Slashdot Mirror
CA Announces Program Ports to Linux
December writes "CA has announced that they will port ARCserveIT, InnoculateIT, MasterIT and NetworkIT to Linux.
The full press release is available online. " Computer Associates and Red Hat are teaming up, according to the press release. They'll be making a package aimed at "mid-market" customers.
Never knock on Death's door:
More race stuff in one place,
than any one place on the net.
--
We have fought the AC's, and they have won.
CA is the most egregiously arrogant company I have dealt with in over 15 years of doing computer support. Besides the support issues that have already been mentioned, just trying to *buy* their products can be a nightmare. Several years ago they tried to sell me Unicenter. The salesman and I went round and round for months over one central issue: Pricing.
It wasn't that the pricing was too much, it was that they couldn't tell me what it was. I insisted that I wasn't going to invest any time in evaluating Unicenter until I was convinced that it would fit in my budget. I wanted a price schedule -- you know, like a price per server of various sizes, and a price per client, a price per management station, etc. They wouldn't give me any prices until I'd given them a complete inventory of all the hardware on our network, identifying which machines were servers, which workstations, etc., etc., etc. I tried to explain that this was a Sun environment and, what with NFS and all, just about *all* the machines could be considered servers, and that for the purposes of determining affordability, he could just assume that all of our approximately 150 Sun machines were servers. I explained that doing the kind of documentation he wanted, in the form he wanted, was exactly the kind of thing I didn't have time for until I knew that I could afford the product. After a long time of this, I finally told him to just stop calling me.
We went through the same thing again a few months ago with ARCserve. We'd been using ARCserve for NT since the Cheyenne days -- Cheyenne was actually a pretty good company before CA slaughtered it -- and we wanted to (a) upgrade it to the latest version and (b) buy copies for our Unix machines. It boggles the mind, but we never, ever did get a price for it. There appeared to be no one in CA who was authorized to give us a price, and we tried, repeatedly, for months to get this information out of them. At one point they sent us a single license for evaluation, but by that time we were pretty far along evaluating an alternative, Backup Express from SyncSort. Backup Express works great, and SyncSort's service is excellent.
Really, CA offering products for Linux is a very mixed blessing.
All backup software sucks. I sometimes hold forth the position that it is cheaper to do without backups and when the hard drive on a server crashes- re-type everything in manually. :)
:(
I developed an affection for Palindrome but Cheyenne bought them and then stopped development on it. We would still be using it for our own servers but it won't work after y2k.
About 20% of our customer support time is spent troubleshooting backup problems. I can't recall ever getting a solution to a problem from a supplier support technician. (Well, once with Dell)
Arcserve is a swearword around our shop. It is the Microsoft Windows of backup software in my book.
CA software is a pain in the ass. And they cannot even manage to resolve conflict issues with their own software [Arcserve and Inoculan frequently will not play nicely together].
And their software is by far the worst in the industry when it comes to the process of licensing. It is a nightmare! Tell them to keep this junk to themselves.
all persons, living and dead, are purely coincidental. - Kurt Vonnegut
If RedHat keeps this up, they'll have more closed source software in their box then open. I'm not sure if that's a bad thing or a good thing, but I wonder if that's the only way for a distro to 'stand out'. I guess I got the wrong idea, and thought RH would of wanted more to push the software as OSS. Again I'm not passing judment and saying this is bad or good. But it does make me wonder. Oh well, just my two pence.
I can see your point about scanning for Windoze viruses with Linux, and I'll grant you that would actually be useful.
However, we DO NOT need virus checkers to protect our systems or our own data from viruses or Trojan horse applications. You only need those things when you run closed-source binary applications. Nobody in their right mind would use closed source when they can get the source code and check it themselves before they compile it. If I can't get the source, then I don't use it.
If you use binary-only software, then you deserve whatever Hell it unleashes on your system.
(You know, I'm starting to feel like Richard Stallman, here.)
Anyway, virus checking software will not stop Trojan horses, and it will only give the user a false sense of security. The people who *need* anti-virus software are the ones who are the least likely to keep it updated.
