Lead Image © stillfix, 123RF.com

Lead Image © stillfix, 123RF.com

Linux infrastructure servers for small and midsize businesses

All Inclusive

Article from ADMIN 68/2022
By
Specialized Linux distributions are available for small and midsize businesses that promise economical and easy management of server applications and entire IT infrastructures. We looked at four of the best known candidates: ClearOS, NethServer, Zentyal, and Univention Corporate Server.

Large networks tend to have at least one virtual machine (VM) per service. Small networks do not need this complexity and can combine a whole range of services on a single machine. So that setting up and managing all these services is not too difficult, special small and midsize business (SMB) editions of Linux distributions substantially simplify how services are handled. Alternatively, you could add extensions to regular distros that support service configuration over a web user interface (UI). However, these tools do not typically cover a full suite of services. The special Linux distributions for SMBs provide convenient configuration tools, and they are typically backed by an organization that offers service and support. We investigate four of these Linux SMB distributions: ClearOS, NethServer, Zentyal, and Univention Corporate Server (UCS).

ClearOS: In the Slow Lane

The ClearOS [1] Linux derivative is provided by the ClearFoundation nonprofit organization from New Zealand, formerly known as ClarkConnect. Like Oracle Linux or the former CentOS (today Rocky Linux), ClearOS is based on the open sources of Red Hat Enterprise Linux (RHEL). Unlike RHEL and Rocky, however, ClearOS is still based on the legacy version 7 and not on the current release 8.

ClearOS is distributed in several versions. In addition to the free community edition, they have commercial variants with support, such as the version by ClearCenter, partnered with Hewlett Packard Enterprise (HPE), which offers ClearOS on ProLiant servers, including the MicroServers. ClearOS operates an app store through which ClearOS installations can source additional services, and again this means free and commercial add-ons.

Unfortunately, the community and the manufacturer's activities online show that things have gotten quiet in the ClearOS camp, with no commits on the ClearOS GitHub repositories since 2019. Moreover, the bug tracker hardly lists any new entries, and the website shows totally outdated roadmap documents. The ClearOS 8 beta release announced back in 2019 is conspicuously absent.

At the end of September 2021, ClearOS released the update to version 7.9 – exactly one year after the 7.9 release of RHEL and CentOS. The 7.9 release, in turn, is the final version of RHEL/CentOS 7, which will still receive fixes until 2024, but no more functional updates or new software. Anyone who wants to use ClearOS for their environment will need to keep very close track of how and when further updates appear, and especially whether or not ClearFoundation will come up with the long-promised release 8.

Setting up ClearOS is quick and no different from a RHEL or CentOS installation. Once the system is up and running, it has a web admin UI on server port 81. This admin application uses the language of the web browser. The ClearOS web UI is not very intuitive or clear in various respects. When it comes to setting up services, the display permanently jumps to the Directory Server app without any further explanation and seems to be a requirement. If this service is running, you can configure other services, but the dialogs are missing. In the File menu, you can set up the Samba server (Figure 1), but important options such as Add share are missing. ClearOS does not manage some services (e.g., the print server) with its own GUI but simply redirects you to the UI of the respective service (e.g., CUPS).

Figure 1: ClearOS comes with Samba management but has not seen any updates for a suspiciously long time.

The basic concept of ClearOS is fine with the various editions and subscriptions for support, but the implementation is sadly lacking. The UI lacks functionality and is anything but clear-cut. However, the killer criterion for ClearOS is that it no longer seems to be under active development. The recently introduced update is based on a 12-month-old CentOS/RHEL release, with no sign of a new version based on Rocky Linux/RHEL 8.

NethServer: Looking to Break New Ground

NethServer [2] is an open source project by Italian IT service provider Nethesis. The basic strategy behind NethServer is currently pretty similar to the ClearOS approach. NethServer is also based on CentOS 7, offers several free and commercial models, and comes with a web UI for simplified configuration. However, NethServer does not create a completely separate web application like ClearOS; rather, it uses the modular Cockpit web management tool, which gives you a far better overview than the ClearOS UI.

