Linux, OpenBSD, Windows Server Comparison: Introduction
Introduction
This is a discussion of the relative strengths and
weaknesses of Linux, Microsoft Windows NT / 2000 and OpenBSD as server
operating systems. Linux is intended to include Linux in general,
regardless of the specific differences between distributions, but
the emphasis on is Red Hat Linux 6.1 through 7.1
as that is where most of my practical experience has been.
Windows includes NT 4 Server and also 2000. Though these Windows
versions are released as different commercial products, 2000 is an
evolution from NT, and shares a similar
architecture and predominately common source code. The
prevailing opinion seems to be that 2000 significantly improved
many of the stability issues with NT 4. The Windows family
architectural similarities outweigh the feature enhancements and
implementation details. The architecture will be discussed at
length, latter. OpenBSD has gone thorough four product releases
since I've used it and shares many UNIX like utilities and
development tools with all versions of Linux, yet is clearly a
single but evolving OS that presents many important contrasts to
both Linux and the Windows server family.
I will discuss Microsoft's significant strengths as well as some
fundamental weaknesses. I believe Microsoft's products
have specific, and sometimes significant business advantages in
the appropriate circumstances. On the other hand, over the long
term, I have some doubts about the Windows operating system
viability as a server system, and even someday as a general
purpose small computer operating system. I say "small computer"
because today's distinctions of desktop, laptop and PDA are
likely to become obsolete, but small computers with high
resolution displays and significant local processing and storage
capacities and multiple I/O technologies will be around for the
foreseeable future.
For those in a position to conduct formal studies specific to
their own environments, that seriously investigate the viable
options, this discussion will hopefully raise some questions and
factors that might not otherwise have been considered. For the
rest, which I think includes the large majority of IT technical
staff and managers, hopefully this discussion will offer specific
useable advice or at least be thought provoking.
Third Attempt
This is my third attempt, starting from scratch, to deal with
this complex subject. My first attempt beginning in late 1999
can be seen in the outline off my
"book" under "Platform Choices". I
wrote and revised this 25 page section several times in the
course of about a year but never came close to having anything
suitable for public distribution. There is an obvious lack of
direction and structure in the outline. I subsequently started a
fresh draft comparing operating systems and quickly realized it
was heading in the same direction as the "Platform Choices". A
problem for which their is no apparent solution may be too large.
Breaking it into smaller pieces may allow solutions to be found a
piece at a time.
"Platform Choices" is simply so broad a topic that it would take
a large book to deal with adequately and by the time it was
completed and distributed, the computing world would have changed
sufficiently, that much of it would be obsolete.
Focusing on three families of operating system, used only as
servers, greatly narrows the task. It's still quite large, and
this discussion makes no pretense at being comprehensive. It
would be much simpler if I had an unequivocal point of view, and
could simply recommend one choice over the others in nearly all
or most situations, but I can't. When you see most things in
shades of gray and imperfect tradeoffs, there are rarely simple
or obvious solutions.
I do think I can give a reasonably accurate assessment of the
relative merits of Linux, OpenBSD, and Windows, on several factors
that should be important in a server OS selection. It's up to
the reader to determine the relative importance of these factors
to them and their environment. As long as my relative
assessments are accurate or at least fair, this review should be
of use to readers, even if we disagree on the relative importance
of specific factors. Later on, I leave little doubt that I
believe the industry tends to over rate at least one common
factor and under rate another, so you may well use my experience
to reach different conclusions than I do.
Some things change fairly quickly. Five years ago it was
virtually inconceivable that any business could run on open
source and free software, without Microsoft, high end
UNIX, or mainframe products, but today there are a few that do. As
recently as the fall of 2000, I simply could not see any open
source system as a viable desktop competitor to Microsoft Windows
based systems. Partly this was a result of limitations in my own
perspectives, but there has also been significant development in
the past year of the open source and free software products
available for use on business desktop systems.