What newbie Linux users really need are friendly, easy-to-setup security software, or a distro that comes preconfigured to be secure and has a simple interface to give the root user control of the various security settings.
I also take issue with folks who think GNU/Linux will have arrived when there is all this shrink-wrapped software available for it. That is not what I want, nor what most of you are going to want if you stop and think about it. Shrink-wrapped software means locking people out of their own systems. It means becoming more like the enemy. If you become the enemy, even in order to defeat them, you haven't won, just replaced the enemy with yourself. The whole fixation with trying to turn GNU/Linux into the next Windows with shrink-wrapped software and comparable software will destroy the community in the long run. I see us heading in that direction and I don't like it. For the good of the community, the fixation with Micro$oft has got to stop, and this desire have all the same tools as them has to end. To win, we need to transcend the commercial software mentality and come up with something truly innovative to move the computing world in a new direction....
Uh, sorry for the rant. I'll stop before I get too far off topic, but you get the point.
Just be sure to wear the gold uniform when you beam down -- you know what happens when you wear the red one.
The last time you downloaded an open-source program, did you read ALL the code? Even the boring stuff? Hmm?
Posted by NJViking:
I hope they clean up the ArcServe interface up first before they port it. I had to support ArcServe on 8 NT servers at my last job and it was not a pretty picture.
Arcserve appears to have horrible support for library tape devices, and their instructions for installing patches (as well as figuring out which patches are pre-requisites to others is a nightmare.)
The tape device I was using was a Magstar B10. It had support for 20 tape cartidges and was a fast little machine, however, Arcserve would often leave the tape device in an unwritable state.
When I left that job in June, I had found out from a colleague in November that they hadn't had a full backup since August.
NJV
Yah, I had to deal with Arcserve on a Netware server when I was working at Unnamed U. It didn't help matters much that the server had some flaky hardware in it to begin with, but that is what makes a good backup all the more important.
ArcServe was the wrong choice for the job.
The UI was horrible, consisting of a scattering of programs, some loaded on the server, some on the client. Only backup software I know of that forced you to load a program on another machine just to eject a tape.
It used to go off the trolly somewhere into a la-la land that only ArcServe could find. It would keep spitting out useless console messages and eating up CPU time. The only way to fix it was to forcibly kill the program, which is not good for the health of your Netware server.
And it was always spewing error messages like "Unexpected error nnnn" or "Tape server error nnnn" where "nnnn" was some number not found in the manual. You'd call tech support, sit on hold for an hour, and that get a tech who'd look it up and say something like "It means your backup is toast, try it again" or "Oh, we don't know what that means, either. It wasn't documented by the engineering team, and they haven't had a chance to go back and find it yet."
Geez, am I glad I don't have to deal with that POS anymore.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
They won't help the client data, but the server will be fine.. Besides, a virus like that wouldn't make it in the wild. Replication and stealth must outweigh destructiveness.
Besides, after the hypothetical virii explosion, you restore from last night's backup. You don't lose much, if anything. Fileserver data is usually relativly static, changing incrementally over time.
.sig: Now legally binding!
So that would explain why Melissa was a huge anticlimax because, of course, every company just restored from backup?
Open Source. Closed Minds. We are Slashdot.
was the biggest waste of cash. No CLI, and it was software that tried to be smarter than me ... ugly mess. Virus scanning software would rock but not ArcServe! I'll be excited when Legato Networker server runs on FreeBSD.
I think the next slashdot poll should be 'your fav backup software'
o Bru
o Networker
o Tar
o dump
o pen & paper
The problem is, /.'ers don't use shrink wrap software that's any good because they all work at 2 bit ISPs that can't afford it, or because they are students who know bugger all about the real world anyway. (Slight generalisation :-) )
Here's my list of shrink wrap products that are really really good and better than any OS equivalent that I'm aware of:
Veritas NetBackup
HP OpenView
Photoshop
Painter
Oracle
Remedy
Quark Xpress
These are the ones I've come across at work.
