OS Wars: Microsoft vs Open Source - News - Software

To print: Select File and then Print from your browser's menu

--------------------------------------------------------------
This story was printed from ZDNet Australia.
--------------------------------------------------------------

OS Wars: Microsoft vs Open Source

By Stephen Withers, 0
February 05, 2002
URL: http://www.zdnet.com.au/news/software/soa/OS-Wars-Microsoft-vs-Open-Source/0,130061733,120263263,00.htm

Can one operating system fit all your needs? Or is it a matter of mixing and matching to the tasks at hand?

Technology & Business magazine assembled a panel of experts from throughout the IT industry to find out which OS fits best, in terms of:

The operating systems debate tends to run on religious lines. In an attempt to shed some light on the issue, we assembled a panel drawn from various parts of the IT community (systems administration, systems integrators, market analysts, academia, and recruitment) and asked them to discuss the advantages and disadvantages of various systems for different network services.

Our panel comprised:

Felix Borenstein, managing director of IT staff recruitment specialist Parkside Consulting;
Geoff Halprin, managing director and principal consultant at The SysAdmin Group, vice-president of the Systems Administrator's Guild (SAGE) and an active member of the Systems Administrator's Guild of Australia (SAGE-AU);
Kevin McIsaac, program director for server infrastructure strategies at industry analyst META Group;
Peter Menadue, national business manager of systems integration and consulting firm Dimension Data Australia; and
Dean Thompson, a consultant in the areas of architecture deployment and computer networks, who is currently completing his PhD at Monash University's School of Computer Science and Software Engineering.

Mail serving

E-mail is a vital service to a broadening range of businesses, and if it goes down, admins can be guaranteed their phones won't stop ringing until it's back. Which operating system best suits mail server requirements, both now and into the future?

Dean Thompson: E-mail has become an essential part of an organisation's internal and external communications.

Before organisations decide to deploy or review their mail services they need to consider several issues.

What infrastructure is in place, and is it being upgraded? What operating system is used on the desktop? In most cases this will be some flavour of Windows operating system--98 or 2000, for example--although some sites do have Unix workstations.

What e-mail functionality is required? A simple service that passes messages from sender to recipient, or extras such as company-wide mailing lists or address books, off-site access to mail, junk mail detection and elimination, mail filtering for individuals and the detection of viruses embedded within e-mail messages?

The answers to these questions dictate what sort of e-mail solution you should provide. For example, a small-to-medium-sized business that has deployed Windows (98, NT, or 2000) throughout the organisation and which uses a domain controller (either a Primary Domain Controller via NT4 or an Active Directory provided by Win2000) might find it more economical to invest in Microsoft's Exchange mail server.

Exchange is relatively easy to set up and fits nicely into organisations that are already making extensive use of Microsoft products. For example, Microsoft Outlook can interface with Exchange server in a corporate mode and provide users with public newsgroups, shared distribution lists, and calendar/scheduler services.

Windows 2000 and Exchange server work together for tighter integration of existing security policies, allowing people to use the same username and password combination to log into their workstation, access server resources, and read their mail.

Exchange and Outlook together allow users to define rules to process incoming mail, including the identification and disposal of junk mail. The Windows 2000/Exchange server combination allows the use of third-party mail clients like Netscape, but non-Microsoft clients have no access to common mailing lists or scheduling capabilities.

It is important to note that Exchange runs only on Windows servers, so an organisation has to already have the existing Microsoft infrastructure in place.

Furthermore, it is shipped from Microsoft as a black box with limited room for customisation, though Exchange server is quite flexible and can be configured to support a number of activities such as receive mail for a number of hostnames, or act as a front end to a series of mail servers.

Security is another consideration. Although Microsoft stores incoming messages in a database format that is not easily read, a number of security loopholes have been discovered with the Web interface that comes with the product.

These loopholes potentially allow miscreants to send a request that causes the mail server to execute code and functions against the users mailbox.

Security loopholes are nothing new and although Microsoft has been fast to provide patches, it is well documented within the industry that some of those these patches initially caused wide scale problems including the shutdown of corporate mail servers. These problems have since been rectified, but an extended e-mail outage is unacceptable in a corporate environment.

