Building Your Company IT System with Zero Software Costs

Submitted by sasdrupal on Thu, 05/07/2020 - 12:19
GNU Logo

Introduction

Stokes Automation Systems LLC (SAS) spends zero dollars every year on software. This is achieved through the deployment of quality free open source software (FOSS). This document describes the software products we use.

GNU / Linux

All SAS server, desktop, and embedded computers are running the GNU/Linux operating system instead of Microsoft Windows or macOS. Some may ask, "Why should I change my operating system when it was included with my computer at no extra cost?" This question is based on a false premise; there is definitely a cost. If you build your own computer from parts you purchase separately and want to run MS Windows, you will need to purchase a license. At the time I wrote this, the entry level version of MS Windows 10 was available on Amazon for $99. The professional version was $149. If you need the server version of MS Windows, that will cost you $249. Remember, that price is for a single license. If you need MS Windows for more than one computer, you will need to by additional licenses. Every computer manufacturer that installs MS Windows on the machine is charged a fee by Microsoft. This fee varies depending on the version of MS Windows and this fee is added to the price of the computer. Even after you have paid the fee for MS Windows, the cost doesn't end. Microsoft only supports their operating systems for a limited time. Software defects are regularly discovered that leave your computer vulnerable to hackers. If you do not install the software updates, you are at risk. Unfortunately, Microsoft will not provide these updates indefinitely. At some point, they will declare that a version of MS Windows has reached "end of life" and no more updates will follow. MS Windows users must pay another fee to upgrade to the next version of MS Windows. Unfortunately, the pain does not end there. Each new version of MS Windows requires more resources than the previous version. When MS Windows is upgraded to the next version, users normally find they need a faster CPU, more memory and maybe a larger disk drive. This is  cycle that continues without end. Apple Mac users experience a similar situation.

There is a better alternative to the vicious cycle of operating system software expenses. Around 1970, software developers at Bell Labs created an operating system called "Unix". This operating system became popular in high performance computers including servers and high-end workstations. As Unix was another operating system that required a license fee, many other organizations created there own operating systems that shared the same design as Unix. Most of these Unix-like operating systems have become extinct, but today two of them still exist and have become extremely popular, namely "Linux" and "Free BSD". Linux is a "kernel" of an operating system. The kernel of an operating system is the software that executes when no user programs are being run. In order for an operating system to be useful, it needs many programs for the user to accomplish simple tasks like logging into the computer and starting applications to accomplish work. You might not be aware, but Android phones include the Linux kernel at the heart of their operating system. This is where "GNU" comes in. GNU is a project that provides free operating system software and is maintained by the "Free Software Foundation" (FSF). When combining GNU software with the Linux kernel, you have a fully functional operating system called "GNU/Linux". Even though GNU/Linux is free software, there is a license, the GNU Public License (GPL), and this license includes a stipulation that if you improve the software, you must make your improvements available under the GNU license. This is the reason that GNU/Linux has such high quality without a license fee. Millions of software developers all over the globe constantly improve the GNU/Linux and add new features and these features do not stop with the operating system. Many organizations (including Stokes Automation Systems) now produce high quality software applications and release them with the source code under the GNU license. Under the GPL, you will find software that accomplishes the requirements for almost any business function, including word processing, photo editing, and machine control.

There is an analogy between baking bread and GNU/Linux. Most people are aware that the recipe for basic bread consists of flour, water, yeast, sugar, salt & oil. You can make bread yourself, or you can find many different brands of bread in the store, each one slightly tweaking the recipe ingredients and process. Since the source code for GNU/Linux is freely available, you could build the operating system and install it yourself just like you can bake your own loaf of bread. Unfortunately, the skills required for building software are beyond the typical computer user, but just as you can get a loaf of bread from the store, you can download a compiled version of GNU/Linux and install it on your computer. Since there is very little cost for a company to provide the GNU/Linux download, may provide it at no charge. Brands or "Linux distributions" as they are called include "Debian", "Ubuntu" and "Mint" and all of these are downloadable at no cost. Once you have download the "install image" as an "ISO" file, you can burn/write it to a CD, DVD or USB drive and install it on your computer. If you do this, be sure to backup your personal data, including photos and documents, so you can restore them onto your GNU/Linux installation.

Other brands of GNU/Linux like "Red Hat Enterprise Linux" from IBM are available with a license fee for support services that they provide. Some organizations may find this service necessary if they do not have the time or skill to troubleshoot their technical difficulties. Another option is to install a no-cost version of GNU/Linux and purchase a support contract from a company like Stokes Automation Systems.