-----
HE ASKED ABOUT ENTERPRISE SOULTIONS AND YOU GIVE HIM SOMETHING THAT CAN'T HANDLE FILESYSTEMS LARGER THAN A TAPE??????
Get a clue. Please. Please. Please. Can everyone remember that Enterprise doesn't mean "One step up from my little ISP where I did my first job after college". It means "The largest 20% of companies in the world".
This little program is probably great, and it probably fits the bill for loads of companies but
IT IS NOT A FREAKING ENTERPRISE SOLUTION FOR ANYTHING AT ALL.
I am aware of three Enterprise backup solutions:
Veritas Netbackup, Legato Networker, ADSM
These programs are so far beyond Amanda it's not even funny, so can we all stop flinging the word 'Enterprise' around until we've worked in Enterprise environments and actually know what we are talking about?
Please? Can we? That way we'll learn instead of spouting vaguely pro-Linux FUD all the time.
Thanks.
-----
Samba with an integrated scan-on-first-read, scan-on-every-write would make for a killer fileserver! No scheduled, system hogging scans, none of the gross overhead associated with the popular scan-on-every-read method some others use, and little-to-no chance of known viral spread via the server!
Of course, many systems are multi-use (ftp+samba, apache+samba, sendmail+samba, etc). Samba with integrated scanner can't address these issues. Perhaps a kernel hack that implemented SOER/SOFR at the filesystem level would be a better all-around solution.
I'm digging for my copy of 'Linux Device Drivers' now..
.sig: Now legally binding!
Oh dear, I seem to be on a Veritas advocacy mission today.
If you want good backup, get Veritas Netbackup. It's good. You pay for it. About 6000UKPS for the server license and about 120UKPS for each client license.
It's the best there is IMHO and so far above anything open source that it's not even funny.
Sadly, there seems to be nothing good in the middle between Veritas and the like at the top and BRU and the like at the bottom.
-----
Arcserve is HORRIBLE.
I was using the version just before it changed to ArcServeIT, though we did get the first version of ArcServeIT. It is poorly programmed and unstable as hell. I nevercould rely on it. Restores were always a scary experience. It wouldn't recover crashed machines at all (apparently you were supposed to pay extra for this very basic capability, and my predecessor hadn't bought this feature). I could get back data files USUALLY. However, I had endless trouble with the catalog. Doing restores on that system was a constant series of barely-dodged bullets. I have never, in my life, dealt with software that was so horrible. I fought it for MONTHS. I almost always managed to do restores when I needed them, but that was mostly due to ingenuity on my part.
Eventually, in desperation, I called up support (which is actually decent) and complained at them about the endless trouble we were having with it. Turns out that the Raima database that they use internally can only support 16 million records. I had over a million files on one server ALONE, and I was backing up over fifty machines to DLT tape. The catalogs were silently corrupting themselves within a few days of being rebuilt. This is NOT DOCUMENTED ANYWHERE in the manuals. And I asked them about this. "Oh, Arcserve isn't meant to handle that much data." Excuse me? This is a multi-thousand dollar package, and I don't remember seeing anything on the box about how much data I could back up with it???
They did tell me I could use SQL Server to store the database files. I went through the whole process of buying a new drive, setting up SQL Server, and configuring ARCServe to talk to it. It did work, and it didn't lose catalog data. However, after a backup, it would take somewhere around TWENTY HOURS to update the catalog in the database. When it was time for the next daily backup, it often wouldn't be finished updating the catalog from the PRIOR one 24 hours before! And if I wanted a restore, even a simple query would take twenty minutes to run (as in, browsing the files that had been backed up the night before from a specific server).
At that point, we just dumped it and bought a real solution, Legato Networker. Networker on NT has a few odd wrinkles but it is mostly solid, and it has saved my rear end several times. When I do a restore with Networker, I get back a perfect machine. Users can actually restore their own recent files without any intervention on my part. And it works. Every time.
