Windows Server survey...
-
So I moved to this new company as a lonely .NET developer in an island of Tcl/Tk and Linux products. Once the initial shock and puzzlment about why they hired me has passed I understood they were trying to upgrade to a "better" dev technology (whatever that is, I took it on me to prove that .NET was such). Anyway recently I raised the issue we should try to choose a more satisfying server OS (I raised the issue because in almost 3 month by now I saw at least 3 weeks of work by other people to test / configure / setup / update various Linux distro and I though they ought not to waste so much time). Naturally Windows Server came into play the discussion. Now someone ask repeatedly about Windows Server "stability / reliability / performance". I should confess I just dismissed his question as being brainless Windows Bashing. Now, come to think of it, I never even approach a Windows Server, much less work with it. I'm not a system administrator either. So I wonder: What about Windows Server "stability / reliability / performance"? Could I run it non-stop for 1 year? While it is used as a IIS server? and/or MS-SQL/MySQL DB server? What about those nasty stealthy system update requiring reboot? Could it run a firewal and administer 256 VPN? (optional) Could I administer it remotely with other tool than remote desktop?
Well, Microsoft has been working hard at reducing the number of conditions where a reboot is required on Windows Server, but it's still not 100% free of them. Security patches, especially service packs will typically require a reboot. This can be mitigated by using load balancing, though (which is a good idea if you are concerned about uptime because even if your OS can guarantee no downtime (none can), hardware failure happens.) Having said that, Windows Server is very stable, however it depends largely on the people who are running it. Many people seem to believe that the solution to everything is to reboot first and ask questions later. The new Windows Server 2008 looks very promising. it hasn't been fully vetted by a large number of users yet, but they've taken many steps that should improve uptime, reduce attack surfaces, and make it more secure. Something to keep in mind is that IIS6 had only 3 security vulnerabilities since it was released in 2003, and none of them were critical. Compared to Apache, that's extremely good. Also, consider that some of the largest websites in the world run Windows Server. Godaddy, Ebay, Facebook, and of course Microsoft, etc... Could it run non-stop for 1 year? Yes, most likely, but that would mean not applying any patches that require a reboot. And yes, used as an IIS server or SQL Server. Yes, it can run as a firewall, using third party products, WIndows Routing and Remote Access, or ISA Server (though as I understand it, ISA Server is not currently compatible with 2008, though there is an update planned). There are also tons of tools for remote administration, depending on your definition of "remote". If you mean through a VPN tunnel, then you can use the remote admin tools that ship with it, or you can download from Microsoft. There are also a lot of third party tools like Dameware. Chances are, you being the lone man out will have a hard time getting heard. For every reason you give, 20 other guys will FUD it.
-- Where are we going? And why am I in this handbasket?
-
Super Lloyd wrote:
Could I run it non-stop for 1 year? While it is used as a IIS server? and/or MS-SQL/MySQL DB server? What about those nasty stealthy system update requiring reboot?
The longest we have had our Windows IIS server up was 116 days strait. And we only restarted it then because of those pesky windows updates. You can control a lot of the updates by using WSUS or similar, but in the end, you will need to update it to keep it as secure as you can.
Super Lloyd wrote:
(optional) Could I administer it remotely with other tool than remote desktop?
I dont know about Server 2008, but with server 2003 you can administer a lot of its functions from a Win XP Pro machine using some MS tools. This means you rarely have to connect to the actual, although it sometimes is a good idea just to check it anyway.
"There are three sides to every story. Yours, mine and the truth" ~ unknown "All things good to know are difficult to learn" ~ Greek Proverb "The only place success comes before work is in the dictionary" ~ Vidal Sassoon
thanks for the feedback!
-
Super Lloyd wrote:
Could I run it non-stop for 1 year? While it is used as a IIS server? and/or MS-SQL/MySQL DB server? What about those nasty stealthy system update requiring reboot?
The longest we have had our Windows IIS server up was 116 days strait. And we only restarted it then because of those pesky windows updates. You can control a lot of the updates by using WSUS or similar, but in the end, you will need to update it to keep it as secure as you can.
Super Lloyd wrote:
(optional) Could I administer it remotely with other tool than remote desktop?
I dont know about Server 2008, but with server 2003 you can administer a lot of its functions from a Win XP Pro machine using some MS tools. This means you rarely have to connect to the actual, although it sometimes is a good idea just to check it anyway.
"There are three sides to every story. Yours, mine and the truth" ~ unknown "All things good to know are difficult to learn" ~ Greek Proverb "The only place success comes before work is in the dictionary" ~ Vidal Sassoon
Thunderbox666 wrote:
And we only restarted it then because of those pesky windows updates.
AFAIK Linux also suffers from that kind of updates. Am i right?
Mostly, when you see programmers, they aren't doing anything. One of the attractive things about programmers is that you cannot tell whether or not they are working simply by looking at them. Very often they're sitting there seemingly drinking coffee and gossiping, or just staring into space. What the programmer is trying to do is get a handle on all the individual and unrelated ideas that are scampering around in his head. (Charles M Strauss)
-
Thunderbox666 wrote:
And we only restarted it then because of those pesky windows updates.
AFAIK Linux also suffers from that kind of updates. Am i right?
Mostly, when you see programmers, they aren't doing anything. One of the attractive things about programmers is that you cannot tell whether or not they are working simply by looking at them. Very often they're sitting there seemingly drinking coffee and gossiping, or just staring into space. What the programmer is trying to do is get a handle on all the individual and unrelated ideas that are scampering around in his head. (Charles M Strauss)
Mladen Jankovic wrote:
Linux also suffers from that kind of updates
From experience (I have only used FreeBSD), we didnt need to restart regularly becaused of automatic updates. Any updates we did were all manual and were done during planed downtime. Windows will (unless you tell it not to) download updates and pester you until you have installed them. BUT as I said, I have only used one varient of Linux and have not had a lot of experience with it.
"There are three sides to every story. Yours, mine and the truth" ~ unknown "All things good to know are difficult to learn" ~ Greek Proverb "The only place success comes before work is in the dictionary" ~ Vidal Sassoon
-
thanks for the feedback!
No probs. Just keep in mind, every OS (Linux included) can only be as stable as the hardware it runs on, and the extra software that is depended on. The more programs you install, the more chance you have of issues developing, thus increasing the need of reboots, etc. We moved away from our Unix box to a Windows 2003 Server because the Unix box was harder to maintain (change, upgrade, etc), although it was more stable. We have no regrets in that decision, and we manage to have a constant 99% or higher uptime for all 8 of our internal and external websites.
"There are three sides to every story. Yours, mine and the truth" ~ unknown "All things good to know are difficult to learn" ~ Greek Proverb "The only place success comes before work is in the dictionary" ~ Vidal Sassoon
-
Thunderbox666 wrote:
And we only restarted it then because of those pesky windows updates.
AFAIK Linux also suffers from that kind of updates. Am i right?
Mostly, when you see programmers, they aren't doing anything. One of the attractive things about programmers is that you cannot tell whether or not they are working simply by looking at them. Very often they're sitting there seemingly drinking coffee and gossiping, or just staring into space. What the programmer is trying to do is get a handle on all the individual and unrelated ideas that are scampering around in his head. (Charles M Strauss)
Mladen Jankovic wrote:
AFAIK Linux also suffers from that kind of updates.
Only kernel updates require reboot.
-
So I moved to this new company as a lonely .NET developer in an island of Tcl/Tk and Linux products. Once the initial shock and puzzlment about why they hired me has passed I understood they were trying to upgrade to a "better" dev technology (whatever that is, I took it on me to prove that .NET was such). Anyway recently I raised the issue we should try to choose a more satisfying server OS (I raised the issue because in almost 3 month by now I saw at least 3 weeks of work by other people to test / configure / setup / update various Linux distro and I though they ought not to waste so much time). Naturally Windows Server came into play the discussion. Now someone ask repeatedly about Windows Server "stability / reliability / performance". I should confess I just dismissed his question as being brainless Windows Bashing. Now, come to think of it, I never even approach a Windows Server, much less work with it. I'm not a system administrator either. So I wonder: What about Windows Server "stability / reliability / performance"? Could I run it non-stop for 1 year? While it is used as a IIS server? and/or MS-SQL/MySQL DB server? What about those nasty stealthy system update requiring reboot? Could it run a firewal and administer 256 VPN? (optional) Could I administer it remotely with other tool than remote desktop?
