Embed Size (px)
Citation preview
Internet Engineering Course
OS Selection
Servers vs. Desktop Systems Servers
◦ Should not contain functionality not required for the intended function Minimal service set
Don’t install anything unless you really need it Avoid unnecessary exposure to new risks
◦ Faster with redundant components Increased reliability Has more of everything
◦ Much more customizable To perform specific tasks and optimizing them to do so
◦ Administration and maintenance requires special training
◦ Security, Reliability, Stability and … are highly critical
Standardizing on a single OS for all purposes is not a goal!
Operating Systems we will studyMainly
◦Microsoft Windows Server family◦Linux
Somewhat◦OpenBSD from BSD family
There are many others that we do not study here◦Other variants of UNIX
Solaris, HP/UX, AIX Other variants in BSD category – FreeBSD, NetBSD, … Other variants in GNU category – GNU/Hurd,
GNU/Mach, … …
◦And so many other OSs out there
Evaluation criteriaApplicationsStability and ReliabilitySecurityScalabilityUsabilityStaff IssuesTotal Cost of Ownership (TCO)
ApplicationsOS must support the application you will run!
◦ e.g. Exchange Server OS = Windows◦ A constraint for choosing OS
If needs are identified but no specific product◦ Look for the product and OS that supports it side
by side You are not limited to some specific OSs. Will not result in an OS that is difficult to support or costly. Less diversity in OSs is desirable (standardizing server
OSs)
For selecting OS◦ Look at what is generally available on the platform.◦ What is included in the OS by default?
Applications cont.Supplementary applications
◦ Intended to supplement a function of OS Resource Kit/Support Tools for Microsoft Windows Unix tools for windows
◦Native OS completeness There are no functions that an administrator
(skilled in Perl/shell scripting) cannot do in UNIX systems
Windows administrators have difficulty doing management tasks without third party or supplementary utilities OS vendor is not supposed to support third party utilities
and the side effects they may have!
Applications cont.Niche Area Support
◦ Greater diversity of applications available on Windows Windows is great from this point of view
◦ Diversity in Windows and Linux family Specific products may not run across the entire family
◦ Enough high quality server products for Linux◦ Newer system now necessarily backward
compatibe◦ OpenBSD
A lot less third party products than either Windows or Linux
Includes compatibility modes with several OSs It should not be used extensively (e.g. Many Linux applications
OS should be Linux)
Applications cont.Application Integration
◦Difference between integrated and integrable! Features of Microsoft products works better
with/only with Microsoft products!
◦Usage of one Microsoft product will lead to use of other Microsoft products Less tension to be compliant with other products.
Their implementations are not fully compliant with standards and therefore other implementations.
Other products should try to be integrable!
◦Application support Windows is the best, Linux is second and OpenBSD
is third.
Applications cont.Market Products
◦ Small vendors cannot afford to support various OSs They are pulled towards Windows Server family
Cause: Growth of various Windows based market applications
◦ Windows NT started with a target bellow the high-end commercial UNIX systems Enhancements in each release Higher performance
market
◦ Reducing costs of an application Major advantage for small businesses
◦ Linux entering the server market Linux will be a more obvious choice for small
businesses.
Applications cont.Included With Core OS
◦Windows File and print services, DNS, DHCP, IIS,
FTP and other additional components
◦Linux and OpenBSD Includes much more standard Internet
servers Even support for Microsoft file and print sharing
◦As open source operating systems are free, one might say that any free software that runs on the OS is part of it.
Applications cont.◦open source Applications
Majority of these projects have been developed on Linux Unless they are platform neutral, they’ll run on Linux with
less effort than any other OS Microsoft repeatedly made system design decisions
that Make little or no technical sense, but make excellent
business sense, i.e. they make it more difficult and expensive for a developer to port a Windows application to other OSs.