Today there is no question whether or not open source systems are
ready to perform as general purpose business desktop systems;
they are because they already do. The real question is whether
or not any specific business is in a position to take advantage
of open source systems. Where can open source systems be used in
any specific environment, to complement or replace other systems,
for an overall cost reduction or improved competitive advantage?
In the server arena, open source systems have been providing
viable business solutions, in specific situations, for at least
five years.
In an ideal world it would be desirable to compare systems as if
everything else was equal. In the real world everything else is
never equal. Every decision maker brings a different background
and set of experiences to the choices they make. When looked at
closely enough, every business has a unique mixture of existing
hardware and software infrastructure, staff experience, and
resources to apply to desired changes. Each places limits on
what is practical, and makes choices that may be right in one
environment, questionable or wrong in another.
This is not a formal study of a specific situation. It's an
opinion piece on the relative merits of different operating
systems in various circumstances. As such, the background,
experiences, and biases of the author have much to do with the value
of what is said. Thus, it's appropriate to include a discussion
of my relevant background, and how I've come to the conclusions
presented here.
Personal Background
In late 1999, with over 16 years of professional computer
experience, I decided to resign from my full time and well paid
job, to become an independent consultant. Then, I believed my
professional future would be based primarily on Microsoft
products. At that time I had about six years of UNIX (AIX with
some Sun and Linux) experience and almost four years of
Windows NT experience. My recent experience was mostly with
Windows NT. I had been the primary proponent, where I worked,
for NT being the only operating system on which all of the
association's computers could be standardized. In preparation
for my new business, I purchased Microsoft Office 2000 Developers
Edition and was looking for a good price on Visual Studio as well
as prices for MCSD and MCSE certification programs.
Microsoft and the Courts
On November 5, 1999, U.S. District Judge Thomas Penefield Jackson
issued his
Findings of
Fact in the United States of America v. Microsoft Corporation.
There was much media and Internet commentary on this document but
few actually read it. Most were satisfied with frequently
inaccurate, second and third hand accounts of its contents. Even
fewer were actually influenced by it. Those who were already
anti Microsoft found support for their beliefs and Microsoft
supporters dismissed the findings on one basis or another. I
read the findings in their entirety and found them eye opening.
The findings were the beginning of my professional turn away from
Microsoft products.
On June 28, 2001,
The United States Court of Appeals for the District of Columbia
Circuit ruled
on Judge Jackson's decisions and actions. Though much of the
media attention was on the Appeals Court's reversal of Jackson's
divestiture orders, more significantly, the Appeals Court ruling
upheld his Findings of Fact, virtually in their entirety.
Findings of Fact are a District Court's responsibility and once
upheld on appeal are rarely reversed. All the legal arguments and
appeals that follow are based on the Findings of Fact. For all
intents and purposes, Judge Jackson's Findings of Fact are the
official legal document that describes, in sometimes excruciating
detail, how Microsoft dealt with its customers, "partners" and
even its own products, over a several year period.
Further, Judge Jackson found Microsoft guilty of three counts of
illegal exercise of monopoly power. The Appeals Court reversed
one of these conclusions of law, returned a second to the
District Court for reconsideration but affirmed Microsoft's
conviction on one count. The Appeals Court found that "Microsoft
possesses monopoly power . . . behaved anticompetitively, see
infra Section II.B, and that these actions contributed to the
maintenance of its monopoly power, see infra Section II.C, we
affirm the court's finding of liability for monopolization."
