Microsoft Windows Server 2012: Why Bother? Join us today at 11:00 GMT, when we’ll be broadcasting live from our London studio with Reg readers Chris Losch, from Newham Council, and Gary Collins, from Intercept IT. Between them, they’re going to run through a raft of real-world projects and deployment scenarios where they’ve been using and abusing Windows Server 2012 to …
#1 Security - lower vulnerability counts, with fewer days at risk and fewer critical vulnerabilties that are on average fixed faster than any competing OS. Full support for secure boot.
#2 TCO - lower cost of support / ownership in an enterprise compared to competing OSs for the vast majority of uses.
#3 Functionality - The market leader in many respects.
#4 Performance - Significantly outperforms other platforms in common uses - e.,g. worlds fastest fileserver.
Security - you could also say other OSs are more secure by design so they have less vulnerabilities in the first place.
TCO - isn't this really just a marketing term?
Functionality - wholly subjective. There's plenty of people who'll say working in a shell is more productive and efficient that any GUI.
Performance - How many of the world's HPC clusters run Windows? As for being "the world's fastest fileserver" doesn't actually measurable performance rely as much on the physical I/O of the box as it does the OS?
Security - it doesn't really matter how "secure" a given product is, if the people managing it don't use suitably secure processes. The weakest link is always the person managing the system.
TCO - no it's not just a marketing term. Unfortunately, a lot of technical people have little or no understanding of finance. If you run a business, there is one mantra above all; you have to manage costs if you are to survive.
Functionality - agreed, this is subjective. However, are you aware that you can install Server 2012 as "Server Core" - basically just the shell, no GUI. All admin done using PowerShell cmdlets.
Performance - agreed that the hardware is fundamental. But software can have an impact when providing network access.
Security - you kidding, right? Or you refer to that famous Microsoft sponsored study that compared the OS kernel in Windows versus a full Linux distribution?
TCO - another Microsoft sponsored study, perhaps? Yes, there is a reason for the biggest internet business in the world not using Windows: they don't know how to make money.
Functionality - leader in which respects? The only thing Windows Server is leading is in the integration with its on ecosystem of Microsoft technologies. As for other technologies, care to cite one?
Performance - being the worlds fastest file server is not that useful if it does not meet any of the above criteria (security, TCO, functionality). Plus (or minus) your example points to a benchmark in a specific service where being fastest is less relevant, to the point of being more effecive to replace with a NAS appliance.
Security - Windows Server is a long way ahead of say a Linux distribution for security. I refer to number of vulnerabilities, criticality of vulnerabilities, average days at risk, and probablilty of an internet facing server being compromised - all of which Windows Server has been ahead of Linux in every year since 2003. (2002 was the year Bill Gates made secuirty Microsoft's #1 priority). Plus Windows was designed from the bottom up to be secure with full ACLs built in at every level to the OS and kernal - not a set of bolt on after thoughts like Linux - where bodges like SEL are required.
TCO - funny you should mention it - but web services was the exception i referred to. However there are a number of changes in 2012 to address that - we will have to wait for a stuidy to see if that is still the case....
Functionality - here are 2 - Secure boot and disk deduplication.
Performance -- none of your comments are related to performance - Windows Server comes in a NAS appliance version.
"you mean ACLs like Unix has had since the 1980s"
No - I mean proper ACLs throughout the OS - not the limited Posix 1e rubbish of user, group and world bit masks of UNIX.
Linux has tried to fix it via NFSv4 ACLs, but it's still nothing like the capbility Windows has. And is still experimental.
So for instance on Linux, you cant evaluate access via claims based authentication or support expression based ACLs.
On ACLs.
Proprietary UNIX has had filesystem ACLs of the type you are talking about since at least 1990. I am most familiar with AIX, and this was a major enhancement when the RISC System/6000 was launched in 1990 with AIX 3.1.
The Posix 1 filesystem permissions were a description of the original UNIX permissions model that was invented back in the 1970s before Microsoft even existed. At that time, the most sophisticated security model around was that proposed for Multics, many features of which made it into both VMS and PrimeOS (and it is worth remembering that Richard Cutler had some responsibility for VMS).
This is for a filesystem, I admit, but the basis of Role Based Accounting (acquired credentials used to control running processes and services) was introduced in AIX in 4.3.3, which IIRC was around 1998.
