Slashdot Mirror
Midsize Businesses Not Considering Linux?
LukePieStalker writes "eWeek is running a
piece
about a research report which concludes that Linux is not even
on the radar screen for midsize businesses. The survey involved
over 1,400 executives of companies with annual revenue around $250 to
$500 million. It seems that, while smaller companies may see the
licensing savings as being significant, and larger companies have
the expertise to manage it, bringing Linux into a midsize Windows
shop creates a multiplatform organization which is prohibitively
complicated and expensive to manage. Unfortunately, companies of
this size comprise the bulk of American business. Quote: "Linux is
free, but the support for it is not.""
FTA: "But, in the midsized companies, adding Linux would create a multiplatform company where a Microsoft-only shop existed previously."
Keep in mind, while medium sized businesses may "comprise the bulk of American business", this is only the current situation. As smaller businesses grow, there will be an influx of Linux based organizations in the medium-sized business world. Adding Linux to a Windows based infrastructure is inherintly more expensive (because you have to pay for the upkeep of two systems). But a computing infrastructure based entirely on Linux is, as far as I know, cheaper in the long run.
Also, as Linux becomes a better candidate for a desktop platform, its adoption as a viable computing platform will only increase. The state of Linux is, now, significantly more advanced than it was just 2 years ago. 2 years from now, even more so.
Digital Sailor
"- Only 27 percent of respondents currently have Linux installed.
- Almost half of respondents said they had "no interest" in Linux.
- Of the companies where Linux is not already installed, 48 percent have no interest and an additional 15 percent are not sure."
So to sum it up, 27 percent already use Linux and of those who don't more than half are interested in it, while an other 15 percent are not sure.
How someone can conclude that this means midsize bussinesses are not considering Linux is beyond me.
"Linux is free but support isn't"
I have yet to encounter a problem in Linux that can't be resolved by googling, or calling the vendor.
A corrolary is:
"Microsoft 'support' isn't"
IE, the teleflunkies at MS Support don't even know the basics of their own OS. I worked as a Intern with a large company, we were trying to spit out a webpage for some app, and gee, used Frontpage for the quick and dirty work. I know, hand code, yadda-yadda, but everyone else there was Mainframe gurus, and they had MS on the desktops.
Anyway, this particular version of MS was generating improperly nested formatting, which we could reproduce...
I was told "Hey, we have a support contract with MS, call them"
"Hi, I need help with frontpage, it's generating malformed HTML. Is there a patch out? Or something we can do."
"Front page generates compliant HTML"
"No it doesn't, I can tell you how to do it. Do you have a bug process"
*Conversation goes no where after description of convoluted process to get bug even noticed by MS. Every Open Source Project, I have very little problem submitting bugs*
Microsoft support isn't support. Yer paying for nothing.
There's a saying in spanish "mas vale malo conocido que bueno por conocer" which roughly translates to "better something bad that is known than something good that is unknown" (don't know if there is some saying in english similar to it)
People are scared of trying new things, especially management types. Increasing the complexity of a system by installing other in parallel can get, er, complex. Linux can be installed for free, but no support.
People will prefer to pay for windows than to pay for support and training to use alternatives.
Open Source Java Web Forum with LDAP authentication
He's not saying that Windows support is free, only that you have to look at TCO (as Ballmer and friends like to point out) which includes the purchase price, paid tech support, administration, and possibly developer training. At this point it doesn't appear he has an axe to grind, he's just stating what he sees. If you always reject bad news you'll never learn anything.
Before any more people go and post about how calling Microsoft for support costs money, please remember the following:
1) If the place is a Microsoft shop with a bunch of servers 10-20+, they're most likely a Microsoft Certified Partner who get X amount of free trouble support requests per year. And if YOU solve the trouble shooting or if you bring a question to them that there is NO way you could know or find the answer to, they do not charge/deduct credits. As long as you've done your research and have tried everything to fix the problem, you're most likely not going to be charged.
