Slashdot Mirror
Security Issues with Windows 2000 Datacenter?
"My company is currently looking to cluster our SQL 7 servers. We're
considering Win2000 advanced server or datacenter. Around a month ago I sat in a meeting with our VP of IT, and the rest of the network admins I work with. Compaq tried to pitch their Windows 2000 Datacenter or Advanced Server solution. Here is the way the compaq people explained it:
You get datacenter only from an OEM. They look at the apps you're running
and customize a solution for you in their lab. Every datacenter implementation is different, and every datacenter CD is different. Since we would be using an EMC SAN as our clustered storage system they said our implementation would take special customization. They would have to contact EMC engineers and work together. Once you deploy it, the OEM monitors it. And you can't install any service packs or anything without getting an OK from your OEM. Any service packs are customized for your enviroment. The SLA guarantees a 99.999% uptime or your money back. Part of your money at least. Datacenter isn't an OS, but a program in their words.
Now here is the problem. With Code Red and Nimda, how do you patch IIS
running on datacenter in a timely manner? The reason IIS servers became
infected was because the admins didn't patch them in the first place. So say
a new worm comes out in a few months and it takes a few days for MS to
create a hotfix. Datacenter admins can't install it until they get their
customized copy from their OEM. And almost every 2000 server runs IIS for
terminal server. It can take a few days and in the meantime your servers
could be down. And I don't see the SLA covering a situation like this. Meanwhile you're explaining to your CEO how this $500K supposedly guaranteed solution is sitting dead in the water and you can't do a thing about.
Is there something I'm missing, or did Microsoft look over something like
this? Especially when they are trying to push Datacenter as 'Big Iron'."
Erm, what are the big advantages of Datacentre over Advanced server etc?
Laptop Reviews
I think something that both Microsoft and the OEM's count on is the time it takes from the time a bug is found until the time the bug is exploited! In the case of Code Red and Nimda I think that time spanned months.
Is it not also true that only large OEMs offer Datacenter? I don't think you are going to have a huge problem with the likes of Compaq or Dell providing timely fixes. It may not be available the same day the Microsoft Fix is, but I would be guessing that MS provides enough info to the OEMs to get the fix applied within 3-5 days.
All in all I think the amount you need to worry shouldn't be more than the satisfaction you can get from a 99.999% guarentee
Get the vendor to patch your servers within 12 hours of Microsoft issuing a hotfix/patch. If they will not put that into the contract, tell them they're not professional enough. If they cannot do something as easy as that, would you really want them running truly business critical solutions for you?
Stop the brainwash
Since you're paying microsoft a shitload of money, I'm sure that something can be worked out. All the friggin losers who were hitting my box with (a la Code Red) were on DSL / @home lines.
Incidentally, the iis vunerability was known since iis 4.0 was released. It was kept secret by MS because of the "If no one knows about it, no one will exploit it". I'm thinking the data center people get the patches that home users don't - sort of like netware's support, there is a $200 per support issue, but they will forward the problem all the way up to the guy who coded the section you are having a problem with.
The lame fuck of the day is 24.202.127.156
1q2w3e4r5t6y7u8i9o0pqawsedrftgthyjukilo;p'azsxdcf
It doesn't matter, I've seen way to many servers running the OpenGL screensavers. Mind you, servers aren't known for their hardware 3d, so its all done in software.
That alone will take up many times more hardware resources than a game of pinball.
Actually no, they took all non-esesntials out. Even the "fade" effect in the start menu :-(
I run one datacenter server. 8-way intel hardware.
1: It got spanked by nimda. It's inside the corp. firewall, but the virus got into the network via email. Once inside, that particular region of the network is largely insecure. We're running it in a lab/demo environment, so security is not a huge concern.
2: The damned thing shipped with IIS installed and running. Since it's the only OEM OS we have in our lab, I didn't notice it there in the three days the box was plugged in.
3: see 2.
Called the vendor. Support was !ofclue about patches. The best I could do was apply all of the IIS-related patches, disable all MS internet services, and clean the hell out of the system. Love me some MS.
You should read up on Compaq's Data Center program at http://www.compaq.com/datacenter
1 .html#q1-1 says "Hot fixes and patches will be reviewed on a case-by-case basis for early release."
Specifically, this link http://www.compaq.com/solutions/datacenter/answer
You are most certainly not left out in the cold with this program. The "don't you dare update drivers, or install service packs and hotfixes" is there to prevent people blowing things up, when they shouldn't be touching the system, like with the recent Terminal Services hotfix.
Datacenter's change control is really no different than you would see in a mainframe environment.