Slashdot Mirror
Windows Cheaper to Patch Than Open Source?
daria42 writes "Is Windows cheaper to patch than open source software? Of course this Microsoft-commissioned report thinks so - but a number of people disagree, including a key Novell Asia-Pac exec, Paul Kangro. Kangro highlights problems with the report including the fact that it refers to problems faced by administrators before 2003: before significant improvements were made to Linux patching tools. 'We didn't have tools like Xen for Linux then,' says Kangro. 'When I patch my Linux box I don't need to bring it up and down any number of times.' Kangro also points out the report doesn't mention costs associated with rebooting systems after a patch is applied."
[...]problems with the report including the fact that it refers to problems faced by administrators before 2003: before significant improvements were made to Linux patching tools. 'We didn't have tools like Xen for Linux then,' [...]
Oh, come on. Practically speaking, we don't have Xen for Linux *now*. Sure it's cool and all (which is why it's slipped into this basically unrelated story) but it's not nearly ready for the Linux mainstream and I'd be surprised if more than a handful of people are using it heavily in production.
Really? The 'apt-get update && apt-get upgrade' i did earlier today on my debian (testing) box took less than a minute, and isntalled not just the latest security patches but also the latest versions of all my software. That was pretty-much free.
Conversely, windows update only updates windows (not my other apps), and takes at least 15 minutes every time i run it.
I just can't agree with that report. From 1999 to 2002 I did work for a datacentre with 150 Linux servers and 26 NT and then Windows 2000 server servers. Keeping figures on those I can say that the total downtime due to upgrades and patching for both groups in total was almost the same.
until recently, I was in charge for the Windows servers patching for a ~1000 units server farm, and all I can say is Microsoft sucks big time when it comes to fix high availability systems. I even developped in-house a patch management system because of the chronical unreliability of SMS for patch distribution. Comparing to a Linux based system using the simple APT, Microsoft is nowhere, useless, dangerous.
... all are great when you speak about gui, all sucks when you speak about efficiency. Not to mention the poor quality of M$ patches themselves: just have a look at the troubles a MS05-019 can provoke.
SUS, SMS, WUS,
Yeah, a good linux distribution wipes the floor whith the M$ patching goof.
Do you think that Novell's Kangro might have been talking about Novell Zenworks for linux?
http://www.novell.com/products/zenworks/
That's true. But you can argue that any system critical enough already has load balancing and redundancy. All of the Unix machines I work with have mirrors and load balancing. I don't know many people that patch their production machines while they are live anyway. Even though it is possible, it is still highly dangerous.
Both sets of hardware are about the same, so the cost is a wash.
/. ++
@ Windows has SUS
Actually, you can distibute patches with Linux as well. You can use yum and point it to a local repository with the selected updates/patches or all, then have the yum service running which automatically updates the system for you. (guys, am I incorrect here?)
Here we go again!
In addition to yast and yum, in Mandrake you can set up an RPM source (as a directory, share, HTTP URL, or removable media..) and it will update from there. So you would only need to download the patches to one central server, and set that up to be the repository for all the other computers on the network.
Pretty much any distro with package management can be used this way.
I hate to tell you, but there *ARE* hammer geeks out there... note that said geeks (blacksmiths) are usually building tools to do certain tasks, but they certainly are modding hammers... :-)
Windows has SUS, whereas Linux doesn't seem (excuse me if I'm wrong) to have any kind of distributed patch management for large businesses.
/diskless-root
Windows has one distributed patch management system. With Linux/BSD/etc. there are multiple approaches depending on what works best for your organization. Every Linux distro I've used is quite flexible in this regard. In my opinion, the ultimate is diskless workstations running off a fast file server (SCSI RAID, 1000Bt network). (30-40 workstations per server, replicate servers as needed) You can use local hard disks for caching if you like, but the ease of administration is the same.
Advantages:
- workstations are stateless and can be swapped out on the fly with no syncing
- reduced heat, power usage, and noise from workstations
- no need to either leave machines on at night for automated updates or initiate updates upon startup
- guarantee that everyone is using the exact same software
Updates are pretty much as simple as running a package manager on the master shared filesystem root used by the diskless machines:
chroot
apt-get update; apt-get upgrade