If you look outside of core UNIX, then DCE/DFS, which was a standards based enhancement which sat above the OS, and worked on various UNIX OS's, OS/2 and even windows NT provided ACLs for processes and file objects around 1994, and this was based on the Andrew File System (AFS) and Apollo's NCS which were earlier still. AFS, and DCE/DFS allowed credential management using Kerberos a long time before that support was integrated into Windows, and was provided by the OS vendors in most cases. AIX could build in a Kerberos based user authentication system from about AIX 4.2 in 1995.
I'm fairly sure that those people who were familiar with Veritas will also have something to say.
In terms of NFSv4, the Linux support may be experimental (which probably reflects more on the people doing the work than NFSv4 itself), but has been part of the core facilities provided by at least Solaris and AIX for quite some time (have to look up when it was introduced, but I remember reading up on in in 2005). Definitely not experimental on those platforms.
Having got that off my chest, it is clear that these arguments are pointless. This is because although I have a good knowledge of AIX and traditional UNIX, my knowledge of Windows is incomplete, so I so not make direct comparisons of capabilities. I suspect that there are actually very few people who are able to make a dispassionate comparison of these features between OSs, so just having a willy waving competition in forums such as this one is largely pointless.
That said, I do like the idea of a Windows Server that allows you to strip down the basic install to the minimum necessary to run an application. Seems consistent with KISS, one of the primary requirements to make any service functional and secure.
It is pointless to have more features than you need which may open up security or performance issues running on a server which has a specific defined function. This is where heavily (de-)configured Linux distributions have had a real advantage in the server space for years, because you could strip them down relatively easily to the bare minimum. It looks like Microsoft have finally learned.
This post has been deleted by its author
Mind you that GNU/Linux distros do have acl (try "sudo aptitude install acl" on Debian-like systems, e.g.). HP-UX got its own, I am sure, that *BSD and other *nixes have something similar.
The point is though, that a feature like "file permissions" need not only exist but be damn simple to be useful. POSIX file permissions is an example. As many might remember, there was a widespread practice on Win XP to make some apps of the userland nature (say, games) run only under admin account. Not sure if it is still a practice/annoyance on the modern Windows. Never had this problem on Linux/BSD.
You can always extend well designed minimal stuff to something more special, like acl, AppArmor, Android's permissions. Interestingly, Android API mandates running every single app under a unique uid and that all the rights are divided into groups to be transparent to a user.
I see you don't quite approach this from a business angle but merely comment as an individual. I say this because I do represent a (small) business and well... Your arguments are flawed, even though I actually agree with some of them. The problem however is the combination of them:
#1 Security - lower vulnerability counts, with fewer days at risk and fewer critical vulnerabilties that are on average fixed faster than any competing OS. Full support for secure boot.
However, when working with a server version which is still being supported and maintained, how would this be an argument for upgrading? Its like saying that the current servers are no good when it comes to security, and when looking at Server 2008 I really beg to differ. And its not as if patches for Server 2012 will be released any faster than 2008 or say 2003.
#2 TCO - lower cost of support / ownership in an enterprise compared to competing OSs for the vast majority of uses.
This I could actually agree with, to a certain extend. However, it has a small flaw in its reasoning; for the best performance you're better of not merely grabbing a Server 2012 version; you'd also be looking at a client OS upgrade. Not saying that Server 2012 can't cope with older clients like XP, Win 7 and so, but its not optimal.
And upgrading a whole park really puts dents in your TCO picture. Another very important TCO aspect is durability and reliability; you can't claim that Server 2012 has proven itself on these parts; it didn't. Couldn't have because its quite new.
Server 2003 and 2008 otoh. are server environments which have been out in the open for quite a while and really earned their marks (IMO). I can easily argue that $company could be better off upgrading from 2003 to 2008 because I have a very good idea what both can and cannot do. But with 2012 all you can do is follow doctrine; and that's not good enough.
#3 Functionality - The market leader in many respects.
"Results obtained in the past are no guarantee for the future.".
#4 Performance - Significantly outperforms other platforms in common uses - e.,g. worlds fastest fileserver.
Yet if you're not so much into the whole virtualization then the performance aspect can easily start to work against you, considering how this server version is fully aimed at supporting virtual instances.
Best tool for the job applies here, and although 2012 is a good product its simply not better than the previous versions by definition. I can come up with plenty of scenario's where a 2008 or maybe even 2003 server would be much better suited.
