At our school, we’ve been running Fedora on most of the desktops since Fedora 8, but the one department that’s stuck with Windows is the accounting department, mainly because their software is Windows-only.  This has long been a problem because most of our infrastructure is built around Linux and we haven’t put nearly as much energy into making sure Windows systems are maintained properly.

Obviously, this led to problems that started out small, but grew until the systems were bordering on unusable.  When it reached the point that we were considering yet another reinstall of Windows, I suggested switching the accountants over to Fedora and having them use a virtual machine for the software that required the other OS.

It took a few days to get something that worked, and another week (including one very late night) to tie down the little glitches and get the virtual machine beyond just-usable to easy-to-use.

I started with VirtualBox, but there were a number of issues with stability, so I decided to take another look at QEMU.  I thought about using libvirt, but one of my requirements was that everything needed to run under the user’s permissions, so it turned out to be easier to run qemu-kvm directly.  I used SPICE and installed the guest agent, which gave us a far better experience with QEMU than the last time I used it for a desktop OS (which, granted, was over five years ago).

Most of my time was spent fixing problems inherent to Windows 7 itself, rather than the virtualization process.  It turns out that there are bugs in how it handles network printers, causing delays every time you want to print.  Oddly enough, the fix was pretty simple, but it took a while to figure it out.  There was also the bug where network drives aren’t mapped properly if the system boots so quickly that the network isn’t up in time, which was only fixable by using a batch file for mapping the network drives.

One change I made was to insist that we use throw-away snapshots for day-to-day work (the data is stored on a network drive) and only keep changes when we’re updating the accounting software.  This should help protect us from viruses and malware that can’t be easily removed.

The best part of all this is that the new accounting VM and the scripts necessary to start it are sitting in a network folder only accessible by the accountants.  This means that they can now do their work from any computer in the school, if necessary, while still protecting them.

And I’m no longer stuck keeping unmanaged Windows systems running.  What a way to close out the year!

Colorful Fireworks by 久留米市民(Kurume-Shimin) used under a CC BY-SA 3.0 unported license

We’ve been experimenting with VOIP in our school, primarily for internal communication.  I’ve set up both asterisk and freeswitch servers, and have been quite frustrated with the limitations of both.

Asterisk only allows one registration to be connected to each extension.  Yes, there are ways to work around this restriction (for extension 101, set up multiple extensions – 980101, 981101, 982101, and then set up a ring group 101 that rings those extensions simultaneously), but it’s an incredibly irritating workaround.

Freeswitch does allow multiple registrations on a single extension, but it has other problems.  Some of our softphones are running over WiFi and we need SRTP for these systems.  Other hardware phones don’t support SRTP, which, while not ideal, is less of an issue because they’re connected via a physical link that we have complete control over.  Unfortunately, even with Freeswitch in bridging mode, it refuses to use SRTP on the softphone link, while using no encryption on the hardware phone link.  It’s either all or nothing.  Which means, during our testing phase, we’re stuck at nothing.  Lovely.

So should I bail on Freeswitch and switch over to Asterisk?  Stick with Freeswitch and hope that I can work out some way of fixing the SRTP problem?  Or should I just give our staff tin cans attached to Cat-6 cable and tell them that’s the new VOIP system?