OS selection - Computer Engineering Department

obtainablerabbiΔιαχείριση Δεδομένων

31 Ιαν 2013 (πριν από 4 χρόνια και 5 μήνες)

148 εμφανίσεις

Internet Engineering

OS selection

Servers vs. Desktop Systems


Servers


Should not contain functionality not required for the intended
function


Minimal service set


Don’t install anything unless you really need it


Avoid unnecessary exposure to new risks


Faster with redundant components


Increased reliability


Has more of everything


Much more customizable


To perform specific tasks and optimizing them to do so


Administration and maintenance requires special training


Security, Reliability, Stability and … are highly critical


Standardizing on a single OS for all purposes is not a goal!

Operating Systems we will study


Mainly


Microsoft Windows Server family


Linux


Somewhat


OpenBSD from BSD family


There are many others that we do not study here


Other variants of UNIX


Solaris, HP/UX, AIX


Other variants in BSD category


FreeBSD, NetBSD, …


Other variants in GNU category


GNU/Hurd, GNU/Mach, …





And so many other OSs out there

Evaluation criteria


Applications


Stability and Reliability


Security


Scalability


Usability


Staff Issues


Total Cost of Ownership (TCO)

Applications


OS must support the application you will run!


e.g. Exchange Server


OS = Windows


A constraint for choosing OS


If needs are identified but no specific product


Look for the product and OS that supports it side by side


You are not limited to some specific OSs.


Will not result in an OS that is difficult to support or costly.


Less diversity in OSs is desirable (standardizing server OSs)


For selecting OS


Look at what is generally available on the platform.


What is included in the OS by default?

Applications cont.


Supplementary applications


Intended to supplement a function of OS


Resource Kit/Support Tools for Microsoft Windows


Unix tools for windows


Native OS completeness


There are no functions that an administrator (skilled in
Perl/shell scripting) cannot do in UNIX systems


Windows administrators have difficulty doing management
tasks without third party or supplementary utilities


OS vendor is not supposed to support third party utilities and the
side effects they may have!

Applications cont.


Niche Area Support


Greater diversity of applications available on Windows


Windows is great from this point of view


Diversity in Windows and Linux family


Specific products may not run across the entire family


Enough high quality server products for Linux


Newer system now necessarily backward compatibe


OpenBSD


A lot less third party products than either Windows or Linux


Includes compatibility modes with several OSs


It should not be used extensively (e.g. Many Linux applications


OS should be Linux)

Applications cont.


Application Integration


Difference between integrated and integrable!


Features of Microsoft products works better with/only with
Microsoft products!


Usage of one Microsoft product will lead to use of other
Microsoft products


Less tension to be compliant with other products.


Their implementations are not fully compliant with standards and
therefore other implementations.


Other products should try to be integrable!


Application support


Windows is the best, Linux is second and OpenBSD is third.

Applications cont.


Market Products


Small vendors cannot afford to support various OSs


They are pulled towards Windows Server family


Cause: Growth of various Windows based market applications


Windows NT started with a target bellow the high
-
end
commercial UNIX systems


Enhancements in each release


Higher performance market


Reducing costs of an application


Major advantage for small businesses


Linux entering the server market


Linux will be a more obvious choice for small businesses.

Applications cont.


Included With Core OS


Windows


File and print services, DNS, DHCP, IIS, FTP and other
additional components


Linux and OpenBSD


Includes much more standard Internet servers


Even support for Microsoft file and print sharing


As open source operating systems are free, one might say
that any free software that runs on the OS is part of it.

Applications cont.


open source Applications


Majority of these projects have been developed on Linux


Unless they are platform neutral, they’ll run on Linux with less
effort than any other OS


Microsoft repeatedly made system design decisions that


Make little or no technical sense, but make excellent business
sense, i.e. they make it more difficult and expensive for a
developer to port a Windows application to other OSs.


open source is by no means a UNIX only phenomena, but


Most open source development has been done on UNIX systems


With the UNIX like open source operating systems, Linux and
BSD family, playing the leading roles

Applications cont.


open source Applications


Some open source applications (visit www.sourceforge.net)


Apache


BIND


DHCPd


PHP, Perl, Python


Web traffic analysis packages like Webalizer, Analog


MySQL, PostgreSQL


Snort, PF, IP Filters, GuardDog


NTP


vsFTPd


OpenOffice (replacement for Microsoft Office Suite)


GIMP (replacement for Adobe Photoshop)

Applications cont.


OS Versions and Fragmentation


Every several years, Microsoft introduces a fundamentally
different operating environment or system with major
changes in the UI.


Windows is designed to hide technical details, but these
changes introduces a major learning curve!