open source is by no means a UNIX only phenomena, but Most open source development has been done on UNIX
systems With the UNIX like open source operating systems, Linux and
BSD family, playing the leading roles
Applications cont.◦open source Applications
Some open source applications (visit www.sourceforge.net) Apache BIND (Berkeley Internet Name Domain) DHCPd (Dynamic Host Configuration Protocol ) PHP, Perl, Python Web traffic analysis packages like Webalizer, Analog MySQL, PostgreSQL Snort, PF, IP Filters, GuardDog NTP vsFTPd OpenOffice (replacement for Microsoft Office Suite) GIMP (replacement for Adobe Photoshop)
Applications cont.OS Versions and Fragmentation
◦Every several years, Microsoft introduces a fundamentally different operating environment or system with major changes in the UI. Windows is designed to hide technical details, but
these changes introduces a major learning curve! Technical users may effectively loose a significant
part of their knowledge of how Windows works and need start over with the new system
◦These differences are mostly seamless from one version of UNIX to another
Applications (Summary)There are many more applications for Windows
◦ Not all needed functionalities are included in the OSEnough products available for the cost of the
OS that some businesses can run mostly on open source solutions
As Linux is eating into Windows server market share, expect the application advantage for Windows servers to shrink and perhaps disappear.
Maintaining an application for Linux and other UNIX variants is minor compared to Windows.
Reliability and StabilityBoth are related to bugs.Stability
◦Relative resistance to crashes and lessening their affects
◦Bugs and incompatibilities may cause crashesReliability
◦Specific functions stop responding or return invalid results
◦Odd behavior!Availability
◦Affected by thing related to reliability and stability
◦To do and keep doing what they are supposed to do
Reliability and Stability cont.Reboot required even for minor changes
◦ Microsoft’s origins in single user systems◦ Is not a part of UNIX or mainframe environments
Some systems become less stable for longer uptimes◦ Rarely necessary for UNIX systems
Windows flaws in architectural design◦ Windows registry◦ Incredibly confused directory structure and its
adverse impact on system recovery◦ System management functions contained in large
complex GUI programs mostly with no command-line counterparts
Reliability and Stability cont.Windows registry
◦Central repository for configuration data and …◦The fallacy is that registry data is accessed by
key name. Little fundamental difference between accessing
entries in registry and files in different directories with different filenames
◦Numerous binary tree lookups, in a large deeply nested structure, become quite resource intensive Confirmed by the fact that Windows systems slow
with age as software is added UNIX systems do not slow with age due to software
installs.
Reliability and Stability cont.Windows GUI Interface Hampers
Administrators◦Complex GUIs contributes to reliability issues
Such programs are harder to write and more likely to have their own bugs
Often, no alternative interface is provided Bug in management interface will result in inability to
perform some administrative tasks
In the UNIX world, essentially all administrative tasks are performed by relatively simple command line programs that do only one specific thing.
Reliability and Stability cont.Linux Stability
◦There is no need to ever reboot except for a kernel or hardware upgrade or change.
◦Registry problem is not applicable to Linux
OpenBSD◦Said to be the most stable and most
reliable OS◦Clean code base◦Development model
SecurityFile Systems
◦FAT lacks primary permissions and security facilities needed for a server environment.
◦UNIX allows controls only by owner, group and other. Each of these can be set to any combination of read, write and execute. chmod
◦NTFS is much more customizable and provides flexible access control list capabilities. Windows GUI, xcacls (Extended Change Access Control List )
provided in Windows Support Tools
Security cont.Password Hashes
◦ Windows passwords are weaker and easier to break. LANMAN hash
◦ BSD MD5 is one of the strongest hashesNovice administrators really don’t know what
they are doing! Making things easy is not that good!
Default Installations◦ Previously default installation of Windows Server
and related network services made it much more easier to attack and exposed the system to many risks.
◦ Unix default installation has basic security provisions. You have to enable anything you want.
Security cont.Development Model, Bug Fixes, Security
and Reliability◦Linux
The kernel appears to be under pretty much continuous development and more than one version is being developed simultaneously.
Development is a purely volunteer, non-commercial activity.
◦Windows Microsoft is the largest software company in the
world and is purely commercial. Microsoft responds in a reasonably timely fashion to
reported and serious security bugs. It's primarily such bugs that their security alerts describe.
Security cont.OpenBSD
◦OpenBSD is the most secure OS available◦They try to find simple software bugs and
they believe that they are the origin of security issue.
◦Secure by default All non-essential services are disable by default
◦Four years without a remote hole◦Outstanding open implementation of
security standards.◦Unix Signal Handler and Open Software Fixes
Fix was available the day after the problem was announced publicly!
ScalabilityMeanings
◦How many processors/How much memory in a single machine, an operating system is capable of supporting.
◦Cluster of machines that work together to solve a common problem. Recent projects of this type have consisted of
hundreds to thousands of Intel CPUs running Linux.
System Performance◦Confusing benchmarks about performance.◦No general statement on this issue.
