Slashdot Mirror
Security Issues with Windows 2000 Datacenter?
"My company is currently looking to cluster our SQL 7 servers. We're
considering Win2000 advanced server or datacenter. Around a month ago I sat in a meeting with our VP of IT, and the rest of the network admins I work with. Compaq tried to pitch their Windows 2000 Datacenter or Advanced Server solution. Here is the way the compaq people explained it:
You get datacenter only from an OEM. They look at the apps you're running
and customize a solution for you in their lab. Every datacenter implementation is different, and every datacenter CD is different. Since we would be using an EMC SAN as our clustered storage system they said our implementation would take special customization. They would have to contact EMC engineers and work together. Once you deploy it, the OEM monitors it. And you can't install any service packs or anything without getting an OK from your OEM. Any service packs are customized for your enviroment. The SLA guarantees a 99.999% uptime or your money back. Part of your money at least. Datacenter isn't an OS, but a program in their words.
Now here is the problem. With Code Red and Nimda, how do you patch IIS
running on datacenter in a timely manner? The reason IIS servers became
infected was because the admins didn't patch them in the first place. So say
a new worm comes out in a few months and it takes a few days for MS to
create a hotfix. Datacenter admins can't install it until they get their
customized copy from their OEM. And almost every 2000 server runs IIS for
terminal server. It can take a few days and in the meantime your servers
could be down. And I don't see the SLA covering a situation like this. Meanwhile you're explaining to your CEO how this $500K supposedly guaranteed solution is sitting dead in the water and you can't do a thing about.
Is there something I'm missing, or did Microsoft look over something like
this? Especially when they are trying to push Datacenter as 'Big Iron'."
The thing you're overlooking is that the Nimda and Code Red viruses came out AFTER the bugs they exploited had been discovered and patched.
This hypothetical DataCenter would not be impacted because the patches would have been tested and applied long before the viruses hit.
As much as we like to joke about Microsoft being "Swiss Cheese," the truth is most bugs have patches available long before there are exploits. DataCanter would mean all of the relevant patches would be tested and applied long before the viruses hit.
The only reason my servers were hit by Nimda was because I trusted out Chucklehead Network Admin to understand the difference between downloading and installing a patch. I told him to patch it, but did he listen? Apparently not. I guess flirting with the head of the Insurance Department was more important than the bulletin from the Microsoft Security Mailing list. Never mind the fact that I had to show him how to import a contact list into Outlook, never mind the fact that Clippy is too complex for him to comprehend, just ignore the guy who BUILT our infrastructure when he tells you to apply a patch that will protect the servers from the SINGLE MOST COMMON WORM ON THE NET!
I gave him the @$@(*& URL and told him to install the patch. All he had to do was paste the URL into the server's web browser, click a file name and select "Run from present Location" then Click YES on anything else he saw! But did he DO it? NOOOOOOO. He SAID he did it, but that's not the same thing as DOING it!
But hey, he managed to screw the trailer girl he'd been hitting on, so I guess out server down time and the dozens of root.exe files I had to delete were worth it, huh?
And before the tolls start in I am NOT jealous that he got laid. I spent the last 24 hours in bed with my girlfriend, and get more action in a week than he does in a month. He's the one going after the company's chain smoking pot addicts when he's supposed to be working.
And don't get me started on the 300 megs of porn on his hard drive! We only have a single T1 for the whole company's in-house operations. Thank GOD we host our servers off site or our clients would never get in. He downloads the W2K service pack off the Internet each time he installs it instead of running the local copy I saved to the server.
And don't get me started on his MP3 collection. He must eat up 90% or our bandwidth. Uploading a 50k Perl script takes me 20 minutes because he's downloading porn and MP3s, but because he's screwing the comptroller' s daughter he never gets in trouble for it. Meanwhile _I_ get grilled for out poor network performance, and just because he DENIES having downloaded all that crap he's excused and I'm told "There must be another cause."
And now he's studying for an A++ exam, and his comment to me? "Why do I need to know all this IRQ S***, we use Windows 2000. That's not in computers anymore."
ARGGGGGGGGG!!!!!!!!!!!!!
"Live Free or Die." Don't like it? Then keep out of the USA
If you have datacenter edition you have an enterprise contract, the person who submitted this has very little clue. We run MANY copy of DC, COMPAQ and M$ are our vendors and they have 2 hr response time on ALL critical ENTERPRISE level services. You DON'T us DC server unless you have a contract, YOU CAN'T even install the product without special codes. Nice editorial work /.
/. back or will it be sold off as assets ?
Just what I expect from an enquirer like source that you've become over the last few months. Will you guys still be alive when Andover goes under very soon ? Will you get control of
errr....umm...*whooosh* *whoosh* Is this thing on ?