Running Windows on DSL
Desktop Training - DSL

Running Windows on DSL

The concept of running Windows on a DSL desktop seems overwhelmingly impossible. It seems inconceivable that an XP Widows operating system that requires 512 RAM, 10 MB of disk space and a Pentium IV processor to run decent could run on 256 MB flash drive that is on a system with 128 MB of RAM. However, it works and it works well.

 

Here is a screenshot of Windows Internet Explorer 6.0 running at a high speed on a USB Flash Drive.

There are three ways to run Windows on the DSL desktop. Wine (winehq.com), Win4Lin (win4lin.com) and Crossover Office (codeweavers.com) can all be loaded on the server or computer you will access and then they can be run using SSH from the DSL desktop. Each of these methods has advantages and disadvantages. Following are some the practical issues that have been faced using these programs. There are problems but it can all be made to work well.

 

An explanation of why you would want to run Windows in DSL may be the first issue to consider.

 

Diverse Software Needs

In a school district that has run Mac, Windows 3.1,Windows 95, Windows 98SE, Windows NT, Windows 2000, Windows XP, and multiple distributions of Linux, there is a need/request to continue to run many of the applications that were on these operating systems. Every institution has a similar problem. There is almost no way to upgrade the entire district with the same operating system and applications at one time. This is both financial and political. Financial in that there would never be enough funds to move into one Windows OS with the supporting software...it will never happen for school districts. Even if you had the money to do it, you would not have the funds to update the whole mess the next year. It is also political in that it is difficult to move an entire district or organization in one direction all at once. You have users who resist change to the very end. But you also have a productivity issue in that you cannot afford downtime.

 

One of the issues that needs addressing is that of preserving value from past purchases. Sorry, but the Mac software went down the road. However,it may be important to figure out a way to save the Windows software. Here is an important example. In the recent past, school district teachers have purchased software for students to run on the Windows platform. The district has hundreds of CDs that are designed, more or less, to run on Windows. Unfortunately, this software is mostly made to run on the Windows 95 platform and it is often poorly designed. The poor software programming that went into these Windows applications was not evident until these programs were run in Linux. Using Wine (winehq.com), Win4Lin (win4lin.com) and Crossover Office (codeweavers.com) showed immediately that much of this software, the CDs teachers purchased, is garbage in terms of design. How this CD software abuses system memory and system resources is disgusting. No wonder Windows crashes with this stuff running. One of the problems that was discovered was programs on CDs would steal %95 of CPU cycles for one program, for example. There was just no way you could demonstrate the value of running Wine, Win4Lin or Crossover office when you had these programming errors in the CD applications. Sure you had Windows operating system errors as well but they were nothing like these CDs.

 

One of the ways to reduce abuse by Windows programs running in Linux is to use PAM to restrict the number of processes that are used by each user.

 

Pluggable Authentication Modules

PAM is an application for authentication processes which acts as a layer between the user and the application. It is developed in modules system wide so it can be configured to work with almost any application. One module of particular interest is the Resource Limits Module. This module allows you to place limits on resources that users use. For example you can limit the number of logins or limit the number of processes a user may use. These features allow an administrator to setup a scenario where one user cannot hog system resources.

 

This file is the heart of managing PAM Resource Limits Module on the server/workstation is /etc/security/limits.conf. An example file is listed below. The file itself has directions on it's use.

 

##################################################

# /etc/security/limits.conf

#

#Each line describes a limit for a user in the form:

#

#<domain> <type> <item> <value>

#

#Where:

#<domain> can be:

# - an user name

# - a group name, with @group syntax

# - the wildcard *, for default entry

# - the wildcard %, can be also used with %group syntax,

# for maxlogin limit

#

#<type> can have the two values:

# - "soft" for enforcing the soft limits

# - "hard" for enforcing hard limits

#

#<item> can be one of the following:

# - core - limits the core file size (KB)

# - data - max data size (KB)

# - fsize - maximum filesize (KB)

# - memlock - max locked-in-memory address space (KB)

# - nofile - max number of open files

# - rss - max resident set size (KB)

# - stack - max stack size (KB)

# - cpu - max CPU time (MIN)

# - nproc - max number of processes

# - as - address space limit

# - maxlogins - max number of logins for this user

# - priority - the priority to run user process with

# - locks - max number of file locks the user can hold

#

#<domain> <type> <item> <value>

#

 

#* soft core 0

#* hard rss 10000

*   	        soft    nproc           45
* hard nproc 65
* hard fsize 50000

@student hard nproc 45

fred_badboy hard nproc 28

fred_badboy hard maxlogins 1

@faculty hard nproc 50

#ftp hard nproc 0

@student hard maxlogins 1

#@users hard maxlogins 1

#limit hard maxlogins 1

 

Note that the group @studnet can each only have 45 processes running and fred_badboy can only have 28 processes running on the server, the jerk. Thus PAM will help you control users or programs that get out of hand.

Despite interest in moving to a full Linux commitment, sometimes you need to settle for a transitional position and that is where a program like Win4Lin can help a business or school system maintain a Linux base but still use aspects of Microsoft that are needed for special projects.

Technical Challenge

Noxon implemented a Web Based Learning Center for students who needed credit recovery and for students desiring to take college classes while in High School. Both organizations that provided the web based curriculum required Internet Explorer 6.0 to take classes. While Linux browsers provided a 75% solution, the use of special scripting and Authorware for courses prohibited the use of Linux browsers.