Scalability cont.Hardware Requirements
◦Windows has GUI in its kernel It need reasonably high hardware specifications.
◦Most Linux servers installations do not have X-Windowing System.
◦Hardware specifications of Linux is much smaller than Windows.
Price Performance Ratio◦The starting software cost for a public,
Windows 2000 web server, is effectively over $4000.
◦There exists free Linux distributions and also commercial ones which costs much less than Windows servers
UsabilityEase of Use, Ease of Learning
◦Ease of use often regarded as one of the most important characteristics of any software product.
◦Ease of learning is not often used. Ease of use is nearly always used to mean that a
product is easy to learn to use. Normally means how easily a user new to a product
can figure out how to perform a specificaction. Documentation, architecture, support, training and
design◦GUI tools
May also make system administration tasks easy to learn.
May make repetitive task very burdensome Such tasks can make use of a system scheduler.
Usability cont.Windows Lacks Automation
◦Automating the task in Linux by scripts◦ In Windows also possible but is very
cumbersome in comparison with Linux Automating the procedures that has no counterpart
other than GUI interface should be done with e.g. emulating mouse events or scripting utilities like AutoIt that does somehow ease this job! (Surely not reliable)
Easy to use Windows tools, become cumbersome to use as the tasks become more repetitive.
◦There are no scripting skills that are routine part of Windows administration Even batch programming skills, as simple (and
limited) as that "language" is, have largely fallen into disuse.
Usability cont.◦Most Windows administrators are entirely
dependent on the GUI management interface, and even where it should be obvious that something should be automated, do not have the knowledge or skills to do it.
◦UNIX administrators, in contrast, are normally skilled in at least one scripting language, and routinely expect to automate repetitive parts of their jobs.
◦Windows server systems have a pro novice bias and that UNIX systems have an anti-novice bias.
Usability cont.Support Options
◦Windows Microsoft Knowledge Base, Customer Support,
Consultants Most of the things are solved easily if you have employed a
guru consultant. The really good ones can solve seemingly very difficult problems, with ease
Gurus are expensive to employ and cheap ones learn on your job.
◦Linux Community Support, Commercial Support (e.g.
RHEL), Gurus After gaining mastery and enough experience you are
relaxed. It does not hide anything from you, so you can come up with
the solution. Google your problem and there should be a discussion about
it in a community
Staff IssuesUNIX administrators cost more
than Windows ones.Main factor = Cost per machineFrom all previous discussions it is
resulted that maintaining a Linux server needs less effort that Windows one.◦So the staff cost is not a major factor
as might be considered at first
Total Cost of Ownership (TCO) Microsoft says TCO of Windows is much lower than
Linux Factors
◦ License◦ Support◦ Staff◦ …
Windows license price◦ How many simultaneous client connections?◦ What server applications?
UNIX systems require more up-front learning effort. Security, Stability and Reliability
◦ Moving to security, Linux is more secure in a default install
◦ Given normal installs by typically trained administrators Windows systems are much less stable than Linux installs.
SummaryNo operating system is perfect or even close,
even when limited to server only or desktop only roles.◦ Tradeoff
Windows servers◦ With sufficient resources, they can be made stable.◦ Because of variety of third party applications , it
may be possible to "do more" on Windows servers than other platforms.
◦ As a particular matter, they rarely live up to their promise.
◦ Contain enormous array of unused features (may not be easy to disable, for instance kernel customization).
Summary cont.◦Comparatively unreliable, and thus
resource intensive to maintain.◦Given the complexity of Windows, tools
and middleware used to build the applications, and the applications themselves, it's absurd to think that all the security related bugs can be found and fixed. Only hope that the holes that exist are
sufficiently difficult and obscure, that no skilled malicious intruder actually finds them.
◦Best hardware support among other OSs.
Summary cont. Linux
◦ The default security characteristics of Linux depend on the distribution and install options chosen.
◦ Linux has been used to build powerful parallel supercomputers so it unquestionably clusters well
◦ The newest kernels should be comparable to Windows on multiprocessor systems.
◦ Linux has a very large range of applications, both commercial (proprietary) and open source.
◦ Linux has by far the largest number of open source applications.
◦ All business needs can be met by Linux applications.
◦ Linux has the best and most diverse free support available, which is often better than traditional commercial support.