Technical users may effectively loose a significant part of their
knowledge of how Windows works and need start over with
the new system


These differences are mostly seamless from one version of
UNIX to another

Applications (Summary)


There are many more applications for Windows


Not all needed functionalities are included in the OS


Enough products available for the cost of the OS that
some businesses can run mostly on open source
solutions


As Linux is eating into Windows server market share,
expect the application advantage for Windows servers to
shrink and perhaps disappear.


Maintaining an application for Linux and other UNIX
variants is minor compared to UNIX and Windows.

Reliability and Stability


Both are related to bugs.


Stability


Relative resistance to crashes and lessening their affects


Bugs and incompatibilities may cause crashes


Reliability


Specific functions stop responding or return invalid results


Odd behavior!


Availability


Affected by thing related to reliability and stability


To do and keep doing what they are supposed to do


Least possible amount of time staff spend troubleshooting
problems

Reliability and Stability cont.


Reboot required even for minor changes


Microsoft’s origins in single user systems


Is not a part of UNIX or mainframe environments


Some systems become less stable for longer uptimes


Rarely necessary for UNIX systems


Windows flaws in architectural design


Windows registry


Incredibly confused directory structure and its adverse
impact on system recovery


System management functions contained in large complex
GUI programs mostly with no command
-
line counterparts

Reliability and Stability cont.


Windows registry


Central repository for configuration data and …


The fallacy is that registry data is accessed by key name.


Little fundamental difference between accessing entries in
registry and files in different directories with different filenames


Numerous binary tree lookups, in a large deeply nested
structure, become quite resource intensive


Confirmed by the fact that Windows systems slow with age as
software is added


UNIX systems do not slow with age due to software installs.

Reliability and Stability cont.


Windows GUI Interface Hampers Administrators


Complex GUIs contributes to reliability issues


Such programs are harder to write and more likely to have
their own bugs


Often, no alternative interface is provided


Bug in management interface will result in inability to perform
some administrative tasks


In the UNIX world, essentially all administrative tasks are
performed by relatively simple command line programs
that do only one specific thing.

Reliability and Stability cont.


Linux Stability


There is no need to ever reboot except for a kernel or
hardware upgrade or change.


Registry problem is not applicable to Linux


OpenBSD


Said to be the most stable and most reliable OS


Clean code base


Development model

Security


File Systems


FAT lacks primary permissions and security facilities
needed for a server environment.


UNIX allows controls only by owner, group and other. Each
of these can be set to any combination of read, write and
execute.


chmod


NTFS is much more customizable and provides flexible
access control list capabilities.


Windows GUI, xcacls provided in Windows Support Tools

Security cont.


Password Hashes


Windows passwords are weaker and easier to break.


LANMAN hash


BSD MD5 is one of the strongest hashes


Novice administrators really don’t know what they are
doing! Making things easy is not that good!


Default Installations


Previously default installation of Windows Server and
related network services made it much more easier to
attack and exposed the system to many risks.


Unix default installation has basic security provisions.


You have to enable anything you want.

Security cont.


Development Model, Bug Fixes, Security and Reliability


Linux


The kernel appears to be under pretty much continuous
development and more than one version is being developed
simultaneously.


Development is a purely volunteer, non
-
commercial activity.


Windows


Microsoft is the largest software company in the world and is
purely commercial.


Microsoft responds in a reasonably timely fashion to reported
and serious security bugs. It's primarily such bugs that their
security alerts describe.

Security cont.


OpenBSD


OpenBSD is the most secure OS available


They try to find simple software bugs and they believe that
they are the origin of security issue.


Secure by default


All non
-
essential services are disable by default


Four years without a remote hole


Outstanding open implementation of security standards.


Unix Signal Handler and Open Software Fixes


Fix was available the day after the problem was announced
publicly!


OpenBSD Daily Security Audit enabled by default

Scalability


Meanings


How many processors/How much memory in a single
machine, an operating system is capable of supporting.


Cluster of machines that work together to solve a common
problem.


Recent projects of this type have consisted of hundreds to
thousands of Intel CPUs running Linux.


System Performance


Confusing benchmarks about performance.


No general statement on this issue.

Scalability cont.


Hardware Requirements


Windows has GUI in its kernel


It need reasonably high hardware specifications.


Most Linux servers installations do not have X
-
Windowing
System.


Hardware specifications of Linux is much smaller than
Windows.


Price Performance Ratio


The starting software cost for a public, Windows 2000 web
server, is effectively over $4000.


There exists free Linux distributions and also commercial
ones which costs much less than Windows servers

Scalability cont.


Relocating Server Applications


Deep understanding of server status will result in wise
decision on relocating server applications.


Decision support


Windows’ Task Manager or Performance Monitor


UNIX’s ps command or Performance Analyzers like atop


Duplicated UNIX machines do not need to be kept as
replicas. Application server load can be broken up between
two machines.


