LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Enterprise Linux Forums > Linux - Enterprise
User Name
Password
Linux - Enterprise This forum is for all items relating to using Linux in the Enterprise.

Notices

Reply
 
Search this Thread
Old 08-26-2004, 07:20 PM   #1
Jeffmrg
Member
 
Registered: Apr 2004
Distribution: kubuntu
Posts: 50

Rep: Reputation: 15
Best Open Source DIstribution for Regulated Businesses


I thought I'd start this thread here.

We are planning to deploy an open source based network in our business. It is a business that is regulated by the FDA and so we have to adhere to 21 CFR Part 11.

There has been some internal debate regarding the best managed distribution to use for servers and workstations. At first blush, RHEL v3 would appear to be under the greatest degree of control (i.e., infrequent updates, long release cycles, well documented change management). When I mentioned this to one of my associates he said that, hands down, Debian fits this description better. Well, if that is indeed the case, I say to myself, why bother with the cost and licensing fees imposed by RH and just go with Debian.

Has anyone had experience in implementing open source software in such a regulated environment? By this I mean has an implementation that has proceeded along life cycle models (validation that is achieved through a systematic IQ/OQ/PQ, requirements and design specifications, traceability matrix, etc).
 
Old 08-26-2004, 08:56 PM   #2
Thoreau
Senior Member
 
Registered: May 2003
Location: /var/log/cabin
Distribution: All
Posts: 1,167

Rep: Reputation: 45
Your OS is limited by your hardware(driver) and application(supported) requirements. If you have no drivers for your hardware that are RHEL exclusive and no applications(database?) that is RHEL exclusive, then you can use a stable branch of any distro you wish.

If you want to has near infinite support on a free version of RHEL, then give http://whiteboxlinux.net/news.php or http://www.centos.org/ a looking at.

If you just want stable without needing anything redhat specific then Debian or Gentoo a try. Gento does compile time hardware optimizations on install, and debian has great stability and a large user base.

If I were in your position, and had some expertise on site then I would probably do whiteboxlinux. If I wanted to spend some money for faster updates, then I would do Centos. If my hardware and software was OS agnostic, then I would probably do Debian if I was lazy- Gentoo if I had time/wasn't.

That's my opinion on the matter. And I don't know what that FDA thing is, but if that's referring to security- then a Security Enhanced Linux module would more than cover that. It's part of the kernel now as well. Anyhow, good luck.
 
Old 08-26-2004, 11:17 PM   #3
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
It depends on what the regulations dictate. If you need some assured level of security, than you need a distro that is Common Criteria certified. I believe so far only SuSE and Debian (?) have Common Criteria.

If you need assured audit trails, then look for a distribution that has manditory audit logs (I'm not sure that any Open Source OS has this?).

If you need some type of separation of privileges, then you need a distro with Security Enhanced Linux applied. If you need Manditory Access Controls, again I believe SEL has this.
 
Old 08-27-2004, 07:48 AM   #4
Jeffmrg
Member
 
Registered: Apr 2004
Distribution: kubuntu
Posts: 50

Original Poster
Rep: Reputation: 15
Thanks for the responses.

The FDA issue is somewhat complex but I can summarize the elements here:

1. Distribution has a well defined composition and is not subject to continual change. In the FDA world (read: pharmaceutical R&D for now) all change must be mapped. For example, to install a new version of Perl would require the approval through procedural channels (called Change Control). These procedural channels would make an assessment as to the degree of risk associated with the change. You can imagine that if life/death decisions (e.g., calculating an experimental dose of a new drug) are being made on the basis of a computational result that one would want to be sure that a change did not adversely influence the integrity of those results.

2. Distribution is secure in the sense that only approved changes can be made and that normal users are limited in their ability to make unapproved changes to their systems (I presume that normal Linux permission models would address this concern). Network security is another matter and is assumed to be in a state of control.

3. Related to number 1, the distro is widely used and accepted by the professional community and has a well managed central point of package control. For example, one could purchase RHEL v3 and use the RH service to manage changes across systems. SuSE has a similar service. Does Debian have anything similar? I'm talking about more than package installations here. It's more to do with one point of distribution for those pre-approved packages.

There are many other elements that I have not mentioned here.

I am not trying to make a case for RHELv3 or SuSE. It would be preferred to go with a distro that does not have the high licensing fees.

Last edited by Jeffmrg; 08-27-2004 at 12:51 PM.
 
Old 08-27-2004, 09:55 AM   #5
bughead1
Member
 
Registered: Jul 2002
Posts: 78

Rep: Reputation: 15
It would seem to me Debian "Stable" meets your criteria at zero-cost for licensing. Apt-get is properly restricted to root and sources-list can be edited to point to an archive under your control, where you can extensively test every upgrade (mostly security upgrades in "stable" anyway) before making it available to admins.
 
Old 08-27-2004, 11:10 AM   #6
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
I would focus on Red Hat and SuSE. Debian, while stable, does not have a sufficiently restricted contribution mechanism as demonstrated by their breach of security last year. Also, both SuSE and Red Hat meet the requirement for being widely used in the industry as they are by far the two most installed distributions in Fortune 1000 environments.

Another thing to consider is whether you're going to need to run 3rd party software on this platform, such as SAP, Oracle, etc... Working in a software company myself I can tell you that ISVs are only really looking at Red Hat and SuSE as supported platforms. Since there's no such thing as "Linux support" because of the wide variations in how the distributions are architected, ISVs cannot afford to support 10 different Linux distributions and instead focus on the most commonly deployed (otherwise it's the same problem as supporting "UNIX", where you have to do ports to AIX, Irix, HP-UX, Solaris, etc).