Overall, if you were a small-to-medium-sized business with Windows-based infrastructure, Microsoft Exchange and Windows 2000 would probably suit you.

Medium-to-large-sized companies may be attracted to Unix. Within the Unix world there are a number of mail server programs including sendmail--which is the most common-plus postfix and qmail. They for a powerful combination with other programs and protocols such as IMAP and POP which provide additional services so users can read mail from their desktop computers.

Larger companies are normally attracted to Unix operating systems--specifically Solaris (2.5+), Linux and FreeBSD--because of their reliability and because the software running on these systems tends to be open source allowing companies to either modify them to suit their own needs or to allow other programs to interface with them.

Examples of the flexibility that the Unix systems provide over other mail solutions is the ability to be able to add support from third parties for the scanning of incoming mail attachments for viruses, filtering incoming mail, and identifying any junk mail and disposing of it. While similar products also exist for Windows, linking them together can be challenging at times and their source code is not commonly available for modification.

A benefit of using Unix as a platform for processing incoming mail is messages can be scanned for viruses in an inert environment. Most viruses sent by e-mail are written for Windows and do not affect Unix, so they can be cleaned before they reach the environment they were designed to exploit.

Operating systems such as Linux have the source code of the entire operating system available to the public, allowing the serious developer to go into the internal workings and tweak system parameters to improve performance, something which is not possible with Windows.

More on mail serving

Overall, if you were a small-to-medium-sized business with Windows-based infrastructure, Microsoft Exchange and Windows 2000 would probably suit you.

Medium-to-large-sized companies may be attracted to Unix. Within the Unix world there are a number of mail server programs including sendmail--which is the most common--plus postfix and qmail.

They form a powerful combination with other programs and protocols, such as IMAP and POP, which provide additional services so users can read mail from their desktop computers.

While similar products also exist for Windows, linking them together can be challenging at times and their source code is not commonly available for modification.

Geoff Halprin: I'd like to start by pointing out that the difference between Unix (including Linux) and Windows is one of white box versus black box.

These are terms used in computing to describe whether one can see the inner workings of a system and hence tailor their testing and other practices in light of this knowledge.

The problem with developers is that they build systems based upon a false assumption about the environment that it will be deployed in--specifically that it is identical to the development environment. This thinking is false, and costly.

Each production system is unique. Four customers with the same hardware and software will create four unique environments, tailored to their individual needs--their users' skill levels, system administrators' experiences, business needs, legislative compliance requirements, and the ongoing stream of changes each day.

This is the essence of system administration: taking a set of discrete applications, hardware and user requirements, and building a production computing environment that meets the needs of the business.

Whilst each discrete component may not be special, the combination is always unique. This is complexity in its purest form. So, the problem is that no production system matches the vendor's assumptions for more than a few minutes. It basically undergoes an endless stream of continual changes, based upon it being put to use.

Unix systems are white box environments; system administrators know or can determine the exact behaviour of a system, and tune their practices to meet the needs of that application.

This generally makes complex activities practical; such as tuning, partitioning of services, sharing a host between applications-there is known effort involved and known consequences of that effort.

NT, by contrast, is a black box system. This means that the most reliable way to provide a variety of production services is to isolate each onto its own server.

Certain combinations have been integration tested, and so these can be provided reliably from a single host. However, when a patch is required, this integration testing must be repeated.

This clash of cultures plays significantly in the areas of tuning, scalability and security. Whilst the GUI nature of NT provides simple interfaces to many more common administrative tasks, the lack of any other form of control, and the lack of adequate tools to profile a system and investigate problems, coupled with the inability to control a Windows platform subsystem by subsystem, leads to a "reboot and re-install" mentality amongst many of those administering Windows platforms. This does not play with a "five nines" environment, which allows around five minutes of downtime a year.

It is far easier to train a person in the basics of day-to-day Windows administration, than the equivalent activity for Unix platforms (including Linux). But this is deceptive. Much of system administration is about dealing with exceptions, and being able to troubleshoot problems under pressure.

It is also about larger issues, such as business continuity planning, data management, problem management, change management and network management, to name a few. That it is easy to obtain an MCSE only hides the real complexity of the role, and directly contributes to an environment where companies attempt to use the technology they have inappropriately.

