Security Issues with Windows 2000 Datacenter?

alen asks: "The recent IIS security incidents got me thinking. Code Red and Nimda hit servers that weren't patched by their sys admins. If you get infected, you patch your server and end of story. But what if you're running Windows 2000 Datacenter Server? It's a customized solution that you can't change. All your service packs are customized by your vendor. What happens if you have a web or database server that needs to be patched immediately? Are you left out in the cold running unsecure software that you can't patch while you wait in line for your vendor to issue you a service pack or hotfix?" In a situation like this, the whole ball-o-wax resides with the vendor. If you have a good vendor who actually cares about customer satisfaction, these hotfixes will be available quickly. Would anyone out there actually recommend Datacenter for corporate environments?

"My company is currently looking to cluster our SQL 7 servers. We're considering Win2000 advanced server or datacenter. Around a month ago I sat in a meeting with our VP of IT, and the rest of the network admins I work with. Compaq tried to pitch their Windows 2000 Datacenter or Advanced Server solution. Here is the way the compaq people explained it:

You get datacenter only from an OEM. They look at the apps you're running and customize a solution for you in their lab. Every datacenter implementation is different, and every datacenter CD is different. Since we would be using an EMC SAN as our clustered storage system they said our implementation would take special customization. They would have to contact EMC engineers and work together. Once you deploy it, the OEM monitors it. And you can't install any service packs or anything without getting an OK from your OEM. Any service packs are customized for your enviroment. The SLA guarantees a 99.999% uptime or your money back. Part of your money at least. Datacenter isn't an OS, but a program in their words.

Now here is the problem. With Code Red and Nimda, how do you patch IIS running on datacenter in a timely manner? The reason IIS servers became infected was because the admins didn't patch them in the first place. So say a new worm comes out in a few months and it takes a few days for MS to create a hotfix. Datacenter admins can't install it until they get their customized copy from their OEM. And almost every 2000 server runs IIS for terminal server. It can take a few days and in the meantime your servers could be down. And I don't see the SLA covering a situation like this. Meanwhile you're explaining to your CEO how this $500K supposedly guaranteed solution is sitting dead in the water and you can't do a thing about.

Is there something I'm missing, or did Microsoft look over something like this? Especially when they are trying to push Datacenter as 'Big Iron'."

It's what they call lock-in

[91degrees]

When I was studying, I was taught that one of the reasons to write maintainable code was to prevent lock-in. Good coders don't need to force companies to keep using them, they should produce good enough work that the comapny sees no need to rplace them.

Microsoft of course, do not write good maintainable code. They don't supply commented source, and they don't give the customer any long term rights to use the code as they see fit. Any goodprofessional should avoid microsoft products simply because they will immediately prevent themselves from having any choice at all. It becomes impossible to back out.

Re:Whats it needed for?

[Waffle+Iron]

In other words, Datacenter changes the following two lines of code in the kernel header:

#define MAX_CPUS 32
#define MAX_MEM_GB 64

You pay only a few dollars for that mod. The remainder of the huge expense goes to pay for a special team of engineers whose purpose in life is to try to keep your systems up and running.

Why post this article at all?

[rsimmons]

Doesn't this sort of discussion belong somewhere other than slashdot? Who cares whether you should use datacenter or not?