2) "Support" isn't just calling Microsoft. It also consists of paying on-staff administrators to support everything. The admin(s) that are currently there, if it's a Microsoft shop, are probably MCSA/MCSE's and most likely not that well trained in Linux. For a mid-size business, a salary of 40-60K for another admin is probably a very prohibitive expense.
Reading the replies so far, I can't help but wonder, why do people try so hard to spin any survey results that look bad for Linux? You don't see this in Windows articles or other topics regarding other competing operating systems. But when an article is posted that reveals that the Linux movement isn't 100% full-steam-ahead in all ways, everyone starts splitting hairs. "It said IT executives, not sysadmins!" Well, who do you think the sysadmins are working for?
A lot of these places have systems they have been using for a decade or more. It's going to take a while for them to "see the light" so to speak and just convert everything over to Linux when whatever works for them...still works for them. Seriously, why should they switch if they are happy with what they've got?
I suspect most of the disinterest in Linux stems from the fact they already have systems in place that work for them. However, small businesses would be more interested in Linux because of price, and large businesses because of price and platform. Mid-size businesses don't have the resources to switch everything over, but have enough to have already chosen a system previously that still works fine.
I imagine if you did this same survey with other operating systems like, say, Windows Longhorn, you'd find that mid-sized businesses are pretty much disinterested in it too--why switch from what they've got? In other words, not necessarily anything to do with Linux specifically. Any switch of systems is going to require a support cost, not just Linux.
I don't see much difference in this and contracting out physical security services. If Acme Security provides the nightwatchmen for you and also for your rival down the street, are you going to worry about them letting your rivals come in the back door and rummage through your place at night?
There is no conflict of interest in providing security for competing businesses. You have a contract with each business to protect their network infrastructure. You do not have a contract to help their business succeed or to assist them in any other way. You specifically don't have any interest in helping one company to accomplish illegal acts of corporate espionage. Your interest is to protect each network and there is no conflicting interest for you to take any other action. It isn't at all like the case of, say, a law firm representing two competing businesses. While there may be a small number of managers who won't grasp that, most business people are familiar with a company providing services to multiple organizations, including competitors. Do you think they worry about the power compnay cutting off their power in order to help a competitor? How about UPS letting the competitor look through their packages? The phone company letting them listen to phone calls?
"The legitimate powers of government extend only to such acts as are injurious to others." Thomas Jefferson.
There's also the KDE approach. It has separate applications for mail, calendar and address books. However, they all communicate together well, and they're built in such a way that an application like Kontact can embed each of the individual pieces into a monolithic, Outlook-style interface.
It's the best of both worlds, I suppose.
We don't know what the actual report says (and I'm sure not going to buy a copy), but there are some definite red flags surrounding this report.
1) Infotech says that Microsoft didn't pay for this report, but they weren't asked who did pay for it, nor were they asked how much of their business is derived from Microsoft.
2) We don't know who the 1400 executives were. Were they all in the IT department? If not, do they erally know what is in use in their IT department?
3) According to the survey 27% of these companies were already using Linux. That is a huge number. I think it is save to say that 10 years ago, the number was 0%. The report says that Linux use has 'stalled' in this market, but if they haven't been doing the survey every year, how do they know that?
4)Even if it were true, it at best represents a snapshot of the marker today. GNU/Linux is continuing to improve at an extremely rapid pace, and Windows is not.
5) Finally, and most import, who cares what other businesses are doing? If your business can benefit from using Linux (or not), that is the only thing that matters.
Why would anyone choose to spend thousands of dollars on something when they could get it for free? It's because they believe they will spend more money in the long run.
Why don't you try this as an experiment. Pretend that someone else built a firewall for the company three years ago. They left and it has been untouched in all that time. Imagine that it suddenly goes down, the whole office if offline, and nobody (including yourself) at the company knows anything about the mysterious firewall.
Now, try to find support - someone to come to your office and fix the machine. Actually go ahead and make the calls for emergency repair service - pretend like you're shopping around. See what the prices are.
I'd be curious to know the results of this myself. My gut tells me that it would be tricky to find someone. But, once you found them it might not be that much more expensive than windows.