Far more important, the NethServer version 7 community project is alive, and Nethesis is planning some fairly radical restructuring of the system for version 8. The upcoming version will no longer have its own Linux distribution. It will be based on Debian 11 or Fedora 34, where the services will run in Podman containers (Figure 2). Users can combine several NethServer instances to create a cluster on which to distribute their services.

Figure 2: The announced version 8 of NethServer will deliver applications as containers, but there is no telling when this release will be available.

Basically, Nethesis is looking to develop a kind of "Kubernetes light" for small environments with a simple web UI. That's a pretty big undertaking for an IT service provider with 35 employees, especially if Nethesis also intends to provide commercial support in the future. Although the project is active and maintained in a better way than ClearOS, the project's GitHub repository shows only five developers currently working on the project, and their activity came to a virtual standstill in July 2021.

NethServer is also based on the CentOS/RHEL sources of version 7. The web UI based on Cockpit provides a better overview and is easier to use than the UI in ClearOS. However, NethServer also lacks configuration options such as managing Samba shares in the web UI. Nethesis is also adopting a very interesting approach with the NethServer 8 strategy. A container cluster without Kubernetes and with a neat web UI would be perfect for SMB installations. Hopefully, this project will not falter and will release a beta version in the foreseeable future.

Zentyal: Caution

The Spanish open source project Zentyal [3], formerly known as eBox Platform, became known as an Exchange clone. For this purpose, the solution used a Messaging Application Programming Interface (MAPI) implementation that could serve Outlook clients. Zentyal and its predecessor were available both as a standalone solution and as a hosted service. However, as early as release 5, the project parted ways with the MAPI implementation and now works with regular Internet protocols such as the Internet Message Access Protocol (IMAP) and Simple Mail Transfer Protocol (SMTP).

The current Zentyal 7 is based on Ubuntu 20.04 and can be installed either from a separate image or a running Ubuntu server. Unlike ClearOS or NethServer, Zentyal does not offer a large app store for different server apps, such as image galleries or the like. The system focuses on the essential groupware functions: directory, file, and print sharing; certificate management; a mail/chat/groupware server; and an Internet gateway.

The basic installation from a DVD guides you through the familiar Ubuntu setup and adds the Zentyal components at the end. After a reboot, the web UI of the installation can be accessed on port 8443 of the server's IP address. In parallel, the server launches the local X11 UI, automatically logs in the previously defined user, and opens the browser with the admin interface. However, automatic login to the local X11 UI only takes place on initially launching the Zentyal server. After that, the administrator has to log in with a username and password in the regular way.

The web UI looks uncluttered and clear-cut (Figure 3). Almost all configuration options are available – but only almost. For example, if you configure Windows file sharing with Samba, you will see the service configuration UI for Samba – but only once, because after the initial Samba configuration, the UI for the Samba settings disappears behind a paywall. You will then see as message stating: This GUI feature is just available in the Commercial Zentyal Edition . Restrictions of the Community Edition do not exist for the other two servers. Either a feature is available in the free edition or it is not.

Figure 3: The free variant of Zentyal builds a paywall in front of certain administration operations.

On the basis of current knowledge, you should consider very carefully whether or not to purchase a commercial version of Zentyal and the support this entails. The Infoempresa web service, which gets its information from the Spanish commercial register, lists Zentyal SL as insolvent since 2016. Moreover, things have become quieter in the Zentyal camp of late, both on the official website and in the community forums. The last "news" on the website is the announcement of Zentyal version 7 in July 2021, and the last commit in the GitHub repository was in May 2021. Not much has happened in the bug tracker since August 2021.