On the vpn side; I have been running ISA for 8 years, very few problems. My network is development though, and have only had 5 vpn connections active at any one time. A good resource is http://www.isaserver.org[^]. You can read up on ISA and ask the resident GURU Tom Shinder questions, sometimes he even answers. ISA combined with RSA firweall security package (with keyfob) makes a very effective 2 way authentication for your VPN users.
MrPlankton
-
So I moved to this new company as a lonely .NET developer in an island of Tcl/Tk and Linux products. Once the initial shock and puzzlment about why they hired me has passed I understood they were trying to upgrade to a "better" dev technology (whatever that is, I took it on me to prove that .NET was such). Anyway recently I raised the issue we should try to choose a more satisfying server OS (I raised the issue because in almost 3 month by now I saw at least 3 weeks of work by other people to test / configure / setup / update various Linux distro and I though they ought not to waste so much time). Naturally Windows Server came into play the discussion. Now someone ask repeatedly about Windows Server "stability / reliability / performance". I should confess I just dismissed his question as being brainless Windows Bashing. Now, come to think of it, I never even approach a Windows Server, much less work with it. I'm not a system administrator either. So I wonder: What about Windows Server "stability / reliability / performance"? Could I run it non-stop for 1 year? While it is used as a IIS server? and/or MS-SQL/MySQL DB server? What about those nasty stealthy system update requiring reboot? Could it run a firewal and administer 256 VPN? (optional) Could I administer it remotely with other tool than remote desktop?
Hi, I've worked about 50% as a server technician (and 50% as a programmer) in the MS world since Windows NT was launched. Before that I did similar stuff in various Unixes. I have only *very* basic Linux experience, though (it gives me nasty flashbacks to the 80s, so I try to stay away from it). In my experience an installation is as stable, reliable and well-performing as you are competent to make it. Last time I installed a Linux box it became unstable, performed abysmally (and was eventually hacked). The Windows Servers, on the other hand, stay up until I tell them to reboot. In my mind, these results are due to MY skills or lack of skills with the respective environments, not the environments themselves. So... if your shop has mainly Linux people and no skilled Windows techies, you will experience the opposite. The Windows Servers you deploy will be disasters. Yes, Windows Server has a more familiar GUI and can be installed by a rookie, but the resulting system WILL NOT follow best practices in any way, shape or form. It LOOKS like XP/Vista etc, and has lots of code shared with them, but it IS a very different animal and DOES require the people responsible for planning, installing and configuring it to know what they do. Also, it is sufficiently different from Linux to confuse a skilled Linux server techie. That HKLM\System\CurrentControlSet\Services in the Windows registry is essentially an über-version of /etc/inittab in Linux isn't exactly obvious to most people, for example. As for specifics: - To date, I have never encountered a stability problem in Windows Server caused by the system itself. There is always a third-party driver involved somehow even though it's not always obvious. Also note that high-end brand names for servers USUALLY mean stable drivers, but there's no guarantee. - Automatic updates sometimes cause reboots (if they touch files that are loaded by the system, a service or an application). That's why I only use manual updates on production servers (I let the automatic update client download the updates for me, but install them myself). Another reason is that an update (of anything) always is a risk and I want to be absolutely certain that I have sufficiently recent backups. - I run IIS+SQL on several machines (hundreds of sites+databases on each) with no unplanned reboots (the planned ones occur bi-monthly as we ARE aggressive about patching the boxes, despite not letting them do it on their own). Some combinations of software (SQL Server and Exchange) require some
-
So I moved to this new company as a lonely .NET developer in an island of Tcl/Tk and Linux products. Once the initial shock and puzzlment about why they hired me has passed I understood they were trying to upgrade to a "better" dev technology (whatever that is, I took it on me to prove that .NET was such). Anyway recently I raised the issue we should try to choose a more satisfying server OS (I raised the issue because in almost 3 month by now I saw at least 3 weeks of work by other people to test / configure / setup / update various Linux distro and I though they ought not to waste so much time). Naturally Windows Server came into play the discussion. Now someone ask repeatedly about Windows Server "stability / reliability / performance". I should confess I just dismissed his question as being brainless Windows Bashing. Now, come to think of it, I never even approach a Windows Server, much less work with it. I'm not a system administrator either. So I wonder: What about Windows Server "stability / reliability / performance"? Could I run it non-stop for 1 year? While it is used as a IIS server? and/or MS-SQL/MySQL DB server? What about those nasty stealthy system update requiring reboot? Could it run a firewal and administer 256 VPN? (optional) Could I administer it remotely with other tool than remote desktop?