Hosting

Once you have decided to use the GNU/Linux operating system for your organizations servers, you must decide on where to install it. If your facility is equipped with high-speed Internet access and a static IP address, you can host your servers on your own equipment. This is optimal for data security since you have total control over who can access your servers. This protects you from hackers, but to eliminate the risk of data loss, you still need to have a solution for offsite data replication and backups.

Many organizations would rather have their servers hosted "in the cloud" by a hosting vendor. This eliminates the hassle of maintaining computer and associated networking hardware onsite. Many years ago, Stokes Automation Systems self hosted, but found the Internet service provider's uplink speed intolerably slow. At that time, we began using linode.com hosting and are so pleased with it, we have not even considered self-hosting again. We also host all our client servers with this vendor. To do this, one must create an account with linode.com, provide credit card information for payment, and select the size and features of your host. One of the features you must select is which distribution of GNU/Linux you want running on your host. Each GNU/Linux user has there own personal preference just as drivers have a preference for brand of vehicle. A small host starts at about $10 per month, but hosts with more memory have higher monthly fees. There is no contract and you can add or remove hosts on a whim. Once you have your host running, you can remotely login to it from your GNU/Linux laptop or desktop computer. Using the GNU ssh utility, the commands you type on the command line will be executed on your remote host server. You can issue commands to install and configure any software you need and if you choose wisely, this is done at no cost.

Internet Domain Names

There are many companies that can register a domain name for you so that you and your customers do not need to access your host server by its static IP address numbers. We have several domain names, including "stokesautomation.com". Once you have established a domain name, you can create as many subdomains under it as you like. Subdomains are only really necessary if you have multiple servers or you want to host different websites under a single domain. For instance, you can have a website for your customers at "mycompany.com" and a separate website used internally by your staff at "internal.mycompany.com". Even though they run on the same server and the same port number, the web server distinguishes the difference by the difference in domain name.

Stokes Automation Systems has used several different vendors for registering our domains and the domains of our clients, but we are currently using namecheap.com. This company provides low prices on domains and includes many features that our previous vendors charged extra for. To establish a domain, create an account with namecheap.com, select an available domain name, provide credit card payment information and configure the domain. Configuring the domain includes specifying the static IP address of your host and the addresses of any other hosts using your subdomain names. You will also need to configure extra settings that some mail recipients require so that they do not place email messages from your domain into the spam folders.

Security Certificates

In the early days of the Internet, hacking crimes were almost non existent and network security was often overlooked. Today, Internet crime is widespread and growing larger each day. Most computer users are aware that they should never transmit passwords or sensitive data unless the network connection is secured with encryption. For a long time, providing secure connections to your clients was an expensive and troublesome undertaking. Today, this is no longer the case, thanks to an organization called "Let's Encrypt". Using software provided by this organization, you can prove to them that you have control over your domain name and they will issue you a security certificate file signed by them and a key file to use it.

Email

One of the first pieces of free open source software you will want to install on your server is email service software. There are many to choose from and they usually are split into two separate pieces of software. The first piece allows you to receive email over the SMTP protocol. The second piece allows remote users to access their email messages over the IMAP or POP protocols. Stokes Automation Systems uses "Postfix" for SMTP and "Dovecot" for IMAP and POP. Of course, these are free open source software programs. On our Debian GNU/Linux mail server, it only takes two commands to install these software packages, but configuring them takes significantly more effort. When these packages are installed, the corresponding configuration files are installed, but require customization to make the services work properly. Now is a good time for me to recommend to you that you keep a journal of everything you do while installing and configuring software. Copy and paste every command you type into the journal. Most configuration files allow comments to be inserted into the configuration data. Each time you make a change, insert a comment above it with your name and a short description of the change. You can place additional documentation in your journal. Each time you get a new feature working, create a backup of your configuration folder with the date and time contained in the name. The GNU "tar" utility works well for this. Some administrators even use a full blown version control package (like "git") for this. If you follow this suggestion, your combination of journal and backup configuration will provide a reproducible process for configuring another server or troubleshooting problems. GNU utilities that are included with your operating system allow you to search for your name in your configuration files and show you what you changed. It's a great time saver.

There are two ways for the SMTP service to store your mail, either as a single file containing all the messages or a folder tree that stores each message in a separate file. I prefer that latter as it allows me to use many different tools to process my mail. The choice is yours.