TODO: come up with a clever sig
There are a few things that I think the /. crowd doesn't get:
Most businesses are NOT tech businesses. As a result, they tend to want to keep their costs for tech low and support options open.
Virtually all businesses looking into Linux would be migrating from Windows. The fact that Windows is the core of their technology infrastructure and the support options are there (hardware, software, niche market software, inhouse software, etc..) its VERY difficult to transition.
Sure there might be future cost benefits but are those guaranteed? Doubtful. Microsoft is making inroads in areas that are considered issues -- primarily malicious code and security issues. Reliability (ie BSOD and random reboots) are in large part not much of a concern anymore -- MS has addressed this issue since ~w2k's release.
So I agree with you -- its not a surprise. From what I have read, the ONLY people currently transitioning to Linux are the following:
- Large corporations with a stake in the success of Linux (ie ibm, novell, etc..)
- Governments that are interested in re-investing in their economy instead of pushing money MS and the US economy.
- Small businesses and startups that do not have a pre-existing infrastructure based in Windows (generally tech based startups).
- Select portions of a companies infrastructure that does not require much more than a web browser or single, in-house app.
I think that about sums it up. Needless to say, as these segments grow, it will put pressure on the others to futher maximize their tech infrastructure to stay competitive. As more companies utilize FOSS and can show definitive cost savings.
Hopefully the IT team at these companies are aware of the changing landscape and have already started to plan for the _possibility_ of migrating to another platform in the future (ie make sure existing software is cross platform, etc..) -- I know this is where I am with several companies, so even though the companies are primarily Windows, the ability to transition in the future is becoming less of a "chance" due to pro-active migration to FOSS/cross platform apps and open standards.
If a full Linux infrastucture is in these companies futures, I think for most of the employees, when that day comes, it will be about as big of a deal as a Windows upgrade -- some relearning where stuff is located, but not the huge divide that existing companies making the transition have to overcome.
Exactly, this is the problem with most slashdotters. Anecdotal experience always supercedes factual evidence and common sense.
"New survey says most computer users find Linux hard to use."
Slashdot response: "Bullshit, I run 35 setups with all different distros, custom kernels, etc etc blah blah [insert linux techno elitist geekspeek here]"
Nobody cares about your individual computer "skill" or your individual life experiences. Hey, Fefe may hae worked for, like, 200 mid-size businesses...even if thats the case, he STILL can't compare to the official survey of over 1000 mid-size businesses.
Every single institution I've been at bought computers in bulk from Dell, with the OS (windows) pre-installed - only those with special needs (and were pretty computer savy to begin with) used Linux. Linux simply isn't a household name in the desktop market. Besides, practically everyone uses Windows or the Macintosh - sticking with a popular OS (real or perceived, it doesn't matter) reduces the risk of incompatability with the rest of the world.
"Linux is free, but the support for it is not."
While it's entirely possible (and easy) for anybody who's interested to get their hands on Linux, consider the company to which many businesses will go first: Red Hat.
Have any of you looked at the cost of a Red Hat Linux subscription lately?
Feast your peepers on these numbers, my friends: Red Hat server licensing options.
Sure, you don't have to go with a solution like this, but any company that depends even a little on its IT department is going to want some real support and culpability - they aren't going to just be throwing Slackware on machines willy-nilly.
Food for thought, mes amis.
- Rory [Microsoft Employee] | Free dirt: neopoleon.com
"Cheaper to stick with Windows for the sheeple."
[Slogan]
"PHBs, use Linux so your IT geeks will no longer call you sheeple behind your back".
My experience with small businesses is that they almost uniformly consider themselves to be 'under the radar' when it comes to licensing issues. Small businesses are all about getting the job done quickly, compatibly, and as cheaply as humanly possible. They don't even blink in the face of considering a ready-made *NIX solution provided it meets those three criteria.
But marketplace reality is that proprietary commercial solutions are, more often than not, the only out-of-the-box plug-and-go way to ensure standards compatibility. Small companies don't have the time or money to invest in custom IT infrastructure or even tweaking close-enough solutions to interoperate. So they pirate commercial products relentlessly.
