)
Three of the five Linux distributions discussed offer reliable and professional-grade support, all have frequent updates to ensure that security exploits are addressed in a timely manner, and all have at least some level of corporate connectivity baked in. In addition, all of them can run Windows programs through virtual machines or subsystems such as Wine. That ability might appeal to executives, but it raises the question of whether it’s really necessary or even a good idea.
There’s also a big cost difference between deploying Linux and Windows: Linux itself is free, so it’s the distributor’s support that you’ll pay for. And, yes, you will want to do that. The price for proper enterprise-ready support still makes Linux desktop a much less expensive option.
SaaS apps + Linux means you don’t need Windows
There is a widespread but mistaken perception that Linux doesn’t offer the same applications and utilities as a typical Windows computer.
However, PC World calculates that much of enterprise computing involves QuickBooks Pro, Salesforce, Google Docs, Microsoft Office, Base Camp and Skype. All of these are available as programs directly on Linux or from cloud-based or SaaS alternatives. What’s more, all of the Linux distributions included in this roundup offer all of these programs or comparable replacements, already installed and ready to use.
It makes little sense, then, to undercut the price advantage of using Linux on the desktop by paying for Windows licenses on even some of those machines. And a Linux machine that also runs Windows is going to be exposed to a lot more malware. Sidestep Windows and you sidestep the security challenge it poses, too.
Linux OS security considerations
There’s a lot of data that suggests that Linux is the most secure operating system choice — better than a locked-down Microsoft Windows or macOS X machine, or even a thin client such as a Chromebook. As IT Pro says, “Security is a cornerstone of the Linux OS, and one of the principal reasons for its popularity among the IT community.”
Because Linux is so flexible and modular, with thousands of programs available for most distributions, it can be beneficial to work backwards to attain the best enterprise Linux desktop. For example, physical security keys are a proven technology to minimize network logins from untrusted third parties, so you could start by looking at a provider such as Yubico and check which Linux distributions the company supports. Yubico’s security key system is built around the Pluggable Authentication Module, which is supported natively within Red Hat Enterprise Linux through RHEL’s Identity Management module.
Security keys manage login, but the connection between the desktop and the server is just as much of a concern, particularly for employees who work remotely or are in the field. In those situations, a virtual private network (VPN) is the way to go, or if your enterprise uses the cloud extensively, consider using what’s becoming known as a software-defined perimeter (SDP). Of course, broad adoption of a VPN requirement for remote login is a good idea regardless of desktop operating system.
Red Hat Enterprise Linux Desktop
Red Hat has been around since the dawn of the Linux era, always focused on the business applications of the operating system, rather than consumer use. That has translated into a lot of Red Hat servers in enterprise data centers, but the company also offers Red Hat Enterprise Linux (RHEL) Desktop. It’s a solid choice for desktop deployment, and certainly a more stable and secure option than a typical Microsoft Windows install.
The stock RHEL Desktop configuration includes integrated email, calendaring, contact management, a suite of office apps and virtualization capabilities to allow users to run Microsoft Windows and legacy apps as needed.
If you like to minimize risk by choosing the popular option, it’s worth noting that Gartner estimates that Red Hat accounts for roughly two-thirds of all enterprise Linux installs. Fortune 500 companies including Sprint, Amadeus, E-Trade and Bayer all have deployed RHEL.
RHEL Desktop starts at a comfortable US$49/seat, which means the next time you have to roll out a 500-person deployment at a new office in Beijing or Johannesburg, it won’t require a new round of funding to pay for it. Again, recall that you’re paying for support, not the product itself, because Linux itself is free and open source.
SUSE Linux Enterprise Desktop
SUSE also offers both server and desktop configurations of its enterprise Linux software.
Because Linux is an open and flexible platform, just about any applications available on one Linux enterprise desktop platform is quite likely available on all the others too. Therefore, SUSE also integrates with Microsoft Active Directory and Microsoft Exchange and works with Novell GroupWise.
On the security front, SUSE Linux Enterprise Desktop’s smart AppArmor system effectively builds a firewall around each app so that, even if users unwittingly run something malicious, it won’t infect their system or the overall enterprise.
Enterprise Desktop support through SUSE runs US$120/seat regardless of installation size.
Ubuntu desktop for the enterprise
Ubuntu is a favorite among Linux folk, whether they’re planning to do hardcore software development, power a media server or provide end-of-life functionality to older hardware. The same basic distribution is available in an enterprise edition, and many hardware vendors offer Ubuntu as a pre-installed operating system option. Bonus: Ubuntu has the most available software through its online digital distribution system.
Included in all Ubuntu enterprise desktop systems are a Microsoft-compatible office suite, antivirus and anti-malware software, a wide variety of open-source programs, enterprisewide support and management tools, and extensive support and training, including on-site training options. Ubuntu is also fully translated into over 100 languages, making it an excellent choice for a global corporation seeking to standardize.
The Ubuntu developer community tends to evolve components quickly, which is why enterprise installations are smart to opt for the long-term support (LTS) program, which guarantees active support for five years rather than Ubuntu’s standard nine-month cycle. The actual releases are more frequent than that, however, with a new major release of Ubuntu every six months and a major LTS release every two years. LTS releases are also focused on security and stability, not new features, which should be music to an IT administrator’s ears.
Ubuntu Desktop for Enterprise is supported through the Ubuntu Advantage program and costs US$150/year with a minimum of 50 installs per organization.
Although it isn’t designed specifically for enterprise deployment, the exclusively desktop Linux Mint is worth including here because it enjoys a reputation as one of the easiest Linux desktop environments for new users. Built around the proprietary and popular Cinnamon windows manager, the current version of Mint is based on both Ubuntu and Debian Linux distributions.
It is important, however, to note that there is no paid or enterprise-level support available through Mint, so companies that choose to adopt this version of Linux are on their own for internal support. While Mint therefore isn’t ideal for anyone who works with private and confidential documents and data, it can still minimize the cost of user support for other personnel.
Trusted End Node Security
If your key concern is security and privacy, then it’s worth checking out one more option for deployment in your enterprise. Trusted End Node Security (TENS) is a Linux distribution designed by the U.S. Air Force and approved by the National Security Agency (NSA) for secure use. It doesn’t have a huge base of applications, but it does support security features such as smart-card and key-card login.
The entire environment runs without requiring a hard drive — you can boot off a CD or USB flash drive — so it’s completely sheltered from any malicious software, and there’s no way that even traces of sensitive data can be left on the computer once the user is done with a session. Nonetheless, it includes some basic Linux tools, including the entire LibreOffice suite, offering a functional equivalent of Microsoft’s Office suite, but in a highly secure environment.
Like Linux Mint, TENS is a good option for specific user communities but has no paid support or subscription services, so you’re on your own for enterprise support and maintenance.