Zentyal Server 7 is a well-thought-out solution, all told. The UI is neat and clear-cut, and the functions are limited to the essential services that an SMB installation really needs. Among other things, the integrated certification authority, with which certificates for local services and systems can be easily managed, is a very good idea. On the other hand, it is a pity that some important menus disappear behind the paywall of the commercial version. IT managers should think very carefully before signing a support contract with a company that may soon no longer exist.

UCS: Established

The Univention Corporate Server (UCS) [4] from Germany's Univention GmbH will celebrate its 20th birthday next year. The manufacturer offers different variants. Until 2015, a free version for personal use that could not be operated commercially was available, but the manufacturer has departed from this model. Companies are allowed to use the free UCS Core Edition, but without support. If you need support, you can purchase subscriptions with various service level agreements. A special edition for schools is available, as well.

The current version 5 has Debian 10.9 at its core and comes with a number of its own extensions. First and foremost is the user directory. A new UCS server either joins an existing domain or creates a new one – nothing works without a Lightweight Directory Access Protocol (LDAP)/Kerberos back end. In return, UCS consistently integrates the applications from the app store into the directory. The services do not have quirky admin UIs and local user management. For example, if you install the Jitsi video conferencing server from the UCS app store, it immediately integrates with the directory. Users with a valid account and an app share for Jitsi in the directory can then immediately use the video conferencing service. UCS can also connect to Internet account services such as Google or Salesforce with Security Assertion Markup Language (SAML).

Univention already implements many of its add-on apps as containers (Figure 4). The Docker service runs in the background on the server; UCS does not source apps from the insecure Docker Hub, but from an in-house registry. Access to the containerized services is handled by the UCS Apache web server by reverse proxy and name-based routing, which the DNS service on the network must support, of course. This requirement is one of the small stumbling blocks with UCS. If the server itself acts as a DNS service on the local area network (LAN), everything works as desired. If UCS runs on a LAN with an existing DNS server, you might have to adjust the DNS configuration of the existing service.

Figure 4: UCS delivers apps as containers and is otherwise well maintained and supported.

The system's web UI has improved massively in the last few years. The UIs of the UCS 2.x versions left a lot to be desired, but that has changed dramatically. The portal intelligibly groups functions and settings. The UCS environment is a good fit: The GitHub repository with the UCS source is well maintained with around 25 active code contributors.

Looking back on 19 years of existence, UCS is probably one of the longest serving SMB Linux servers on the market. Its strengths include very good directory integration and management and a mature, stable web UI. Debian 10 provides a solid operating system foundation, and migrating to Docker containerized apps is forward-looking. On top of this, UCS is backed by a company that has been providing a product and support for almost 20 years.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Server distributions for small businesses tested
    Six all-in-one Linux server distributions and a NAS system for small businesses and workgroups feature comprehensive feature sets, simple administration, and services. Are these distributions worthwhile?
  • CoreOS 1122.2.0 (64-bit) & NethServer (multiarch)
    CoreOS is a lightweight Linux operating system for managing and running containers at scale with low overhead. NethServer is a Linux distribution for servers based on CentOS 6.8 and licensed under the GPLv3.
  • openSUSE LEAP 42.1 and ClearOS 7.2
    The openSUSE community offers the "first Linux hybrid distro," which combines source from SUSE Linux Enterprise (SLE) with community contributions in an effort to provide a balance between innovation and maturity. ClearOS, also known as the Next-Generation Small Business Server, is an IT solution for homes, small to medium-sized businesses, and distributed environments.
  • ClearOS 7 Community Edition and Kali Linux
    ClearOS provides a simple and easy-to-use platform for all layers of the IT environment. Offensive Security bills Kali Linux 2017.1 as their “most
    advanced penetration testing distribution, ever”.
  • Zentyal Server 3.5
    Some users may struggle when setting up various services, such as web servers, email servers, firewalls, and the like. Zentyal simplifies configuration of all those things, thanks to its intuitive user interface.
comments powered by Disqus