Using the technique above, users can access their mail remotely using a FOSS mail client like Mozilla Thunderbird, which functions much like MS Outlook. Another solution is to install a web mail package that works with your web server package. I have used a FOSS package called "Squirrel Mail" for some of my clients that prefer the simplicity of reading and sending email in a web browser.

Web Server

There are many choices among FOSS for web server packages, but one of the most versatile is the "Apache" web server. This server works well for hosting static, hand-coded HTML files or dynamic server-side generated pages in the popular PHP programming language. There are many web applications implemented in the PHP language, including one I have already mentioned, Squirrel Mail. One of the most exciting categories of web applications is the "Content Management System" (CMS). Attractive features of a CMS are the content can be edited by users with no programming skills and the content presentation will automatically adjust itself for devices like large screens and small phone displays. The CMS I recommend is the FOSS package called "Drupal". It is implemented in the PHP language and runs well under the Apache web server.

Database

The Drupal content management system I mentioned above requires a database for storing information. A FOSS database exists called "MySQL" and I have used it extensively in the past for CMS and custom applications that I have written. In the recent past, the Oracle corporation gained control over the MySQL organization, which upset many developers and users who are suspicious of such situations. Since the source code had already been released under the GPL, a group of developers started a new branch of development (called a "fork") of the MySQL code and named it "MariaDB". MariaDB works exactly like MySQL and the command line utilities still bear the name mysql*. I have found that MariaDB works as well as MySQL and this has led many distributions to focus on delivering MariaDB and dropping support for MySQL.

Security

There are many FOSS security packages available for GNU/Linux. The one I find most useful is called "fail2ban". This program will constantly monitor the log files from other programs like the ssh remote login service for signs of intrusion attempts. For instances, if a user tries to login with invalid credentials many times in a short period of time, this could be a hacker running a "brute-force" attack where a dictionary of popular passwords is attempted with a known user name, such as a mail recipient on the server. Fail2ban is very configurable as far as the tolerance it has for password mistakes. Once it has detected an intrusion attempt, it will ban the access by the offending remote host. If the offending host attempts any further access to the server, the data packets are simply ignored. I regularly look through server logs and see many bad attempts to gain access through remote login, mail SMTP, IMAP & POP servers, and web applications. Many times, I see many offending IP addresses in contiguous blocks, indicating they are part of a common network of malicious hosts called a "hacking farm".

Another FOSS package for scanning folders for virus infected files is ClamAV. This package maintains an up to date list of byte signatures of well known computer viruses and will scan folders and even email messages for incoming malware.

Desktop Applications

The discussion above focused on server software, but there are many more FOSS packages available for laptop and desktop PC users. Stokes Automation Systems has functioned on FOSS for its entire history.

LibreOffice is an office suite with about the same features as Microsoft Office. It comes with word processor, spreadsheet, presentation, drawing and reporting applications. For the most part, LibreOffice is compatible with MS Office. LibreOffice can read MS Office documents. LibreOffice has its own format for storing files by default, but it offers an option to store the data in MS Office format. LibreOffice also offers an option to export files to PDF files that can be published. This is a far better solution than passing around MS Office documents. Stokes Automation Systems uses this software for documentation, correspondence and invoicing.

Stokes Automation Systems provides custom software applications for customers written in the C, C++, Java and other programming languages. Compilers for these languages are available as FOSS. An application called an Integrated Development Environment (IDE) is used by software developers to edit, build, execute, and debug programs. SAS uses two FOSS IDEs, "Eclipse" and "NetBeans".

Conclusion

I am fascinated by the fact that we live in a world at a time when computer users can enjoy all the software they want without having to go bankrupt doing it. All of this is due to the generosity of software developers and companies that donate their efforts for the good of all. In addition, there are many users of FOSS that don't have the skills to program, but contribute with efforts to produce software documentation. Other users often donate funds to FOSS projects they have benefited from.

Adults in business are not the only ones that benefit from FOSS. There are many educational programs and games available for children. My sons grew up playing with an OLPC (one laptop per child project) that provided countless hours of fun and learning. As they grew older, they enjoyed many multiplayer FOSS games and even experimented with writing their own programs.

If you would like to benefit from free open source software but don't know where to begin, contact Stokes Automation Systems for a free consultation and let us put together a plan to free you from the vicious cycle of expensive software and hardware upgrades.

Links