Re: Windows Server migration (from linux) question
From: Dana Brash (dbrash_at_gmail.com)
Date: 10/20/04
- Previous message: Rebecca Chen [MSFT]: "RE: no root domain"
- In reply to: JMax: "Re: Windows Server migration (from linux) question"
- Next in thread: Rebecca Chen [MSFT]: "Re: Windows Server migration (from linux) question"
- Reply: Rebecca Chen [MSFT]: "Re: Windows Server migration (from linux) question"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 20 Oct 2004 13:04:43 +0800
Hi JMax,
Spec'ing out a system is a bit more complex than saying it's a webserver.
For instance, are you serving static pages to 100 people, or are you serving
a complex ASP.NET web application to 100,000 people? If 100, then you can
probably use that old PII holding your door open. If 100,000, you'll want
to look into some nice server equipment, probably a clustered environment, a
SAN and a SQL Failover back end.
There are probably as many answers as there are engineers multiplied by the
number of potential applications.
My first question is what do you want to do with it, followed by how much
money do you have?
Some things to consider:
buy the biggest and most processors and the most and fastest RAM you can.
Particularly with a web server, the more you can cache in RAM the better
your performance will be.
Don't buy into the 'IDE is as good as SCSI' hype; it's not. (SATA is still
ATA)
Get more disks, RAID them, and split out their functions.
Offload SQL Server to a different system if possible.
Relocate your wwwroot on a non-OS drive where you can properly lock down
permissions.
I have an 'old' (2001) copy of MS Press's "SQL Server 2000 Performance
Tuning" on my desk that I like very much. I find the concepts and insights
on setting up ANY server very useful.
Some articles that may help:
Solution Guide for Migrating High Performance Computing Applications from
UNIX to Windows
Planning Server Deployments
Deploying Internet Information Services (IIS) 6.0
Regarding my quote, I simply mean that I am (albeit slowly) working to
improve my Linux knowledge and experience.
Why? Because it's there and I'm curious, in part, but also because it is a
real technology that is applied in real businesses and has a real purpose,
and therefore my knowing it may have a real value. I've heard enough about
Linux, and touched a little Unix, and it doesn't make any sense to me to
stick my head in the sand and pretend it's not there.
I think it's important to know what it is also from the standpoint of
developing understanding, technologically and otherwise. Too often I see
the same ol' argument, that goes a little like this: "Mac rules." "Nu-huh,
PC's rule" or "Snowboarders are stupid" vs "Skiers are lame" when really
they all have their place, and I simply don't feel like these arguments are
constructive in any way. It sounds like your company has a healthier
attitude than this. Far better to be able to engage in a critical review of
both technologies' pro's and con's, and that way everyone can grow. ;-)
MS has numerous success stories posted on their site where they've migrated
some company or other over from Unix or Linux and reduced TCO substantially.
These can be interesting reading from a "what issues did they run into"
perspective on a macro level, but essentially boil down to more
(justifiably) marketing materials. Search "migration success stories" at
Microsoft.com....