Caveat re: Legato: An earlier build of Networker totally ate itself and destroyed the server installation. I was able to rebuild the server from its 'bootstrap' tapes, but bugs in the restore process make it very slow and tedious to recover the catalogs from multiple machines. I don't know if this has been fixed yet. It has not crashed since I went to a more recent patch rev, and has been almost painless. Light years difference from ArcServe, which was a constant, constant hassle.
Conclusion: Don't touch this software with a ten-meter pole. It won't be any better on Linux than it was on NT. Go with something you can trust; both BRU and Arkeia have pretty good reputations.
ArcServe SUCKS.
At my previous company, a large-scale NSP, Unicenter and other CA products were brought in by upper management. The product had multiple bugs, and event the agents could poll properly on CPU load without maxing out the cpu. All of their interfaces, which were supposed to be configurable and intuitive were anything but that - no support for importing data, and obscure and deeply nested access via the GUI (checking a simple outage involved going through no less than 5 clickthrus, plus entering plenty of text). Demand on the management stations was VERY high, and the software did not share well with other processes - though orignally designed for NT, their servers ran Unix (as an option) but their management stations wanted win95. I know that this model may have been changed somewhat with the new features, but think of where they were at just 2 years ago...
Their support consisted of nothing at first, but then was scaled to 4 programmers living in our eng area. This was not because they wanted to do this- they had wanted to charge us ungodly amounts of cash for this privelige. The only reason we got them at all was because it would have violated a prior arrangement they made with us. The programmers, however, were uncooperative and generally did not want to work on anything but a very narrow set of parameters on the server side only. Getting anything done with them was about impossible, but we finally got them to compile a Unix client, which we could eventually compile under linux- neither were stable.
Bottom line is this- they did not have product or plan for product under Linux 2 years ago. Even under other platforms, they did not meet the "enterprise" standard of support (everything works, is fully interoperable, 99.9% of the time w/ comprable uptime). Considering how bad their previous "flagship enterprise" products were before, I can't begin to imagine all the hassles of dealing with their product on *nix, plus the added hassles of having to put up with their exhorbitant and lousy support (and VERY obtuse documentation). Maybe if you have only one person assigned for support it *might* work out, but it didn't work well in a multi-staff multi-hat environment.
They are excellent business people. They can sell to management like nobody else- strategic partnerships to increase their stocks has apparently been what they are best at. And they ALWAYS sell with binding, multi-year contracts that tie your hands while leaving them free to do as little as they wish...so I have to wonder if, beyond marketing hype, this is something I would really want associated with a quality product like Redhat, which is THE LINUX in the minds of most business-people and consumers.
'Hail Eris, baby, hail Eris...pfffffffttt.' *cough* 'Yeah.'
You might want to add mkisofs to that list.
Yes, it's called Amanda, and yes, it's covered by the GPL. It's homepage is at www.amanda.org. It has a few shortcomings, most notably, no filesystem can be bigger than a tape. But it also has a lot of features. Don't get discouraged by the release date - there have been several patches made, and there is a beta (almost done!) release, as well as an alpha release for further down the line.
It is precisely because of the fact that there is no virus-scanning software for Linux (for DOS/Win16/Win32 viruses) that many otherwise clueful PHBs will not adopt it.
Except that's *NOT* a fact:
Sophos Anti-virus
Datafellow's F-Secure for Linux
And that's just the two *I* know of.
I would say we do. Unless you have no Windows clients on your network then you want some sort of server side virus scanning. You can never rely 100% of virus scanning to be done by the client as the user can mess with this, etc. There are a number of other reasons that has to do with performance. So for Linux viruses we don't need it but to prevent the spread of Microsoft viruses then yes we do.
Let me tell you *WHY* it's a Good Thing...
Many shops are forced to keep an NT server around to provide virus-scanning services for the Windows desktops in the company. Because "Linux doesn't have viruses", the Linux boxen tend to act as a Typhoid Mary during a Windows virus infection.
It is precisely because of the fact that there is no virus-scanning software for Linux (for DOS/Win16/Win32 viruses) that many otherwise clueful PHBs will not adopt it. Software to scan for alien viruses on email attachments, etc, can only broaden the appeal of Linux.
It's also not a bad thing if they provide scanners for native viruses.
"What?!!?" you say. "Sure there is concept, but for all practical purposes, there are no Linux viruses. Besides, permissions protect us!"
True, my friend. Permissions protect the system from getting hosed. A virus can only affect your own files, or files that you have write permission to. Consider, though: the system, aside from configuration (which, I realize, is not insignificant), is on the original install media. What do you have under your account?
That's right. Your data, which is far more valuable.
It's true, any non-half-assed shop keeps backups... but let's face it, it's a real pain in the ass to restore. And managers hate to be inconvenienced. :)
Reserve some judgment on this, and try to be somewhat open-minded whilst reaching your own conclusions.
--
We have fought the AC's, and they have won.
When I submitted this article yesterday, I gave a link to this RealAudio interview with Matthew Szulik, the President of RedHat. He talks about this partnership and general RedHat buisness goings-on. The interview requires G2 or greater; I haven't tried it on Linux, so YMMV.
---------The early bird gets the worm, but the second mouse gets the cheese.
Actually, I didn't use the word enterprise in that post at all. But I will in this one. I help out on the Amanda users' mailing list, and I can safely say that Amanda is being used to backup terabytes of data on hundreds of machines. That sound like enterprise to you?
I didn't say that ALL the filesystems have to fit on a single tape, I said that EACH filesystem much be able to fit on a single tape. Amanda shuffles the level 0 dumps around so that they are dynamically spread out from each other. It does a very good job at it too.
Also, in an enterprise your tapes are going to be at least 35GB DLT tapes; mabye larger. That's 70GB of data compressed. Not very many filesystems out there that are that big; and if you have one, you can split it into chunks with tar.
The rationale for having Amanda not split the filesystems apart is that you can recover everything without Amanda. This comes in very handy when the backup server's HD crashes the same day as the print server, and you are trying to recover the files with 20 people standing over you. Everything on tape can be restored with dd, and either tar or restore (depending which you used to backup).
I resent that you automatically assume that I don't know what enterprise means. I know that enterprise = thousands of employees. And the summer job was actually after high school; I'm presently in college. That job was at a comporable ISP to your own employer, Colt Internet. And Amanda worked fine for them.
Finally, I think your use of the word FUD is wrong. What I said was true, and not negative about the competition at all. Since FUD = Fear, Uncertainty, and Doubt, I really don't see how saying something good about Amanda could be FUD by any strech of the imagination.
NAI/McAfee Netshield comes closest of any I have seen.. It performs a full scan on the first read and a cursory examination on every subsequent read (it can't keep track of what 100% of what NT writes, so it just takes a peek). Every write is scanned. It's a pretty good product, but NT 4.0/Alpha support is going to be short lived, so if you run any Alpha's, you might look elsewhere.
.sig: Now legally binding!
Cut your losses, cutover to HP Openview or any number of expensive SNMP managers. BTW, Unicenter and Solaris don't mix. They have allways had bigtime problems with Solaris, and Novel 4.x and up have been about the same. Don't look to TNG either, same poor results.
Good luck, your going to need it.
Never knock on Death's door:
More race stuff in one place,
than any one place on the net.
They should, yes. But some scan every file, every time, regardless if it is prudent or efficient to do so. CA's package does it that way. Others scan only when needed, or only when infection is probable. Think of the overhead in scanning every file every access. By the time the file reaches the user and is opened/executed, it has been scanned at least three times more than needed. On a well-loaded server this can be death.
.sig: Now legally binding!
That being said, I openly wonder how they will be doing the cataloguing on Arcserve for Linux. On the NT Server version, you had a choice of either using their own proprietary (buggy) database, or SQL Server 6.x.
Since they already have a port of their Ingres II database for Linux, one would suspect they might use that. I don't know if that is the proprietary database on NT you mention or not (although I believe that Ingres is available for NT). It is hard to say what CA will really support.
delivering a seamless out-of-the-box management solution tightly packaged for the midmarket customer
This, I know is rah rah marketing talk, but I work with CA products every day and I have never seen a seamless out-of-the-box solution come from them yet. I'm sort of surprised that HP and Harris or even BMC got in on this instread of CA.
