GeodSoft logo   GeodSoft

Linux, OpenBSD, Windows Server Comparison: Introduction

Introduction

This is a discussion of the relative strengths and weaknesses of Linux, Microsoft Windows NT / 2000 and OpenBSD as server operating systems. Linux is intended to include Linux in general, regardless of the specific differences between distributions, but the emphasis on is Red Hat Linux 6.1 through 7.1 as that is where most of my practical experience has been. Windows includes NT 4 Server and also 2000. Though these Windows versions are released as different commercial products, 2000 is an evolution from NT, and shares a similar architecture and predominately common source code. The prevailing opinion seems to be that 2000 significantly improved many of the stability issues with NT 4. The Windows family architectural similarities outweigh the feature enhancements and implementation details. The architecture will be discussed at length, latter. OpenBSD has gone thorough four product releases since I've used it and shares many UNIX like utilities and development tools with all versions of Linux, yet is clearly a single but evolving OS that presents many important contrasts to both Linux and the Windows server family.

I will discuss Microsoft's significant strengths as well as some fundamental weaknesses. I believe Microsoft's products have specific, and sometimes significant business advantages in the appropriate circumstances. On the other hand, over the long term, I have some doubts about the Windows operating system viability as a server system, and even someday as a general purpose small computer operating system. I say "small computer" because today's distinctions of desktop, laptop and PDA are likely to become obsolete, but small computers with high resolution displays and significant local processing and storage capacities and multiple I/O technologies will be around for the foreseeable future.

For those in a position to conduct formal studies specific to their own environments, that seriously investigate the viable options, this discussion will hopefully raise some questions and factors that might not otherwise have been considered. For the rest, which I think includes the large majority of IT technical staff and managers, hopefully this discussion will offer specific useable advice or at least be thought provoking.

Third Attempt

This is my third attempt, starting from scratch, to deal with this complex subject. My first attempt beginning in late 1999 can be seen in the outline off my "book" under "Platform Choices". I wrote and revised this 25 page section several times in the course of about a year but never came close to having anything suitable for public distribution. There is an obvious lack of direction and structure in the outline. I subsequently started a fresh draft comparing operating systems and quickly realized it was heading in the same direction as the "Platform Choices". A problem for which their is no apparent solution may be too large. Breaking it into smaller pieces may allow solutions to be found a piece at a time.

"Platform Choices" is simply so broad a topic that it would take a large book to deal with adequately and by the time it was completed and distributed, the computing world would have changed sufficiently, that much of it would be obsolete.

Focusing on three families of operating system, used only as servers, greatly narrows the task. It's still quite large, and this discussion makes no pretense at being comprehensive. It would be much simpler if I had an unequivocal point of view, and could simply recommend one choice over the others in nearly all or most situations, but I can't. When you see most things in shades of gray and imperfect tradeoffs, there are rarely simple or obvious solutions.

I do think I can give a reasonably accurate assessment of the relative merits of Linux, OpenBSD, and Windows, on several factors that should be important in a server OS selection. It's up to the reader to determine the relative importance of these factors to them and their environment. As long as my relative assessments are accurate or at least fair, this review should be of use to readers, even if we disagree on the relative importance of specific factors. Later on, I leave little doubt that I believe the industry tends to over rate at least one common factor and under rate another, so you may well use my experience to reach different conclusions than I do.

Some things change fairly quickly. Five years ago it was virtually inconceivable that any business could run on open source and free software, without Microsoft, high end UNIX, or mainframe products, but today there are a few that do. As recently as the fall of 2000, I simply could not see any open source system as a viable desktop competitor to Microsoft Windows based systems. Partly this was a result of limitations in my own perspectives, but there has also been significant development in the past year of the open source and free software products available for use on business desktop systems.

Today there is no question whether or not open source systems are ready to perform as general purpose business desktop systems; they are because they already do. The real question is whether or not any specific business is in a position to take advantage of open source systems. Where can open source systems be used in any specific environment, to complement or replace other systems, for an overall cost reduction or improved competitive advantage? In the server arena, open source systems have been providing viable business solutions, in specific situations, for at least five years.

In an ideal world it would be desirable to compare systems as if everything else was equal. In the real world everything else is never equal. Every decision maker brings a different background and set of experiences to the choices they make. When looked at closely enough, every business has a unique mixture of existing hardware and software infrastructure, staff experience, and resources to apply to desired changes. Each places limits on what is practical, and makes choices that may be right in one environment, questionable or wrong in another.

This is not a formal study of a specific situation. It's an opinion piece on the relative merits of different operating systems in various circumstances. As such, the background, experiences, and biases of the author have much to do with the value of what is said. Thus, it's appropriate to include a discussion of my relevant background, and how I've come to the conclusions presented here.

