Comparing Linux and Microsoft Windows for Enterprise Usage
The Windows firewall included in Server 2008 and Windows 7 is a great improvement over previous incarnations. It filters on packets, IP addresses and source/destination program, and its management GUI is easy to use. However, it lacks some of the advanced features found in Linux-based firewalls. In contrast, Linux has been wed to open-source firewall development in near lockstep since ipchains and now iptables. Although many admins still prefer the text-based administration of iptables, there are many easy-to-use GUI-based interfaces, such as the one found in SUSE through Yet another Setup Tool (YaST, Figure 3). Unfortunately, these tools often limit access to advanced features, such as port redirection, IP translation and quality of service, which can be accessed from the command line. To be fair, some of these capabilities are available in Server 2008 by adding other modules (RRAS) or products (ISA), but that adds another layer of administration and cost where Linux possesses them out of the box. Some admins may feel that firewalls are not a significant factor in enterprise security except in the perimeter. Others suggest that firewalls are more important now than ever, because technologies like the cloud and mobile computing are erasing the traditional boundaries of the perimeter. Only time will tell.
The last decade easily could have been labeled the Decade of the Patch. Because of the ever-evolving security landscape, new vulnerabilities are discovered daily. Don't get me wrong. Security researchers provide an invaluable service to the industry, but sometimes when I have to push patches en masse daily, I pine for the old days when I could just push a single service pack every so often. Patching is not solely a Microsoft phenomenon. Vulnerabilities exist in Linux as well. Most modern operating systems worth their salt include a native updating mechanism to address flaws and vulnerabilities. In Windows, it is Automatic Updates for individual systems or Windows Software Update Services (WSUS) for managing a large number of systems. Microsoft has done well with both programs and should be applauded for their maturation in the last five years. Like its name implies, Automatic Updates automates the patching of host systems through a Control Panel interface. WSUS adds reporting features and the ability to centralize patch distribution, although the process for approving, denying and/or superseding patches can be kludgy.
Linux updating mechanisms vary by distribution, but share similar functionality with their Microsoft counterparts. Debian-based systems have apt, Red Hat-based systems have Yellowdog Updater Modified (YUM), and SUSE has YaST (which provides a graphical front end to the ZYpp package management engine). Each tool is easy to automate and includes the ability to resolve dependency issues prior to an update. They also share the ability to deploy local repositories to reduce bandwidth consumption as with WSUS, but to achieve the nicer dashboard and reporting features of WSUS requires subscription-based services, such as Red Hat Network (Figure 4) or Landscape from Canonical (Figure 5).
DNS and DHCP are production network roles where many Linux servers make their entry into an enterprise. Although these services may seem boring, they form the backbone of the modern enterprise. On the Microsoft side, we have the proprietary versions of DNS and DHCP included in Server 2008. Both are configured using the Server Manger utility and then administered through their respective mmc consoles. Microsoft has integrated its versions of DNS and DHCP deeply with Active Directory (AD) and a multitude of its proprietary network services. Although on the surface this may not seem like a problem, a single misconfiguration can affect multiple parts of the Microsoft infrastructure (AD, Exchange and so on). On the Linux side, we have the Berkeley Internet Name Domain (BIND), the standards-based market leader. BIND is a dependable workhorse that has enough flexibility to support Active Directory and keep DNS administration separate from other parts of the infrastructure. You can administer BIND through the command line or GUI tools like the Red Hat BIND Configuration Tool (Figure 6).
Alongside DNS, DHCP is a critical, though overlooked network service. It also is an excellent springboard for Linux in a new environment. It is low impact and can integrate into almost any existing network with little interruption. DHCP is available in most distros, and tools like those found in YaST make administration a snap (Figure 7). DNS and DHCP usually can be combined on a single server, as is found in many Microsoft environments, but with a smaller footprint.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- ServersCheck's Thermal Imaging Camera Sensor
- The Italian Army Switches to LibreOffice
- Petros Koutoupis' RapidDisk
- Linux Mint 18
- Oracle vs. Google: Round 2
- The FBI and the Mozilla Foundation Lock Horns over Known Security Hole
- Ben Rady's Serverless Single Page Apps (The Pragmatic Programmers)
- Privacy and the New Math
Until recently, IBM’s Power Platform was looked upon as being the system that hosted IBM’s flavor of UNIX and proprietary operating system called IBM i. These servers often are found in medium-size businesses running ERP, CRM and financials for on-premise customers. By enabling the Power platform to run the Linux OS, IBM now has positioned Power to be the platform of choice for those already running Linux that are facing scalability issues, especially customers looking at analytics, big data or cloud computing.
￼Running Linux on IBM’s Power hardware offers some obvious benefits, including improved processing speed and memory bandwidth, inherent security, and simpler deployment and management. But if you look beyond the impressive architecture, you’ll also find an open ecosystem that has given rise to a strong, innovative community, as well as an inventory of system and network management applications that really help leverage the benefits offered by running Linux on Power.Get the Guide