If it's something under $100 or so, they might buy a single legitimate copy for the office. But any other commercial applications? Cracked downloads. Utilities? Unless it's under $50 or so, they'll buy grey-market pirated warez and feign ignorance regarding its legitimacy.
If it's something like AutoCAD, with an established record of hunting down and suing illegitimate users, they'll buy enough several-versions-old used copies to sit a box or manual on every employee's desk - but we're talking $30-50 boxes of otherwise obsolete five-to-eight-year-old 'lite' editions off of eBay. Meanwhile, that single new full version is what's actually cracked and in daily use on every employee's machine.
Heck, I've tried to impress upon management in such environments the importance of keeping legitimate software licenses, even going open-source where the cost of entry for commercial software is too high. But not only are these businesses small enough to feel 'under the readar' in the face of $100K-a-pop fines versus feigned ignorance of their licenses' legitimacy, they're too small to afford any sort of full-time IT staff.
And lacking dedicated IT staff, the cost of entry for roll-your-own open-source compatibility is just too high.
Off all the move Microsoft made toward customer lock-in, I think tying Outlook and Exchange together with closed protocol was the smartest. Making Exchange 2000 depend on Active Directory was the second smartest. Now that the suit are in love with Outlook and that most people equate email with Outlook, they have a pretty strong tie on the server room of most organisation.
As a side note, I can't believe people actually like Outlook. The damn POS is so confusing, I wonder how people actually get anything done using it.
Apparently, Novell is working on one.
:wq
Having come from a shop which manages Linux efficiently, and having done consulting gigs with Linux shops...
The problem with Linux is it's possible to manage it very efficiently but the majority of shops don't know how. Tools like cfengine and a reasoned and planned methods are not implemented as a discipline.
I haul out Kirk Bauer's "Automating UNIX and Linux Administration" and it's both a revelation and a threat to the staff, who spend their days either pointing and clicking or doing the same thing over and over again at the command line. How desparate is that?
Unfortunately, most of these shops are managed by bottom-line folks who do the do every day and never consider alternatives. The ones who hum along don't bother to respond to such surveys because they _get it_. They invest in the scaffolding that has to be built and once it's in place, the thing just plain flat rocks and IT finds its proper role - disappearing.
When I talk to such organizations about IT, I tell them "if I do my job just right, I disappear." It usually causes crossed brows and consternation, but it's so.
Linux advocates do themselves great injury by not creating and requiring open architectures and open methods of system administration. And disappearing. It's only sexy if you watch it all happen.
Windows is cheaper than Unix, that's true.
... Guess which one is cheaper ? And it is more true with Linux.
:-)
Linux is cheaper than Windows, that's true too.
The hardware costs the same.
The commercials softwares cost exactly the same.
(i.e. Oracle on Linux or windows or HP is the same price... but yes Oracle is expensive)
As for Linux , the OS is free.
Most the tools surrounding the OS is free too.
I work for a large company in the aerospace area we are around 23,000 employees. And most of the time when we use windows it is for "toys".
For real computing we use Unix and more and more Linux.
The ratio of Unix admin is around 1 for 20 servers
The ratio of Windows admin is around 1 for 5 servers
After paying vacations, benefits
A good windows sys admin is not cheap.
A Unix sys admin is not cheap either.
But it takes less Unix sys admin than windows sys admin when you manage a 18,000 devices network.
In my experience, the ROI on unix is proved to be a lot better.
Anyway to conclude my point,
I am still surprise that today, mid-size enterprises don't seem to understand that.
Are they too much influenced by MS ?
Do their analysis bias ?
I don't know, but its their money, not mine
I don't know whether Coursey supplied the headline (maybe some editor above him did), but it's one of the more Onionesque headlines one could see on a computer-centric Website.
"Midsize Businesses Have No Use for Linux"
Now say that again with a straight face, and wonder. This is stretch past even the stretches contained in the article that follows.