Personal Background

In late 1999, with over 16 years of professional computer experience, I decided to resign from my full time and well paid job, to become an independent consultant. Then, I believed my professional future would be based primarily on Microsoft products. At that time I had about six years of UNIX (AIX with some Sun and Linux) experience and almost four years of Windows NT experience. My recent experience was mostly with Windows NT. I had been the primary proponent, where I worked, for NT being the only operating system on which all of the association's computers could be standardized. In preparation for my new business, I purchased Microsoft Office 2000 Developers Edition and was looking for a good price on Visual Studio as well as prices for MCSD and MCSE certification programs.

Microsoft and the Courts

On November 5, 1999, U.S. District Judge Thomas Penefield Jackson issued his Findings of Fact in the United States of America v. Microsoft Corporation. There was much media and Internet commentary on this document but few actually read it. Most were satisfied with frequently inaccurate, second and third hand accounts of its contents. Even fewer were actually influenced by it. Those who were already anti Microsoft found support for their beliefs and Microsoft supporters dismissed the findings on one basis or another. I read the findings in their entirety and found them eye opening. The findings were the beginning of my professional turn away from Microsoft products.

On June 28, 2001, The United States Court of Appeals for the District of Columbia Circuit ruled on Judge Jackson's decisions and actions. Though much of the media attention was on the Appeals Court's reversal of Jackson's divestiture orders, more significantly, the Appeals Court ruling upheld his Findings of Fact, virtually in their entirety. Findings of Fact are a District Court's responsibility and once upheld on appeal are rarely reversed. All the legal arguments and appeals that follow are based on the Findings of Fact. For all intents and purposes, Judge Jackson's Findings of Fact are the official legal document that describes, in sometimes excruciating detail, how Microsoft dealt with its customers, "partners" and even its own products, over a several year period.

Further, Judge Jackson found Microsoft guilty of three counts of illegal exercise of monopoly power. The Appeals Court reversed one of these conclusions of law, returned a second to the District Court for reconsideration but affirmed Microsoft's conviction on one count. The Appeals Court found that "Microsoft possesses monopoly power . . . behaved anticompetitively, see infra Section II.B, and that these actions contributed to the maintenance of its monopoly power, see infra Section II.C, we affirm the court's finding of liability for monopolization."

Mirrored Sites

Though I thought the future was Microsoft, I was open to alternatives and wanted to increase my UNIX exposure. In late 1999, I purchased four identical P3 500 white box clones for use as test servers. It was my intention to build four mirrored web sites using different operating systems and web servers. I was sure that I had to have NT Server and did not hesitate about purchasing it. (My workstation was already NT.) As I was focusing on Intel architecture and looking for NT alternatives, it was obvious that one server had to be Linux. Red Hat was the leading distribution for Linux servers and I purchased Red Hat 6.1 Professional. Sun had Solaris available for shipping costs for evaluation purposes. As perhaps the leading commercial UNIX for Internet applications and the only one available without paying full licensing fees, Solaris looked like a pretty obvious choice. After application design and development, security has been my second most important interest through my computer career. I was familiar with OpenBSD's reputation for being the most secure general purpose operating system available. For an open source system, OpenBSD presented about as many philosophical and technical contrasts as any UNIX like system could, compared to Linux, and was my fourth choice for a server OS.

I intended to set up mirrored web sites on the four systems, including dynamic content, and do performance testing to see how the different combinations of OS, web server and dynamic content delivery mechanisms compared. It simply did not occur to me then, that with my experience, I would have any difficulty making the servers perform as expected. Solaris installed easily except that I could not get it to recognize the network interface card (NIC). I tried some other NICs but obviously did not know some piece of what was necessary to get networking to function. While I had it, Solaris with Motif, was an interesting stand alone curiosity. Without networking, Solaris could not perform its intended function and when I needed a test machine, I replaced Solaris, leaving me with Windows NT, Red Hat Linux and OpenBSD.

It turned out that just getting web servers, including multiple virtual sites, CGI scripts, searchable content and web analysis software, to work in three very different environments was more of a challenge than I expected. Initially, because I knew how to make a web server work on NT, most of my efforts were directed towards NT. In the spring of 2000, I got serious about building three mirrored sites. The various problems that I encountered are largely documented in the Building GeodSoft.com section of the site. This part of the web site is largely sequential, generally casual, off the cuff, and written while working on the site or shortly thereafter. Often, my frustrations of the moment, show in the tone of the writing. I've left most of these pages largely unchanged, except for minor corrections, since they were written. I believe they represent important documentation for some of the conclusions which will follow. When I encounter a new significant problem, that reflects on the relative strengths of the different operating systems I use, I add a new page to that section.

