How Can I Justify Using Red Hat When CentOS Exists?

Bocaj writes "I recently spec'd out a large project for our company that included software from Red Hat. It came back from the CIO with everything approved except I have to use CentOS. Why? Because 'it's free Red Hat.' Personally I really like the CentOS project because it puts enterprise class software in the hands of people who might not otherwise afford it. We are not those people. We have money. In fact, I questioned the decision by asking why the CIO was willing to spend money on another very similar project and not this one. The answer was 'because there is no free alternative.' I know this has come up before and I don't want to beat a dead horse, but this is still a very persistent issue. Our CIO is convinced that technical support for any product is worthless. He's willing to spend money on 'one-time' software purchases, but nothing that is an annual subscription. There is data to support that the Red Hat subscription is cheaper that many other up-front paid software products but not CentOS. The only thing it lacks is support, which the CIO doesn't want. Help?"

Support them from your own money

[SharkLaser]

The only thing it lacks is support, which the CIO doesn't want. Help?

Then you get CentOS and stop trying to spend other people's money on things they don't want to. If you care about Red Hat getting their support, then donate to them yourself, from your own money. Red Hat sells support service, and that is their product. Otherwise, it's just a compilation of others software, just like CentOS is. It's obvious your company doesn't need the support service so CentOS suits you just fine. Pushing an agenda down others throath doesn't help open source's image either. It should come from their own willingness to help or by providing so fantastic service that people actually want it.

Re:Support them from your own money

[genghisjahn]

I think what he's saying is that he thinks they will need the support, and since they can afford it, why not get it?

Re:Support them from your own money

[mabhatter654]

The question is not how much support costs. The question is how much is DOWNTIME going to cost the company?

When you hit a problem your team can't solve what dollar value is that? Granted, for anything using a LAMP stack it is probably just as efficient to spin up a new server and start over versus a lot of money for support that isn't going to figure out all your custom stuff anyway.

I swear by IBM System i with IBM support. It's outrageously expensive, but they will call support engineers after hours when you have a problem level 2 can't handle. Microsoft's comparible offerings require a thousand seats.. IBM will sell you support for just one server.

In my case we have three steel mills worth $10k+ per hour of downtime... Even more if downtime causes rework. If we have more than an hour down I have vice presidents in my bosses office!

I suppose it's up to poster's boss, those C.I.O. Letters make it his decision... and his ass will be on the line when you have to explain why he didn't line up something to cover for things the minions can't handle.

Re:Support them from your own money

[Nazlfrag]

Why get it when CentOS fits the bill perfectly? Apart from the GP's rationale, it's also helping to build the profile and perception of CentOS if a major CIO advocates it. Congratulations are in order to the CentOS team for their great work, the fact it was even considered let alone requested is a testament to their excellence. Bravo.

Re:Support them from your own money

[hairyfeet]

How about for one thing its a perfect example of the "free rider problem" and why FOSS companies like Novell and Mandriva slowly bleed to death and simply can't compete with the R&D that Apple and MSFT spend?

I mean how many here even KNOW where CentOS came from? Because its not a nice story folks, and its a perfect example of why the leeches will bleed FOSS to death. Once upon a time there was a company that sold hardware that ran...you guess it...RHEL on it, but someone at that company said "Hey, if we strip all the copyrighted stuff out we can just take what we want and not have to pay RH shit! We'll save a bundle!" and so CentOS was born. And before anyone says "Well herp derp RH doesn't complain" what do you expect them to save? "Hey community please stop butt fucking us please?"

It is also a classic example of short sighted thinking shooting yourselves right in the face. Who gives more than any other company when it comes to giving back to the community? Why that would be RH. Now how do they pay for that? Ooops, didn't think of that, did you? Its the same reason I doubt you'll be seeing any companies opening their hardware anytime soon, as AMD bent over backward, even hiring coders to help the FOSS driver guys and opened their specs as wide as they could, and what did they get? every forum filled with guys saying "Herp derp, buy Nvidia".

Pretty much everyone with a brain is saying the economy will get much worse before it gets better as not only have we hit bottom yet on the two previous bubbles, but we have two MORE bubbles that could burst any time, the student loan bubble and the retirement bubble. Now what do you think is gonna happen to RH if the economy continues to tank and more and more potential and former customers take the same route? I'll tell you, first they'll have to scale back, which will make quality suffer. patches will take longer, new features won't be implemented, things will get worse, this will then cause more to leave as there are OTHER OSes they can have for free, right? Then you end up in a death spiral and if you aren't careful Red hat is another Novell. don't forget once upon a time both Novell and Sun were powerhouses in the industry too.

This is why I have been saying for ages "free as in beer" needs to die and be replaced by "free as in freedom" only. Hell even RMS says there is nothing wrong with making money from your code as long as others have the freedom to modify. But sadly what we'll see instead is short sighted thinking like in TFA, where they'll expect this poor schmuck to "just Google it" to solve even the most complex problems with ZERO support, hell they might even reward him by cutting his staff! Meanwhile MSFT and Apple get paid year after year after year, they have NO problem spending money on R&D and advertising, they just keep on coming. How are companies like Red Hat that are busting their balls for the community gonna survive if everyone says "Just use CentOS"?

Re:Support them from your own money

I used to run an AS/400 system. And you're right. IBM's support rocks. One time the keylock was broken on the unit, and we needed it working. My support guy came out, verified the situation, then told me the bad news - "The nearest part we have in stock is in New York." (I was in California.) Then my support guy smiled and said, "The good news is that I've gotten ahold of of one that's on an airplane right now, headed this way. It will be here in 45 minutes."

Now THAT is support. :-)

Re:Support them from your own money

[dbIII]

The question is not how much support costs. The question is how much is DOWNTIME going to cost the company?

If it's in the initial stages and nowhere near production that's likely to be zero.

Re:Support them from your own money

Because no product or service was ever made available before it was ready.

Re:Support them from your own money

but... isn't that the CIOs job to worry about in this case?

boss says do A. so you do it. worse case, boss throws you under the bus for it. chances are no lives are on the line, so...

Re:Support them from your own money

[smash]

People still buy red hat for the support. If the pay ware stuff in red hat was worth money, then people would pay money for it. Whining about red hat getting fucked when this is exactly the type of behaviour expected and encouraged by the GPL is disingenuous.

Re:Support them from your own money

[LordLimecat]

Im pretty sure if the need arose, there are scores of companies that would love to take your money in return for supporting CentOS, either on an ongoing or onetime basis. A good starting google search might be "CentOS Consultant" or "CentOS support", both of which return promising results.

To OP:
An ongoing contract is not always necessary; sometimes it makes more sense to do one-time issues. The CIO's job (and higher executives) is to make decisions like these based on their own experience and based on the recommendations they get from others. You have given your input, and he is deciding that, however good your advice it is, he is willing to take the risk for what he thinks is a better value. I would just accept that.

As a consultant, I have met smaller clients who, for example, insist on using Norton "business" products. I give my opinion on them, tell them I think it is a bad solution, and if they say "thanks, but we want to use norton", I have done my job, and they are doing theirs. Noone wants an engineer who thinks it is his job to make executive decisions, because it is not.

Re:Support them from your own money

[LordLimecat]

You are advocating "free as in freedom", but demanding that OP (and his company) not be allowed to choose CentOS, or that the CentOS team not be allowed to make CentOS?

Part of freedom means they may choose a path you do not like.

Re:Support them from your own money

[SockPuppetOfTheWeek]

And I think what he's saying is that his boss pays him to be the support, and if he's not going to be the support, why do they need him?

Re:Support them from your own money

[Gerzel]

Though I would also like to add:

DO check to make sure your organization has the support in-house. Support needs to be there one way or the other. If it is there then I agree with the CIO. Perhaps you might bring up kicking back some bucks for development to Red-Hat or keep RH in mind for future needs but otherwise if you got the skill-base to support in-house you're good.

Re:Support them from your own money

[LordLimecat]

The question is not how much support costs. The question is how much is DOWNTIME going to cost the company?

No, the question is what is OP's job description. Arguing endlessly with his superiors about their executive decisions is not going to change their minds or endear OP to them. Sometimes being an adult and a professional means accepting that your superiors will make decisions that you disagree with, and learning to accept that.

Re:Support them from your own money

[CRCulver]

This isn't a matter of freedom. He's not encouraging that the OP be locked up or that the license terms change. He's only recommending prudence to ensure that the Free Software ecosystem remains what he considers healthy.

