Enterprise Ready GNOME

Many aspects need to come together to make a product that works in an Enterprise setting: be able to use accounts provisioned via Active Directory, talk to an Exchange server for mail, contacts and calendaring, discover printers on the network, work seamlessly with files shared via CIFS or NFS, support central administration and lock-down, etc, etc. GNOME has most of these features 'in theory', but too often, we don't keep them working in practice.

An 'Enterprise Ready' session at the Boston Summit would have the goal of taking stock of these features, evaluate what does or doesn't work, and discuss ways to improve our Enterprise readiness. It would be good to have a test setup of an AD server and some other infrastructure available for this, maybe in a VM.

• When: Exact time unknown (6th, 7th and/or 8th of October)

• Where: MIT Tang Center, Building E51, 3rd floor, GNOME Summit

Topics

• Smart card login workflow/design
  • Smart card as identity and authentication? Insert smart card to authenticate, no user selection necessary.
  • How do we support authenticating as another user separate from the smart card that is inserted.
  • What do we do on smart card removal. Lock? Logout? (currently there is a "smartcard" gnome-settings-daemon plugin that will perform either based on configuration.)
• Enterprise Considerations
  • Enterprise users often use GNOME in more sophisticated ways than your typical laptop/desktop system. GNOME should handle itself well.
  • Does GNOME work well with a $HOME directory configured across multiple systems, even if they are running different distros or different versions of GNOME? We have made great strides with $XDG_CONFIG_DIRS support - how does that work in practice ?
  • Does GNOME work well on machines with large file systems. GNOME should avoid trying to scan large file systems as a default behavior. This probably affects nautilus, tracker, the house-keeping plugin in g-s-d, at least.
• Configuration management
  • Is it possible to configure how GNOME works across an Enterprise.
    • APOC was an interesting solution that used an LDAP GConf backend, but APOC died.
  • Lockdown features. Is it possible to lockdown GNOME so it can function as a safe kiosk environment? Can the Enterprise control configuration like what programs are available to users in a per-group or per-user manner?
• Multi-screen support
  • Does GNOME work well with a tablet as a second screen?

  • Multi- often implies BIG - does the shell work ok with big screens ? The app menu is a concern. Also see 678169

• Multi-user environments
  • Logging in remotely is more common in the Enterprise. Does GNOME work well with remote desktops via protocols like VNC and XDMCP and VM environments (Virtual Box)

  • Do we need a 'reduced resources' mode for remote scenarios (like, turning off animations, etc) ? See 680195

  • Better graphical VT switching support
• Support and Transition Management

  • No Enterprises depended on GNOME 1, so there was no need for much of a GNOME 1->2 transition. Now that many Enterprises depend on GNOME2, the GNOME community will define how it manages transition more with the GNOME 2->3 transition.

  • For 3.0, we have had a half-way decent gconf->dconf transition mechanism, with the .convert files. These have largely fallen out of consideration in upstream GNOME since we are now 4 releases into the GNOME 3 era. For Enterprise deployments, the 2->3 transition is only now becoming relevant, so we should keep these conversion files alive.

  • The GNOME community focuses most on new development and leaves support up to downstream. GNOME would improve adoption if better support could be provided.
  • The GNOME community could provide better guidance to the Enterprise about how to manage and support GNOME.
  • The GNOME community could be more proactive about providing support for GNOME 2 security and other important fixes.
• Sharing folders via CIFS
  • Is sharing folders via SMB or CIFS a feature we want on the Desktop? It's a feature useful to many enterprise users. Are we happy with it as an add on tool, not integrated?
  • Does it make sense to have this as part of the GNOME sharing UIs, or is it orthogonal.
  • This involves, choosing a folder, and then allowing specific users to read and/or write to it.

... add more topics here ...

Participants

• WilliamJonMcCann

• AllanDay

• StefWalter

• CosimoCecchi

• MatthiasClasen

• RayStrode

• DavidZeuthen (only Saturday and Monday)

• StephenGallagher

Suggested schedule

Saturday:

• Configuration management
• Multi-user
• Transition    

Sunday:

• Enterprise considerations
• Multi-screen

Monday morning:

• Smartcard
• Authentication

Resources

• Stef will bring an AD setup, so we can test some login / authentication scenarios.
• Matthias will bring one or two extra monitors, so we can look at multi-monitor issues.
• Ray has a smartcard on his key chain.