Mirrored Sites
Though I thought the future was Microsoft, I was open to
alternatives and wanted to increase my UNIX exposure. In late
1999, I purchased four identical P3 500 white box clones for use
as test servers. It was my intention to build four mirrored web
sites using different operating systems and web servers. I was
sure that I had to have NT Server and did not hesitate about
purchasing it. (My workstation was already NT.) As I was
focusing on Intel architecture and looking for NT alternatives,
it was obvious that one server had to be Linux. Red Hat was the
leading distribution for Linux servers and I purchased Red Hat
6.1 Professional. Sun had Solaris available for shipping costs
for evaluation purposes. As perhaps the leading commercial UNIX
for Internet applications and the only one available without
paying full licensing fees, Solaris looked like a pretty obvious
choice. After application design and development, security has
been my second most important interest through my computer
career. I was familiar with OpenBSD's reputation for being the
most secure general purpose operating system available. For an
open source system, OpenBSD presented about as many philosophical
and technical contrasts as any UNIX like system could, compared
to Linux, and was my fourth choice for a server OS.
I intended to set up mirrored web sites on the four systems,
including dynamic content, and do performance testing to see how
the different combinations of OS, web server and dynamic content
delivery mechanisms compared. It simply did not occur to me
then, that with my experience, I would have any difficulty making
the servers perform as expected. Solaris installed easily except
that I could not get it to recognize the network interface card
(NIC). I tried some other NICs but obviously did not know some
piece of what was necessary to get networking to function. While
I had it, Solaris with Motif, was an interesting stand alone
curiosity. Without networking, Solaris could not perform its
intended function and when I needed a test machine, I replaced
Solaris, leaving me with Windows NT, Red Hat Linux and OpenBSD.
It turned out that just getting web servers, including multiple
virtual sites, CGI scripts, searchable content and web analysis
software, to work in three very different environments was more
of a challenge than I expected. Initially, because I knew how to
make a web server work on NT, most of my efforts were directed
towards NT. In the spring of 2000, I got serious about building
three mirrored sites. The various problems that I encountered
are largely documented in the
Building GeodSoft.com section of
the site. This part of the web site is largely sequential,
generally casual, off the cuff, and written while working on the
site or shortly thereafter. Often, my frustrations of the
moment, show in the tone of the writing. I've left most of these
pages largely unchanged, except for minor corrections, since they
were written. I believe they represent important documentation
for some of the conclusions which will follow. When I encounter
a new significant problem, that reflects on the relative strengths
of the different operating systems I use, I add a new page to
that section.
For the past year, I've focused most of my efforts on the web
site and its organization and content development. I've spent
significant amount of time working with all three operating
systems as server platforms with an emphasis on OpenBSD and
security.
Hardening OpenBSD servers
for use as firewalls and web servers and documenting that process
in detail has been one of my large projects.
Last year, about the time that Red Hat 6.2 was released, I was
actively designing my web site. Having both Netscape and Lynx
browsers on a UNIX like system with a graphical interface was
useful to see how the web pages looked in browsers on non
Microsoft systems. I spent a significant amount of time
experimenting with the default Linux GUI, Gnome. Anyone who
reads my rather
caustic comments
on my experiences with Gnome, will have little doubt that despite
my Microsoft reservations, I still did not regard Linux as a
viable desktop replacement for Windows NT Workstation or Windows
2000, if buying a new computer.
Approximately a year later, Red Hat released 7.1 and I spent
much of the spring and summer of 2001 working with and evaluating
that product. Though there are still problems, the product has
come a long way, and is clearly suitable for use in more business
environments than it was a year ago. Thus, I think it is a good
time to compare the merits of these three platforms, and look at
where each might be best used in businesses today. I also
briefly looked at Corel Linux OS but after installing it, do not
regard that as a serious Linux distribution, suitable for use in
a business environment. I explain why in a separate
small review.
Standardizing on an Operating System
One of the difficulties I had in organizing "Platform Choices"
was my inability to resolve a dilemma related to standardizing on
an operating system. In 1996, I worked in an IT department with
a staff of eight, at a site with nine different operating systems
in use. This was obviously an undesirable and almost intolerable
situation. I came to the belief, that a highly desirable goal for
any small organization, was to standardize on a single operating
system for all its computers. NT 4 was due soon, and though there
were scalability concerns discussed in the trade press, we were
small enough that they should not have been an issue in
our small environment. I began to push for OS standardization on
NT.