Re:Support them from your own money

[buddyglass]

You make an excellent case against Red Hat's business model. A company that has to survive on charity isn't so much a company as it is...a charity. Personally, I would never fault anyone for choosing CentOS (and thereby choosing not to pay Red Hat) if CentOS meets their needs. They are in no way obligated to Red Hat as a corporate entity. If Red Hat can't hack it in the presence of competition from CentOS then Red Hat needs to die, because it's not providing a service anyone values enough to actually pay for.

Re:Support them from your own money

The key concern is not time to resolution, is time to problem detection. Problems should not lead to downtime, they should be detected in advance and either acted upon or ... well we now what happens in the alternative. You can't get that type of pro-active support from a vendor. You need it on site.

I work at a medium sized financial company, and while we do use redhat for all external systems we have not made a single call to their support in the last 10 years. We only use the because our customers demand that we have an official support contract for all of our production systems. Of course that doesn't mean we don't use Centos for all of our internal systems.

In a realistic scenario, the 30 day variation in patch times for 95% of all bugs between Centos and RHEL will fall in between the patch interval for your systems, leaving them in an equivalent state of security between CentOS and RHEL, the remaining OS level security holes that actually allow root access can almost always be mitigated at the network level.

If your in a position where your company has the money, do the right thing and go with CentOS + admins who know what they are doing, ie. Local to your datacenter/office have moderate programming skills in some language, and are familiar enough with programming concepts such as memory management enough to give you a general overview of Garbage Collection etc.

for the tech screen at my current position I had to walk through the entire boot process of a RHEL server from start to finish, and had to give a brief overviewr of Some nifty tools I developed back in college.

Re:Support them from your own money

[scamper_22]

The op really doesn't provide must details on his company.

Assuming they have some kind of IT staff in house, there isn't really much need for a regular support contract. Chances are the in-house support will end up doing most of what RedHat support will do. They will install, patch, lookout for security... From what I've seen, no company *trusts* a vendor. Just because RedHat says a new distribution is ready, doesn't mean your company will trust it. It still has to go through your internal company *certification*. So regular support is worthless for most companies with in-house support.

Now, if you are running something mission critical where you guarantee your customers 99.9999% uptime. You might want that enterprise level support... and it will cost you. This is the kind of support you go on the phone and they send their best people to you no matter what time of day to fix the problem.

My hunch is the CIO doesnt judge this to be the case, so made the right choice by opting for cent-os.

Re:Support them from your own money

[LWATCDR]

Well maybe he gets FOSS. Maybe he expects that his staff should support the OS. He pays his staff to do more than call a phone number.

Re:Support them from your own money

[ghjm]

Red Hat's share price is at a 5 year high, and I believe their revenues are at an all-time high. If they are being crushed, it is in some wierdly subtle way that shows up on the balance sheet as strong revenue and profitability.

Re:Support them from your own money

[igreaterthanu]

If Red Hat can't hack it in the presence of competition from CentOS then Red Hat needs to die, because it's not providing a service anyone values enough to actually pay for.

Except that Red Hat does provide services people value, they're they top contributor to the Linux kernel. People want Red Hat's software and they have two options, pay for it, or get it for free (CentOS). This is a similar problem to the piracy in the music industry; except it's worse because using CentOS is legal.

Not only this, but the more effort Red Hat puts in to make their software better, the less support people need and so the less money they get (From people not buying their support).

Re:Support them from your own money

lol. you said "adult" and "professional" on slashdot, home of the immature and inappropriately dogmatic.

Re:Support them from your own money

[donaldm]

Too many people think that because CentOS is basically a clone of the Redhat distribution they don't really need support or they have enough technical people who can provide support. This is fine until something goes wrong and it is very hard explaining management that there no need for software support when many software applications and other OS's do require support contacts (at least in the eyes of management).

Personally I don't have any issues with using CentOS in none critical environments, however if you have as an example a production Linux database server running Oracle then I would be pushing for Redhat support since in the majority of cases you would have an Oracle Support contact in place which is normally very much more than paying for a Redhat subscription. If you as the IT manager push for a CentOS solution on production machines then you are really risking your career, but if you are directed to get CentOS then get CentOS, however make sure you get this in writing otherwise you could be the one that gets the blame if something goes wrong and your people cannot fix the issue.

To sum up, in a Linux solution production environment it is always the best policy to choose a solution that is supported at the hardware, OS and application level. Choosing not to have OS support should a a senior management decision and all the IT manager can do is point of the pros and cons. It is not a matter of "spending other people's money" it is doing what is best for the company.

Re:Support them from your own money

[buddyglass]

Again, everything you've said argues against Red Hat's business model. They're contributing to the linux kernel and not getting paid for it. They're trying to eke revenue out of providing support for something that, apparently, many people feel they don't need support for, as evidenced by the popularity of CentOS. If Red Hat's kernel contributions aren't adding to the company's bottom line then they owe it to their shareholders to stop spending money paying developers to contribute. If it is adding to their bottom line then you shouldn't feel as if you "owe it to them" to buy their support services as a means of subsidizing their kernel work.

Re:Support them from your own money

[afabbro]

Don't let the fact that RedHat loves CentOS, supports it, and is happy to have enormous free testing of their flagdhip product interrupt your ALL CAPS EMPHASIS rant.

Re:Support them from your own money

[turbidostato]

"Hey, if we strip all the copyrighted stuff out we can just take what we want and not have to pay RH shit! We'll save a bundle!"

Well, and the "no so nice" part is?

Red Hat decided on their own way to do business. Such a way included not developing an OS from start but instead using an OS with a license that allowed them to package it and throw a brand, a marketing campaign and a support business but it has a cost Red Hat was willing to accept: that others could do the same.

The end result is that Red Hat pushes money at it because it works for them, CentOS rebrands the software because it works for them, and I as a user have a choice that fits me. The day each respective choice works for the given agent no more is the day they'll change boats to look for greener coasts.

But that's the basis of free market, now, isn't it?

Re:Support them from your own money

[turbidostato]

"The question is not how much support costs. The question is how much is DOWNTIME going to cost the company?"

You say it as if paying Red Hat's support would magically lower DOWNTIME when compared to using CentOS.

Now, is that the case?

Re:Support them from your own money

[mlts]

There are two reasons why I am speccing RedHat over CentOS, and neither have to do with support:

1: Application support for production systems. Yes, it shouldn't make a difference, but if I call in for support on an application that specifies the list of supported operating systems, and its not RedHat, there is a good chance I'll get laughed off the phone with "sorry, no app support until you have a supported OS".

2: FIPS, Common Criteria, and other certifications. These can mean the difference between "due diligence" in IT versus bad faith when it comes to an audit. Yes, this is pure legal eagle stuff, just like the requirement that the 64 CPU POWER7 box in the rack has to run McAfee, but it means the difference between passing an audit, or perhaps getting a contract terminated.

This doesn't mean CentOS is bad. It just means that having the certificates that come with the commercial version of RedHat may mean success or failure when the CPAs and the JDs are done extracting their pounds of flesh.

Re:Support them from your own money

[bluegreen997]

This is why I have been saying for ages "free as in beer" needs to die and be replaced by "free as in freedom" only.

So someone who just wants to hobby code a project/driver/whatever and give it away is a bad person?

Think about what you said for a moment. Yes I agree that there is a point to what you are saying overall but you lost me with that right there.

Re:Support them from your own money

[epine]

If Red Hat can't hack it in the presence of competition from CentOS then Red Hat needs to die, because it's not providing a service anyone values enough to actually pay for.

There's a big difference between price as determined by market dynamics and willingness to pay. Red Hat is doing work people are willing to pay for, but parasitic market dynamics create a condition where people don't have to. It's a parameter in the Red Hat business model whether enough people can tell the difference.

The same dynamic exists with second hand bike parts. Let's suppose a pawn shop has a bit of both. If I make a point of purchasing only those parts where I have fair confidence that the parts aren't stolen property, other scumbags will show up and buy whatever remains asking fewer questions. The few bucks I saved will soon need to be invested in even larger and more pointless bike locks.

I know that Canada used to sell (and might continue to do so) tritium for non-weapons use only. This only makes it easier for the entire supply of American produced tritium to be consumed internally. Net effect: more tritium available for warheads.

Mother Nature seems to have pointed the species toward figuring out where your bread is buttered, at least some of the time.

The Evolution of Cooperation

It's pretty sad with the size of the human brain that the best most people can manage is asshole calculus. Mother nature doesn't cluck half so approvingly as you wish to believe.

Re:Support them from your own money

The boss is always right, because he pays you. That means you get to do whatever dumb thing he wants you to do, because it's his ass on the line.

Re:Support them from your own money

[gr8_phk]

Just one more thing... It would be nice if you've got the CIO response in email. Then, should your whole world ever come crashing down due to lack of support (I don't think that's likely) and he blames YOU in front of his boss for skipping the support deal, you can just hold up the email. I'm being half sarcastic here - I don't think there will be a problem of that magnitude, and finger pointing at the CIO is only something you *might* do once you're screwed anyway and is really playing with fire. But having such things in a drawer is sometimes fun to think about ;-)

Re:Support them from your own money

[epine]

I saw this myself for the first time recently.

Store Wars

Another illustration of what happens when paying less is where thinking ends.

Re:Support them from your own money

[PC+and+Sony+Fanboy]

Part of freedom means they may choose a path you do not like.

So at what point does your freedom to free-ride become an infringement on my freedom to not support your free-riding ways?

Re:Support them from your own money

So when the shit hits the fan with this install, can he call you to come in and fix it for free? His agenda is not to support Red Hat. His agenda is to not be out on a limb when he needs something fixed. Sounds to me like this CIO is short sighted or delusional about the cost for post prod exepenses.

Re:Support them from your own money

[Anthony+Mouse]

Not only this, but the more effort Red Hat puts in to make their software better, the less support people need and so the less money they get (From people not buying their support).

This is wrong twice: First, lowering support costs lowers the operating costs of their support business. Then for cost conscious customers, they can pass part of that savings onto the customer to make it so that the value of the support services still exceed their price, while still making similar profits. And if they can price discriminate then for less price-sensitive customers it means the same revenues at a lower cost, so more profit.

Second, lowering support costs makes their platform more attractive to customers. If more people switch to it because of relatively lower support costs, the customer base of prospective support customers is larger and they can sell more support contracts.

The failure mode would theoretically be that they improved the product so much that it no longer requires any support at all, but that seems highly unlikely. And to the extent that it did happen, why is that a bad outcome? Are we so focused on profits and growth that it should be seen as undesirable that a company set out to fix a problem, and actually fix it once and for all? Or is rent-seeking the only way to do business now?

Re:Support them from your own money

[ScrewMaster]

Don't let the fact that RedHat loves CentOS, supports it, and is happy to have enormous free testing of their flagdhip product interrupt your ALL CAPS EMPHASIS rant.

Well now, to be fair, he wasn't ranting in all-caps. He was ranting in boldface.

Re:Support them from your own money

[leenks]

Where I am working at the moment runs Centos on many of their servers. Why? Because they are a consultancy and many clients are using RedHat. Centos allows them to develop against it with relatively high confidence it will work the same on RedHat (as well as you could expect developing against RedHat on a development network and then shipping a product to be deployed in a different environment at least). I don't see the client base changing to Centos for deployment - they need / want the support blanket.

Re:Support them from your own money

[ScrewMaster]

The end result is that Red Hat pushes money at it because it works for them, CentOS rebrands the software because it works for them, and I as a user have a choice that fits me.

In practice, it's similar to Microsoft's acceptance of illegal copies of Windows. They would rather have the license fees, of course, but in lieu of that they'll accept mindshare. And what CentOS is doing is helping to maintain Red Hat's mindshare. A company might start out with CentOS, eventually experience some growing pains and realize it needs support, and be able to move right into Red Hat's lap.

Don't know if that happens a lot, but it would be another reason that Red Hat tolerates and encourages CentOS.

Re:Support them from your own money

[ScrewMaster]

The boss is always right, because he pays you. That means you get to do whatever dumb thing he wants you to do, because it's his ass on the line.

It's your ass too, in many cases. That's why you make sure that his decision is properly documented as not being yours.

Re:Support them from your own money

[bsDaemon]

CentOS has really fallen behind the mark. It took them forever to get. out the door and by then rhel had already made a new release. The servers I put rhel on get base updates much sooner than the centos boxes and with epel and rpm fusion, im not for want of anything on those boxes. Then again I have an ungodly number of rhel licenses available and my company partners with red hat. I used to like CentOS but for a while it was looking like I would see mass deployment of IPv6 sooner than CenOS 6.

Support doesnt just mean getting a number to call. It means getting your security and bg fixes in a timely manner. If the OP communicates that sentiment and is still shut down then I hope this system isn't public facinbecause that's just going to be asking for it.

Re:Support them from your own money

[ScrewMaster]

"The question is not how much support costs. The question is how much is DOWNTIME going to cost the company?"

You say it as if paying Red Hat's support would magically lower DOWNTIME when compared to using CentOS.

Now, is that the case?

Sure it can. Machines fail, applications crash, it's the nature of things. All things being the same, it's not a matter of when it goes down ... but how fast it comes back up again. And that's where stellar support can make a huge difference. But you have to weigh the costs of downtime versus the cost of support. And you have to figure both direct and consequential costs.

Re:Support them from your own money

[Courageous]

If those are important to you, spec Oracle Linux instead. It's like CentOS, in that it derives from RHEL, but you can get the Internet only support contract for the server OS at 1/10th the price of RHEL's annual charge.

Re:Support them from your own money

[geekmux]

Why get it when CentOS fits the bill perfectly? Apart from the GP's rationale, it's also helping to build the profile and perception of CentOS if a major CIO advocates it. Congratulations are in order to the CentOS team for their great work, the fact it was even considered let alone requested is a testament to their excellence. Bravo.

If ANY product wants to live and breathe in the commercial world, then they should know damn well that most Enterprise-class solutions are backed with an SLA, and therefore should be backed with a offering of some level of professional support.

Trying to explain to the company that the server still isn't working right because you haven't found the answer in Google or on Wiki pages will not likely result in continued employment.

Regardless, in this scenario, it's the CIO's call. I say get it in writing as a standard CYA move, and press on. If shit falls over and slips outside of the SLA, then at least you've got some documentation to back the decision to take this risk.

Re:Support them from your own money

[kandresen]

I agree with parent here. There are good reasons when to use Redhat and other good reasons to use CentOS. I think you do a major mistake if the reason you want to choose Redhat in a job is in order to support Open Source. You must make a real business case to justify investing in Redhat here - to support Open Source is not a business decision!

You must for example focus on the potential cost of downtime from one solution over the other. Maybe the solution you build have critical components to the company, where quick patches are essential. Redhat will for sure patch much quicker than CentOS issues like Apache, DNS, and other forward facing applications, and you might be able to make a business case of the value of those days with vs without protection. Of course - if you for example only have an informational site it would be a tough sale... But if your site have thousands of daily users its something else.

Another issue is code review. Redhat has a major QA process, so in most cases you might not need to manually review their patches for your solution. For CentOS you are on your own, so you got to test everything much more thoroughly before doing large scale deployments company wide.

Then you have an entirely different aspect of this all - I did once convince management to use Redhat ES above alternative solutions due to support and our solution did have major exposure from all over the world. But, we started quickly to find that our needs where NOT met with what was certified!!! We suddenly had to have custom installations of Sendmail due to the one included in Redhat at the time did not support keeping copies of all outgoing mail, now we had no longer Redhat support for Sendmail... Then we had to use PHP modules that were not built into Redhat's PHP build... We ended up needing a custom build of Apache, PHP, Sendmail, and much more, and the next thing management would ask of course was:
Why are we using Redhat now? None of our critical solutions have support anymore... Only MySQL and other minor things...

I got a great lessen to learn from that incident and I will not do the same mistake again. I do see when I should recommend Redhat and when I should recommend CentOS for a project today. There are many factors - going Redhat servers are usually for things that must stay reliable - that run quite stable software - and you hardly should touch. It might also be when a good sales argument to your client is that you run on fully certified solutions. Dynamic servers where you are expected to upgrade to the latest and greatest constantly are for sure solutions where you should suggest Redhat to management.

Sit back and review why it is you think Redhat is better than CentOS for this project. If you can't manage to justify it with benefits to the company you work for, then CentOS is most certainly the correct solution for you!

Re:Support them from your own money

[Microlith]

Or it's the mark of an anti-FOSS troll, and looking at hairyfeet's posting history, he certainly comes across as one.

Re:Support them from your own money

[Score+Whore]

Who gives more than any other company when it comes to giving back to the community?

Shaft? No, wait. That's wrong. The right answer was Sun. The community totally shit on them in return.

Re:Support them from your own money

[blue+trane]

At what point does your freedom to not support my free-riding ways become so set in stone that I no longer have the freedom to question your decision?

