If you’re like many MSPs, you’re most familiar with the Microsoft Windows ecosystem. You know the ins -and -outs of Windows workstations and servers. You’re an expert in PowerShell, Active Directory and other critical Windows tools. If all of your clients have Windows-only infrastructures, that’s great. But what if you need to support customers whose environments consist of a mix of Windows, Linux, macOS and possibly other platforms?
In that case, you will likely find yourself needing to expand not just your expertise, but also your toolset. In many cases, the tools you would use to support a Windows environment differ from those that work best in Linux or macOS environments. As an MSP, then, your challenge is to build a toolset that empowers you to support all of these platforms at once.
Keep reading for a breakdown of tools that will help you do that. Below, we explain which Windows-centric tools can be extended to support Linux and macOS as well, and which tools will need to be replaced with other options that are not so closely tied to Windows.
You might also want to check our article 8 Multi-OS Environment Security Best Practices.
Writing scripts is a common task for MSPs. If you support a mixed environment, having one scripting platform that will work on all of your operating systems is a benefit. There are a few approaches to achieving this:
- PowerShell: If you’re a PowerShell power user, there’s good news: Since 2016, PowerShell has been open source. It now works on Linux and macOS, as well as Windows. It’s not typically installed by default on Linux or macOS, so you will need to set it up. But learning how to do this (which is beyond the scope of this article) is perhaps the best approach if you come from a Windows background and want a scripting solution that works on every major operating system.
In this document you'll find a PowerShell script that checks the status of the services listed below and sends an email alert if any of them is turned off:
- Windows Firewall
- Windows Defender
- Windows Update Service
- Any installed third-party antivirus
- Bash: Bash is the most common scripting framework on Linux and macOS. But Bash can run on Windows, too. It won’t be installed by default, but it’s easy to add to Windows. Once installed, any Bash scripts written for Linux or macOS can be run on Windows, too (provided, of course, that the Windows environment has any dependencies that the scripts need in order to run).
- Python, Perl, etc.: A third approach is to write scripts in a more advanced cross-platform programming language, like Python or Perl. These languages, which are designed to create entire applications, rather than just scripts, might be overkill for some tasks. But they are truly cross-platform, and learning them may help you solve other tasks beyond just scripting.
In a Windows-only environment, you would almost always rely on Active Directory to manage users and accounts. Fortunately, Active Directory can be used with both Linux and macOS systems as well.
MacOS has a native Active Directory connector, so it’s easy to integrate into a Windows domain.
Using Linux with Active Directory is a bit trickier, but not impossible. Realm is the core open source tool used to join Linux systems to an Active Directory domain, although additional tools are typically necessary. The exact approach required to join a Linux system to a domain will depend on the Linux distribution, so make sure to find instructions for the specific distribution you are working with.
You could also use third-party tools in place of Active Directory. For example, JumpCloud is a commercial service that provides most of the same functionality as Active Directory and provides full Windows, Linux and macOS support. FreeIPA is an open source platform that does approximately the same thing, and that can be used in place of, or alongside, Active Directory.
In general, however, Active Directory remains by far the most widely used directory service. Unless you have a specific reason not to use Active Directory (for example, if you don’t have any Windows servers), Active Directory is typically the best choice for managing mixed environments.
There are several remote access protocols that will work with Windows, Linux and macOS:
- RDP: RDP is the native remote access protocol on Windows, and therefore the one that many MSPs are likely to know best. An official Microsoft RDP client for macOS is also available, so using RDP to work with Macs is simple. On Linux, however, there are no official RDP clients; there are only third-party clients, like Remmina. Thus, while you can use RDP with Linux systems, the experience can be a little choppy, and you can’t go to Microsoft for support if you run into a problem. There is also a risk that Microsoft could change the RDP protocol in a way that makes it incompatible with third-party tools. RDP is arguably not the best remote access solution for mixed environments.