For the past year, I've focused most of my efforts on the web site and its organization and content development. I've spent significant amount of time working with all three operating systems as server platforms with an emphasis on OpenBSD and security. Hardening OpenBSD servers for use as firewalls and web servers and documenting that process in detail has been one of my large projects.

Last year, about the time that Red Hat 6.2 was released, I was actively designing my web site. Having both Netscape and Lynx browsers on a UNIX like system with a graphical interface was useful to see how the web pages looked in browsers on non Microsoft systems. I spent a significant amount of time experimenting with the default Linux GUI, Gnome. Anyone who reads my rather caustic comments on my experiences with Gnome, will have little doubt that despite my Microsoft reservations, I still did not regard Linux as a viable desktop replacement for Windows NT Workstation or Windows 2000, if buying a new computer.

Approximately a year later, Red Hat released 7.1 and I spent much of the spring and summer of 2001 working with and evaluating that product. Though there are still problems, the product has come a long way, and is clearly suitable for use in more business environments than it was a year ago. Thus, I think it is a good time to compare the merits of these three platforms, and look at where each might be best used in businesses today. I also briefly looked at Corel Linux OS but after installing it, do not regard that as a serious Linux distribution, suitable for use in a business environment. I explain why in a separate small review.

Standardizing on an Operating System

One of the difficulties I had in organizing "Platform Choices" was my inability to resolve a dilemma related to standardizing on an operating system. In 1996, I worked in an IT department with a staff of eight, at a site with nine different operating systems in use. This was obviously an undesirable and almost intolerable situation. I came to the belief, that a highly desirable goal for any small organization, was to standardize on a single operating system for all its computers. NT 4 was due soon, and though there were scalability concerns discussed in the trade press, we were small enough that they should not have been an issue in our small environment. I began to push for OS standardization on NT.

It was not until the fall of 2000, that I finally reached the conclusion, that for any organization large enough to host its own Internet servers, standardizing on a single operating system for both servers and desktops, was not a desirable goal. Prior to this realization, for me, there was no fundamental conceptual difference between a desktop computer and a server. Servers were faster and had more of everything, often included redundant components for increased reliability, and might include services not included with desktops systems, but otherwise were not fundamentally different. I was not alone in this belief.

Microsoft Doesn't Get It

The largest software company in the world, Microsoft, obviously still believes this. Having grown from a company that established itself creating inexpensive desktop systems aimed at a mass market, it would be surprising if this were not so. To this day, all versions of Windows including all server versions, except the terminal server versions, are fundamentally single user computers even though they have been true preemptive multitasking, multithreaded systems since the first versions of NT.

This shows in things that can be done from the local console but not remotely. Microsoft keeps adding more utilities and methods to perform various administrative tasks remotely so it's not always easy to see the single user core. This shows most clearly in the inability of different tasks to have their own drive mappings simultaneously on a single machine. It also shows in the system environment. Perhaps by now (Windows 2000) Microsoft has made these multi user.

Regardless of how far they may have come, it's hard to argue with the idea that Microsoft started with a single user system and grafted on multi user facilities. Unlike all versions of UNIX systems, NT was not inherently multi user from its inception. Windows servers will be faster, hopefully more reliable, systems with added features, but not fundamentally different than the single user (desktop) systems from which they evolved.

From this point forward, when I use UNIX, without any qualification, it should be read as "UNIX and UNIX like". This is specifically intended to include Linux and the open source BSDs, FreeBSD, OpenBSD and NetBSD even though these include no code that bears the UNIX trademark. It is also meant to include AIX, HP-UX and Solaris which do not normally reference UNIX in their documentation or literature. I'll use "traditional" or "commercial" as a qualification to UNIX when it's meant to exclude the open source systems and "UNIX like" when the statement is intended to apply to only the open source systems.

How Servers Differ from Desktop Systems

My awakening to the real differences between desktop and server systems began when I finally had a DSL connection scheduled for install, and realized that soon, some or all of my computers would be connected to a full time Internet connection. This was in early 2000, not long after a significant number of widely publicized break-ins of major systems early in the year. Anyone paying attention, had to regard the Internet as a fundamentally hostile environment, requiring close attention to security.

Through my entire career I've been more interested and concerned with security than my colleagues. This showed when I managed a department and set password change frequency, length and complexity standards that nearly everyone, including IT staff objected to. On the old mini-computer, I did what I could to tighten security and as new multi user systems, Novell, AIX, and Windows were acquired, insisted on tight granular directory and file security. My view of security did not however go beyond the traditional host administrators point of view.