Last edited by chort; 08-27-2004 at 11:16 AM.
 
Old 08-27-2004, 12:23 PM   #7
bughead1
Member
 
Registered: Jul 2002
Posts: 78

Rep: Reputation: 15
All in all, I agree with Chort's recommendation to focus on RedHat or SuSE in this instance.

However, if Jeffmrg's stated desire to avoid license cost is accorded signficant weight in the decision making process, then I would recommend Debian Stable over all other freely available distributions (including my personal favorite, Slackware), provided Jeffmrg's firm is prepared to provide an in-house archive for "apt-get" (and is prepared to test every update prior to general deployment), and; provided any third party apps can be supported.

Otherwise, the best course is to cough up the dough for RedHat or SuSE.
 
Old 08-27-2004, 12:54 PM   #8
Jeffmrg
Member
 
Registered: Apr 2004
Distribution: kubuntu
Posts: 50

Original Poster
Rep: Reputation: 15
Thanks, everyone, for offering your insight. It has come down to RH/SuSE or stable Debian. Given the time (time=-cost) it would take to manage packages even with Debian, the RH/SuSE options appear to offer the best solution.

J
 
Old 10-16-2004, 05:39 PM   #9
Adler
Member
 
Registered: Oct 2004
Location: Wildwood, NJ
Distribution: Linux Mint
Posts: 181

Rep: Reputation: 17
Jeffmrg,

I'm familiar w/ the multiple requiremnets of FDA registrations and the CFR regulations.

Have you found a solution to your requirements? My business partner is in EuroLand and we want to do FDA, ISO and CE Mark.

Adler
 
Old 10-25-2004, 11:42 AM   #10
AnanthaP
Member
 
Registered: Jul 2004
Location: Chennai, India
Distribution: UBUNTU 5.10 since Jul-18,2006 on Intel 820 DC
Posts: 637

Rep: Reputation: 140Reputation: 140
Hi everybody. Here's another take on this regulated thing.

An important feature of Linux is that you DONT HAVE TO keep updating. This compliance with change management thing is purely to guard against uncontrolled changes forcing a business critical (in your case could be life critical) stoppage in a critical area.

Si inherently you are safer than say a W98 user whose OS is going to be phased out by the vendor.

End
 
Old 10-25-2004, 11:56 AM   #11
Adler
Member
 
Registered: Oct 2004
Location: Wildwood, NJ
Distribution: Linux Mint
Posts: 181

Rep: Reputation: 17
AnanthaP,

Thanks for your reply. Do you have any open - source examples of app packages out there? I went through the ISO process and our consultant was just shoving forms over to us and then was inputting our information into his set-up, printing them and passing it back to us for signature. The whole episode has me know looking at the back-end of things if you know what I mean.
 
Old 10-25-2004, 12:18 PM   #12
predator.hawk
Member
 
Registered: Aug 2004
Location: USA
Distribution: FreeBSD-5.4-STABLE
Posts: 252

Rep: Reputation: 30
Sounds to me like Slackware Stable would be perfect for your needs, aside from a bit of a learning curve, Slackware is everything you mentioned there. Before Any Changes take place, Patrick Volkerding Verifies its worth an upgrade (bugfix/security only in slackware stable), Compiles it, Packages it, Tests it and Distributes it.

If i'm off on this someone please correct me .
 
Old 10-25-2004, 01:41 PM   #13
Adler
Member
 
Registered: Oct 2004
Location: Wildwood, NJ
Distribution: Linux Mint
Posts: 181

Rep: Reputation: 17
predator.hawk,

I've been warned away from the complexities of the SlackWare installation. I went up the learning curve over the past year with several distros - Knoppix, Mandrake, etc and settled on SuSE Pro. I've had to grab a few other things out there to be totally MS free, but now am settled very comfortable in the Linux Universe.

You have a URL for your reference? BTW, thanks for the reply.
 
Old 11-01-2004, 02:51 PM   #14
halo14
Senior Member
 
Registered: Apr 2004
Location: Surprise, AZ
Distribution: Debian | CentOS | Arch
Posts: 1,103

Rep: Reputation: 45
I would also recommend RHEL 3... Aside from the High end servers, if a majority of these are going to be run as workstations... you can purchase RHEL WS 3 under the false title of Red Hat Professional Workstation at retail stores such as Best Buy and CompUSA... The discs inside are labeled ad RHEL WS 3.. and the cost is $70/box

This initial cost provides you with a full year of updates/bug fixes.. and after that it's just an additional $69 /year to renew..
This seems like it may be a viable option for your business...

I dont think many people realize that RHPW is the exact same thing as RHEL WS 3...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
is the source code available with any Linux distribution? nazib Linux - General 1 02-24-2005 02:25 AM
Which cert means the most to businesses? techgeek2000 Linux - Certification 12 09-28-2004 10:05 AM
How do I remove the Source distribution and binary version installation in RedHat 9 pasindu Linux - General 4 08-19-2004 06:22 PM
Businesses that Give Free stuff on your birthday looksmart123 General 2 07-28-2004 07:27 PM
Native Open Source Groupware built-in to distribution networkr Linux - Software 2 07-22-2004 03:27 PM


All times are GMT -5. The time now is 08:52 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration