Comparing Linux and Microsoft Windows for Enterprise Usage

Selling Linux in the Enterprise often is a tough job, but with the right information, you can start making the case for Linux.

For far too long, Linux has existed on the periphery of enterprise computing. Whether it is skepticism of open-source technology, a preference for paid instead of community support or the ever-forking tree of distributions, many businesses have shied away from Linux. In recent years, commercial Linux vendors have been hard at work polishing their distributions in the hope of establishing a beachhead in the enterprise. These mature distributions have rendered many past criticisms moot, and coupled with new opportunities in emerging technologies like virtualization, Linux stands poised to re-establish itself as an enterprise-caliber operating system. However, if these vendors are to be successful, they must take on the leviathan in the enterprise: Microsoft.

In this article, I discuss several areas of the enterprise that are prime candidates for Linux adoption or expansion. In each case, I look at the current Microsoft offering in that area and then highlight a legitimate Linux-based contender. In doing so, I do not intend to keep a running score card and come up with an unsurprisingly biased conclusion (this is Linux Journal after all). I merely want to start the conversation in order to demonstrate Linux's inherent business value and strengthen the community at large.

There are a few caveats before I proceed. For the purposes of this article, I have blurred the line between server and desktop platforms to keep the discussion at a strategic level. The topics I examine may touch upon aspects of one or both platforms. I also have limited the distributions used here to those with paid support, as they tend to be targeted at the enterprise market. With the exception of BIND and DHCP, I have avoided any technologies/packages, such as LAMP, Samba, Sendmail or any iconic Linux app I felt already has been beaten into the ground with comparisons. I want to bring something new to the table. Finally, this article does not tackle the thorny issue of application serving or application compatibility. We all know the vast majority of business apps are developed for the Microsoft platform. Wine and/or Mono are not the answers. Developing software to emulate another vendor's code always will leave Linux users behind their Microsoft counterparts. However, the rapid growth of Web-based apps, advancements in virtualization (application and desktop) and the arrival of cloud computing may change this dynamic in the near future as applications become separated from the desktop.

Desktop Security—User Account Control/Security Configuration Wizard

User Account Control (UAC) has been an essential part of Microsoft OSes since Vista. UAC protects the OS by requiring services and programs to operate with the correct permissions via security confirmation prompts. It is meant to limit the number of programs that run with unnecessary administrative privileges, a long-criticized weakness of applications developed for the Microsoft platform. Although UAC has received praise for making strides to eliminate this weakness, many admins have found that prolonged use leads some users simply to click Yes on the elevation prompts rather than evaluate the security risk. This leads to the elevation of non-desired programs, possibly to the detriment of the system. UAC can be complemented with the use of the Security Configuration Wizard that locks down unnecessary ports and services using a form-like survey to determine your minimum necessary configuration.

Security always has been an important component of the Linux pedigree. Utilities like sudo and chroot, which limit the context of certain programs and operations, long have been part of the Linux security toolbox. In the case of Debian-based distributions, root access is prohibited except through the use of sudo. Also, most distros now utilize either AppArmor or SELinux as an additional security layer at the host level. Although SELinux and AppArmor take different tacts to securing a system, each utilizes a least-privilege-based approach to minimizing the threat surface through the use of profiles. Although SELinux (Figure 1) has the distinction of being developed by the National Security Agency and of being extremely secure, it can be difficult to administer. By contrast, many admins believe AppArmor is just as effective and easier to configure. Novell includes a nice GUI tool for AppArmor in SUSE Enterprise Linux that includes a wizard for profiling applications that is a real time-saver (Figure 2).

Figure 1. SELinux Administration in RHEL

Figure 2. SUSE AppArmor Wizard