Logo

Larger Linux Distributions 

Tuning | crunchbang | xfce | lxde | ubuntu |

Selecting, Installing and Tuning Linux on Thin Clients

Overview

Linux desktop distributions incorporate kernel features and system services targeted at general purpose and mobile computing. Some are essential to every platform, while others are specific to mobile or advanced hardware. Unused and marginally useful services impose an unnecessary load on computers with limited resources like thin clients. Fortunately, these features and services can be disabled or removed to free up memory and CPU time, or be replaced with less resource intensive ones.

This article discusses selecting a Linux distribution, defining installation options, and tuning the kernel features and system services to optimise performance on thin clients and other resource constrained hardware. The services mentioned may or may not be present in your distribution or installation. The possibility of "what to change" will be identified, not "how to change it". You must familiarise yourself with the methods your distribution uses to disable services, remove and install packages, and supply kernel boot parameters to apply these recommendations.

Selecting a Distribution

The obvious starting point in selecting a distribution is determining the compatibility of a specific thin client with the minimum hardware requirements. In many cases, a distro can be installed on a processor with a lower clock rate and tuned for acceptable performance. Drive space requirements are often overstated. In some cases, extra space is only required during installation and can be avoided by using alternate installation media or techniques.

In general, distributions running GNOME and KDE desktops are too resource intensive for thin clients. They are not recommended. The lightweight LXDE and XFCE desktops are better suited to the limited resources of thin clients and older hardware. Simple window managers without a desktop metaphor like Openbox, Fluxbox, or IceWM offer even better performance.

Not all distributions using LXDE and XFCE should be considered "lightweight". While these desktops are less resource intensive, the rest of the operating system may be poorly tuned for low-spec hardware. Fedora distributions are a case in point. The Fedora kernel is "souped up" for security enforcement (SELinux) and auditing (kauditd). Services include multiple daemons to support SELinux (sedispatch and others), auditing (auditd and others), and report application errors back to Fedora (abrtd and others). SELinux is implemented for server functions like Apache and mysql but not desktop user functions - it is unnecessary. Auditing (who did what and when) is sensible in multiuser environments, but the overhead is not justified on systems with one or two users. And while services informing developers about program failures ultimately benefit all users, errors restricted to old and "end-of-life" hardware are rarely addressed. Fedora is an extreme case with a large set of unnecessary services, but other distributions share some of the same limitations including Xubuntu (Ubuntu XFCE), Linux Mint LXDE and Linux Mint XFCE.

At the other end of the spectrum are distributions like Arch, Gentoo, and Slackware requiring a large degree of customisation and configuration by the end user. This process inherently facilitates getting what you need and avoiding unnecessary services. Debian installations are more minimalist, falling somewhere in between these extremes.

Some distributions are crafted as minimalist installations providing acceptable performance without tuning or fewer adjustments. These include: Archbang (Arch derivative), Crunchbang (Debian derivative), Lubuntu (Ubuntu derivative), MiniNo (Debian derivative), and Vector Linux Light (Slackware derivative).

Installation Considerations

Some features are established at installation, such as disk encryption and logical volume management (LVM). They may be difficult or impossible to remove once installed. Disk encryption affords security but overburdens processors typical to thin clients. Encryption should be avoided in thin client installations.

Logical volume management allows for flexibility. Drive space can be managed by adding and combining multiple drives into volumes, and volumes can be sized dynamically. But the capability is not free, LVM imposes an additional load on the system. A thin client will generally not utilize more than one drive for a variety of reasons: limited space in the case, power supply limits, minimizing power usage and heat, among others. While a multiple drive installation is possible, LVM should be avoided unless actually needed in your application.

Sometimes these installation features are selected by default. Careful attention should be paid to the automated installation choices. For example, Fedora installations use LVM by default and most likely you want to avoid it on your thin client.

Purging Daemons

System services provided by daemon processes (background programs) consume memory and CPU time. Most are quite efficient; when the service goes unused they use almost no CPU time and their memory gets swapped out to the disk. But this is not always the case; disabling or removing unused services is the only way to ensure optimal performance. Removing unused services has an added advantage for flash device uses - it increases the available drive space. Services will be identified for removal in this article. If drive space is not a concern, disabling the same service accrues the same performance benefit.

Services mentioned here were identified by analysing the process lists of current Fedora, Ubuntu, and Debian LXDE/XFCE installations (December 2012). GNOME and KDE installations were not analysed as they are not recommended - consult other sources for tuning services specific to these environments. Distributions from Arch, Gentoo, and Slackware were not analysed as they require a degree of knowledge and customisation that can avoid unnecessary services from the start.