Turning to the question of mail servers, here are many different types of mail environment and so you can't say "one size fits all" or that there is one best product.

This issue is made more complex by the positioning of some products as groupware products that combine several functions with mail serving, such as Microsoft Exchange.

In smaller environments and in homogenous PC-based businesses, I agree that the combination of Outlook and Exchange becomes a compelling story.

Exchange provides a rich personal and workgroup productivity environment, integrating mail, calendaring, task lists, and contact lists into a single database. While there are a number of promising efforts underway in the Open Source community, none of them presently provide the richness or ubiquity of Outlook/Exchange.

Alas, with features comes risk. Microsoft ships a product that has many unnecessary features turned on by default, and many that cannot be easily disabled. These present large opportunities for attack from the Internet. Outlook continues to be the single largest security risk to any Internet-connected site.

Serious bugs that are exploited by new worms appear weekly. Businesses are being naive by not counting the cost of lost productivity in their purchase decisions and management practices.

Where the features are compelling, but delivered at a significant risk, businesses must invest in more rigid practices to ensure their products are always fully patched, and appropriate virus software is in place and virus libraries maintained. Alas, this is the exception, not the rule.

Dean Thompson: Unix tends to scale better than Windows, partly because a Unix server does not require a resource-hungry GUI. If a Unix machine is upgraded, the performance benefits of the upgrade are more likely to be felt by the end users, whereas the Windows GUI tends to absorb some of the improvement.

But this is a double-edged sword because it usually means that the company has to find an employee who is comfortable in working in a text environment rather than the now more familiar Windows GUI.

Geoff Halprin: Other reasons for Unix's better scalability are the open nature of Unix products, and the ability to investigate and allocate appropriate resources to applications. I am not aware of any mail servers of a significant size (such as an ISP) that do not run on a Unix platform.

Web serving

As one of the ways your company faces the world, your Web presence is also becoming indispensable. Downtime can cost money and reputation. What's the best OS to keep things running 24x7?

Kevin McIsaac: The key to selecting an operating system is the recognition that Web servers are best suited to run on a farm of servers not on a large SMP machine in a fail-over cluster.

Web requests are balanced across the farm by the network front-end that ensures both stability and high availability.

The Web server farms should be built from commodity servers, usually 2-way Intel, running a commodity operating system, either Windows 2000 or Linux.

META Group research shows that Fortune 1000 companies have settled on one of three Web server platforms: Microsoft Internet Information Server (IIS) with 47 percent market share, iPlanet Web Server (iWS) with 24 percent market share, and Apache with 18 percent market share.

This research shows a striking affinity between the Web server and the operating system, with approximately 90 percent of Windows 2000 systems running IIS, 96 percent of Linux systems running Apache, and 65 percent of Solaris systems running iWS (with another 25 percent running Apache).

Through 2002, as tight IT budgets favour lower-cost commodity Intel platforms, IIS/Windows 2000 and Apache/Linux will continue to gain market share at the expense of iPlanet Web Server on more expensive Sun/SPARC systems.

Peter Menadue: Scalability is much more than the number or size of processors, and how well OSes scale up to use the infrastructure. It's also about how easy it is to scale applications on top of, or across OS infrastructure, and how manageable that environment is, amongst other things.

In many cases organisations do not utilise the basic scalability of the OS for these reasons. For example, Windows has supported more than four processors for some time, but the vast majority of deployed Windows servers contain four or fewer processors.

The recent spate of security incidents has tempered enthusiasm for Windows-based Web infrastructure, but the combination of Microsoft's security initiatives, a new Windows Server Web edition, and the introduction of blade servers will minimise the drift of Microsoft shops to non-Microsoft platforms.

Dean Thompson: I have serious doubts about IIS for security reasons. Over the last year, a number of security holes have been revealed, and the most serious have allowed outsiders to manipulate files on the server with simple but specially formatted HTTP requests. IIS administrators have found it challenging to keep up with the various security alerts and patches needed to keep their servers safe.

Geoff Halprin: Apache is the single, most proven, scalable, and robust Web serving platform. IIS counters with some custom extensions--FrontPage--and the ability to use ActiveX controls, but each of these has significant security problems.