On a more positive note, A recent MERIT survey revealed that 48 percent of enterprise customers view Linux as an important component to their enterprise IT strategy for 2000..
I hadn't heard of this survey yet, this is good news.
Never knock on Death's door:
More race stuff in one place,
than any one place on the net.
Whoa! Every Linux fileserver that has Windows clients needs to be scanned! Just because the server can't get knocked-up doesn't mean it won't keep handing out copies of 'Win-CIM' or 'Spiro-2' to the clients from a shared executable. This just means we can scan locally now instead of keeping around a low-power NT box to do it.
I just hope someone else comes out with a better product than CA's, and fast. I have never touched a bit of CA-*IT ware I could tolerate..
.sig: Now legally binding!
While the potential for viruses to do damage is diminished when not run as root, there are still local root exploits that potential viruses could use.
In addition, a trojan need not necessarily be a virus installed by root. For example, a system like the script kidd3z Tribal Flood network could install as a regular user and use a non privledged port. Of course it would not be able to conceal itself from "ps" or "netstat" or hide in some daemon. But there are a lot of novice users out there with RedHat 6.0 on their cable modem doing ip masq. They may not notice for a long time, and they are especially the targets that a trojan might want.
In my experiences using Arcserve, Inoculan, and Remotely Possible (now ArcserveIT, InoculateIT and ControlIT) CA had the worst technical support I have ever seen. We had many problems with Arcserve (a buggy product) and tech support for us (supposedly with a "Platinum" type service contract) would take days to get a callback. It should have been four hours. Sometimes the callbacks never came. The other issue was with sales. We had unlimited licenses for a lot of things, and bought an upgrade license for Arcserve and they still hadn't delivered the product after four months. CA, in my opinion, has the worst customer service in the industry, and I know a lot of Windows administrators that agree.
Uhhm, have you ever heard of backup, my friend? Every company that has any clue makes a tape backup of user's data every night. So the fact that a "virus" can destroy you data has exactly zero effect when you can easily restore it from a tape.
And it's not just about viruses. Backup is the ultimate answer to accidental deletion, unwanted modifications and (gasp!) hardware failure. And if you don't make back up -- well, then you deserve to have your data destroyed. Perhaps after this happens once you'll learn -- but you never know.
___
___
If you think big enough, you'll never have to do it.
a) yes Linux=Red Hat
b)Linux=mainstream
You seemed to have focused on just the virus part of the press release, but this is only one area of the larger suite that CA is pushing. With CA partnering with Red Hat, this helps provide an "Industrial Strength" flavor that business wants before we blindly port our enterprise to the flavor of the month. I would have had other choiced ahead of CA, because I think their products are clunky, but the exposure as mainstream I think is a good thing.
Never knock on Death's door:
More race stuff in one place,
than any one place on the net.
Can't remember what the name of the product was, but CA had some marketoid-type ad in a computer magazene for some product that asked something to the effect of "Imagine if you could fly around the office to fix computer problems". What's wrong with telnet, or some windows equiv? What if the ethernet is unplugged? This looked like a lot of fluff and no substance.
Now Arcserve, when I used it maybe 3-4 years back was horrible. I had to recover 20 some odd files that were spread across several backup tapes. The UI made you click on each cute little backup tape icon and after 45 minutes (no I'm not exagerating), a list of files would come up, and if I wanted one, I had to click on it, then tell the program I wanted to restore from tape, insert that tape, wait for it to finish, then do it all over again. Why no command line? Why no ability to give it a list of files and have it tell me which tapes to put in? Given CLI primitives to list files on a tape and restore, I could have written the whole thing in PERL in an hour.
I find this to be a huge problem, especially with admin tools. If something is sufficiently messed up, you might need to use a command line. If the developer invests all its time in the GUI, then the command line version will be poor, or non exisitant. That's what I like about Linux. Many of the GUIs are just fancy ways of getting at underlying CLI tools. This gives the user True flexibility.
JET Program: see Japan, meet intere