It was not until the fall of 2000, that I finally reached the
conclusion, that for any organization large enough to host its own
Internet servers, standardizing on a single operating system
for both servers and desktops, was not a desirable goal. Prior
to this realization, for me, there was no fundamental conceptual
difference between a desktop computer and a server. Servers were
faster and had more of everything, often included redundant
components for increased reliability, and might include services
not included with desktops systems, but otherwise were not
fundamentally different. I was not alone in this belief.
Microsoft Doesn't Get It
The largest software company in the world, Microsoft, obviously
still believes this. Having grown from a company that
established itself creating inexpensive desktop systems aimed at
a mass market, it would be surprising if this were not so. To
this day, all versions of Windows including all server versions,
except the terminal server versions, are fundamentally single
user computers even though they have been true preemptive
multitasking, multithreaded systems since the first versions of
NT.
This shows in things that can be done from the local console but
not remotely. Microsoft keeps adding more utilities and methods
to perform various administrative tasks remotely so it's not
always easy to see the single user core. This shows most clearly
in the inability of different tasks to have their own drive
mappings simultaneously on a single machine. It also shows in the
system environment. Perhaps by now (Windows 2000) Microsoft has
made these multi user.
Regardless of how far they may have come, it's hard to argue with
the idea that Microsoft started with a single user system and
grafted on multi user facilities. Unlike all versions of UNIX
systems, NT was not inherently multi user from its inception.
Windows servers will be
faster, hopefully more reliable, systems with added features, but
not fundamentally different than the single user (desktop)
systems from which they evolved.
From this point forward, when I use UNIX, without any
qualification, it should be read as "UNIX and UNIX like". This is
specifically intended to include Linux and the open source BSDs,
FreeBSD, OpenBSD and NetBSD even though these include no code
that bears the UNIX trademark. It is also meant to include AIX,
HP-UX and Solaris which do not normally reference UNIX in their
documentation or literature. I'll use "traditional" or
"commercial" as a qualification to UNIX when it's meant to
exclude the open source systems and "UNIX like" when the
statement is intended to apply to only the open source systems.
How Servers Differ from Desktop Systems
My awakening to the real differences between desktop and server
systems began when I finally had a DSL connection scheduled for
install, and realized that soon, some or all of my computers would
be connected to a full time Internet connection. This was in
early 2000, not long after a significant number of widely
publicized break-ins of major systems early in the year. Anyone
paying attention, had to regard the Internet as a fundamentally
hostile environment, requiring close attention to security.
Through my entire career I've been more interested and concerned
with security than my colleagues. This showed when I managed a
department and set password change frequency, length and
complexity standards that nearly everyone, including IT staff
objected to. On the old mini-computer, I did what I could to
tighten security and as new multi user systems, Novell, AIX, and
Windows were acquired, insisted on tight granular directory and
file security. My view of security did not however go beyond the
traditional host administrators point of view.
With the coming DSL line, I knew I needed a firewall, but not much
more. As I studied, the breakthrough came when I understood the
significance of a buffer overflow, and the resulting ability to
"run arbitrary code". Once I knew how a system could be root
compromised remotely in seconds, without knowledge of the root
password, I knew that everything I thought I knew about computer
security had to be reevaluated. The results of my study,
experiments, and the systems I have built since, show in my
security related web sections: Hardening OpenBSD, Home Grown
Intrusion Detection, Ten Steps to Security and Password Analysis
(see site map).
A system hardened as described in Hardening OpenBSD has, in some
important respects, less resemblance to the parent operating
system than two Windows systems from different families, e.g., 95
and 2000, do to each other. I have yet to go through the
corresponding exercise with Linux. The reason was simple. My
Red Hat 6.2 Linux web server was up longer than any computer I'd
ever worked with. Each day Linux was up, was a new record. I
expected the server to stay up over a year barring an extended
power outage. Sometime after 3 A.M., Sunday, Aug. 19, 2001, my
NT server crashed and I accidentally pushed the reset button on
the Linux server which was next to the NT server. The Linux
server had been up 336 days. Now that the uptime stretch is
broken, upgrading and hardening the Linux server will be one of
my next projects.