IIS has proven itself to be insecure beyond repair. The problems with IIS have proven so severe that Gartner Group issued a warning to migrate to Apache or other Web servers. I cannot, in good conscience, recommend a Microsoft platform for Web serving under any circumstances.

Peter Menadue: Solaris has been a comfortable choice for many organisations deploying e-business applications, and it continues as a comfortable choice, particularly as alternative Unixes face a transition to Intel-based platforms.

From a technology perspective, Linux can't be dismissed, but still isn't a prime time choice for enterprise deployments--the services and support infrastructure necessary to underpin an enterprise installation aren't there yet.

Dean Thompson: Web servers are at least as important to organisations as mail servers. But the type of content to be served comes into the decision as well as technical issues such as reliability and security.

Although yet to be treated seriously in some quarters, the content of a Web site can play an important role in the selection of the underlying operating system.

To highlight this point, the advent of the new .NET architecture from Microsoft will force companies that want to provide .NET services or .NET constructed Web pages and possibly even Active Server Pages to use IIS, which will tie them to a Windows 2000 server solution.

In the future this choice will broaden slightly with the introduction of the .NET Server, which is the successor to Windows 2000 Server. Another issue that may force organisations to look at IIS for their Web needs is the architecture used for building Web pages.

A number of products allow organisations to store styles and designs--the "corporate identity," if you will--on a server and to use client programs to build web pages around these styles.

Such systems are normally based on Windows--most notably NT 4 or 2000--and may prefer to operate with IIS or other Windows-based Web servers. Work-arounds may allow their use with Unix-based Web servers, but in some cases tight integration requires Microsoft servers.

I've already mentioned my concerns about IIS security, but if your company requires the ability to provide end users with .NET services or .NET pages, all I can do is strongly recommend that you keep up to date with all of the security advisories and be ready to react quickly to any patches or threats which come out.

I would recommend Solaris 7 or 8, or Linux instead. They are both extremely reliable--an essential characteristic for Web serving--and they provide flexibility in serving Web pages.

Solaris and Linux can run commonly available Web server software (source code included) such as Apache or Tomcat, and they support static HTML, Java Servlet Pages (JSPs), or servlets.

Both platforms also support commercial Web servers such as [BEA's] WebLogic, which can provide deployment flexibility and have the built-in ability to load balance traffic across multiple servers. Similar techniques can be applied to servers such as Apache and Tomcat with the aid of add-on tools.

Solaris and Linux provide mechanisms for performance tuning. Solaris has a number of small configuration files that can be manipulated to effect a change, and once again the Linux source code allows custom optimisations. Linux also provides an interface that allows changes to be made while it is running.

From a security perspective, both platforms must be constantly maintained with security patches to both the Web server and the operating system itself. The difference is that mistakes that previously existed in other Web servers seem to be repeated during the development of IIS.

Geoff Halprin: And Apache wins the scalability stakes hands down. Its closeness to Perl and several derivative development environments (such as Slashcode and Mason) make it easy to churn out Web sites that are capable of the most sophisticated functions.

Database serving

Databases often replace many of the low-level functions of the operating system, and some databases don't offer a choice of OS. Keeping this in mind, does OS matter?

Kevin McIsaac: As a DBMS (DataBase Management System) server, Windows 2000 will be suitable for 90 percent plus of all application scalability and availability requirements.

This will render Unix (other than Solaris) a legacy platform by 2004 or 2005, despite its more robust partitioning, workload management, and clustering.

Unlike the Web or app server tiers, the database must be run on a single image system, not a farm. This means that high availability and scalability must be built into the hardware and the operating system, which are Unix's traditional advantages.

However we believe that for 90 percent of the applications, Windows 2000 on an 8-way Intel system will provide sufficient scalability. While Windows 2000 fail-over clustering is still much weaker than Unix, it will suffice for those applications that required 99.5 percent availability, all but the mission critical apps.

Today, Linux is not a suitable operating system for a database server as it has very limited scalability and poor fail-over clustering support.

Dean Thompson: Databases can prove to be one of the most important assets that a company can have, and day-to-day use in the general operation of the organisation requires high performance.