Now, surely there are many businesses (for various reasons, of varying degrees of rationality), aren't currently using Linux. (Or Mac OS X, or any version of Windows past 98, etc.) However, even the very few data points I know of (check out NewsForge, any big IT publication, Dr. Dobbs, etc. for more and better) are more than enough to make clear that Coursey's article is the usual Coursey -- provocative if you're a pal, flamebait if you're offended, laughable if you think that he's sincere, trolling if you think Coursey knows he's egregiously distorting the truth. I go with that last one, but Hey, maybe he's just a big prankster.
timothy
jrnl: http://tinyurl.com/c2l8yr / foes: http://tinyurl.com/ckjno5
Linux is free but support isn't? Well clearly, these geniuses have discovered an OS that has free support. Microsoft is doing that now, right?
I say this from professional experience in a small-mid-sized company: Windows complications are more common and more problematic than Linux's are. Windows has good marketing, but shit never works the way it's supposed to. And then you have to try and deal with a single-vendor platform to make it work.
But let 'em keep using Windows. Eventually they'll figure out that the guys using Linux (or *BSD) are better, faster, and more secure than they are. These guys are just a little slower than the rest of us.
Also: what do you think the odds are that these brain donors have Linux boxes running critical systems and don't even know it? Linux by stealth is really common; it's how I got Linux into my shop.
I, for one, welcome our new Antichrist overlord.
"Executives in $250M/year to $500M/year companies don't know, what systems their engineers are running. If the company is smaller, executives likely know more about what they manage, and if the company is larger, it's an IBM client."
Contrary to the popular belief, there indeed is no God.
- Only 27 percent of respondents currently have Linux installed.
- Almost half of respondents said they had "no interest" in Linux.
- Of the companies where Linux is not already installed, 48 percent have no interest and an additional 15 percent are not sure.
So let me get this straight, 1/4 of midsize businesses are already using linux, and another ~ 1/4 have interest in it. And the conclusion we're supposed to draw is that mid size companies have "no use" for linux?MRSH-Recording device, corned beef sandwich with kraut, seafaring bird, and the foamy top of a beverage.
mid-sized business use midrange apps. E.g. Forth Shift, Visual Manufacturing, etc. Which were written in the late 80s/early 90s. For the Windows API.
Have you reported the incompatibilities between Wine and those apps both to the Wine developers and to the app developers?
Coursey is a familiar open-source basher and well used to distorting the picture. He has even been quoted as saying that commercial software firms do the innovation while open source mostly copies. This myth has been well debunked before but in case you missed it consider MS and tell me:
who "innovated" DOS, gui computing, windowed applications, mouse based ui, menus, word processor, spreadsheets, email client, address book, database... you get the picture. Such willful ignorance of the facts is quite staggering and makes for good reading/flaming.
Which causes me to wonder if Coursey really believes what he writes or if he's just there to create reaction. eWeek has more than a few OSS fans and Coursey knows he's kicking the nest. Maybe he's just having fun?
One particular scenario was a firewall. I suggested a Linux firewall due to the lower upfront cost. Now, there were a Microsoft shop, but a firewall is not something that has to be administered everyday (when it is working properly). Instead they decided to go with a Checkpoint firewall that cost them a hell of a lot more.
Here's the problem: A firewall today is not just about "Linux kernel + iptables." Those Checkpoint boxes (and others) are full featured "security appliances" as they call them. They have features such as:
- application proxies to filter / virus-scan / monitor content: HTTP, FTP, SMTP, etc. (so you can say.. stop employees in the sales dept. from playing games on Pogo during 9-5.. to give an example of the granularity of control available)
- network monitors and various intrusion detection / prevention methods
- complete mobile VPN services, including dynamic firewalling rules
- user authentication services (used for VPN, proxies, replication to other network services, etc.)
- very complete GUI admin tool / management console. (and multiple security devices can be linked together throughout the company..)
- daily automated security updates (virus updates, IDS signatures, firewall software updates, etc.)
Can you do that all with free Linux distros and available OSS tools.. Mostly. Will you be saving any money by the time you've got all the raw materials kludged together into a working solution? Nope.