Re:Support them from your own money

[Raumkraut]

At the point you choose to use a non-Free licence.

Re:Support them from your own money

[Anthony+Mouse]

Pretty much everyone with a brain is saying the economy will get much worse before it gets better as not only have we hit bottom yet on the two previous bubbles, but we have two MORE bubbles that could burst any time, the student loan bubble and the retirement bubble. Now what do you think is gonna happen to RH if the economy continues to tank and more and more potential and former customers take the same route?

Let's see. First more people will switch to open source to save on licensing costs. Then some of those people will need support services, and some of those people will buy them from RedHat, and RedHat will take their money to the bank.

if you aren't careful Red hat is another Novell. don't forget once upon a time both Novell and Sun were powerhouses in the industry too.

Don't forget that Novell failed as a proprietary software company before they failed as an open source company. And Sun much the same. Sun in particular demonstrates that the community model works a lot better than the CDDL-style "this is our code but if you want you can toil for many hours without compensation to improve it and then have your changes rejected" model.

And I still don't get how this supposed for-pay but free as in freedom model is supposed to work. If you can get a copy of the Linux kernel by paying $10 to RedHat, and then twenty thousand different people each make some improvements, do you now have to pay $200,000 for a copy of the Linux kernel so that they can each get $10? Or does it still only cost $10 but you split it twenty thousand different ways so that they each get a twentieth of a cent? Neither one of those seems productive. The first is blatantly useless, the latter is inferior to the current model because it creates high transaction costs and yet each person is only going to make an extremely modest amount of money. Plus, it makes no consideration for the value of each contribution, but attempting to value contributions would require a great deal of overhead and result in copious flame wars, pissing contests and (since money is involved) litigation. It doesn't seem worth it.

Re:Support them from your own money

As an investor, and a Linux sysadmin I can say a few things here.

1) Red Hat stock always goes up as the overall economy goes down. For example, the recent recession starting in 2007 Red Hat stocks performed well because during hard times they have an increase in revenue as companies are looking for price performance in their IT projects. So your statements about bubbles bursting are complete and utter crap, no offense. You seem to be smearing FUD rather than facts.

2) What does giving back to the community have to do with anything? Sure, Red Hat might give back to the community, but what does that have to do with the bottom line of other companies looking to maximize their IT spending? Red Hat is able to justify their giving back to the community by having a product on the front of the linux technology curve, or rather Fedora which is the technology well that RHEL drinks, and don't forget that Red Hat might give back tothe community but it's the Fedora community itself that is doing most of the actual giving. So it could be argued that Red Hat is getting a free ride on the backs of the community, hiring a few key developers here and there, and as a consequence gets more mind share of top developers in the open source world. So Red Hat giving back is more like a capital investment. Anyhow... like I wrote, this does not equate to a reason to pay Red Hat.

3) CentOS is dying. That all started when Dag Weirs left the project, it culminated when the developers wrote the open letter to the guy that owns the domain name for the project, their panties all twisted in a bunch about nothing. Finally many people quit using CentOS when they prioritized RHEL 5.7 over RHEL 6.0.

4) Scientific Linux is the new CentOS, and Red Hat even hired the guy behind SL. Everyone is impressed with SL, fast release cycle, open build process, and supported by Fermi and CERN.

5) Oracle Enterprise Linux is cheaper than RHEL, and in some ways better. The yum repo's are open and free, and they offer support that cost less then RHEL, and it can be purchased per incident instead of a subscription.

6) It's not just about the support! When you pay for the RHN subscription you are getting the opportunity to get support, AND access to patches. The patches is perhaps the most important part, and RHN does sell a non-support subscription (just patches) for a ridiculously low price.

Re:Support them from your own money

[wrook]

It's not my responsibility as a customer to compensate for a supplier's bad business model. But having said that, Red Hat is far from hurting with their "bad" business decisions. A quick google shows me that last year their revenue grew about 15% and topped $1 billion. http://www.newsobserver.com/2011/03/24/1076990/software-company-says-revenue.html They make a lot of money from support, but they also make a lot of money from contract work.

If their support is not worth the money, then it deserves to die (although from their success, I gather that a lot of customers value the support). If we're talking about aggregating software, Red Hat is also not the only players in the market. There's this bunch of volunteers that go by the name "Debian" which have been doing a great job of aggregating software without Red Hat's help. I can get any number of distros that Red Hat did not originally compile.

True enough, Red Hat does a lot of work on the kernel, on Gnome, on LibreOffice and any number of other worthy projects. But they don't do it out of altruism. They obviously think that their activities provide a return (and looking at their steady growth over the years, I'm inclined to agree with them). This is especially true as they increase their custom development operations. If you need a problem solved, Red Hat would be a pretty likely place to find the solution. This is how they make money.

The OP seems to want to give money to Red Hat based on altruistic rather than business reasons. Red Hat did a lot of work and the OP seems to think they they deserve a reward. But Red Hat didn't go into business with an expectation of entitlement for working hard. They went into it with the expectation of receiving compensation for value. If the company in question doesn't value the support, they don't have to buy it. It doesn't hurt Red Hat that the company profits from Red Hat's hard work. Rather it continues to provide opportunities where Red Hat can get in and provide custom services (or even support if the company later decides that they actually need it).

Re:Support them from your own money

[renegadesx]

The "in writing" part is important. 9/10 a CIO doesn't know anything and thinks his people are on the same level as the kernel writers themselves and has expertise on every part of the OS that hundreds guys employed at Red Hat get paid much more than you do to specialise in one component.

An IT Manager will almost never push for CentOS on a production system, a CIO however will as he is not a tech guy that understands how things work: he's a politician interesting in cutting costs.

However, if you are a big Oracle shop your CIO may want to switch to Oracle Unbreakable Linux as they already are giving it away for free (with support) to their bigger customers.

Re:Support them from your own money

[asdf7890]

From RedHat's PoV, someone using CentOS doesn't cost them any more than someone using Debian, Ubuntu, Madriva, or something else. They don't make money out of selling Linux, they make money selling the service and support contracts that go with it, and someone who isn't wanting to pay for that wouldn't use RedHat just because CentOS didn't exist.

There are parts of RedHat that CentOS doesn't include as they are not F/OSS licensed. Off the top of my head I can't tell anyone what they are (I'm a Debian person for the most part) but I'm sure it isn't difficult to look up - no doubt to some people those are worth some of what they pay them for the contracts too (or maybe they are things that make the support easier to offer? Remote admin related services and such? Either way it is something that CentOS, or Debian for that matter, doesn't have).

I'm sure RH would rather more people who used CentOS would pay for RedHat+support, but that isn't going to happen for the most part: if CentOS vanished today (as is seemed to nearly do a while ago when there were problems with a key maintainer) people using it would not automatically move to RedHat. It isn't like Debian (my preference, other perfectly decent options are available) doesn't have Apache, mySQL, Python, and all the other major packages that are commonly used, and for all the help RedHat has provided (I'm not trying to belittle them here: that have provided a *lot* of support to the Kernel and other projects in one way or another over they years) they can not claim that they created any of it wholesale.

They actually gain a little from CentOS: more people are using an arrangement very similar to theirs so to a certain extent that have a large group of testers out there, who RH have no particular responsibility to support and who help keep RH's preferred tool-chains relevant.

CentOS is no paragon of virtue (as you point out it was created to save money rather than for any technical or philosophical reason) but it certainly isn't a bad player in the market as you make the project out to be.

Your comparison with MS is interesting. How many small companies can you mention that have use MS support? Active people-paid-by-MS support, not the online docs and (unpaid) user populated forums? While large businesses no doubt get a fair amount of contact with MS I can tell you from the PoV of a small development shop with a collection of Windows, SQL Server, MSDN and Office licenses , we have once contacted MS and found it hard work. It ended up that we had to pay to push the issue beyond a certain point and claim the money back when it did turn out to be their bug not ours (it was a problem with the MMC snap-in API back soon after that was first "the way to do things" (I don;t know the exact details, I wasn't on that team). While not entirely unreasonable (I'm sure they get a lot of support calls that turn out to be a problem with the developer getting something wrong rather than MS's code being at fault) and the right result was where we ended up (a hotfix that was soon rolled into a generally available patch and a refund of all costs) it did seem to be harder work than I thought it should be. That was years ago and things may be completely different now, but "just Google it" is not the first port (and often only) of call just for Linux users who have paid no license/support fees, it is the first (and often only) port of call for Windows admins and developers too. I don't know what RH's support system is like, but for small companies moving away from Windows for what-ever reason the fact that they've never use the support "paid for" by licensing Windows/MSSQL/VS/Office/other is likely to make then take a moment to consider the CentOS/RedHat thing in a light favourable to CentOS. Back to my original point: if CentOS were not there the decision would be between and Redhat, it would not be an automatic customer for RedHat.