#1 - the question answered was "Microsoft Windows Server 2012: Why Bother?" - Not sure why you are going on about upgrading, this is the case for new installations too.
The same comment about upgrade costs adding to TCO would be true of any other OS also. And at least you can upgrade Windows verisons. Many Linux distributions only support a clean install.
#2 - That is assuming that you already have clients to upgrade. What abut green field sites? And anyway - much of the new functionality does not need new clients.
#3 - The functioonality is known - this is an RTM product.
#4 - Please explain how "the performance aspect can easily start to work against you" ? - Please define where a 2008 or a 2003 server would be "much better suited" ?
One thing they left out of 2012 which really, really pisses me off... the freaking start button! I want the damned thing back, and I want to meet the moron who decided it shouldn't be there, so I can slap the stupid out of him or her. I don't mind it on a desktop OS, but "live corners" or whatever they're called are impossible to use with nested RDP sessions. Oh yeah, and hotkeys don't work in that scenario either. The only redeeming factor is there's a powershell icon right on the taskbar, by default.
I think they're edging you towards not actually keeping the desktop on the server - it can now be added and removed with a reboot. Management then done with the various remote tools.
I get your point, if they should have removed anything, IE ESC and UAC would have been my choice.
The whole 'Metro' bit is stupid with WS2012. All the server applications are desktop applications so you go out to Metro, click a tile and end up back at the desktop.
On a related note I also wish they'd bring back EMC. The new web based interface is even more klunky and periodically crashes IE. I wouldn't have thought it possible to make a worse UI for Exchange than EMC but amazingly Microsoft seem to have achieved it.
Server 2008
WGA
Windows suddenly deciding that 'This is not a genuine copy of Windows'. Enter the license key again and you can breather again for another month or so until it does the same again.
This is on a bunch of servers who are totally disconnected from the internet for security reasons.
Patches on top of patches and unattended reboots causing data loss.(if you are connected to the internet)
Pah.
Patches resetting group policies especially those relating to updates.
even worse
Yeah. This is production ready software NOT.
This is why we are NOT going to deploy Server 2012. We are switching to RHEL.
As for security, Selinux is way better than anything that Redmond can offer.
Where the hell have all the Linux trolls on this thread come from? I was hoping for a conversation about the OS in the article in the comments section, but it appears to have been taken over by Linux fanboys who have a complex about Microsoft. Correct me if I'm wrong but I didn't see any mention of Linux in the article. In fact, why would a diehard Linux sysadmin who (judging by the aggresive comments) would rather eat turd than use a Microsoft OS even be looking at the article in the first place?
I really don't get it.
Well it comes from the title. Many people read that as "Why bother with Windows Server (when there are so many other alternatives around)", while it was probably meant as "Why bother upgrading Windows Server 200x to Windows Server 2012?".
While the first meaning would be the typical trolling you hear from Windows fanboys, the other meaning makes perfect sense if you live inside the "Windows bubble".
... I have been using Linux virtualisation for years. Had to migrate from Xen to KVM last year when Ubuntu 8.04 LTS had issues with its implementation of Xen.
However I am now planning a migration to Hyper-V on Server 2012 next year. I have been very impressed with 2012, apart from the loss of the Start button. Was actually surprised to find I am having to do things in Powershell rather than use a GUI.
I also like the way i was able to use Server Manager to deploy a Remote Desktop Services environment across multiple servers.
Today was my last day working for XXX as YYY (aka BOFH). 30+ years experience as a heavy lifter, lastly in a dumbass windows shop ... government ... graft. Troughfeeder's glutteny blinding them to the obvious.
Couldn't pay me enough to take that risk. When it blows up its going to leave a mark. Prudent observers are wise to CYA and take cover before the sh!t meets fan moment.
.
You know, being a sysadmin can be seductive. When I was faced with remaining a techie, or crossing the divide to become something else, I decided........ to go contract.
I've been calling myself a system administrator/system integration/support specialist (there is really not much difference if you are good at it) for 30+ years, and I still enjoy it.
What is one such as I to do. Where do I go and still expect to enjoy working? Certainly not into a a supervisory or management role. I possibly could have become a system architect, but the opportunity did not present itself.
I cannot see myself changing what I do before I retire, unless I have to.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