The most suitable operating system for a database is Unix. DBMSes at the best of times are very resource intensive and are therefore not suited to operating in environments such as Windows NT or 2000 which are also resource hungry.

Database servers can commonly be found operating in a Solaris environment although there are a number of installations using them with Linux. Solaris is normally the recommended platform both for its reliability and for the hardware it runs on.

This combination proves to be very attractive to companies starting out with middle sized databases and which anticipate future growth. They can easily upgrade components of their database server, or there is the option of a "fork-lift" upgrade.

One factor that goes against Solaris is the cost of the hardware. There is a growing trend to consider Linux as a cost effective OS for database systems. Oracle has helped by offering a version of the Oracle DBMS server for Linux, allowing the use of commodity hardware to build systems with a reasonable level of performance at relatively low cost.

Both Solaris and Linux solutions are aimed mainly towards organisations with a vast amount of information to store.

Although not highly recommended, other solutions do present themselves to smaller companies that don't require all of the complexities that can be found in the commercial DBMS products.

Systems such as Microsoft Access or Microsoft SQL Server can provide small-to-medium-sized organisations with DBMS support, but their performance is also governed by the hardware that they are running on and any other software running on the same server.

Geoff Halprin: Microsoft's SQL Server serves the needs of small businesses well, but it does not scale to corporate needs. It is not industrial strength.

I am not aware of any large businesses using SQL Server beyond the workgroup environment.

File/print serving

You've gotta have it, but you'd rather not have to spend time dealing with it. What's the best way to keep file and print serving hassle free?

Geoff Halprin: NT provides a rich environment for file serving in a LAN environment.

Technically, the file permissions controls are superior on NT than on Unix, but in practice, people tend to ignore most of the advanced features, and just use the basics.

So most people would not recognise whether their files were on an NT server or a Samba (Unix) server.

Peter Menadue: Before the arrival of Windows 2000, many enterprises had positioned Windows as their OS of choice for file and print services and for departmental applications--scalability and reliability was definitely a perceived issue.

Since the release of Windows 2000 these issues are not being raised in the OS selection discussion. Increasingly, the selection of the OS is driven by the nature of the applications--Java or not.

Even though Java applications are available for Windows, from a pragmatic perspective, people tend to use Solaris for Java applications.

After working in the mini-computer market, I was involved in one of the largest rollouts of Windows NT 3.1 at the time.

We quickly realised that little provision had been made for automated management in the manner that most mainframe and mini-computer people expected. Windows has, with the addition of better management tools, interfaces, and scripting support become a substantially better platform to manage.

The no-client functionality of NetWare 6 is a welcome addition for NetWare shops, but Novell treads a fine line-in the longer run it may make it easier for organisations to migrate to other platforms where previously it required a client and server update.

This is a key moment for Novell--they must attract new customers and retain existing ones.

Dean Thompson: File and printer sharing have come a long way since the early days of Novell's NetWare product. Since Windows 95, file and printer sharing has been built into the basic operating system. This is a far cry from the days when Novell NetWare required that each machine load a number of drivers in order to connect to a NetWare resource.

Since then, both NetWare and other operating systems have evolved into more sophisticated entities capable of doing a lot of things. One item that has remained constant during this evolution process is the ability to share files and printers.

As most of the file transfers which are performed by users happen over the local network and that all the users on the network are most likely using some version of Windows, it makes sense to harness the file and print sharing services which come as part of the operating system.

Application serving

What's the best choice for running application servers such as WebLogic and WebSphere? What about thin client software such as Citrix MetaFrame or Microsoft Terminal Services?

Kevin McIsaac: META predicts that Windows 2000 will become the dominant operating system for mid-tier application servers during 2002, due to growing ISV reference platform momentum.

Linux on Intel--"Lintel"--will be successful as a Web and appliance server OS, but application server penetration will be minimal.

