Comparing Linux and Microsoft Windows for Enterprise Usage
The Windows firewall included in Server 2008 and Windows 7 is a great improvement over previous incarnations. It filters on packets, IP addresses and source/destination program, and its management GUI is easy to use. However, it lacks some of the advanced features found in Linux-based firewalls. In contrast, Linux has been wed to open-source firewall development in near lockstep since ipchains and now iptables. Although many admins still prefer the text-based administration of iptables, there are many easy-to-use GUI-based interfaces, such as the one found in SUSE through Yet another Setup Tool (YaST, Figure 3). Unfortunately, these tools often limit access to advanced features, such as port redirection, IP translation and quality of service, which can be accessed from the command line. To be fair, some of these capabilities are available in Server 2008 by adding other modules (RRAS) or products (ISA), but that adds another layer of administration and cost where Linux possesses them out of the box. Some admins may feel that firewalls are not a significant factor in enterprise security except in the perimeter. Others suggest that firewalls are more important now than ever, because technologies like the cloud and mobile computing are erasing the traditional boundaries of the perimeter. Only time will tell.
The last decade easily could have been labeled the Decade of the Patch. Because of the ever-evolving security landscape, new vulnerabilities are discovered daily. Don't get me wrong. Security researchers provide an invaluable service to the industry, but sometimes when I have to push patches en masse daily, I pine for the old days when I could just push a single service pack every so often. Patching is not solely a Microsoft phenomenon. Vulnerabilities exist in Linux as well. Most modern operating systems worth their salt include a native updating mechanism to address flaws and vulnerabilities. In Windows, it is Automatic Updates for individual systems or Windows Software Update Services (WSUS) for managing a large number of systems. Microsoft has done well with both programs and should be applauded for their maturation in the last five years. Like its name implies, Automatic Updates automates the patching of host systems through a Control Panel interface. WSUS adds reporting features and the ability to centralize patch distribution, although the process for approving, denying and/or superseding patches can be kludgy.
Linux updating mechanisms vary by distribution, but share similar functionality with their Microsoft counterparts. Debian-based systems have apt, Red Hat-based systems have Yellowdog Updater Modified (YUM), and SUSE has YaST (which provides a graphical front end to the ZYpp package management engine). Each tool is easy to automate and includes the ability to resolve dependency issues prior to an update. They also share the ability to deploy local repositories to reduce bandwidth consumption as with WSUS, but to achieve the nicer dashboard and reporting features of WSUS requires subscription-based services, such as Red Hat Network (Figure 4) or Landscape from Canonical (Figure 5).
DNS and DHCP are production network roles where many Linux servers make their entry into an enterprise. Although these services may seem boring, they form the backbone of the modern enterprise. On the Microsoft side, we have the proprietary versions of DNS and DHCP included in Server 2008. Both are configured using the Server Manger utility and then administered through their respective mmc consoles. Microsoft has integrated its versions of DNS and DHCP deeply with Active Directory (AD) and a multitude of its proprietary network services. Although on the surface this may not seem like a problem, a single misconfiguration can affect multiple parts of the Microsoft infrastructure (AD, Exchange and so on). On the Linux side, we have the Berkeley Internet Name Domain (BIND), the standards-based market leader. BIND is a dependable workhorse that has enough flexibility to support Active Directory and keep DNS administration separate from other parts of the infrastructure. You can administer BIND through the command line or GUI tools like the Red Hat BIND Configuration Tool (Figure 6).
Alongside DNS, DHCP is a critical, though overlooked network service. It also is an excellent springboard for Linux in a new environment. It is low impact and can integrate into almost any existing network with little interruption. DHCP is available in most distros, and tools like those found in YaST make administration a snap (Figure 7). DNS and DHCP usually can be combined on a single server, as is found in many Microsoft environments, but with a smaller footprint.
|Contrast Security's Contrast Enterprise||Aug 30, 2016|
|illusive networks' Deceptions Everywhere||Aug 29, 2016|
|Happy Birthday Linux||Aug 25, 2016|
|ContainerCon Vendors Offer Flexible Solutions for Managing All Your New Micro-VMs||Aug 24, 2016|
|Updates from LinuxCon and ContainerCon, Toronto, August 2016||Aug 23, 2016|
|NVMe over Fabrics Support Coming to the Linux 4.8 Kernel||Aug 22, 2016|
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- Contrast Security's Contrast Enterprise
- illusive networks' Deceptions Everywhere
- Happy Birthday Linux
- What I Wish I’d Known When I Was an Embedded Linux Newbie
- New Version of GParted
- All about printf
- ContainerCon Vendors Offer Flexible Solutions for Managing All Your New Micro-VMs
- Tech Tip: Really Simple HTTP Server with Python
With all the industry talk about the benefits of Linux on Power and all the performance advantages offered by its open architecture, you may be considering a move in that direction. If you are thinking about analytics, big data and cloud computing, you would be right to evaluate Power. The idea of using commodity x86 hardware and replacing it every three years is an outdated cost model. It doesn’t consider the total cost of ownership, and it doesn’t consider the advantage of real processing power, high-availability and multithreading like a demon.
This ebook takes a look at some of the practical applications of the Linux on Power platform and ways you might bring all the performance power of this open architecture to bear for your organization. There are no smoke and mirrors here—just hard, cold, empirical evidence provided by independent sources. I also consider some innovative ways Linux on Power will be used in the future.Get the Guide