This Linux system hard disk is loaded with junk I would not now
put on a production server. It remains uncompromised for several
reasons. Every unnecessary service has been disabled and the few
that remain are protected by both a firewall and TCP Wrappers.
User, password and directory security are all tight. Processes
are monitored continuously and files daily and compared with
off-line records. Apache runs without root privileges. As long
as the firewall rule set remains in place, the only avenue of
attack is through port 80 and two Perl scripts available through
the web site. No other port is exposed to Internet access.
Though this machine is functioning as an Internet server, the
setup does not meet my current definition of a properly
configured Internet server.
When I do eventually set up a new primary Linux web server, it
will be stripped and altered in enough ways, that it will only
somewhat look like a default Red Hat server install. It will not
have any X Window system, office applications or games on it. At
the same time, a Linux workstation based on the same kernel will
have all these things and others but won't have components
typically needed only on servers.
In contrast to modular UNIX systems that can easily be tailored
for very different purposes and present fundamentally different
user interfaces, all Windows systems of the same family, due to
their monolithic architecture and tight integration between the
OS and user interface, look much the same whether the system is a
lightweight laptop or multiprocessor production server. Windows
NT contains commands with the same names and general
functionality as the DOS operating systems prior to Windows. I
would not expect Microsoft to remove these from 2000 or XP (but
could be surprised). Though technically, both the Linux server
and workstation described, will be Red Hat n.n, they will in some
ways, have less in common with each other, from a user
perspective, than Windows 3.1 and XP.
Servers should not contain functionality not required for the
intended functions because any unnecessary functionality
potentially exposes a server to unnecessary risks. Since the
process of removing unneeded functionality, hardening, necessarily
makes a server look and behave differently than a desktop based on
the same operating system, there is little point to standardizing
servers and desktop computers on the same operating system.
Today servers increasingly support web based e-commerce, customer
relation systems, purchasing systems and a growing variety and
number of systems that are connected to or through the Internet.
The more widely available (exposed) these systems are, and the
more important and sensitive the functions they serve, the more
important it is that these machines be dedicated limited purpose
machines, that cannot be used for other than intended purposes,
even by administrators. Learning to use and administer such
machines will require special training, to the point that the
underlying operating system will only be one of several
components, and not necessarily the most significant or obvious.
If operating systems are going to be highly customized to perform
specific functions, the technical merits of the operating system
and its specific abilities with regards to the intended functions,
should be more important as selection factors, than staff
familiarity with standard versions of the operating systems.
It was understanding the fundamental differences between servers
and desktop systems that finally allowed me to make a focused
operating system comparison. As long as I believed it was
important to have a single operating system for servers and
desktops, I could not focus on the characteristics that make a
good server. As soon as I focused on servers only, it became
easy to look at different characteristics required by a server
and ask and answer whether each operating system under discussion
was a good or poor solution or somewhere between.
Top of Page -
Site Map
Copyright © 2000 - 2014 by George Shaffer. This material may be
distributed only subject to the terms and conditions set forth in
http://GeodSoft.com/terms.htm
(or http://GeodSoft.com/cgi-bin/terms.pl).
These terms are subject to change. Distribution is subject to
the current terms, or at the choice of the distributor, those
in an earlier, digitally signed electronic copy of
http://GeodSoft.com/terms.htm (or cgi-bin/terms.pl) from the
time of the distribution. Distribution of substantively modified
versions of GeodSoft content is prohibited without the explicit written
permission of George Shaffer. Distribution of the work or derivatives
of the work, in whole or in part, for commercial purposes is prohibited
unless prior written permission is obtained from George Shaffer.
Distribution in accordance with these terms, for unrestricted and
uncompensated public access, non profit, or internal company use is
allowed.
|