-- HTH, =d= Dana Brash MCSE, MCDBA, MCSA dbrash@gmail.com "JMax" <JMax@discussions.microsoft.com> wrote in message news:02AA21C7-387C-48CF-8835-FBC7014F4816@microsoft.com... > Dana, > > Thank you very much for this post - it will prove very helpful. I am at > large a Windows/MS fan, and therefore would like to see the switch > (especially for .NET development). Two questions though, first, what would > you recommend spec wise (memory and CPU) for a Windows webserver? Second, > you > made the following quote: > > "I'm facing it going the other way 'cause I want to know what y'all are up > to." - what do you mean? We have a normal ecommerce business, and Windows > seems as if it would be a better option, so we've been looking into it. > We've > also been somewhat questioning linux's true security. .NET also seems as a > much more seamless way to do this as well. > > Thanks again! > > JMax > > "Dana Brash" wrote: > >> Hello JMax and welcome to Windows! >> >> 1) I can't talk directly to the PHP issue, but I do know IIS will host >> PHP. >> Did a quick google for "PHP IIS" and returned a bunch of sites from >> places >> that seem to know what they're talking about... might check there, might >> check in the IIS newsgroups... >> >> 2) LIKE Linux, you don't get any database server with the core OS. Some >> distributions package MySQL (and I think RedHat even packages Apache?) >> but >> in most Linux distributions you're downloading and compiling and >> installing >> MySQL, or whatever your favorite DB server is. Regardless of whether >> it's >> packaged or not, whatever bits you've got on your CD are out of date so >> you >> may as well just go get the download anyway.... >> >> However, unlike MySQL, SQL Server 2000 is not free, but it is sweet. >> Because >> you're hosting a site on this machine, you will need the $5,000 per >> processor license. >> >> check: http://www.microsoft.com/sql/evaluation/overview/default.asp >> and: http://www.microsoft.com/sql/howtobuy/faq.asp >> and: http://www.microsoft.com/sql/howtobuy/default.asp >> and: >> http://download.microsoft.com/download/9/1/1/911e6f4f-4580-4f7b-816b-a947c380d85f/SQL2KLic.doc >> >> 3) >> I'm sorry, I do have a bias. I think Linux is cool, and has it's place >> on >> the corporate network (Samba, ipchains), but I definitely think Windows >> is a >> more mature product. I'll try to be fair... ok? >> >> UNLIKE Linux, Windows does come with a web server installation that >> integrates with the core OS. Windows 2003 and IIS are very, very secure >> when managed properly. Some people have called it the most secure >> product >> on the market, but I don't know all the products on the market so I'm not >> going to say that. Microsoft took a PR beating over IIS 5 default >> settings >> mostly because everything was enabled by default. IIS even installed by >> default. Since then, they've changed their "open all until closed" >> policy >> to a "close all until opened" in IIS6. >> >> I think Windows systems get hacked for a couple reasons. Like you said, >> there's simply more of them. Also, Windows sets up easily out of the >> box, >> and most people don't take the time to secure it properly. Imagine the >> percentage of people installing Fedora that run their systems as root. >> Now >> take that percentage, give it a bump (because Windows is arguably more >> accessible to the average user, so has newer newbies), and then project >> that >> percentage on the raw number of Windows machines on the planet. Now how >> many 'rooted' Windows boxes have you got? And what IS that pesky >> password >> for anyway? If I were a hacker, I know which I would think is the >> sweeter >> target. >> >> Another reason MS products get attacked is because they're MS products. >> There is a contingent of angry, anti-establishment people out there that >> think MS is some terrible company that deserves to be attacked, and they >> feel justified and vindicated in attacking it. For evidence of this, I >> would respectfully refer you to some Linux based newsgroups. For all the >> 'M$' this and 'Gate$' that (keeping it clean here) that I saw trying to >> troubleshoot my first Gentoo install, I felt a briefly smug smile pull at >> my >> face when I found people bragging that they'd managed to get their >> desktops >> 'mostly' running in 'only a week', and by the way 'check out how my cool >> desktop can open 4 windows'.... I'm sorry, I digress... ;-) One of my >> favorite security configurations on IIS is to use URLScan to impersonate >> Apache. Gets you under the radar for most script-kiddie attacks. >> >> Windows Update does fix most of the security issues with Windows code, >> and >> usually does so in plenty of time to prevent issues. As an example, MS >> released patches to prevent both Nimda AND CodeRed MONTHS before their >> outbreaks. Problem was that most people didn't apply them. MS has since >> made many wonderful improvements to Windows Update, and we have great >> tools >> like SUS to manage those updates in our environments, and updates are >> generally quite seamless. BUT MS can't make sure that everyone gets >> their >> updates in time because of one problem: corporate policy. >> >> In most corporate environments, corporations are concerned about updates, >> but have a dozen or more servers floating around on various background >> functions, all implemented at different times as the company grew >> organically, and running various OS versions. This