The Win4Lin Server Solution

The school created a LTSP server (http://ltsp.org) using Win4Lin Server from netraverse (http://netraverse.com) to provide a Linux desktop that could run an

Internet Explorer 6.0 browser. Windows 98 SE was installed with licenses that were not being used as the school moved other Windows desktops to XP and reduced Windows licenses by moving to Linux. This decision makes sense for a lot of organizations that have a number of Windows licenses that are not being used. Currently, Netraverse is working on a port to Windows 2000. Using regedit.exe the Windows desktops were locked down so that students could only run the browser and a few minor programs. No applications were installed on the Windows desktop except Internet Explorer. This may seem strange but the reality is that this lessened possibilities of virus infection and configuration issues. All of the applications students needed were available in Linux, including OpenOffice, a calculator, and a Mozilla web browser for research.

 

Locking Down Windows

The main purpose was to use the Windows browser and create a system that would function well with a Windows web based learning center but have a total Linux desktop. By using regedit.exe in Windows and modifying this Key:

Hkey_current_user\Software\Microsoft\Windows\CurrentVersion\policies\Explorer

 

These programs were allowed to run; iexplore.exe, regedit.exe, notepad.exe, setver.exe, calculator.exe, ieplore5.exe. Those are the only programs allowed to run on the Windows system.

 

Accessing Files from Windows and Linux

When you review the directory structure for a user account you begin to understand the well thought out construction of the home directory. Inside the /home/user directory are two important folders. The mydata folder which can be accessed from Linux gives the user a place to store documents, etc. and inside that folder is MyDocuments. The MyDocuments folder corresponds to MyDocuments in Windows and is read-write for both Linux and Windows providing a window between both systems and allowing users to use program like OpenOffice to interface between both programs at the same time. This provides a way for students to create all of their work in Linux, save and then post to their class using the Internet Explorer browser.

 

Directory Structure

/home/user

/mydata

/MyDocuments

/win

 

The /win directory is the symbolic link folder to the Windows operating system. This folder by default cannot be changed by users and links to a full blown Windows installation. Because it is read only it does provide an avenue of safety against virus activity and spyware.

 

Creating a Profile

Profile-based provisioning enables an administrator to not only create a user account that is tweaked just right but also allows the administrator to deploy that account and the configuration to as many people as need be, quickly. The beauty of the program is that once you have configured the profile account each user will inherit a read-only copy of Windows and the applications by using symbolic links to the profile account. The use of symbolic links saves space on the system but more importantly it provides an easy way to manipulate all accounts via the profile account.

 

The process of completing this task is straightforward. Create a user account in Linux and then install Windows on that account with this command:

/usr/bin/wts-install

 

This will actually go through the process of installing Windows. For the purposes of a Windows browser and tracking problems the VNET network option made the most sense. Using the VNET option means that you must configure an IP Address, IP Mask, DNS and Host for the accounts. Most of this information is delivered to the accounts without repeating the process.

 

The profile account should be tested completely before you roll it out to other users. Once the Windows account is

 

Solution Detail

Noxon Schools has always had a strong commitment to technology but with State funding always a question mark the school needed a technology solution that would not only fit the current budget but that would be a long term solution despite a changing economic climate.

 

The goal of the project was to create an fully functional lab for about $200 a computer which had to factor in the cost of a server, software and a GB switch. A Windows based lab with XP was priced at $1748.30 per computer (includes server, software and switch) while the actual Linux solution cost only $216.30 per workstation. The cost savings was substantial and allowed the district to view the project as a long term solution based on price. In addition, because the solution was such a cost savings, the school went ahead and purchased flat screen monitors for each workstation which brought the workstation price to $545.

 

Several factors reduced the cost of the project. First, the school had access to 100 computers that were discarded because they would not run Windows any longer from the State of Montana. As a result the school decided to explore the idea of using thin clients for the solution. In fact, thin clients worked very well and were actually faster than the Windows alternative. The hard drives and CDROMS were removed and standard network cards were placed in each one.

 

A Linux Terminal Server was built and installed with the Win4Lin Terminal Server. One of the greatest aspects of Thin Clients is that configuration only has to be done on the server, thus saving a great deal of maintenance and upgrades. With the Win4Lin Terminal Server a master profile was created which then rolls out to each user as they log in making all the accounts the same so that the administrator only has to update the master profile and the rest receive those updates. In addition the master profile can be backed up for a restore if there are problems. Students are able to save files in Windows or Linux and use a common folder that can be accessed by both on the Win4Lin Terminal Server. This feature is extremely handy as students can actually have separate Linux and Windows desktops running concurrently and saving to the same directory.

 

As an illustration of how effective the Win4Lin Terminal Server is, both organizations which the school uses for Web Based Learning recommended XP with Office installed. The school was able to get the same results from a Linux setup for a fraction of the cost.

Benefits

Win4Lin Terminal Server provided an option to use Linux in a situation where all the school needed was a browser which saved the school money, thus providing options for long term use because of the cost savings. The Win4Lin Terminal Server provided features like the profile management which saved considerable time setting up accounts.

 

Summary

Win4Lin Terminal Server provided a cost effective way to build a Web Based Learning Center and is now the basis of a project at the school to use Win4Lin to run CDROMs that will not longer run on XP but that the school purchased years ago, again giving the school district leverage in using limited resources.

CrossOver Office can also be loaded onto the server so that it can be accessed remotely. The advantage of CrossOver Office is that you do not need to run the whole Windows operating system you only run one application like Internet Explorer 6.0 for example. Try the CrossOver Demo to see ow it works at codeweavers.com.

 

Wine continues to develop and mature as well. This also can be installed on the server and accessed with a DSL desktop.