[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] Tuning LTSP Performance



monteslu cox net wrote:
---- Stephen Crampton <SteveSings gmail com> wrote: 
  
I'm using the latest version of Edubuntu.

I'm not sure how to check the CPU or network load.  Could someone tell me
the most efficient way?
    

Edit the default section of lts.conf and add this:
LDM_DIRECTX = True

reboot your thin clients and you'll see dramatic improvement in performance.

I know it's less secure, but having it defaulted to false is unusable for most hardware.

Luis

You're right, it is somewhat less secure, no question.  However, the INFOSEC engineer in me classes this under "acceptable risk".  Here's why.

1.)  What matters most, in most K-12 thin client environments, is that the credentials are encrypted.  Remember that most data on MS Windows-based networks (e. g. file copies, MS Exchange email, etc.) is not encrypted, but the login credentials most certainly are.

2.)  If you're running LTSP of any sort, it's assumed that you're running, at a minimum, a switched 10/100 environment (if not, then you really should be!).  Unless A.) it's a managed switch capable of port mirroring, and B.) you control said switch, you can sniff *your* traffic, but not other peoples.  To keep the Les Mikesells of the world happy, I'll point out that yes, you could sniff the server if it's physically accessible.  But in God's name, I hope you have it secured physically so's to (largely) prevent that!

3.)  The data that most K12-based LTSP deployments have to worry about isn't mission-critical.  Only if you're dealing with the Student Information System (SIS) or something similar does that change.  In this latter case, you might want to reconsider the setting of LDM_DIRECTX, depending on your environment.

4.)  Even if you're running LTSP to hit your SIS, though, remember that this is a switched, wired network.  Wardrivers by definition aren't going to be an issue.  Most shops, including mine, who run SASIxp, do so on a vanilla 10/100 Cat 5 network.  That's not how we get cracked.  We get cracked because teachers and administrators routinely walk away from terminals without locking them.  Or worse, they're insane enough to--yes--let a "trusted" student do grade entries!  DUH!

For these reasons, I don't see a real-world problem with that setting.

--TP

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]