back to article Linux servers for Windows folk: go on, give it a bash

Despite all the hullabaloo about Ubuntu and other desktop offerings, for most organisations, the main use of Linux is on servers. Ignore all the waffle about flashy desktops and which browser is best, because the truth is, most organisations run on Windows and tons of Windows software – perhaps with a few Macs thrown in – and …

COMMENTS

This topic is closed for new posts.
  1. Tom 7

    New to Linux are we Liam?

    NT

  2. foo_bar_baz
    Thumb Up

    I look forward to this

    Yes I do!

  3. Gordan
    Thumb Down

    At risk of sounding elitist...

    IMO, the premise of the article is deeply flawed.

    Let's put it this way - would you trust somebody who:

    1) isn't sufficiently skilled to do things the non-GUI way

    2) isn't sufficiently knowledgeable to understand what is going on underneath the GUI

    to set up and maintain your server estate?

    The idea of cheap, replaceable sysadmins is all well and good, but the fundamental truth remains that you get what you pay for. No doubt I'm going to get flamed for being arrogant for saying this, but IMO the real arrogance is in pushing the idea that you can control a complex system by clicking on pretty pictures.

    1. Martin
      Happy

      But....But.....

      That's how it worked in Jurassic Park....

    2. Anonymous Coward
      Anonymous Coward

      Re: At risk of sounding elitist

      You make a reasonable enough point, but I think that you may be misunderstanding the target market of these distros. Many small businesses simply cannot afford a fully qualified sysadmin and if they could they wouldn't spend the money on one anyway, not to take care of 5 computers and a simple file/web server.

      Chances are good that the guy running their Windows server is just as clueless about Windows as he is about Linux. There is always going to be demand for a system you can administer just by clicking pretty pictures.

      And if such a system can be built, why not build it? It might not stand up to much scrutiny from the IT bods at your friendly neighbourhood megacorp - but if it serves your local flower shop well, who cares? Chances are the CyB0rTerrfunISTs don't really care about the contents of their email server anyway.

      1. Vic

        Security.

        > And if such a system can be built, why not build it?

        We're talking about a gateway machine here. If you follow the (flawed) advice in the article, this is the piece of kit taking a heavy daily assault from ne'er-do-wells on the Intertubes.

        If this is set up by someone who doesn't want to understand what he's doing, what chance security? This is an arms race; someone who wants to set up a box and forget it *will* get pwned eventually.

        Alternatively, you could buy the same hardware, and spend fifty quid with a local Linux support company who will install the box properly, and either tell you what you need to do in the future, or sell you ongoing support. You could even watch the installation and learn a bit while he does it - most engineers are glad to impart a little knowledge, as it means an easier time in the future.

        Linux maintenance is easy. Initial roll-out takes a bit more planning and experience; by far the cheapest way to do it it to spend a few quid with an expert.

        Vic.

    3. Doug Glass
      Go

      Oh That's Funny

      How do you basement dwellers ever expect to understand the corporate mindset? Oh sorry ... you never will.

    4. Anonymous Coward
      WTF?

      <coughs, points to article title>

      That description covers the vast, vast, vast majority of server sysadmins these days, mate - and has done since NT4.

  4. Anonymous Coward
    Thumb Down

    "faster and far more expandable"

    "Both will turn a very modestly-specced generic x86 PC into a network-attached storage device far more cheaply than a dedicated box – and be faster and far more expandable."

    You honest belive the statement? A generic x86 box will be "faster and far more expandable" than a specifically designed storage array. Are you mental?

    1. Anomalous Cowherd Silver badge

      yes, faster and more expandable.

      Your average SOHO NAS has an ARM or Atom chip and a max of four drives. I don't think this article is targetted at those considering fibre SAN arrays, do you?

    2. Gordan

      Mental?

      @Andrew C: "You honest belive the statement? A generic x86 box will be "faster and far more expandable" than a specifically designed storage array. Are you mental?"

      Actually, that isn't implausible. I have built many a custom NAS/SAN that blows away any similarly specced commercial solution priced within an order of magnitude more than the cost of hardware I used. A big drag on the commercial storage offerings is precisely that they have to be manipulatable using a simple GUI, which doesn't allow for more advanced parameters to be tweaked. There are piles of performance that can be extracted from a RAID array by correctly choosing block size, chunk size, stripe width, stride, block group size, etc in accordance with the specific hardware used. This is generally poorly understood even by proper sysadmins, let alone the icon clickers.

      1. Anonymous Coward
        Anonymous Coward

        hummmm

        While i see your point i disagree.