The decision over which operating system is "the best" technically (e.g. the most robust, or offering the highest performance) is no longer a primary consideration. Instead, users should adopt the following principles, which lead to greater infrastructure flexibility and reduce total cost of ownership:

2. Increasing infrastructure agility through use of common platforms and common configurations;

3. Exploiting the commodity curve by adopting commodity hardware and operating systems.

Other than Solaris, Unix has already lost the mind share battle for software vendor development. Our research indicates users are finding it increasingly difficult to run new applications exclusively on HP-UX, AIX, and Tru64 Unix.

Peter Menadue: Unix has always been a fundamentally good operating system, but has never lived up to the early promises of environment uniformity. The ranks of the Unix variants have slowly been thinning, and I think some rationalisation will continue.

Kevin McIsaac: Most new applications are being implemented using a multi-tier architecture with a back-end database management system server, multiple middle-tier application and integration servers, and numerous Web servers.

Although Oracle is supported on all major operating systems, most application and key middleware software is not. Aside from Solaris, NT and increasingly Windows 2000 already dominates as the middle-tier application server reference platform of choice.

The application server provides a robust, scalable, managed environment for executing a process. For a business application, it subsumes the functionality traditionally provided by the midrange operating system, such as process scheduling, memory management, load balancing, high availability, and security.

The application server and database manager provide a thick layer over the top of the OS that augments, extends, and subsumes the services traditionally provided to an application by the OS.

From an application perspective, the OS becomes a hidden service layer that supports the application server and database manager by abstracting the hardware.

While the OS remains a necessary service, its importance to an application is greatly diminished. Just as the adoption of the relational database altered the value of midrange OSes such as VMS, Prime OS, and Unix, so too does the adoption of the application server.

The elimination of Unix's traditional advantages over Windows 2000--high availability, failover clustering, and scalability--enables Windows 2000/Intel vendors to compete on functionality with Unix/RISC vendors.

The load balancing and failover features of the application server enable a highly available, highly scalable service to be built from a farm of low availability, low performance, commodity servers.

Scalability is cheaply and naturally achieved by simply adding more servers to the farm.

Unlike scaling a single image system, the application server can dynamically add or remove additional processing power without bringing down the application.

The application server is able to provide better failover and clustering services than the OS because it has a greater awareness of the application structure and requirements.

When building the application server tier, clients should implement a farm of servers with 4-way Intel or 4-way SPARC hardware running a commodity operating system--Windows 2000, Linux or Solaris. While Linux on Intel is a potential choice, there are few reasons except religious passions why Linux would be chosen over the widely accepted and better-understood Windows 2000.

By 2004/05, we believe Unix--other than perhaps Solaris--will be viewed as a legacy platform. However, by 2002/03, the choice between Microsoft's .NET and Sun's J2EE as an IT organisation's primary enterprise application integration framework will largely dictate the underlying operating system and server hardware platform options, especially for middle-tier application and integration servers.

Moreover, Intel IA-32-based servers with four to eight CPUs are already appropriate for 80 to 90 percent of all application scalability and availability requirements, that is up to roughly 75K tpm-C. In addition, Windows 2000 is no longer coupled with Intel IA-64 hardware.

However, by 2002/03, we expect Intel to finally deliver on the promise of IA-64 performance competitive with then-high-end RISC technology.

This will begin to enable all major system vendors with the notable exception of Sun to offer more linearly priced midrange and high-end servers supporting Windows 2000.

Incidentally, we do not expect Linux to move up from the Web server tier to the application server space; instead, we believe Linux will move downstream more broadly as a "black box" appliance server operating system.

Dean Thompson: Just like database servers, application servers must be reliable and they must be able to serve the applications with sufficient speed. However, no one operating system is perfectly optimised to act as an application server.

If an organisation were predominately Windows based, I would recommend a high performance machine with multiple high-speed network cards and running Windows 2000. In a predominately Unix environment I would suggest a high performance server--most likely Sun/Solaris for reliability--connected to a high-speed network.

A growing trend is the deployment of application servers where multiple clients connect to "virtual sessions" and run the application that they want to use on the server through a window on the client's screen.

The most notable example is Citrix MetaFrame. Although the approach is a good idea, it does have a number of problems with it. In particular, it requires an incredibly high-powered machine to support many virtual sessions and computationally heavy programs.

This approach seems to be a backward step. Over the last decade we have seen the development of programs that push the processing to the client and reduce the load on the server, but the introduction of application servers moves the processing back to the server.

