I have no idea if they do or not, but it's a plausible explanation...

There was LDAP and Kerberos support for *nix management, but nothing you’d deploy over a thousand end devices.

And you’re right, it wasn’t a question that got asked, because there wasn’t ever a second choice - AD was the only option.

Honestly, an agent shouldn’t really care how it’s getting an answer, only that it’s getting an answer to the question it needs answered. If that’s a skill, API call, or MCP tool call, it shouldn’t really matter all that much to the agent. The rest is just how it’s configured for the users.

But when you’re talking about enterprise management of thousands of devices, you need some kind of consistent security policy management. That requires running OS software that accepts remote policy management, which is a very specialized configuration and not just “vanilla Linux”.

You can get really far with LDAP, but I’ve only used it for remote accounts, file shares, and sudoer config. I’m sure there are more policy configurations that would be possible with a more advanced tool.

I suspect the RHEL world has something to offer here, but I’d love to see a more general and commonly supported solution developed. It would make Linux more of an option for enterprise managed endpoints.

But, I agree with you - for an enterprise customer, this really needs to be some kind of paid/supported product. I wouldn’t want the French government to rely on some scripts that worked on my small cluster.

That was also the answer two decades ago. But if AD and GPO are now dead, what killed them and what are the options? Is the problem mobile and BYOD?

I’ve been primarily on Macs since that time where endpoint management isn’t much, so there are fewer knobs to fiddle with. In some ways it’s nice in that admins can’t screw around too much with my system. In other ways, I’m sure Macs feel limiting for those in charge of enterprise security. However, most endpoint management feels like it’s written for Windows with Macs as an afterthought for checklist security. Knowing that, I’m happy there are fewer places for dodgy software to be able to interface with the OS.

(Edit: added quote to top)

Wow, we're dating ourselves on this, but I remember when it was a big deal that SF.net added SVN support. They apparently didn't turn off CVS until 2017!

Then again, this was something like 20 years ago. Back then, Sourceforge was something closer to GitHub today. It was the de facto public source repository. You could even get an on-premise version, IIRC.

Actually, this is sounding a lot like GitHub these days… not sure what that means.

But I like the idea of an LLM generated/maintained wiki. That might be a useful addition to allow for more interactive exploration of a document database.

Technically, I can see challenges in power and cooling, but those can be overcome. The real question is- Are there enough customers in the region to support local data centers? I think that’s clearly yes.

But I could be wrong… I’m going from a historical perspective. I haven’t checked PPC benchmarks in quite a while.

To some agents are tools. To others they are employees.

I think I can also setup partitions for this, but while you’re here… I’m very excited to start to roll this out.

It is unlikely for there to be issues with ZFS and Linux. It's too common now, but it's not included in the main Linux tree, so it's not explicitly tested.

So, it's a low risk, but not zero risk.

More to the point here, when working with FreeBSD, ZFS is a first-class citizen (moreso even), so working with it *should* be more integrated with a FreeBSD solution than Proxmox, but how much more (and is that meaningful) is probably a qualitative feel than quantitative fact.

However, the point about firecracker VMs in place of containers I think is really a good use-case. Firecracker can provide a better isolation environment, so it would be great to be able to run Firecracker VMs for workloads, which would require that the host (and the VM host above) support nested virtualization.

Which is why, even if it is a duplicate conversation, the mods generally allow things to play out organically. There's either going to be more discussion above, or people have already said their peace and we move on.

Ignoring the confidentiality arguments posed here, I can’t help to think about snapshotting filesystems in this context. Wouldn’t something like ZFS be an obvious solution to an agent deleting or wildly changing files? That wouldn’t protect against all issue the authors are trying to address, but it seems like an easy safeguard against some of the problems people face with agents.