Re:Support them from your own money

> The right answer was Sun.

Sure, if the question is "Who's the whore that let oracle buy it and turned against every useful project they helped found."

Yeah, Sun's the answer. There's your question.

Fuck Sun.

Fuck Oracle.

M
P.S. I wouldn't post anonymously but I work for Oracle, and Larry Ellison is such a vindictive bitch I don't want to hear about it.

Re:Support them from your own money

[BitZtream]

Except that Red Hat does provide services people value, they're they top contributor [cnet.com] to the Linux kernel.

They're the leading contributor because the people paying for support need those features/bugfixes they are contributing.

Support contracts aren't just for helping clueless admins do their job because they're too lazy to Google.

Re:Support them from your own money

[DrgnDancer]

I'm a Linux support guy. I consider myself good at my job, and many bosses have agreed. That said, I'm one guy. Red Hat has dozens, maybe hundreds of engineers with in depth specialty knowledge of all levels of their OS. Need help with tuning kernel parameters or drivers to improve performance on a particular revision of some obscure SATA chipset? There's a good chance that the guy who wrote that module works for Red Hat. Having trouble tweaking your Apache config for some specialty web server? They have several Apache experts. Red Hat doesn't sell support like Microsoft sells support; where you get to talk to a Hell Desk guy and hope. They'll put you in touch with the guy that wrote the bit of code you're fiddling with, and they'll do it happily.

I've called Red hat Support four times in my career. Once I made a boneheaded error. Once I encountered what amounted to silly documentation error in the RHN docs. The other two times I wound up talking with software engineers who wrote either the actual code I was having trouble with, or worked directly on the project. No matter how good I am, I'll never be a subject matter expert on every variation of every piece of the stack that makes up a Linux web server, or mail server, or database server. I have a broad knowledge of how it all works together, I might be an expert in parts of it, but unlike the entire Red Hat team I can't be an expert in all of it.

Re:Support them from your own money

[kesuki]

simple if 'everyone' uses centOS on open hardware then there will be plenty enough blackmail on every politician and government that didn't embrace open source will be wiped out as their lies get exposed... so hackers will have plenty of time money and resource.
the internet has already caused the collapse of a lot of banking systems and the revolutions in many countries rely on open source tools to slip past dictators.

then again TV and radio were billed as game changers that would allow large populations of people to learn from the experts in a free and open discourse. also some people have nothing better or more exciting to do than to work with computers without being paid for it. i fall under that category and am permanently disabled (mental illness) which happened to me when i was an extremely hardcore gamer, since then i have stuck to easier games, and i am trying to read more, to keep my mind tuned up, without psychotic episodes. i also am rewatching things that i 'didn't understand' the first time through. mainly because i think understanding will help me be a better person. or at least it will keep my mind busy until it's effective usage lifetime is met.

Re:Support them from your own money

[turbidostato]

"Sure it can."

But of course it can. The point is: it *is*?

"And that's where stellar support can make a huge difference."

Regarding software configuration I can do as good as Red Hat, thank you.

Regarding user-level bugs, Red Hat can do liminary better than me and my "usual" extended support team (both in-house and externalized), and only from time to time (i.e. GFS).

Regarding kernel-level bugs, well, a server is going crazy... it might be the SCSI card flaking or maybe it is the SCSI kernel driver, or its interaction with the kernel or with other components. Do you think Red Hat by itself is going to cover the situation timely enough? More importantly: is it going to do timely enough that I don't need other security layers in order to guarantee my internal SLA (i.e, high avaliability, at least two hardware vendors for critical stuff, etc.)? And if I still need those other layers, does paying for Red Hat support too pay off?

Again:

"you have to weigh the costs of downtime versus the cost of support"

Not. You have to weigh the *differential* downtime cost (as if it was an easy task except for the trivial case of wholly managed services ala IBM) versus the support cost.

For the most part, OS-level support, specially when talking about open source OSs, is not because of the financial case but because of the CYA one.

Re:Support them from your own money

[Bent+Spoke]

This is more true than most people realize. Many companies/subdivisions decide on one or two hardware
choices (eg. HP G6 BL460C servers) . Redhat can't possibly test every combination of H/W with their
S/W. So only a fool would put full trust in them...

Re:Support them from your own money

[theweatherelectric]

Its the same reason I doubt you'll be seeing any companies opening their hardware anytime soon, as AMD bent over backward, even hiring coders to help the FOSS driver guys and opened their specs as wide as they could, and what did they get? every forum filled with guys saying "Herp derp, buy Nvidia"

With regard to GPUs, I currently have a (aged) Nvidia GPU but my next GPU will be the top end Intel Ivy Bridge. I'll be going Intel because I want a newer and faster CPU, the Ivy Bridge GPU will be fast enough for me, and most of all because the open source Sandy Bridge and Ivy Bridge support from Intel is strong now and improving. Intel seem like they'll hit the ground running for Linux support when Ivy Bridge is released. I want strong, out-of-the-box, open source GPU drivers for Linux and that's what Intel will deliver.

Here's a recent article from Phoronix which bencmarks Intel's progress with its Sandy Bridge\Ivy Bridge drivers for Linux: http://www.phoronix.com/scan.php?page=article&item=intel_sna_maturing

Re:Support them from your own money

Yes, the correct question is what does the down time cost. For us, I measure it in number of users time average salary per hour. We have one office with 700 users. Their Core, that all the closets tie into and then connects to the WAN, is a pair of Cisco 6509's, with redundant power supplies, SUP's and fiber to the closets. 4 hour maintnance is something like 9K each per year. So we speed 18K a year. However, they have been up for more than 6 six years. Because of the redundant SUP's, i can do ios upgrades with out taking them down. 18K per year may sound expensive, but I have zero down time for our users. Figure at leat $40/hr, including overhead, ect, thats $28k per hour for downtime.

Re:Support them from your own money

[kesuki]

toleration? what toleration? wpa actively seeks to cripple computers running a not 'genuine windows' they even released a patch that disables the update feature and acts like a virus... wpa even expires on legit windows systems that have been offline too long.
as much as i like FOSS android 'ice cream sandwich' proves that FOSS has the same problems with commercial success as non FOSS development environments. the same thing happens with firefox and memory usage.

Re:Support them from your own money

[zaphirplane]

In my experience, redhat support for a company with less than 2,000 seats falls into a couple of scenarios.
1. You call redhat, get lucky and you are told that the bug is known and getting worked on, i.e. a company with 2,000+ seats wants it fixed, and you benefitted little from calling redhat.
2. You call Redhat, bang your head against a brick wall, the guy on the other end gets frustrated or palms you off, with a “I’ll create a bug report”, to the untrained eye, the bug report does not contain enough information for someone to actually fix it and it’s gone into a black hole.
3. You call Redhat, you hit your head against a brick wall for a few days, finally the guy says, it’s a bug in mysql/apache/perl and we just package it, when they get round to fixing it and we get round to packaging it, the bug will be fixed
4. You call redhat, you have simplified the problem to a very simple case, the guy does not get it, and after a lot of banging your head against a brick wall, you are told the way you are using the s/w is pushing it too far, you say well that’s how race conditions show themselves. Blank stare hang up.

Re:Support them from your own money

[dremspider]

Yeah, this has been my experience as well, it is amazing how quickly you get a person who knows what they are talking about. It is a fresh relief from the usual "did you try turning it off and on". Half the time you are thinking, I know more about your product then you do kid! Red Hat is not at all like this. They get you to someone who knows everything about some little facet that you are having an issue with.

Re:Support them from your own money

[zaphirplane]

If you feel bad about leaching off redhat by using centos

If you are less than 2,000 seats, the 2,000+ companies are leaching off you, cause redhat does not provide you with usefull support and keeps the 2,000+ companies happy by subsidizing their cost thru you.
If you are using centos, you leaching off redhat's 2,000+ and 2,000 seats companies
If you are 2,000+ seats company you are leaching off the sub 2,000 seats people.

so you see, everyone leaches, the best position is either 2,000+ or centos. 0 - 2,000 seats you are screwed both ways.

Re:Support them from your own money

Noone [sp] wants an engineer who thinks it is his job to make executive decisions, because it is not.

What a shame. What a shame.

Re:Support them from your own money

[Ritchie70]

My philosophy is that I'm not paid what still seems like a somewhat shocking amount of money to just do what I'm told. You can get some kid to do that.

I'm paid to do my best to understand all the issues, make a clear recommendation, and to make sure that the boss clearly understands my recommendation. If the boss disagrees with my recommendation, it's my job to make sure they understand why I think what I think.

At that point it's on them if they want to decide against my recommendation. Sometimes it works out, sometimes it doesn't. And it becomes my job to do what they decided should be done, and to do my best to make it work, even if I think it's stupid.

It seems to me that the OP is still in the "make sure they understand" phase.

Re:Support them from your own money

[fatboy]

There are parts of RedHat that CentOS doesn't include as they are not F/OSS licensed.

As far as I know, RedHat only produces GPL software and always have.

Re:Support them from your own money

[smash]

lol. if you look at MY posting history, you could think i am an anti-foss troll. however i call it like i see it, and have gone from being a linux-freak (back in the mid-late 90s through to the early 00s) to more of a pragmatist. if you've got a unix app, run bsd or linux. if the app runs on Windows (or Mac), run that. its all about the apps.

Re:Support them from your own money

[amirulbahr]

If more engineers were making executive decisions the global economy may not be in the state it is.

Re:Support them from your own money

[Mr.+Underbridge]

So the issue becomes one of a cost/benefit analysis. I don't understand why it's not obvious what he has to do. Make an estimate of the cost of *not* going RH, in terms of outside contractors needed, employee hours burned, or the opportunity cost of downtime. Be liberal here, because you need to cover the costs of the unexpected as well ("unknown unknowns" in the Rumsfeldian space). Compare that estimate to the cost of the service. Go with whichever minimizes cost.

This is one of those skills that engineers need in order to communicate with management - give them what they need. This isn't really a technical issue, it's a budget issue. So give the CIO a budget.

Re:Support them from your own money

[dbIII]

just like the requirement that the 64 CPU POWER7 box in the rack has to run McAfee, but it means the difference between passing an audit, or perhaps getting a contract terminated.

That's just a sign of being too far down the management tree to be able to remove irrelevant requirements AND having poor communication with somebody who is high enough up the tree. Places that are better run have less unnecessary expense due to bullshit. The point of compliance is to comply to something sane and useful instead of fine details that make no sense outside of a narrow situation but get applied to everything.
Point 1 makes sense when it already takes DAYS to get to a second level of support that is able to do more than act as a filter.

Re:Support them from your own money

[icebraining]

Where is GP demanding anything? Please quote that part, I missed it.

Re:Support them from your own money

[bwcbwc]

Well, if your company is big enough to hire a CIO, it should be big enough to support an internal Linux support person/team. Either that or if you really think you'll need the support put an additional FTE in your project budget for a full-time Linux kernel and administration expert at $100k or so.

Re:Support them from your own money

[genghisjahn]

I would imagine (I have no numbers) that lots of companies that can afford a CIO also purchase Red Hat for the support in addition to having an internal Linux team of their own.

Re:Support them from your own money

"Hey, if we strip all the copyrighted stuff out we can just take what we want and not have to pay RH shit! We'll save a bundle!"

So let me get this straight:

1. 1. Open source developers create great software
2. 2. Redhat packages their work, add logos and tries to sell support.
3. 3. CentOS developers strip out the logos and give it away for free

Now remind me again who the leeches are?

Honestly, I'm not trying to imply that Redhat is evil, they've contributed lots of great things to the community. But they've taken 1,000 times more than they've ever given.

Re:Support them from your own money

[LingNoi]

AMD/ATI drivers are shit. They've always been shit. Thats why no one recommends them. It has nothing to do with open source. No one want's to support crappy products.

Re:Support them from your own money

[Meetch]

Preface: I play with RedHat at work, and CentOS at home...

All fine, except if the system isn't for Oracle products then the vendor supporting the app will look at you funny when you tell them what enterprise OS you're running on.

RHEL has a certification relationship with many vendors. OVM, CentOS, and even to some degree Fedora, while being very similar as far as the administrator is concerned, are completely different when it comes to what level of supportability you'll get. At least 2 of those won't be particularly interested.

Of course, if you're supporting your own custom application then the answer is to run whatever OS you're comfortable with. If you want RedHat to look as a matter of priority at a technical problem you're having that is say related to their kernel, you'll have to pay them the license fee for that level of support. If your CIO wants a vendor to take some accountability, it has to cost something...

Then there are the certain applications that check the contents of your /etc/redhat-release file, and if they aren't happy with the answer, they'll refuse to go on. Of course, that's only a text file that any superuser can create. :)

Re:Support them from your own money

[tqk]

Holy crap. That zero content rant earns a +5 Insightful?!? Must be a slow news day. Holy crap.

No, I can't be bothered to attempt to refute this BS, except to say, didn't RH make a killing this past year?

Re:Support them from your own money

[wisty]

It's not the same dynamic.

If the ethical version would already be produced to meet demand (as is the case for bike parts, diamonds, and tritium), then segregating the market probably won't do anything (unless almost everyone jumps on board, which can happen but not too often). It won't be much different price wise, as you aren't really changing anything. You just pay for the sticker, and the warm feeling.

If the ethical version would *not* be produced (as is the case for RHEL, fair trade coffee, free range eggs) then buying it will make a difference, even if one person does so. It will both increase demand for the ethical version, and decrease demand for the unethical version. But it will be more expensive than the alternative. That's the cost of actually making a difference.

Re:Support them from your own money

[spooky_d]

Half of the current Linux kernel is contributed by RedHat. About half of the base environment IS managed by people hired by RH to do the job. the #1 thing in your list: a huge part is contributed by people from RedHat. Who work more on this than your average joe contributing to a project. So your list is like this: 1. Open source developers create great software. Some of them are supported by RedHat, from their money, to do FOSS 2. Redhat packages their work, add logos and tries to sell support to be able to support more FOSS development. 3. CentOS developers strip out the logos and give it away for free Who is the leech now?

Re:Support them from your own money

If we have more than an hour down I have vice presidents in my bosses office!

Right. So you tell your boss all your concerns, in writing, and let him make the decision.

If he doesn't want to have a Circle Jerk in his office with the VP's, it's up to him to do something about it.

Re:Support them from your own money

Plus be grateful your CIO knows the difference between CentOS and RHEL. Many would force you onto third rate software running on windows and you would end up having to make it work and you would be blamed for the resultant unstable mess.

There is nothing wrong with CentOS. The support that comes with RHEL is likely worthless if you have smart Linux people ( like you? ) Honestly, your CIO sounds like he knows what he is talking about.

Re:Support them from your own money

Fuck you.

Re:Support them from your own money

I don't know if that is entirely fair. Have you viewed the RedHat bug lists and compared them to the bug lists from most of the other major distros? Most everybody else links to Red Hat's bug lists---and many just port their patches. I have quite a bit of respect for the amount they have given back to the community (yes, even though they take in *billions*) and quite honestly, Linux would not be where they are today without them.

Re:Support them from your own money

[1s44c]

Except that Red Hat does provide services people value, they're they top contributor [cnet.com] to the Linux kernel.

They're the leading contributor because the people paying for support need those features/bugfixes they are contributing.

Support contracts aren't just for helping clueless admins do their job because they're too lazy to Google.

Fair point. But mostly support contracts ARE for helping clueless admins do their job. There are some cases where real development work is needed to fix an issue but that's pretty rare.

Re:Support them from your own money

[1s44c]

If those are important to you, spec Oracle Linux instead. It's like CentOS, in that it derives from RHEL, but you can get the Internet only support contract for the server OS at 1/10th the price of RHEL's annual charge.

Interesting. Is oracle Linux a cut and paste job like CentOS? I've seen perfect binary compatibility on CentOS but I've never even installed Oracle Linux.

Re:Support them from your own money

[1s44c]

Good companies provide their own professional support. You don't have to buy everything from outside.

Of course support might make sense for companies that don't have a few good Linux people.

Re:Support them from your own money

[SomePgmr]

I think maybe we're overestimating damage to RH from CentOS. Red Hat doesn't really sell software (with exceptions of course), they sell service.

A good, free implementation gets people using a platform. Just like with SugarCRM. The clients with money (the people RH cares about) can then, and quite possibly will, end up using various RH products, support contracts and equipment that comes from suppliers with both.