Duplication and Load Balancing


Highly modular and so highly customizable


Migrating Windows functions nearly always means building
new machines from scratch. Difficult to duplicate the settings!

Usability



Ease of Use ≠ Ease of Learning


Ease of use often regarded as one of the most important
characteristics of any software product.


Ease of learning is not often used.


Ease of use is nearly always used to mean that a product is
easy to learn to use.


Normally means how easily a user new to a product can figure
out how to perform a specific action.


Documentation, architecture, support, training and design


GUI tools


May also make system administration tasks easy to learn.


May make repetitive task very burdensome


Such tasks can make use of a system scheduler.

Usability cont.


Windows Lacks Automation


Automating the task in Linux by scripts


In Windows also possible but is very cumbersome in
comparison with Linux


Automating the procedures that has no counterpart other than
GUI interface should be done with e.g. emulating mouse
events or scripting utilities like AutoIt that does somehow ease
this job! (Surely not reliable)


Easy to use learn Windows tools, become cumbersome to use
as the tasks become more repetitive.


There are no scripting skills that are routine part of
Windows administration


Even batch programming skills, as simple (and limited) as that
"language" is, have largely fallen into disuse.

Usability cont.


Most Windows administrators are entirely dependent on the
GUI management interface, and even where it should be
obvious that something should be automated, do not have
the knowledge or skills to do it.


UNIX administrators, in contrast, are normally skilled in at
least one scripting language, and routinely expect to
automate repetitive parts of their jobs.


Windows server systems have a pro novice bias and that
UNIX systems have an anti
-
novice bias.

Usability cont.


Support Options


Windows


Microsoft Knowledge Base, Customer Support, Consultants


Most of the things are solved easily if you have employed a guru
consultant. The really good ones can solve seemingly very difficult
problems, with ease


Gurus are expensive to employ and cheap ones learn on your job.


Linux


Community Support, Commercial Support (e.g. RHEL), Gurus


After gaining mastery and enough experience your are relaxed.


It does not hide anything from you, so you can come up with the
solution.


Google your problem and there should be a discussion about it in
a community

Staff Issues


UNIX administrators cost more than Windows ones.


Main factor = Cost per machine


From all previous discussions it is resulted that
maintaining a Linux server needs less effort that
Windows one.


So the staff cost is not a major factor as might be
considered at first

Total Cost of Ownership (TCO)


Microsoft says TCO of Windows is much lower than Linux


Factors


License


Support


Staff





Windows license price


How many simultaneous client connections?


What server applications?


UNIX systems require more up
-
front learning effort.


Security, Stability and Reliability


Moving to security, Linux is more secure in a default install


Given normal installs by typically trained administrators Windows
systems are much less stable than Linux installs.

Summary


No operating system is perfect or even close, even when
limited to server only or desktop only roles.


Tradeoff


Windows servers


With sufficient resources, they can be made stable.


Because of variety of third party applications , it may be
possible to "do more" on Windows servers than other
platforms.


As a particular matter, they rarely live up to their promise.


Contain enormous array of unused features (may not be
easy to disable, for instance kernel customization).

Summary cont.


Comparatively unreliable, and thus resource intensive to
maintain.


Theoretically, they can be made secure, as their built
-
in
security functions are more sophisticated than standard
UNIX security facilities.


Very labor intensive and will result in a machine that will not
look like a Windows server.


Given the complexity of Windows, tools and middleware
used to build the applications, and the applications
themselves, it's absurd to think that all the security related
bugs can be found and fixed.


Only hope that the holes that exist are sufficiently difficult and
obscure, that no skilled malicious intruder actually finds them.


Best hardware support among other OSs.

Summary cont.


Linux


The default security characteristics of Linux depend on the
distribution and install options chosen.


Linux has been used to build powerful parallel supercomputers
so it unquestionably clusters well


The newest kernels should be comparable to Windows on
multiprocessor systems.


Linux has a very large range of applications, both commercial
(proprietary) and open source.


Linux has by far the largest number of open source applications.


All business needs can be met by Linux applications.


Linux has the best and most diverse free support available, which
is often better than traditional commercial support.

Choosing a Linux Distribution


Some server candidates


Commercial


Red Hat Enterprise Linux


SUSE Linux Enterprise Server


Mandriva Corporate Server


Non
-
commercial


Gentoo


Debian


Fedora


Slackware


Arch

Choosing a Linux Distribution cont.


Differences


Base operating system


Some customization, e.g. init scripts, kernel


Generally binary compatible


Software management and updating


YUM


APT


Smart


Synaptic


Hardware management


Kudzu of Red Hat


Non
-
commercial distros never contain proprietary drivers.


Proprietary extras

Choosing a Linux Distribution cont.


Support from server manufacturers mainly


Red Hat Enterprise Linux


SUSE Linux Enterprise Server


Challenging


Gentoo


Debian


Slackware


Arch

Choosing a Linux Distribution cont.