        Well there’s a contradiction here, the article as i read it is based on SME's as has been mentioned most SME's wont have any one that can do that tweaking regardless of how many forum posts they have read. So while you could be correct that is a minority.

        And as for the corporate storage solutions, they may have GUI but anything that isn’t budget or can be considered enterprise will have a CLI for making such tweaks.

        So perhaps there should be separation of both the article and the comments as to if we are talking enterprise or SME.

        1. Gordan

          Re: hummmm

          @ Andrew C:

          "And as for the corporate storage solutions, they may have GUI but anything that isn’t budget or can be considered enterprise will have a CLI for making such tweaks."

          You haven't used many "enterprise" storage solutions, have you. I have yet to see one that provides such advanced functionality that you theorise might exist. Most enterprise storage systems are all about marketing rather than functionality.

  5. Squirrel
    Troll

    speaking out of where?

    *sigh*

    'Forget the big-name ones such as SUSE Linux Enterprise Server (SLES) or Red Hat Enterprise Linux (RHEL). All the big players shamefully neglect the user-interface side of their server offerings. Their "server distributions" are no more a server OS than a box of Lego is a toy car.'

    You're obviously trolling. There's a reason 70%+ of the web uses linux/unix, it's because it works out of the box and is easy to setup and manage remotely.

    http://news.netcraft.com/archives/2010/11/05/november-2010-web-server-survey.html

    "SLES and RHEL are just bags of components for skilled sysadmins to construct a server to fulfil some task."

    No they're not. Any monkey can do it, it's not brain surgery.

    Your intro and first section is just pure BS that you are using to prop up the rest of the article.

    If your average tech monkey couldn't configure a domain name in apache, I definitely wouldn't let them near the complicated mess that is IIS applications.

    1. Anonymous Coward
      Happy

      heh

      Obligatory: netcraft confirms it!

  6. Anonymous Coward
    Anonymous Coward

    Err what?

    "If you want public Internet server functionality, such as hosting Web sites, then you need a direct connection between your server and the Internet. You don't want a firewall in the way, as this will complicate matters; instead, the external IP address of the server should be visible from the outside world. At the very least, if all you want is Web serving and webmail, you'd need to reconfigure your router/firewall to pass through HTTP and HTTPS traffic to the server. If you want VPN clients to connect to it as well, rather more is involved. It's not trivial, and it might prove much quicker to buy a suitable router – which may mean negotiating with your ISP."

    Err what? The external IP of the server should be visible from the outside world? Well then, good luck with that.

    I have never worked anywhere, even small business, where I would deem it acceptable to have a server directly connected to the internet unless it was some kind of honeypot.

    Changing firewall configs to allow access to a service, and only that service, hosted inside your network on some server is one of the most common tasks for anyone in that position.

    1. The Fuzzy Wotnot
      Thumb Up

      Well said sir!

      It's so unacceptable that even home routers don't allow it, instead they NAT you out of a non-routable IP range!

      If people are daft enough to connect direct to 'da tubes', it sure explains all these malware stats we keep reading!

    2. Gordan

      Re: Err what?

      @zef: "Changing firewall configs to allow access to a service, and only that service, hosted inside your network on some server is one of the most common tasks for anyone in that position."

      Actually, that's the worst way to do it. That means that if the service you are running turns out to have an exploit, your entire internal network is pwned. All externally visible services should be in a DMZ, safely far away from the internal network.

      1. Anonymous Coward
        Happy

        Re: Err what?

        Actually, the way to do it is to create a virtual IP on the firewall that port forwards traffic to the internal service so you don't have to assign the whole machine in a DMZ which limits what you can then do with it in the internal network.

        But let's not nitpick on what was supposed to be a simple observation eh? :)

        1. Gordan

          DMZs

          @zef

          Which still means that if the server gets pwned through the ports you have to have open (e.g. a CMS exploit - it happens all the time), your entire internal network is compromised. The entire machine that is accessible from the outside world should be firmly in the DMZ. Virtual IPs won't make any difference to that.

        2. Anonymous Coward
          Thumb Up

          Was thinking the same thing when I read this

          I can't say this enough... throwing a whole bunch of crap directly onto the tubes isn't always the best idea. If you're exploited (used as a SPAM relay, used to host Phishing URL's, used to host illegal/offensive content, etc) you could get kicked off of your network provider for ToS violations.

          Not trying to spread FUD here, or knock Linux/FOSS security, but just because you can do something doesn't always mean it's a good idea.

  7. Tim Parker
    WTF?

    Services

    "First, you install the OS, then on top of that, you install the server applications – say Apache to serve web pages or whatever – and hand-write the config files to make it do what you need. Then you modify more config files and settings to lock down the machine's security, possibly install some monitoring tools and deploy it."