With the coming DSL line, I knew I needed a firewall, but not much more. As I studied, the breakthrough came when I understood the significance of a buffer overflow, and the resulting ability to "run arbitrary code". Once I knew how a system could be root compromised remotely in seconds, without knowledge of the root password, I knew that everything I thought I knew about computer security had to be reevaluated. The results of my study, experiments, and the systems I have built since, show in my security related web sections: Hardening OpenBSD, Home Grown Intrusion Detection, Ten Steps to Security and Password Analysis (see site map).

A system hardened as described in Hardening OpenBSD has, in some important respects, less resemblance to the parent operating system than two Windows systems from different families, e.g., 95 and 2000, do to each other. I have yet to go through the corresponding exercise with Linux. The reason was simple. My Red Hat 6.2 Linux web server was up longer than any computer I'd ever worked with. Each day Linux was up, was a new record. I expected the server to stay up over a year barring an extended power outage. Sometime after 3 A.M., Sunday, Aug. 19, 2001, my NT server crashed and I accidentally pushed the reset button on the Linux server which was next to the NT server. The Linux server had been up 336 days. Now that the uptime stretch is broken, upgrading and hardening the Linux server will be one of my next projects.

This Linux system hard disk is loaded with junk I would not now put on a production server. It remains uncompromised for several reasons. Every unnecessary service has been disabled and the few that remain are protected by both a firewall and TCP Wrappers. User, password and directory security are all tight. Processes are monitored continuously and files daily and compared with off-line records. Apache runs without root privileges. As long as the firewall rule set remains in place, the only avenue of attack is through port 80 and two Perl scripts available through the web site. No other port is exposed to Internet access. Though this machine is functioning as an Internet server, the setup does not meet my current definition of a properly configured Internet server.

When I do eventually set up a new primary Linux web server, it will be stripped and altered in enough ways, that it will only somewhat look like a default Red Hat server install. It will not have any X Window system, office applications or games on it. At the same time, a Linux workstation based on the same kernel will have all these things and others but won't have components typically needed only on servers.

In contrast to modular UNIX systems that can easily be tailored for very different purposes and present fundamentally different user interfaces, all Windows systems of the same family, due to their monolithic architecture and tight integration between the OS and user interface, look much the same whether the system is a lightweight laptop or multiprocessor production server. Windows NT contains commands with the same names and general functionality as the DOS operating systems prior to Windows. I would not expect Microsoft to remove these from 2000 or XP (but could be surprised). Though technically, both the Linux server and workstation described, will be Red Hat n.n, they will in some ways, have less in common with each other, from a user perspective, than Windows 3.1 and XP.

Servers should not contain functionality not required for the intended functions because any unnecessary functionality potentially exposes a server to unnecessary risks. Since the process of removing unneeded functionality, hardening, necessarily makes a server look and behave differently than a desktop based on the same operating system, there is little point to standardizing servers and desktop computers on the same operating system.

Today servers increasingly support web based e-commerce, customer relation systems, purchasing systems and a growing variety and number of systems that are connected to or through the Internet. The more widely available (exposed) these systems are, and the more important and sensitive the functions they serve, the more important it is that these machines be dedicated limited purpose machines, that cannot be used for other than intended purposes, even by administrators. Learning to use and administer such machines will require special training, to the point that the underlying operating system will only be one of several components, and not necessarily the most significant or obvious. If operating systems are going to be highly customized to perform specific functions, the technical merits of the operating system and its specific abilities with regards to the intended functions, should be more important as selection factors, than staff familiarity with standard versions of the operating systems.

It was understanding the fundamental differences between servers and desktop systems that finally allowed me to make a focused operating system comparison. As long as I believed it was important to have a single operating system for servers and desktops, I could not focus on the characteristics that make a good server. As soon as I focused on servers only, it became easy to look at different characteristics required by a server and ask and answer whether each operating system under discussion was a good or poor solution or somewhere between.

transparent spacer

Top of Page - Site Map

Copyright © 2000 - 2014 by George Shaffer. This material may be distributed only subject to the terms and conditions set forth in http://GeodSoft.com/terms.htm (or http://GeodSoft.com/cgi-bin/terms.pl). These terms are subject to change. Distribution is subject to the current terms, or at the choice of the distributor, those in an earlier, digitally signed electronic copy of http://GeodSoft.com/terms.htm (or cgi-bin/terms.pl) from the time of the distribution. Distribution of substantively modified versions of GeodSoft content is prohibited without the explicit written permission of George Shaffer. Distribution of the work or derivatives of the work, in whole or in part, for commercial purposes is prohibited unless prior written permission is obtained from George Shaffer. Distribution in accordance with these terms, for unrestricted and uncompensated public access, non profit, or internal company use is allowed.

 


What's New
How-To
Opinion
Book
                                       
Email address

Copyright © 2000-2014, George Shaffer. Terms and Conditions of Use.