Creating a homogenous environment with Windows clients and servers or Unix clients and servers allows security permissions and auditing information to be preserved and observed. Trying to maintain the same level of security and auditing information for systems in a heterogenous network can cause all sorts of problems.

Network services

Once upon a time it was all NetWare. Nowadays, which OS is best for network services such as directory, DNS, proxy, firewall, and remote access?

Geoff Halprin: One of the most critical network services is DNS. Unfortunately, Microsoft tends to extend Internet standards, and this leads to incompatibilities with non-Windows platforms. I believe--but I may be wrong--that the Microsoft DNS server does this.

The GUI to the Windows DNS server helps eliminate errors, but I have seen equivalently simple GUIs for BIND and DJBDNS, which are two Unix implementations of DNS.

Unix has a distinct advantage in the area of general network services.

It is built on a "building block" philosophy. This means that there is a rich environment for tailoring and automating business processes around provisioning of network elements, and this leads to reduced errors and increased serviceability of network services. With NT, each such change must be made by hand into a GUI.

This is error prone and time consuming. The results of a bad DNS change can be catastrophic, with a Web site being off the air, or mail being rejected because there is nowhere to deliver it.

It is a similar story in the Web caching space. The Open Source Squid proves to be the only significant player. Much work has been done to optimise Squid, and it is the only product used in serious environments such as ISPs.

Dean Thompson: Windows NT 4.0 made inroads into NetWare installations by providing both file and print sharing services, a server to store data upon and protecting all of the data with a username and password, in some cases more cheaply than NetWare.

Consequently, Novell re-invented NetWare to support Network Directory Information Services (NDIS), allowing network administrators to develop a tree-like hierarchy resembling the organisation's structure.

Until the release of Windows 2000 and its Active Directory, Novell had this approach to itself, which led it to slowly regain market share. However, NetWare can be viewed as an add-on rather than a standalone product, it doesn't seem to offer much that isn't provided by Active Directory in Windows 2000.

Most organisations have deployed Windows 98 or later on the desktop, and these operating systems capable of connecting to a Windows 2000 Active Directory server. I don't see the need to increase the complexity of the network by adding NetWare. Even in the Unix community we see products such as Samba that allow Unix machines to share files with Windows systems.

Peter Menadue: Microsoft's ability to bundle Active Directory as a component of Windows will ensure its wide scale adoption in the future, even if it's part of a broader directory fabric.

Most organisations that have deployed Novell NetWare also have Windows servers to support applications. Novell has some great directory-based technology, but are clearly being pressured by organisations that are rationalising the number of operating systems that they use.

Dean Thompson: Once again, reliability is critical. I would recommend running services such as DNS, Web proxy and a RADIUS database on a Unix system. All of these services are available in source code under Unix and allow the organisation to manipulate these programs.

On many occasions I have had to modify the operation of a proxy server or a RADIUS service to fit into the needs of the organisation.

Using these programs on a Windows platform would normally lock you into using the program the way it is rather than being able to tailor the program to the needs of the organisation.

The applications should help the organisation fulfil its job, not dictate the way the business is run.

In corporate settings, I recommend hardware firewalls rather than constructing one on top of a Unix system. Apart from the way they are optimised to protect networks, they may be built with redundancies allowing them to continue operating in the event of subsystem failure. Normal PC hardware does not allow for this.

Good firewall appliances are normally expensive, so if you were on a tight budget I would usually recommend implementing a firewall under Linux or FreeBSD, which can be secured to make it difficult for the firewall to be compromised.

Geoff Halprin: The success of a firewall running on a standard operating system such as Windows NT or Unix is only as good as the ability to control the services provided by the underlying platform, and shutdown all non-essential services.

The nature of Unix makes this an achievable and painless--though not trivial--task, and many people have reduced this process to checklists. It is far harder to disable all non-essential services on a closed platform like Windows.

In fact, with each new version of Windows, new services are automatically enabled. Windows XP ships with an insecure IIS server enabled by default.

There is already one severe problem scouring the net at present, and Microsoft made available on its Web site a free fix for both home and professional editions of Windows XP and forcefully urged consumers to install it immediately.