    What utter nonsense - for example, much as generally dis-like SuSE these days it has, for a long while now, been ridiculously easy to set-up a number of the basic networking services from the GUI (under YaST), e.g. file/print sharing, DHCP/DNS/NIS, NFS, FTP... and i'm not sure what server distributions (or, indeed, many others) _don't_ install all the usual suspects for you... Configuration of Apache may need more work to set-up as you wish - TBH I don't know as I generally don't need it to do anything other than the most very basic serving (which can also be done graphically, with ease), if anything at all - but to generalise that to all server services is just daft.

    I'm not taking anything away from the specialist Unix/Linux distros - i've used a couple myself when it's suited my needs, and i've been very pleased with them - but the situation outlined above from the article is not based in reality IME.

  8. Jacqui

    remote admin

    my day job involves developing, deploying and supporting remote headless systems.

    I know a number of small business who make a reasonable living supporting linux servers for cash strapped local SMB's. The savings can be very significant especially when your IT server estate can be managed over a VPN link.

    Furthermore installing windows in a virtual machine on top of a linux box makes remote system ops seriously easy - checkpointing v'd windows desktops also makes cleaning up infected PCs a doddle - and a remotely manageable task.

    there are a very good reasons windows tries its very hardest to touch the raw iron - and none of them benefit the small business :-(

    My advice for a small business would be to visit your local linux user group. There are probably a couple of rabid anti-MS folks but most people I have met at LUG are hobbyists or prefessionals like myself - or staff/owners from small businesses. Its a great way to network and find a reputable support supplier.

  9. Doug Glass
    Go

    I'll Be Damned!

    This author actually has some real insight, if not hard experience, with the corporate world. Too bad all the desktop Linux hucksters and pushers are the exact opposite. Oh well, the Linux circus is fun to watch unfold.

    1. Gordan

      Re: I'll Be Damned

      @Doug Glass

      Let me guess - you're a Windows admin?

    2. Anonymous Coward
      Troll

      Haha

      Just a corporate clown in the Linux circus

      ' read Doug's post - he's trying to diss us

      I'm trolled! Many thing I'd like to say

      But prevented from doing so by the NDA

      Something else I wanna say to mr. Glass:

      ... never mind I'll let this cheap rhyme pass

  10. Dave Murray
    Thumb Down

    Firewalls

    "If you want public Internet server functionality, such as hosting Web sites, then you need a direct connection between your server and the Internet. You don't want a firewall in the way, as this will complicate matters;"

    You should always have a firewall. Sure you can run a software firewall on the server but a dedicated hardware firewall should provide your first line of defence. If you find making a server externally available through a firewall complicated you shouldn't be setting one up and definitely shouldn't be advising others on how to do so.

    If you think forwarding a few ports through a firewall is complicated you should see my office setup with 3 ADSL modem/routers in pass through mode, 3 bonding devices (more routers basically), 2 NAT routers to provide separate internal subnets, multiple hubs and switches to connect it all together and a wireless access point. Without the network diagram it confuses me some days and I designed it.

    1. Mike Lovell
      Joke

      Aha

      Ahhhh, the old "over engineer it, make it unnecessarily complex for its purpose and make sure you're the only one who can work it" job protection rouse.

      Classic IT tactics, well played.

  11. Neil Lewis

    Server functions in SuSE

    "First, you install the OS, then on top of that, you install the server applications – say Apache to serve web pages or whatever – and hand-write the config files to make it do what you need. Then you modify more config files and settings to lock down the machine's security, possibly install some monitoring tools and deploy it."

    Wrong. Just plain wrong. Start YaST. Select 'Software Management'. Select 'Patterns'. Scroll down to 'Server Functions'. Choose from 'HTTP Server', File and 'Print Server' , 'Mail Server', etc. as required. Click 'Install'. Now use the YaST graphical configuration tools which will be installed as part of those patterns to set the configuration options.

    Job done. No command line necessary. Even a Windows admin could do it.

  12. Tom Chiverton 1

    Ummm

    "want VPN clients to connect to it as well, rather more is involved"

    No ? I just ticked the 'allow VPN' box on my Vigor ADSL router (which could also act as the end point if I wanted)...

  13. Anonymous Coward
    Anonymous Coward

    No mention of NAS?

    NAS boxes are becoming very common in place of fileservers (and iscsi target boxes) and most NAS boxes are *nix of one flavour or another.. usually 'lite' varieties like Busybox.