The Open Source community has failed miserably at producing real-world solutions. It has produced an enourmous amount of quality raw material. (And if you examine the commercial firewall solutions, you'll find much OSS being used internally!)
I think there is a good solution to this: The major free Linux/BSD distros need to have subprojects focused on specific needs. For example, there should be a "Debian/Firewall" sub-distro. (note: not a fork) It should provide a more or less ready-out-of-the-box firewall solution using pre-integrated "best of breed" components from the base Debian distro. If there are shortcomings discovered, the improvements can be fed back into the base distro using standard processes. If there are flaws found in the raw materials, this is a perfect way to make sure that OSS meets real world needs through user feedback.
Now apply this principle to all major areas of network services.. mail servers, file servers, web servers, etc. As long as there is a decent web based admin interface, there will be no problem getting organizations full of Windows-only IT staff to use more OSS. (And meanwhile all the old-school Unix folks are squirming in their seats.. Sorry folks, I don't like it either, but sometimes pragmatism is required. There simply aren't enough smart Unix people to go around. So we either compromise or we let proprietary software continue to dominate the industry.)
I'm not disputing their result, I am disputing their methodology.
A survey will be answered by suits in companies that large, and they tend to know nothing of the Linux installations in their company.
This survey would mean something if they asked the techies, the admins, the people who actually do something.
Also, many companies use Linux on WLAN APs or NAS solutions or the like without even knowing it.
Is a business with a turnover of about $200 million really considered a small business in the US?
As a side note, I can't believe people actually like Outlook. The damn POS is so confusing, I wonder how people actually get anything done using it.
Not only that but Outlook management demands a huge amount of time from the individual users. Outlook starts to run very poorly (if at all) once you have too many emails in your box so most modern office workers are specifically trained to use their email in a non-intuitive and inefficient way (delete as much information as possible, do not keep records, print stuff out and file it etc).
In a world where 1GB of storage can be had for less than 50 cents, it is ironic when an employee wastes a few hours every month deleting a few hundred KB of email so that their "productivity" application will continue to function.
Of all the phenomena I've seen in the industry over my career, none have been as inexplicable as the continued success of Outlook/Exchange. I once worked in an R&D center for an F100 company that had decided to go to Outlook. By the time they completed the rollover, our facility had spent enough money on the conversion alone to keep the existing service running for over a century, the ongoing costs were going to include at least 10x as many servers and more than 2x as many support staff and there was NO operational benefit. They briefly experimented with the resource scheduling system but the old pen and paper way turned out to work better. Many staff, used to a functional email system, had to delete enormous amounts of information (did I memntion that we were an R&D facility?). Finally and most ironically, more than half the staff had Unix workstations so 1) half the staff couldn't even use Outlook and 2) half the remainder had to be issued Windows laptops so that they could.
Suffice to say, that facility no longer exists and the company is now a 2nd rate player on a long slide to oblivion.
I've spent a lot of time thinking about this lately and I'm no longer worried about MS's domination. In every case where I've seen two competing companies where one is using Linux/Unix infrastructure and the other Win-based servers, the Unix company ALWAYS has lower IT costs and greater productivity. You can produce all the studies you want but ultimately, the company who's actual costs are lower and who's actual systems are more reliable and less of an obstacle to the mission will win in the market. It's sad that the dinosaurs will never even know what killed them but that's evolution for you.
What complexity? In alot of cases it is WAY easier to run certain apps on a citrix server, even if its windows software and windows desktops, and this has been the case for years. The time savings of having desktops act as dumb clients that boot off the network and run all their apps remotely from servers is immense. Its so much easier to manage a medium to large sized network this way, and managing software upgrades is a breeze.
And your savings comes from the time spent, you need WAY fewer admins to manage such a network. Also, you gain additional savings from the fact that you gain control of your infrastructure. You no longer have to upgrade hundreds of desktops when microsoft tells you to, often having to upgrade hardware too just to support the latest version of windows that provides no benefit.