Only the names of service daemons are supplied, which may or may not correspond to the names of the services and/or packages in your distribution. Your releases or distribution may implement similar features using different services. You may need to complete additional research and improvise.

Network Services

In most installations, the Network Manager daemon provides an extremely useful service. Network Manager detects all devices that may connect to a network (modem, Ethernet, wireless, broadband, vpn) and automatically manages the devices and active connections. It works hard maintaining a seamless connection to the Internet and the local domain. It requires several other services to be installed and running as well. It is most useful on computers with multiple network devices and connections. Most distributions use it to manage WiFi connections. However, it is unnecessary for systems with a single wired Ethernet connection.

If your thin client has a single DHCP managed Ethernet connection, Network Manager and its dependent services can be removed. The existing network configuration will need a single change and possibly the addition of another much lighter service. In preparation, determine the name of your Ethernet device (generally eth0) before removing Network Manager. Services to remove (or disable):

  • NetworkManager
  • modem-manager
  • nm-applet (tray applet for NetworkManager)

Once these packages are removed, reconfigure your network by modifying the configuration file /etc/network/interfaces. Use your favourite text editor to add the following two lines at the end of file /etc/network/interfaces, replacing "ethX" with your device name (eg. eth0):

auto ethX
iface ethX inet dhcp

With this configuration, your network's DHCP server will assign a network address each time the system is booted. If you regularly disconnect and reconnect your thin client to different networks without rebooting, omit the "auto ethX" line from /etc/network/interfaces and install the ifplugd service. This service negotiates a new network address every time the Ethernet device is "plugged in" to a network.

If your thin client has a single Ethernet connection with a static IP address, you can remove the same services mentioned above and configure your static IP address in /etc/network/interfaces. A minimal static IP configuration involves four lines, such as:

iface ethX inet static
address 192.168.0.100
netmask 255.255.255.0
gateway 192.168.0.1

This is an example; you will need to supply ethX, address, netmask, and gateway values appropriate to your network. More complex configurations are possible. There are many guides to configuring /etc/network/interfaces available online.

If your distribution uses the package wicd instead of NetworkManager, you can remove it and make the same configuration changes.

If your thin client does not implement or use bluetooth services, you can remove:

  • bluetoothd
  • obex-data-server

Print Services

If your thin client will not be used for printing (or use print services to create pdf files), you can remove:

  • cupsd

Error Management Services

Services that notice serious problems and offer to report those problems back to the developers for correction and improvement constitute a beneficial service. However, problems reported for hardware at or near "end-of-life" (like recycled thin clients) are generally ignored. Unless you have recent hardware, remove:

  • abrtd (Red Hat derivatives)
  • abrt-applet (Red Hat derivatives)
  • whoopsie (Ubuntu derivatives)

SMART disk testing and error management is not necessary if your drive is not actually a hard drive (such as a Compact Flash card). In this case it is safe to remove:

  • smartd

Auditing Services

Kernel and filesystem auditing (who did what and when) is appropriate to servers and multi-user systems, but overkill on single user systems. Online documentation indicates disabling this feature may be far easier than removing it. Disable (or remove):

  • auditd

Tuning the Kernel

Kernel Security

Kernel security is enhanced using the kernel modules for SELinux (Red Hat derivatives) or AppArmor (SuSE, Ubuntu derivatives). However, security provided by these modules is confined to daemons like web servers and database servers. Kernel security policies are not generally defined for desktop users and applications. If you are not implementing a server, these features are safe to disable.

To disable SELinux security, add the kernel boot parameter: selinux=0 to your grub or other boot configuration. To disable AppArmor, add these two kernel boot parameters: apparmor=0 security="" to your grub or other boot configuration. These changes take effect at the next reboot.

ATA/IDE Interface

With most hardware, the IDE interface will default to UDMA/33 speeds if the kernel ATA/IDE driver cannot detect an "80 conductor cable". This is generally not a problem for thin clients as Disk-on-Module flash devices attached to these interfaces don't exceed UDMA/33 speeds. However, a Compact Flash card or IDE hard drive capable of UDMA/66 or better speeds attached to the same interface incurs a performance penalty.

Alter this behaviour by adding the kernel boot parameter: libata.force=short40c. This parameter informs the kernel ATA/IDE driver to act as if there is a "short 40 conductor" cable compatible with higher speeds. This prevents restriction of the IDE interface to UDMA/33 speeds even when a 80 conductor cable is not detected.

Acknowledgement

This article was contributed by Craig Oakes

 


Any comments? email me.    Last update December 2012