ALD Pro. Why we decided to make our solution for centralized domain management on Astra Linux OS
This article will focus on ALD Pro.
Today, the open source FreeIPA software product is mainly used to administer a domain on Linux. The solution is quite popular and multifunctional. But to use it, you need a fairly good understanding of how Linux systems work. English terms are also required, as the FreeIPA translation is not always accurate and does not match the terminology that Windows administrators are used to. As a result, we get a situation where, in the wake of widespread import substitution, administrators who are accustomed to working with MS Active Directory need additional time to immerse themselves and study the specifics of Linux. For organizations, this entails additional resources for employee training, and sometimes temporary delays in the transition to domestic software. This is especially noticeable when implementing in regions where it is not always possible to meet sufficiently qualified specialists.
Even with the appropriate qualifications and work experience, administering Linux is sometimes not easy: so far there have been no affordable solutions for working with group policies, remote software installation and other things that admins deal with daily. You have to use several solutions, not just FreeIPA, and often there is a need for scripting or even programming.
We took advantage of the experience of our implementation and support department in terms of deploying and configuring domain management systems for customers and collected functional requirements for a system that would simplify both Linux administration and the transition to a similar solution from imported software. After that, we conducted an analysis of the market for current software products and, as a result, came to the conclusion that there are practically no systems with the required functionality.
We decomposed the entire scope of requirements, painted user scenarios and started developing the system. This time we started not with writing code, but with designing the interface, focusing on the functionality that customers need. Each layout, each screen form and scenarios as a whole were coordinated with specialists from the implementation department, who understand the specifics of Astra Linux OS administration and have sufficient experience working with administrators.
At the first stage, a clickable prototype of the system was developed and tested on a focus group. In parallel, we designed the architecture and selected the optimal components to build a complete solution for domain administration. I will tell you more about the criteria and methodology for selecting components in the next article.
So what is ALD Pro?
ALD Pro is a web application with browser access. A prerequisite for starting work with the system is the availability of appropriate rights for the domain administrator account. Authorization occurs via the Kerberos protocol, and the employee does not need to enter credentials.
When the system starts, the administrator sees the desktop screen, where all the basic functionality for administering a fleet of computers is divided into modules.
ALD Pro allows you to configure and manage:
domain settings;
hierarchy of the organizational structure;
domain objects: computers, users and groups;
group policies of organizations and departments (similar to MS Active Directory);
password policies and site access;
site roles and services;
network services such as name resolution, time synchronization, DNS, print services, and file access.
In addition to managing the domain itself, the system implements a number of other important functions:
OS installation over the network;
installation and updating of software on connected computers;
remote access to user desktops;
monitoring the state of the domain and servers;
event logging and viewing system logs;
data migration from MS Active Directory.
The system interface is focused on the most convenient and simple use:
Information about working with ALD Pro is available directly from the interface – there is no need to read separate documentation.
Clicking the button opens the “Help Center” with complete information about working with ALD Pro in accordance with the structure of the system.
Sections are grouped logically, and navigation through them is moved to the top, which made it possible to increase the useful working area.
The lists contain the most important operational information, as well as end-to-end search and data filtering.
Frequently used functions, such as menus or group operation controls, are hidden by default and are displayed depending on the context (actions performed).
The result of performing operations is displayed in the form of notifications.
For data entry fields, text explanations in Russian have been added, and validation rules have been set up to eliminate errors when entering information.
Looking ahead, I’ll say that “under the hood” the same FreeIPA is used to manage the directory service, but with some changes in terms of working with it:
added the ability to manage the hierarchy of departments as a separate entity, similar to organizational units in MS AD;
Optimized the speed of FreeIPA when working with a large number of entries;
only the necessary data fields that need to be filled in were brought into the ALD Pro interface, and this made it possible to significantly “unload” the user interface;
it is possible to add custom fields to user cards (at the level of domain objects).
Roadmap ALD Pro
In April 2021, the MVP of the system was released, which was demonstrated to more than 100 organizations throughout the year. Since January 2022, many customers have already received a release candidate, which they were able to test on their own.
Based on the feedback, we can conclude that the market needs a similar solution – many would like to use it.
Of course, many of the features that are in MS AD have yet to be implemented, but the basic administration scenarios will already be available in 1 release, which is scheduled for the first half of 2022.
Our team believes that Linux administration will become easier and more convenient. The idea and credo embedded in the product is: “A simple solution to complex problems.”
To be continued.