Red Hat


Founded in 1994 by Bob Young and Marc Ewing


Leader in development, deployment and Management of Linux
and open source solutions for Internet infrastructure


Last version in the Red Hat Linux product line


Red Hat Linux 9


Replaced by Fedora Core in late 2003, officially sponsored by Red
Hat


Developed with community participation


Has a short life
-
span


Serves mainly as a testing base for Red Hat Enterprise Linux


Widely used, excellent community support, lots of innovation


up2date and YUM as package managers (RPM)


Red Hat Enterprise Linux products best supported by hardware
vendors among other Linux distributions


Very good commercial support

Choosing a Linux Distribution cont.


SUSE (formerly SuSe)


Established by a group of German developers in 1992


Adopted RPM package management format


Easy to use YaST configuration tool


Frequent releases


Excellent documentation


Acquired by Novell in late 2003


Professional attention to detail


YaST (RPM), third
-
party APT (RPM) repositories available
as package managers

Choosing a Linux Distribution cont.


Gentoo


Created by Daniel Robbins, a former Stampede Linux and FreeBSD
developer


A source
-
based distribution


Various levels of pre
-
compiled binary packages to get a basic Linux
system up


The idea is to compile all source packages on the user's computer


Highly optimized for the computer architecture it is built on


Long and tedious system installation


Occasional instability and risk of breakdown


Software packages kept in a central repository


Usually kept highly up
-
to
-
date and available within days


Painless installation of individual software packages


Highly up
-
to
-
date


Superb documentation


Distribution tailored to user's needs


Portage (SRC) as package manager

Choosing a Linux Distribution cont.


Debian


Started by Ian Murdock in 1993


Totally free, completely non
-
commercial


Complete package set (about 16000 packages)


Community support


Most advanced package manager available


APT (DEB)


Needs knowledgeable, hands
-
on user


Three release branches


Stable


Long period between stable releases


The stable version tends to be out
-
dated


Testing


Unstable

CE Servers


CE


Fedora core 4


At the time of the new installation of CE, the administration team had not
made decision to move toward Debian, so Fedora was chosen (The team is
willing to change it to Debian)


Shell


Debian Sarge


Cabinet


Debian Sarge


Netserver


FreeBSD


Tailored for stable network services we wanted to provide (DHCP, DNS,
Firewall, Mail Queue, …)


Client management server


Windows 2003 Enterprise Edition


For managing Windows clients you have to run Windows!


AntiVirus, Patch Management and Client Management server

Note


Information provided in this presentation are not
accurate and may be out of date.


There are many fundamental changes in Windows
Server 2003 and Linux Kernel 2.6.


Most parts of this presentation are based on Windows NT
and 2000 and Linux Kernel 2.4.


Microsoft tries to provide a better command line interface


Windows Management Instrumentation Command
-
line
(WMIC) tool is a great pace! Read about it and try it…


// TODO: Try wmic.


Resource Kit/Support Tools


// TODO: Download Windows Support Tools and try the tools.

References


GeodSoft: Linux, OpenBSD, Windows Server
Comparison


http://geodsoft.com/opinion/server_comp/


Software in Review


The differences between Linux
distributions


http://www.softwareinreview.com/cms/content/view/26/1/


DistroWatch.com


http://distrowatch.com/

Miscellaneous

Category

OSes

Origin of code?

GNU

GNU/Linux, GNU/HURD,
GNU/Mach, GNU/BSD

Free Software Foundation; kernels developed separately except HURD. The Linux kernel
was originally written by Linus Torvalds, and is currently maintained by him.

BSD

FreeBSD, OpenBSD,
NetBSD, DesktopBSD,
BSD/OS

UC Berkeley, originally; each project has been developed separately since the early
-
mid
1990s, however.

Unix

Solaris, AIX, IRIX,
HP/UX, Tru64,
UnixWare, OpenServer

Bell Labs (AT&T) developed the original Unix code. UNIX is now a trademarked operating
system certification program instead of an operating system, and no longer requires that a
compliant OS contain AT&T Unix source code to achieve brand certification. Despite that,
all of the extant Unix derivatives are compliant with at least one published UNIX standard.

Darwin

Darwin, OS X

Based on the NeXTSTEP operating system, which used the Mach kernel and some
FreeBSD programs and networking code. OS X is developed from Darwin.

Minix

Minix

Originally written by Andrew Tanenbaum, but now mostly developed by a handful of others

Miscellaneous cont.


BSD Family


OpenBSD was an outgrowth of NetBSD


Split later with the goal of creating a reliable and secure OS


OpenBSD is the most secure OS available


NetBSD is known for running on more hardware platforms


FreeBSD split from NetBSD


Developers wanted to optimize the system for perfomance on
Intel processors


Fastest OS that runs on Intel systems