    1. Anonymous Coward
      Anonymous Coward

      Maybe you missed it in the "Simpler alternatives" section

      "If your needs are more modest and you just need some more storage space to hang off your network, there are also a growing number of NAS-specific distros. Several are as yet immature or unfinished, but two are quite well-established: FreeNAS and Openfiler. Both will turn a very modestly-specced generic x86 PC into a network-attached storage device far more cheaply than a dedicated box – and be faster and far more expandable."

  14. Anonymous Coward
    Thumb Up

    Good article

    This was a good article. I'm thinking there are quite a few here from the looks of it that would pick it apart and bicker, but I'm not one of them. The write up actually delivers exactly what was intended in only a few pages.

  15. Scott K

    Good article

    Off to fire up some VM's and see if I can replace my creaking winserver :)

  16. Anonymous Coward
    Anonymous Coward

    Easy to use, no CAL's

    That would be Apples OSX server.

    Go ahead burn me.

    1. Matt Piechota

      @Easy to use...

      /That would be Apples OSX server. Go ahead burn me./

      Nah, Apple already did that when they pulled support.

      1. James O'Shea

        except that they didn't

        Apple has killed XServ. OS X Server is still very much alive. They only just posted the 10.6.5 update again, after pulling it due to, ah, problems. <http://support.apple.com/kb/DL1326>. But don't let facts get in the way of a good screed.

  17. Goat Jam
    Flame

    "the guff about GNOME versus KDE and so on becomes completely irrelevant"

    but the guff about APT versus YUM becomes even more heated!

    1. Vic

      apt vs. yum

      > but the guff about APT versus YUM becomes even more heated!

      Only amongst those ignorant of one or both of the above.

      apt and yum provide almost identical functionality. Anyone claiming vast superiority for either clearly does not know how to drive the other. That doesn't make him a good source for information...

      The one that *really* annoys me is apt vs. rpm - they're different applications. They're not aimed at the same task, so they perform differently. It's like comparing a Ferrari Dino to petrol - the comparison is nonsensical.

      Vic.

  18. Anonymous Coward
    Thumb Down

    "main use of Linux is on servers"?

    *Looks at Android phone confused*

    1. M Gale

      Android is Linux...

      ...like OS X is BSD.

      Related in the same way that I'm related to my father's, brother's, nephew's, cousin's former room mate.

  19. Anonymous Coward
    Grenade

    NAT

    because NAT is such a definitive network security measure...lol

  20. tardigrade

    Sausalito Special Source anyone?

    I will stick to my Cobalt Qube 3 thanks. A beautiful little blue box that was light years ahead of it's time. Frankly the only thing on the market that can lay claim to being it's up to date modern day, successor is the MacMini Server. Albeit not Linux but then we are talking hardware and software together in both these examples.

    Otherwise grab a miniITX atom MB, 2GB ram and a couple of 1TB Western Digital caviares. Glue it all together in a mini tower, do a minimal CentOS install and let Webmin do the rest. Add the Virtualmin and Usermin modules and that's your SME, SAN, Web, Email, Webmail, Firewall, Router, Cache, FTP, DNS and CVS servers all done.

    It's as easy as making toast.

  21. Vic

    There is *so* much wrong with this article...

    I can't begin to cover any significant fraction of the errors in this article, but here are a few glaring issues :-

    - The major distros already have loads of tools to do exactly what the author claims they don't - e.g. look at the redhat-config-* tools in RHEL, or YaST in SLES. Add to that the excellent documentation in the RHEL Deployment Guide (available to anyone that wants it, and applicable to pretty much every distro), and you have a trivial configuration.

    - Samba3 (which is what these distros ship) does *not* make a good Windows Domain Controller. Samba3 only does NT4-style controllers - most companies will throw you out in the street for suggesting such a thing. Samba4 is necessary for AD-style DCs, but that's not shipping yet. It's just around the corner - but has been for 5 years or so. When we get it, it will be stunning - but we don't have it in the distros yet. Making overblown claims about the capabilities of Samba3 - which makes an excellent member of an AD domain, but not a DC - simply hands ammunition to those who would knock the capabilities of FOSS.

    - Exposing your first installation to the unfiltered Internet is just idiotic. There are *likely* to be some configuration errors, so at the very least, you hide it behind a NAT router and pipe through those services you intend to expose. This is very easy to do for all NATable protocols - indeed, if a would-be admin struggles with this, he really shouldn't be opening up the network at all. So all you're left with is the non-NATs - PPTP for example. The simplest solution there is to use an alternative (like OpenVPN), But there are assorted ways of getting the job done. The very worst thing you could do, as a neophyte, would be to expose the box directly to the external interface.

    Vic.

This topic is closed for new posts.

Other stories you might like