Choosing a Linux DistributionSome server candidates
◦Commercial Red Hat Enterprise Linux SUSE Linux Enterprise Server Mandriva Corporate Server
◦Non-commercial Gentoo Debian Fedora Slackware Arch
Choosing a Linux Distribution cont. Differences
◦ Base operating system Some customization, e.g. init scripts, kernel Generally binary compatible
◦ Software management and updating YUM APT Smart Synaptic
◦ Hardware management Kudzu of Red Hat Non-commercial distros never contain proprietary
drivers.
◦ Proprietary extras
Choosing a Linux Distribution cont.Support from server
manufacturers mainly◦Red Hat Enterprise Linux◦SUSE Linux Enterprise Server
Challenging◦Gentoo◦Debian◦Slackware◦Arch
Choosing a Linux Distribution cont. Red Hat
◦ Founded in 1994 by Bob Young and Marc Ewing◦ Leader in development, deployment and
Management of Linux and open source solutions for Internet infrastructure
◦ Last version in the Red Hat Linux product line Red Hat Enterprise Linux 5 Replaced by Fedora Core in late 2003, officially
sponsored by Red Hat Developed with community participation Serves mainly as a testing base for Red Hat Enterprise
Linux Widely used, excellent community support, lots of
innovation◦ up2date and YUM as package managers (RPM)◦ Red Hat Enterprise Linux products best supported
by hardware vendors among other Linux distributions
◦ Very good commercial support
Choosing a Linux Distribution cont.SUSE (formerly SuSe)
◦Established by a group of German developers in 1992
◦Adopted RPM package management format
◦Easy to use YaST configuration tool◦Frequent releases◦Excellent documentation◦Acquired by Novell in late 2003◦Professional attention to detail
Choosing a Linux Distribution cont. Gentoo
◦ Created by Daniel Robbins, a former Stampede Linux and FreeBSD developer
◦ A source-based distribution◦ Various levels of pre-compiled binary packages to get a
basic Linux system up◦ The idea is to compile all source packages on the user's
computer Highly optimized for the computer architecture it is built on Long and tedious system installation Occasional instability and risk of breakdown
◦ Software packages kept in a central repository◦ Usually kept highly up-to-date and available within days◦ Painless installation of individual software packages◦ Highly up-to-date◦ Superb documentation◦ Distribution tailored to user's needs
Choosing a Linux Distribution cont. Debian
◦ Started by Ian Murdock in 1993◦ Totally free, completely non-commercial◦ Complete package set (about 16000 packages)◦ Community support◦ Most advanced package manager available
APT (DEB)◦ Needs knowledgeable, hands-on user◦ Three release branches
Stable Long period between stable releases The stable version tends to be out-dated
Testing Unstable
ReferencesGeodSoft: Linux, OpenBSD,
Windows Server Comparison◦http://geodsoft.com/opinion/
server_comp/Software in Review – The
differences between Linux distributions◦http://www.softwareinreview.com/cm
s/content/view/26/1/DistroWatch.com
◦http://distrowatch.com/
Miscellaneous
Category OSes Origin of code?
GNU GNU/Linux, GNU/HURD, GNU/Mach, GNU/BSD
Free Software Foundation; kernels developed separately except HURD. The Linux kernel was originally written by Linus Torvalds, and is currently maintained by him.
BSD FreeBSD, OpenBSD,
NetBSD, DesktopBSD, BSD/OS
UC Berkeley, originally; each project has been developed separately since the early-mid 1990s, however.
Unix Solaris, AIX, IRIX,
HP/UX, Tru64, UnixWare, OpenServer
Bell Labs (AT&T) developed the original Unix code. UNIX is now a trademarked operating system certification program instead of an operating system, and no longer requires that a compliant OS contain AT&T Unix source code to achieve brand certification. Despite that, all of the extant Unix derivatives are compliant with at least one published UNIX standard.
Darwin Darwin, OS X Based on the NeXTSTEP operating system, which used the Mach kernel and some FreeBSD programs and networking code. OS X is developed from Darwin.
Minix Minix Originally written by Andrew Tanenbaum, but now mostly developed by a handful of others
Miscellaneous cont.BSD Family
◦OpenBSD was an outgrowth of NetBSD Split later with the goal of creating a
reliable and secure OS OpenBSD is the most secure OS available
◦NetBSD is known for running on more hardware platforms
◦FreeBSD split from NetBSD Developers wanted to optimize the system
for perfomance on Intel processors Fastest OS that runs on Intel systems