It is possible to secure a Windows server, but this is far more difficult, and there is little help from standard sources on how to do this. The rules change significantly with each release, nullifying any previous work done to reduce this to a checklist.

For small Windows shops, the pragmatic solution is a hardware firewall with a Web or Windows management interface.

Dean Thompson: The network service more suited to Windows rather than Unix is a Remote Access Server (RAS). In most cases, Windows clients are trying to form the remote link and so it makes more sense to integrate the RAS into the existing authentication mechanisms. RAS is often integrated into the server that is performing authentication.

If connections are to be made via the Internet rather than dial-up modems, I would position the VPN service on Unix as there are a number of programs which can be used to ensure the security of the VPN link between the remote user and the corporate network.

Staffing issues

Another factor to consider is the cost and availability of staff with the right skills. Are there any differences between operating systems?

Felix Borenstein: Right now, if you give me a week, I can get you 10 of anything. The skills shortage is a myth, though some technical skills are slightly harder to find than others.

But there are so many talented people unemployed that we can find the 10 best candidates for any position and you would want to hire at least half of them.

You don't have to consider the availability or--to any great extent--the cost of staff when making choices between the major corporate technologies, and I expect this to continue for at least a couple of years.

In fact, I don't think we're going to have a skills shortage ever again. There may be temporary shortages for highly specialised people for time to time, and people may need to look overseas for staff if they are in a hurry.

For example, we needed to bring in some Cool:Gen specialists from India for a client. But these situations are transient, and as soon as a project finishes somewhere, those skills are on the market again. Within the ranks of Unix system administrators, HP-UX, AIX, and Sun specialists attract a 25 percent premium over those who only have experience with SCO or some other flavour of Unix.

There's very little demand for Linux skills, except in some niche areas, and if someone knows Unix or Windows NT, they'll soon pick up Linux. Interest in Linux hasn't permeated to the recruitment market yet.

Furthermore, Windows NT and NetWare specialists increasingly have Unix experience. In today's world there's not going to be just one OS--there's always a Unix box somewhere in the organisation.

Every corporation of reasonable size requires skills in LAN, WAN, midrange, mainframe, storage servers, application servers, mail servers, and so on.

Commercial experience with NetWare 6 or Windows XP currently attracts a 10 to 20 percent premium over rates for those who only have experience with the previous versions.

But running either system on your home PC doesn't count--it has to be honest-to-goodness enterprise experience in a multi-server, multi-domain environment.

This premium will only last 12-18 months while the rest of the herd catches up. It's a classic supply and demand situation that we've seen before. For example, Novell CNEs attracted a premium until Windows NT took off, and then MCSEs attracted a premium until plenty of engineers had gained certification.

You can't rely on a core skill these days. Successful candidates have multiple disciplines, such as Windows 2000 and IIS and other Microsoft technologies, or NetWare and Notes and so on. This also applies to applications development, where employers may be looking for someone with Visual Basic, scripting, SQL, and Java. But this is actually a healthy sign.

Strong network management experience is also in demand, especially if it includes HP OpenView, IBM Tivoli, or CA Unicenter.

If you are looking for contract staff, the heat is out of the market and so there is pressure on contractors to take lower rates, especially in areas such as SAP and high-end project management.

For example, a project manager who was earning AU$1500 per day at the end of 2000 would only be getting AU$1000 a day in December 2001. Similarly, supply and demand has evened up for Cisco WAN specialists, so people who were on AU$75/hour contracts that are expiring are taking AU$65/hour in order to get those contracts extended.

But extensive experience at the real bleeding edge of technology, notably storage and real, demonstrable e-commerce experience, attracts a 10 to 15 percent premium.

As for permanent employees, people are being realistic in their expectations. There have been big layoffs, from Ansett, for example, but so far employers aren't taking advantage of the situation to drive down salaries too far. I think that's sensible: you want good people to stay with you for the long haul, so there's no good reason to underpay them.

There will always be competition for the top five percent of staff. Highly skilled, highly savvy people will always get work, but the bottom 20 percent are going to have a tough time over the next couple of years--they need to retrain, cross-train, and network to raise the level of their skills and contacts.