If there's one thing IT managers of small businesses or branch offices need, it's solid, uncomplicated technology. Net Integration Technologies thinks it has the answer. The company's Nitix server is essentially a custom Linux distribution focused on the small office. Driven entirely from a Web interface, the solution boasts an impressive array of features, using the most common Linux services such as Samba and Apache.
The package is slick, the interface is simple and intuitive, and for a small network, the overall solution is very attractive. The caveat is scalability.
For SMB (Server Message Block) file sharing, Samba 2.2.8 is implemented to perform Windows NT 4 domain services, allowing the Nitix server to function as a domain controller or domain member server. Here, Nitix permits the configuration of log-in scripts to map shares and printers, and it includes a quick configuration parameter to map a single home directory as the user logs in.
User management is straightforward, supporting simple group creation and population. Using groups, delegated administration is possible for the Web and e-mail servers.
Yes, a Nitix server can also function as an e-mail server, with qmail providing POP, IMAP, and SMTP services to users on the local network. Secure POP and IMAP is supported, but not authenticated or secured SMTP. In addition to client/server e-mail implementations, Nitix incorporates the Horde/IMP Web e-mail application, allowing users to connect to their e-mail from any Web browser.
Nitix also includes Net Integration's ExchangeIt, allowing Outlook clients to connect to the Nitix server via an ExchangeIt plug-in. This plug-in enables groupware functionality such as calendar, contact, and task list sharing, as well as public folders and synchronization. Nitix accomplishes this via a combination of IMAP and LDAP services. In the lab, installing ExchangeIt was easy, configuring Outlook was straightforward, and using the collaboration functions went smoothly. For a smaller shop, this is certainly a viable alternative to Microsoft Exchange.
Other network-centric services such as DNS and DHCP are provided, and simple configuration tasks are, well, simple. DHCP configuration is handled by the Nitix server automatically, relying on its know-ledge of the network to construct the scope. If the Nitix server detects a DHCP server already present on the network during the initial boot, it will disable the DHCP services, but they can be turned on at any time.
If Nitix has an Achilles' heel, it's printing. Local printers are supported but network printers are not. For a small office, this means that network printers will require TCP/IP port configurations on the workstations, and centralized printer spooling isn't available to manage print jobs and speed them along.
Complex DNS and DHCP tasks are not as simple through the GUI, and they may not be possible via the CLI, either. Anything beyond a simple access control, printer, or mail exchange record addition will cause headaches. However, a split DNS configuration is possible, which is helpful if the Nitix server is used not only for internal network services but also as a firewall.
The Nitix firewall implementation is alternately simple and confusing. There is no specific firewall configuration link, as setup is handled via the local network configuration and port forwarding is handled via the Fast Forward link. Again, rudimentary firewall rules are no problem, but deeper configurations aren't really possible. On the VPN front, Nitix shines. Integrated IPSec permits standard IPSec tunnels to remote sites, provided that the remote site is running a compatible firewall. Nitix's IPSec implementation is FreeS/WAN (Free Secure Wide Area Network), which is fiercely standards-compliant and has occasional issues with commercial IPSec packages.
The simplest configuration is a Nitix-to-Nitix VPN. The configuration of the native Nitix Tunnel Vision VPN requires only the IP address of a remote Nitix server and a password. The rest is handled automatically, including routing changes to permit remote users to directly access the Nitix server that is handling the VPN tunnel. In addition, should there be more than two Nitix servers, Tunnel Vision will automatically configure a meshed VPN between all endpoints automatically. The downside is that access-list restrictions are not appli-cable to traffic crossing the VPN.
For remote users, PPTP (Point-to-Point Tunneling Protocol) VPNs are available using local credentials for authentication. Though not the best VPN transport, PPTP will allow users to securely connect to the network from home.
Web and FTP services are also available, with all authentication tied to the user definitions created via the GUI. The Web server is a heavily patched Apache 1.3.9 with PHP 3; PHP 4 is available in Nitix 3.8.0.
Hardware requirements for a Nitix server are not heavy but should be based on the expected user load. Nitix 3.75 runs completely from CD, relying on a local hard disk to store user and configuration data.
Running from read-only storage means that some problems can be remedied by simply rebooting the server. In addition, Nitix is constantly running system checks, restoring known-good configurations when a problem with a service is detected.
When run on a system with multiple disks, Nitix can create a software RAID array to enhance data integrity or use the second disk as an IDB (Intelligent Disk Backup), which is essentially a smart incremental backup between the two drives. No facility exists to back up data to tape, unfortunately.
The promise of Nitix is autonomy. It provides the majority of the services that a small office needs and it makes them easy to manage. The downside is limited scalability. As soon as you need to implement group policies or separate server functions, it will be time to move on to another solution. In the meantime, Nitix is a compelling and affordable way to deliver file sharing, collaboration, and network services to a limited number of users.