I think they've had a good, long time to figure out how to best run their business... and it seems as though they've got a reasonably successful grasp on how to really contribute and make money.

http://www.google.com//finance?chdnp=1&chdd=1&chds=1&chdv=1&chvs=maximized&chdeh=0&chfdeh=0&chdet=1320041040820&chddm=493833&chls=IntervalBasedLine&q=NYSE:RHT&ntsp=0

As for the guy that submitted... if everyone has told the CIO you don't need support from Red Hat, and he's certain they won't need any additional RH products, then it's not going to kill 'em. I mean, I doubt they see themselves as an entity that deserves financial tribute. They're a business that sells things you may or may not need.

And who knows... perhaps it'll turn out later that you really do need Red Hat for something they sell, and then everyone can feel like dollars were paid for a proper business reason.

Re:Support them from your own money

[priceslasher]

Actually they're contributing to their own kernel which happens to be linux. They can't just stop contributing unless they're happy with the kernel and it's natural pace of development. They get paid for their contributions by not having to wait around for drivers.

Re:Support them from your own money

[edmond_le_cochon]

Well well, I think everyone understands your point(s), now if appears they did not convince your CEO. If your business requires that the whole IT chain is certified, then the sales people in your organisation should already very well know that and the CEO on top of all. I think the IT guys should stick to IT things and management should stick to management, as someone said above, you made your statements, they were disregarded, end of the game. My 2 cents Ed.

Re:Support them from your own money

[catmistake]

Odd that everyone seems to miss the fact that you can indeed run RHEL free without paying for their excellent support. I point this out to everyone who tells me CentOS is free. RHEL is free, too. If you want support you must pay.

Re:Support them from your own money

[PenguinX]

This is a short-sighted comment. Most employees happen to be shareholders, even if it is an infinitesimal amount. Furthermore, most employees want the company to succeed because they either 1) would like to continue gainful employment (which is a distinct possibility in this market) or 2) do not want the stigma of working for a company that failed. The gentleman that posed the question believes that there is value in commercial support for a product, I happen to agree to a certain point. The reason is pretty simple: commercial support is an insurance plan. If you are going to build a product that makes use of code that may be unstable, then it's not a bad idea to have an expert on call "just in case".

For example a while back I worked at a company that routed wireless E-911 calls to the appropriate public safety answering point. In this case, we decided that commercial support was A Good Thing. A little while later I worked at a company that provided Short Messaging services and those with the purse-strings thought that the risk of running without support was worth it. The former company is still in business, the latter... not so much.

The only way you'll possibly sway the CIO is to change his mind about "not wanting" support via probabilistic risk assessment that shows that the "Red Hat Tax" is good insurance. If it really isn't then I wouldn't bother.

-b

Re:Support them from your own money

[garaged]

I've been working with redhat servers more than 6 years in a row and haven't called once to support, I think my current employer has called for some driver bugs, but I have never seen someone call redhat for any kind of sysadmin support.

Disclaimer, I have the old RHCE cert, but have been on small places and really big places ( ok, just one) and no calling redhat for support at all on any of them

Re:Support them from your own money

[rtb61]

The real simple answer is to offer an alternate to annual support fees and focus instead of a set rates for actual services provided.

No one really likes paying annual fees for the unknown, whether it be software licence fees with no real support and inevitable forced upgrades or service and support contracts.

A fixed set of charges for a range of services whether done remotely or on site. A sliding discount upon those charges for paying up front a year in advance.

Services include installs, major system configuration changes, backup support, external system monitoring, system security audits, even user configurations, new equipment selection and installs etc. etc.

Re:Support them from your own money

[mwvdlee]

Except that Red Hat does provide services people value, they're they top contributor [cnet.com] to the Linux kernel.

They're the leading contributor because the people paying for support need those features/bugfixes they are contributing.

Support contracts aren't just for helping clueless admins do their job because they're too lazy to Google.

Agreed, support contracts are also for small companies for whom a support contract is a lot cheaper than hiring a full-time highly skilled admin.

Re:Support them from your own money

I Agree, it's our job to make sure that no one profits from open source.
We must always suggest products with a $0.00 price this will ensure that companies based on OS software cannot support development and that quality commercial software will prevail.

Re:Support them from your own money

Wondering out-loud...

How many folks agree that buying Red-Hat over CentOs would generally be a good thing for open source also agree that buying stuff from local stores over one-click Amazon is a good thing for local communities (e.g, sales tax base, local employment)? Red-Hat seems to be doing just fine, yet local stores are getting crushed by Amazon...

Recently, I haven't seen much evidence that "tech" people really care much about anything real anymore, save other than themselves and their "virtual" communities, when their real neihbors are feeling the results of their indifference ... Anyhow...

Re:Support them from your own money

[hairyfeet]

Actually its a "dirty little secret" in the repair biz but you hear of this thing called Windows 7? yeah well guess what? After Vista turned out to be a turkey with ZERO adoption, even by the pirates, they made Windows 7 butt simple to crack via a REALLY lame OEM hack that from what i've been told has been running for over 2 years now. You can even look it up on BT, they have a "Windows 7 all versions pre activated" that has EVERY version, both X86 and X64, from Starter through Ultimate, and it passes WGA and updates just fine. I don't mess with pirated crap but you'd be surprised how many shops sell hacked windows machines.

So I guess MSFT learned that lesson friend, as Windows 7 doesn't even need a fricking key like XP did, its literally "stick in pirate disc, choose version, install" and that's it. The truly sad part is Ballmer could have completely wiped out piracy by keeping the "Win 7 HP Upgrade" at $50, as I saw guys that had NEVER had a legit Windows go legit with that, it really was the sweet spot price wise, but I guess he'd rather everyone run "Win 7 Ultimate Razr1911 Edition" instead. BTW that is how you can ALWAYS spot the pirate versions as they always get the highest SKU even when it makes NO sense at all! Look up how many machines on Craigslist that frankly aren't worth $100 have Win 7 Ultimate and office 2K7 or 2K10 (both of which are also easy to pirate).

Re:Support them from your own money

[RogerWilco]

What I like about the RedHat offerings, is their software update system, I think it's called RedHat Network nowadays. You can define different streams for different types of machines (coders, scientists, PHB, servers, etc.). You can monitor the systems remotely for all kinds of stuff. You can get your own in house proxy and such for efficient distribution of updates.

Things like that make it worthwhile to have RedHat as they save the IT staff a lot of time. It depends on the configuration you need though, the more complex your situation, the more you gain from going RedHat. You can roll your own, but RH does have some nice out of the box solutions that are well worth what they ask for it in time saved.

I've seen the other two reasons as well, but have found it much harder to convince management of the validity of those two reasons. I'm also not sure if the message "With RH you can run operations with less IT staff" is the answer you wanted to hear, but in my opinion it is true, especially for large complex setups (1000+ machines).

Re:Support them from your own money

[JasterBobaMereel]

Red Hat does not compete with CentOS ?

Red Hat sells services, it is a service company, it happens to also supply the Software it services, and helps to develop this software so it is automatically the expert on it

This is obviously a broken business model since it was the model that almost all Service companies and hardware companies used before Microsoft got the strange notion of selling software, and Red Hat are only a tiny little company that has been losing money for years ... oh no they appear to very successful how did that happen ?

Re:Support them from your own money

[IrquiM]

He could also be in the "why are they not doing what I want them to do?" phase?

Re:Support them from your own money

[jimicus]

Just because someone disagrees with you doesn't make them a troll. FWIW, I think hairyfeet makes a lot of very reasonable points. The idea that a high-quality, easy to maintain Unix-like OS can exist purely on rainbows and passion has got to die, because it's pushing the software industry into a crazed race to the bottom.

We've already seen what happens when you have such a race in PC hardware - you wind up with laptops that flex if you look at them funny, hard disk manufacturers that every so often release a model with an 80% failure rate over two years, hardware support that's so dire it's cheaper (and substantially better for the peptic ulcer you're nursing) to replace the part than it is to fight through the warranty process.

Re:Support them from your own money

[jimicus]

What happens to Linux as a whole tomorrow if RedHat dies today?

There won't be a next version of CentOS. A huge number of contributors to F/OSS projects will have to take jobs elsewhere - and those jobs may not involve F/OSS.

Really what would be good would be a commercial-GPL type license. One that's exactly the same as the existing GPL but with an extra clause that goes like this:

"If you paid a sum of money for this software, you are still free to pass it on but you may not undercut the price the organisation that sold it to you charges."

Re:Support them from your own money

[asdf7890]

There are parts of RedHat that CentOS doesn't include as they are not F/OSS licensed.

As far as I know, RedHat only produces GPL software and always have.