I heard a saying some time ago "You won't get fired for choosing IBM. I think you can easily say the same about Microsoft. Many managers deal with consistant problems, missed deadlines, etc and would get questioned to no end if they were using (publicly) a cheap (inexpensive) or free solution. In my experience managers would rather not take the risk of a cheaper solution having issues, and not having a clear direction to point a finger if something was to go wrong. I often hear things from my management like "Microsoft is helping us work through this issue", in reality it's not a Microsoft problem at all but it gets the manager off the hook.
I have found the easiest way to get Linux into business is just do it, and do it quietly. It's very hard to say "Can't we do x with Linux?", but much easier to do it quietly then when the day comes up where a manager suggests a Microsoft solution to x you can say well we are already doing that with Linux and it's much cheaper (all costs considered) than the Microsoft solution. Try doing this the other way around and you will get shutdown 9 times out of 10.
Small businesses are run by people directly responsible for the revenue and expenses.
Huge companies are run by people only interested in their stock's value and who don't give a damn what the "techies" do, so they let Linux in.
Mid-size companies are run by people who aren't responsible for anything but their incompetence but don't want anyone rocking the boat.
Their problem is that as Linux takes over small business and huge business, they're going to have to deal with it anyway because those other businesses are who they have to do business with.
Otherwise, the study is just more propaganda - "Look! No one's using Linux! You better not!"
Bullshit. That attitude is WHY you're a mid-level business and not a big business - you're not willing to push forward hard enough.
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
My take on this...
It's my understanding that proper security requires a layered approach. A firewall should only be a firewall and run no other services. Obviously IDS needs to run on the external interface, but proxy servers shouldn't (they're basically a yes/no application, not something that needs direct external connectivity), and things like VPN need to live on the internal side. A network diagram would look like:
Internet
|
Firewall/IDS ------- Incoming only log box with console access only
|
DMZ (web, incoming smtp, pop/imap if you want it outside, wireless)
|
Second firewall / proxy
|
Internal network (workstations, servers, VPN, etc)
(and if you really want...
|
Firewall 3
|
Jail for virused/compromized/etc machines)
Part of the reason for the layers is that you want to limit the damage a hole can cause. What if the app you're running on your firewall has a remote root exploit?
So, how do these securiity companies get away with providing a single box to do all this? I can't say I'd trust all those services running on a single machine.
My BSD firewall has 4 network interfaces (external, internal, dmz, jail), connecting to two other servers (one for external services, one for internal services). That's all it does - all the other services run on one of the two other machines.
However, putting all the proxies in the right place is why I haven't used that setup fully (ie: I can stick my web server on the DMZ, but then it would be blocked from nfs mounting my raid on the internal side unless I allow the traffic or tunnel it, defeating the purpose. Without the mount, I have no backup and it becomes harder to publish content. Or, my VPN server needs to live on the internal side, but I don't want my primary LDAP/NFS server accepting incoming traffic from the outside.). I don't have the budget (or demand) to install a rack of servers to properly segment services.
Once I know where everything belongs I'll be able to put together packages (or even a big meta-package) with the various config files required to quickly duplicate the setup. I don't think we need a separate distro (and they are out there), but just a better collection of packages. I should be able to pkg_add meta-security-package which will configure the firewall, add squid, ask me to connect to the ldap/active directory/nis/etc. The only advantage the commercial vendors have is that they are providing meta-security-package.
I use Macs to up my productivity, so up yours Microsoft!
Why would anyone choose to spend thousands of dollars on something when they could get it for free? It's because they believe they will spend more money in the long run.
It also could be because people will pay a fair bit to mitigate risks that they don't understand. Tax time reminds me that I'm that way with accounting. Doing the tax forms myself would save me the dough I spend on my accountant, and it would probably be cheaper in the long run, even including my time. But taxes and the IRS are such a complicated world that I don't even know what might go wrong. I'm glad to pay the accountant a generous fee just so that I can focus on things that matter to me.
Also, the incentives for employees in mid-sized businesses can be different than those in larger or smaller companies.