Hi again, Just some details on the only genuine showstopper bug I've found in Windows Server: A client installed a security update on a Windows Server used as a terminal server. After a day, users at other sites (connected via a VPN tunnel network - hint: uses a smaller MTU - maximum transfer unit - than a LAN) could no longer connect. Fixed by a reboot, but the problem came back after a day or so. I did my reading on the security update and found out that it limited the number of ICMP redirects active in the server to 1024 (mitigating a DoS attack type). Some pondering made me realize that the ICMP message "packet too big and DF bit set" used by PMTU (path MTU) discovery (a scheme used by TCP to figure out the maximum packet size for a connection) is handled by the same mechanism (inserted into the routing table, with MTU information). What if they messed that up in the fix? So... I posted a question on MS partner-only managed newsgroup describing the problem and my thoughts. An answer was posted and a fix (compiled five hours after my post) was supplied the next business day. The fix worked like a charm, and everybody was happy. I HAVE seen other genuine Microsoft bugs, but they have SO FAR either not been showstoppers like this one or have required very specific and complex circumstances (easily changed) to trigger. So I would say that yes, Windows Servers CAN be stable. Later, Peter
-- Peter
-
So I moved to this new company as a lonely .NET developer in an island of Tcl/Tk and Linux products. Once the initial shock and puzzlment about why they hired me has passed I understood they were trying to upgrade to a "better" dev technology (whatever that is, I took it on me to prove that .NET was such). Anyway recently I raised the issue we should try to choose a more satisfying server OS (I raised the issue because in almost 3 month by now I saw at least 3 weeks of work by other people to test / configure / setup / update various Linux distro and I though they ought not to waste so much time). Naturally Windows Server came into play the discussion. Now someone ask repeatedly about Windows Server "stability / reliability / performance". I should confess I just dismissed his question as being brainless Windows Bashing. Now, come to think of it, I never even approach a Windows Server, much less work with it. I'm not a system administrator either. So I wonder: What about Windows Server "stability / reliability / performance"? Could I run it non-stop for 1 year? While it is used as a IIS server? and/or MS-SQL/MySQL DB server? What about those nasty stealthy system update requiring reboot? Could it run a firewal and administer 256 VPN? (optional) Could I administer it remotely with other tool than remote desktop?
Must be real "interesting" to be caught in the middle of such politics ;) As someone else in this thread said at length, it really will come down to the competency of the admins. I agree the Linux admins are, in general, horrific at setting up and configuring and windows box. It works the other way around too. It takes years of experience to become good with all the little quirks and niggles of each platform. For example, the Linux admins no doubt are familiar with scripting writes to certain areas of /proc (or is it /sys today?) for tuning various things and also running little utilities to improve disk and network performance... But, will they have the same skill with the registry? What about all the 3rd party tools to ease remote administration? I don't think you could reasonably expect to get away with running a windows server for a year w/o rebooting. In today's environment you *must* keep up with patching. This means having test servers available with the same hardware software config and testing updates on them, then pushing patches out live as soon as you can. You should plan on rebooting your windows servers once a month for no other reason than a security patch will require it. Yes, on a hardened and locked down IIS webserver and best practice physical security, you will be able to skip some months but I wouldn't count on a whole year. There is nothing nasty or stealthy about this, each update clearly states if it will need a reboot If this is an issue then throw 2 IIS servers behind a hardware load balancer. Use 2 servers using replicated DFS for file serving. There is clustering to address SQL or Exchange scenarios. There are ways to achieve high availability in most cases. I am unaware of a good solution for a high availability VPN concentrator on Windows. Networking is an area where Linux really has the upper hand. This may be about to change now that there is Server 2008 "core" install. The advantage of Linux here is that kernel and glibc related security patches are relatively rare and those are the only ones I can think of on that platform which would require a reboot. The design of the system and libraries is such that patches to a webserver like apache, or the php interpreter, or postgre sql, or almost anything else you can think of require only a restart of that service, an order of magnitude faster than rebooting the entire system. Still, it is application downtime and they are fools if they don't keep the *NIX system patched; there are many folks out there trying to
-
Mladen Jankovic wrote:
Linux also suffers from that kind of updates
From experience (I have only used FreeBSD), we didnt need to restart regularly becaused of automatic updates. Any updates we did were all manual and were done during planed downtime. Windows will (unless you tell it not to) download updates and pester you until you have installed them. BUT as I said, I have only used one varient of Linux and have not had a lot of experience with it.