- VNC: The VNC protocol is another way to connect to systems remotely and forward a full graphical interface over the network. VNC is not a Microsoft protocol, and VNC clients and servers are available that work on all the major operating systems. Thus, VNC may be a better remote access solution for MSPs who want a “pure play” tool that does not closely depend on Microsoft.
- SSH: SSH is the most common remote access tool for Linux and Unix systems. It’s fast and secure, and it can be used on all the major operating systems, but by default it only allows text-based logins. You can connect to a full desktop environment over SSH, but doing so is complicated, as it requires complex port forwarding and display configurations. So, although SSH is excellent for working just with Linux, it’s not the ideal remote access tool for administering mixed environments.
- RDP port protection
- Firewall logging
- Protecting against social engineering and phishing
- Authentication rules
File and Disk Management
If you find yourself needing to troubleshoot file system problems or disk failures for your clients, having tools that will help you do that on any operating system is handy. There are two main types of tools in this regard:
- Partition managers, which let you create, copy or move partitions on disks. They are helpful if you need to install operating systems, manually back up operating system images or repair partition tables that were damaged by disk failures, among other tasks. Gparted is the most common open source partition manager, and it works with Windows-based partitions, as well as Linux ones. Ghost from Symantec is a commercial alternative.
- File system repair: Sometimes, file systems are damaged due to issues like disk hardware problems or unclean data writes. In this case, your go-to tool for finding and fixing the issues on Linux systems is fsck. Fsck can automatically repair a wide range of problems with ext3, ext4 and other common file systems on Linux. It has a limited ability to work with Windows file systems (like FAT32, NTFS and ReFS), too, although for serious Windows file system problems you will typically need to use Microsoft’s native tool, chkdsk. Likewise, fsck has limited support for macOS’s HPFS and APFS file systems, but the native macOS Disk Utility tool is best for working with these systems.
Most modern commercial monitoring tools support all of the major operating systems. You can therefore can probably use whichever monitoring tool you already know and love (such as Splunk or SolarWinds) to help manage mixed environments, as well as those that consist only of Windows machines.
There are several categories of security tools that you would typically use if you provide managed security services, including:
- SIEM: Security Incident and Event Management, or SIEM, systems collect data from a variety of sources and analyze it to detect security breaches or vulnerabilities. Most modern SIEM platforms work equally well with all major operating systems, so you can use almost any SIEM in a mixed Windows/Linux/macOS environment.
- Antivirus: Most types of malware discovered by antivirus tools can only infect Windows systems (because most malware is written for Windows, given its large market share). For that reason, you typically only need to worry about installing antivirus tools on Windows systems. However, if you have Linux email or file servers, it can be wise to install antivirus tools on them as well, in order to detect any malware that might reside on those servers and stop it from being served to Windows machines. Sophos and Commodo are two examples of antivirus platforms that support Linux.
Further reading MSP Antivirus: Top 5 Solutions
- Firewall: If you want to set up a local firewall on an individual workstation or server, you’ll need to use firewall software for the local operating system (like Windows Firewall, or ufw on Linux). However, you can simplify firewall configurations in a mixed environment by enforcing firewall rules at the network gateway instead of (or in addition to) on individual devices. By filtering traffic at the network perimeter, you can help reduce overall threats, and also avoid the need to work with multiple OS-specific firewall tools.
Further reading Email Firewalls for MSPs
- Port scanning: The bad guys will be scanning your clients’ networks, looking for open ports that could be abused. You should do the same thing in order to identify risks. Nmap, an open source port scanning tool, is an excellent tool for this purpose. Nmap is command-line only, but you can use Zenmap if you want a graphical interface. Both tools can be run from Windows, Linux or macOS, and they can scan workstations and servers running almost any type of operating system.
Supporting Linux and macOS systems alongside Windows ones requires some extra tooling. But learning the necessary tools can help you remain competitive as an MSP in a world where mixed infrastructures are very common. And in many cases, the same tools you are familiar with from Windows environments can be extended to work with Linux and macOS systems, too. In cases where they can’t, alternative cross-platform tools are readily available.