Large businesses have the time and money to look at all the solutions and pick the best ones, rather than doing what everybody else is doing. If you can convert something from Windows and Linux and make the company net better off including conversion costs, you'll advance your career.
Small businesses will often follow along with the herd, but because they're pretty cost-sensitive and accustomed to trying to improve things, many people in them will be willing to try new, innovative stuff in the hopes that the risk will pay off.
But medium-sized businesses are, as you'd expect in between: a lot of IT projects aren't big enough that they can pay staff to really figure out the best choices, but they are comfortable enough that they'll write a check to make the problem go away.
In my company ALL corporate IT software is Microsoft (even though the account I'm on is supporting UNIX/LINUX thank GOD!). The fact of the matter is, a major reason why people choose MS is the same reason people choose CISCO. Even if there is a catastrophic failure....viruses blast all the PC's, constant crashes. People DONT get fired because they chose Microsoft. They can pan the excuse..."Well...it's windows what do you expect?". Management shrugs it off because to admit that they made an error choosing ONE vendor for their entire IT infrastructure makes them look bad. Choosing LINUX means that if it were to fail they would get panned for taking risk. From an individual manager's perspective there IS no personal career risk from choosing Microsoft. If it breaks...well everybody uses microsoft so it's not his fault (mentality)
Joe average users wants the ability to install his own software and use particular apps as much as the technical people do.
I disagree with that. We have a pretty well locked down environment and of course some people complain but overall, it works great. We do not have problems with people trying to get around the system. All they want is something that works and we provide it. Maybe the non technical people you are refering to are actually somewhat technical. Believe me, I work with many completely non technical people and the lockdown coupled with our policies is not a problem for them and does not cause hate and discontent. We have 7 offices and about 4000 people scattered throughout the world. Every desktop and laptop runs and looks exactly the same down to the desktop wallpaper and the icons under the start menu. All software updates, upgrades and changes are done at the same time for everyone, every printer in the company has the same style naming convention and can be installed from a single common place on our intranet, there is one common phone directory application on all computers. Every office has the same relative phone numbers for things like X5600 for the IT help desk, the copy centers are X5700, the receptionist is X5800 and so on (X being a different first number depending on what office you are in), anyone from any office can log into any other computer in the company and it looks exactly like their own and will function no different thier own. This arrangement is much better for the users then winging it and they know it and it helps everyone including the IT department.
They can want all they want, but they are not allowed to. The reasons are many, such as licensing, and possible conflicts with other business-critical applications. They can go home and play sysadmin there.
work tends to migrate off the locked down environment to a completely uncontrolled environment (home systems, personal laptops, PDA's, physical notebooks...)
One can be easily fired for copying company's files onto employee's own media and taking it home. Do you really think the company's property (Valve's source code, as an example) should be laying around on personal computers, where anyone can help himself to it?
There is no getting around high support costs and a high admin:employee ratio to actually support the business.
That's defeatism. Give every employee the s/w that s/he needs and lock it down. Let them then explain why an accountant needs PhotoGallery or Microsoft Messenger.
You can tell that the media still lives in the clouds :) I am in charge with OS deployment at a mid-size company (fitting the $$$ profile described above, toward the high end, actually). I have been encouraging and approving deployment of Linux for years, but there is a huge difference between what I want the market to find out, and the competitive advantage I find by "hiding" the fact that I am not using high-cost Windows, Unix or Mac solutions, to the rest of the industry. I much rather prefer my competitors spend their money on highly-priced solutions, by "feeding" such data, myself, in public surveys, and encouraging the FUD surrounding Linux, then publicizing Linux utilization inside my company. This brings me two huge advantages:
- reduced cost per solution
- keeping geeks around, 'cause apparently nobody else needs their services
Are you kidding me? What's better - feed the media morons with proper info, or increase my profit sharing and bonuses?!? ;)
This type of survey is no different that the ones about salaries: who is the idiot who would trust those, when we are all interested in filling the surveys with the lowest possible end of the salary levels, so that our employees do not look "across the fence".
Media ... hmmm ... c'mon, Linux guys ... you gotta know better than that!