is a huge management >> task. Another issue in rolling out updates is that they really should be >> tested in your environment before they're applied. Sometimes, with >> critical >> updates, it's important to finish testing and roll out as fast as >> possible, >> within a day or so ideally. That's a herculean task, and I don't think >> most >> corporations have fully grasped the importance of proper testing and >> planning in general, but have an extra hard time working the testing of >> updates into their ROI. >> >> And I've run Up2Date and yum and emerge enough to know that it's not just >> the code writers at MS that are busy fixing holes in their code. From my >> limited experience with Linux, I would say that Linux requires more >> updates, >> but there's no science to that statement at all. (at least I don't have >> to >> recompile my Windows kernel and re-install my vid drivers every time I >> download a patch...) >> >> How many corporate environments have you worked in where your IT staff >> had >> all the resources they needed to manage their constantly changing >> environment? Corporate Execs are requiring techs to ROLL OUT >> implementations of .NET server products that MS recommends a MINUMUM of 6 >> weeks for the initial planning stage, followed by more testing, training, >> testing and finally implementation, then more training. One week. This >> is >> simply ludicrous, but happens all the time. So these servers get hacked >> together and put in place, probably without any solid IT knowledge of >> what >> the security risks are associated with that product line. A lot of these >> servers integrate with SQL server, and instead of learning SQL Server >> security are run with an sa blank password. I patched an RTM SQL Server >> 2000 not 2 weeks ago, blank password and all. >> >> Regarding the management of security, there is still the issue of users >> and >> groups and permissions. User and group management is essentially the >> same >> concept, but the built in users and groups are different. And the >> application of those groups is different. For example, in Windows, you >> don't have to be a member of the "games" group to play a game, or a >> member >> of the "audio" group to listen to music. Almost always membership in the >> Users group will give you these permissions, and have to be turned off >> otherwise. NTFS has the role of micro-managing user permissions, with 13 >> available permissions to configure. Usually it's good enough to use the >> standard 5 permissions, but you can get more in-depth if you need to. >> >> On top of NTFS permissions, if you want to share a file over the network >> it >> will have share permissions as well. These are much more simple than >> NTFS >> permissions and effectively determine who can access what over the >> network, >> and then NTFS still has the job of determining what they can do when they >> get there. Coming from Linux, you should be able to apply your >> understanding of CHMOD to the Windows environment quite easily, and you >> may >> enjoy how much more robust the combination of NTFS and Share permissions >> actually is. >> >> To sum up, I think Windows is pretty rock solid. I suspect that the >> system, >> when properly managed, is inherently more secure than Linux. I think >> user >> error (end-user AND administrator), misplaced angst, and bad corporate >> policy/lack of resources are to blame for 99.x% of the 'Windows' problems >> that we hear about. >> >> When you're ready to dig in, I would recommend doing your homework. >> There >> is a huge paradigm shift between serving on Linux and serving on >> Windows(particularly Web Applications - DNS and DHCP are pretty much the >> same, Samba is an abomination, MySql is quite different...). I'm facing >> it >> going the other way 'cause I want to know what y'all are up to. And I >> don't >> think that being a super-power user on Windows makes the shift that much >> easier. >> >> Here's some good reading: >> http://www.microsoft.com/windowsserver2003/techinfo/reskit/deploykit.mspx >> >> And again, welcome. >> >> >> -- >> HTH, >> =d= >> >> >> Dana Brash >> MCSE, MCDBA, MCSA >> >> dbrash@gmail.com >> >> >> >> "JMax" <JMax@discussions.microsoft.com> wrote in message >> news:F0A8FF8C-E852-48A8-8B91-6FE4B2CBC6F9@microsoft.com... >> > Hello! >> > >> > We're considering changing our webserver from linux to Windows. >> > However, >> > in >> > considering this, we have several questions: >> > >> > 1) Does PHP run seamlessly on Windows without having to re-write code? >> > 2) We would be getting Windows Webserver Edition. Does SQL Server come >> > with >> > it, or do you have to pay the $5000 for it? It would be very nice to >> > have >> > SQL >> > Server, but for $5000, it is pretty expensive. >> > 3) Without bias (if possible), how does security management/security in >> > general compare with linux? Sure, Windows does get hacked more often, >> > but >> > is >> > it because there are more Windows systems to hack? Does Auto Update fix >> > these >> > issues? >> > >> > Thanks for your time, >> > >> > JMax >> >> >>
- Previous message: Rebecca Chen [MSFT]: "RE: no root domain"
- In reply to: JMax: "Re: Windows Server migration (from linux) question"
- Next in thread: Rebecca Chen [MSFT]: "Re: Windows Server migration (from linux) question"
- Reply: Rebecca Chen [MSFT]: "Re: Windows Server migration (from linux) question"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