"There are three sides to every story. Yours, mine and the truth" ~ unknown "All things good to know are difficult to learn" ~ Greek Proverb "The only place success comes before work is in the dictionary" ~ Vidal Sassoon
Thunderbox666 wrote:
Windows will (unless you tell it not to) download updates and pester you until you have installed them.
And you can find a post on a Visual Studio installation (I guess) where stupid Vista forgot that it was in the mid of installation and it rebooted.
Vasudevan Deepak Kumar Personal Homepage
Tech Gossips
A pessimist sees only the dark side of the clouds, and mopes; a philosopher sees both sides, and shrugs; an optimist doesn't see the clouds at all - he's walking on them. --Leonard Louis Levinson -
Hi, I've worked about 50% as a server technician (and 50% as a programmer) in the MS world since Windows NT was launched. Before that I did similar stuff in various Unixes. I have only *very* basic Linux experience, though (it gives me nasty flashbacks to the 80s, so I try to stay away from it). In my experience an installation is as stable, reliable and well-performing as you are competent to make it. Last time I installed a Linux box it became unstable, performed abysmally (and was eventually hacked). The Windows Servers, on the other hand, stay up until I tell them to reboot. In my mind, these results are due to MY skills or lack of skills with the respective environments, not the environments themselves. So... if your shop has mainly Linux people and no skilled Windows techies, you will experience the opposite. The Windows Servers you deploy will be disasters. Yes, Windows Server has a more familiar GUI and can be installed by a rookie, but the resulting system WILL NOT follow best practices in any way, shape or form. It LOOKS like XP/Vista etc, and has lots of code shared with them, but it IS a very different animal and DOES require the people responsible for planning, installing and configuring it to know what they do. Also, it is sufficiently different from Linux to confuse a skilled Linux server techie. That HKLM\System\CurrentControlSet\Services in the Windows registry is essentially an über-version of /etc/inittab in Linux isn't exactly obvious to most people, for example. As for specifics: - To date, I have never encountered a stability problem in Windows Server caused by the system itself. There is always a third-party driver involved somehow even though it's not always obvious. Also note that high-end brand names for servers USUALLY mean stable drivers, but there's no guarantee. - Automatic updates sometimes cause reboots (if they touch files that are loaded by the system, a service or an application). That's why I only use manual updates on production servers (I let the automatic update client download the updates for me, but install them myself). Another reason is that an update (of anything) always is a risk and I want to be absolutely certain that I have sufficiently recent backups. - I run IIS+SQL on several machines (hundreds of sites+databases on each) with no unplanned reboots (the planned ones occur bi-monthly as we ARE aggressive about patching the boxes, despite not letting them do it on their own). Some combinations of software (SQL Server and Exchange) require some
insightful, thanks! :D
-
Hi again, Just some details on the only genuine showstopper bug I've found in Windows Server: A client installed a security update on a Windows Server used as a terminal server. After a day, users at other sites (connected via a VPN tunnel network - hint: uses a smaller MTU - maximum transfer unit - than a LAN) could no longer connect. Fixed by a reboot, but the problem came back after a day or so. I did my reading on the security update and found out that it limited the number of ICMP redirects active in the server to 1024 (mitigating a DoS attack type). Some pondering made me realize that the ICMP message "packet too big and DF bit set" used by PMTU (path MTU) discovery (a scheme used by TCP to figure out the maximum packet size for a connection) is handled by the same mechanism (inserted into the routing table, with MTU information). What if they messed that up in the fix? So... I posted a question on MS partner-only managed newsgroup describing the problem and my thoughts. An answer was posted and a fix (compiled five hours after my post) was supplied the next business day. The fix worked like a charm, and everybody was happy. I HAVE seen other genuine Microsoft bugs, but they have SO FAR either not been showstoppers like this one or have required very specific and complex circumstances (easily changed) to trigger. So I would say that yes, Windows Servers CAN be stable. Later, Peter
-- Peter
interesting! talk about fast bug fix! ;-)