It looks like you are right there (I've just dug around for a little fact checking on myself). It would appear that all CentOS take out is copyright covered branding, like Debian removing Firefox/Mozilla branding to make "iceweasel" but on a larger scale.

One important difference between CentOS and RedHat is potential delay, or potential faults, in security update releases. If they are taking RedHat's updated packages then they have to wait until RedHat releases the source updated source packages and get them run through their build process and do what-ever testing they do before they release the update themselves. If they are making their own updates then there are two potential problems: a community effort is unlikely to put as much resource behind testing updates (not that this is a given: some F/OSS projects seem to have access to the resources to be very thorough on such matters, more so than some commercial bodies) so new bugs may be introduced temporarily, and with every update that doesn't come from RH you are moving away from that exact environment (which is a concern if that is why you are using CentOS in the first pace).

Of course people who chose CentOS over something else (such as Debian which has been my preference for some time), have a relatively easy transition to RedHat if they do decide they need the insurance of paid support and related consulting services.

Re:Support them from your own money

[Darfeld]

Mother nature doesn't exist, and if she does, she made us the way we are, so please stop conjuring her every time you want to feel bad about yourself being human. If we want to survive as a species we have our own challenge, but feeling wrong about what we are won't make anything happen, exept maybe mass extinction. (ironic isn't it?)

More to the point, Red Hats makes money with their business plan and it's good for every one. They very well know their are free alternatives OSes. They even have one themself! So nobody should feel bad for not supporting them. It's nice but it's a matter of conviction. If anything, the only thing you need to worry about is that the lake of support service will come back and shoot you in the foot later. But hey! You had the choice!

Re:Support them from your own money

[errandum]

Red Hat has been making a LOT of money with their system, so the premise to the whole statement is flawed.

There have always been free linux distros, if it was not CentOS it could be Fedora (or even a LTS release of Ubuntu). I was under the impression that the only real advantage of CentOS would be running Oracle extremely well - but if you're going for free, why not dump Oracle altogether and go postgresql?

Re:Support them from your own money

Excellent advice, and I wish I had read your post a few years back, when I made a mistake in political terms. I called some superiors out on what I deemed a bad decision, and I should have just accepted it and gone along with their decision. It cost me, big time. Turns out, I was not quite wrong, but they were not quite right. Such is life when there are 20 vendors offering solutions to your problem. The point is not that I had an allegedly better idea, but rather than when superior powers make a decision, it's time to shut up and accept it. It has taken me decades to realize this, but at last I have. It still sticks in my throat, but I accept it. Call it the cost of doing business.

Re:Support them from your own money

[muckracer]

> The patches is perhaps the most important part, and RHN does sell
> a non-support subscription (just patches) for a ridiculously low price.

Got more info on that option? Can't see it here:

https://www.redhat.com/rhel/purchasing_guide.html

Re:Support them from your own money

Actually its a "dirty little secret" in the repair biz but you hear of this thing called Windows 7? yeah well guess what? After Vista turned out to be a turkey with ZERO adoption, even by the pirates, they made Windows 7 butt simple to crack via a REALLY lame OEM hack that from what i've been told has been running for over 2 years now. You can even look it up on BT, they have a "Windows 7 all versions pre activated" that has EVERY version, both X86 and X64, from Starter through Ultimate, and it passes WGA and updates just fine. I don't mess with pirated crap but you'd be surprised how many shops sell hacked windows machines.

Clear case of not doing the research, since Windows 7's activation/WGA is exactly the same as Vista. Windows 7 isn't being adopted because it's easier to crack (it's identical to Windows Vista in this regard); Windows 7 is being adopted because it's not called Vista.

So I guess MSFT learned that lesson friend, as Windows 7 doesn't even need a fricking key like XP did, its literally "stick in pirate disc, choose version, install" and that's it. The truly sad part is Ballmer could have completely wiped out piracy by keeping the "Win 7 HP Upgrade" at $50, as I saw guys that had NEVER had a legit Windows go legit with that, it really was the sweet spot price wise, but I guess he'd rather everyone run "Win 7 Ultimate Razr1911 Edition" instead. BTW that is how you can ALWAYS spot the pirate versions as they always get the highest SKU even when it makes NO sense at all! Look up how many machines on Craigslist that frankly aren't worth $100 have Win 7 Ultimate and office 2K7 or 2K10 (both of which are also easy to pirate).

Gee, pirates are grabbing the version with the full featureset unlocked rather than one with artificial restrictions meant for legitimate customers? To a pirate, getting the lower editions makes NO sense at all when they can get it all with the highest one.

Re:Support them from your own money

[nobodie]

Whoa, jump back Jack and STFU. I am a Red Hat Shareholder, have been for a number of years. Before any of the FUDdite fools get too excited and feel a feeding frenzy coming on go look at Red Hat stock on NASDAQ: it is rock solid AND climbing fast. Like it gained $4/share (about 8%) last week. Historic highs for the company. And, before everyone wastes their electrons saying more about Red Hat when they obviously know dog about it let me add that Red Hat is completely and totally dedicated to FOSS as a vehicle to that shareholder bottom line. They have backed up their philosophy with their actions over and over again. Quality stands in the forefront of what they do, they don't put out the closed source stuff they purchase until it is good software, not the garbage cludge that hides behind closed code. They take heat for this approach, but they have never shafted the community, the shareholders or the FOSS philosophy. Unlike some other companies that fail to keep their promises.

So everybody needs to stop shooting from the lip and move along.

Re:Support them from your own money

[maxwell+demon]

The question is whether you consider the support necessary.

If you do so, try to convince the CIO about the necessity; and if you don't succeed, make sure that your dissenting opinion is recorded, so they cannot blame you when things go horribly wrong and support would indeed have been needed.

If you don't consider support necessary, just accept that the CIO is right.

Re:Support them from your own money

[sourcerror]

However letting the kernel to rot might bite them in the ass in the long run, and it into their bottom line. On the other hand currently Ubuntu and Novell also benefit from the free work that goes into the kernel. Shouldn't Red Hat set up non-profit org with those distros to fund the kernel developement? Would it make sense from an accounting point of view (ie they can't write it off as expense anymore, but they might get tax credits for donating to a charity)?

Re:Support them from your own money

As the probable future network administrator of 2 new servers running RedHat Linux... I'm very glad to hear that.

(The existing servers are running OpenVMS, if you wondered.)

Re:Support them from your own money

[BuildMonkey]

CentOS lacks the rather worthless Red Hat support and the obnoxious Red Hat license, "If ANY Red Hat box is under support at your company, then ALL Red Hat boxes must be under support."

We started running Red Hat in 2004, and included a Red Hat license with every Dell server we bought - dozens. That slowed down after we had tried to use Red Hat support a few times: if you are competent to administer a production server then Red Hat support is not helpful. So we went to just specifying Red Hat for servers running software that requires Red Hat (or such) for support, e.g. Oracle. We left our existing Red Hat licenses in place and continued to pay for support on the production servers; we let support on the pre-production staging servers lapse.

In the last 18 months, Red Hat has been pushing "all-or-none" support rather obnoxiously. So we have been actively pruning Red Hat out of the organization down to only those servers that require it for the other vendor's support contract.

Re:Support them from your own money

100% agree

Re:Support them from your own money

[petermgreen]

if CentOS vanished today (as is seemed to nearly do a while ago when there were problems with a key maintainer)

Note that CentOs is just the most (currently) prominent of a number of RHEL rebuild projects. If one of them vanished people would just switch to others (afaict a lot switched to scientific when centos was dithering over version 6).

If redhat really wanted to heap pain on the RHEL rebuilds they could probablly do so. For example they could replace RPM with a propietry tool. I don't think they want to though because as you say if they did people would just switch to other distros.

Re:Support them from your own money

[LoRdTAW]

Bingo. After working in an industry where the customers audit you as well as standards organizations, I can admit that paying for support and buying commercial software with support is a life saver. During one audit, I was called into an office and grilled by a customers auditor about our data retention, backup and disaster recovery procedures and policies. And these companies are are very serious about quality control, one simple mistake will have two people on a plane to your shop the next day (an engineer and quality control person). Hell even ISO wants to know the same stuff.

If you can sit back and say we have, X, Y and Z with support then they will feel comfortable with your answer and not poke and prod further. Its all about accountability and if you can prove that someone is backing you with support for hardware and software then you are golden. If you tell them you cobbled together a system using shoe string and bubble gum they are going to be concerned and might take drastic steps to make you prove that your disaster recovery plans and backup systems really do work.

Re:Support them from your own money

[racermd]

Regardless of whether or not one views support contracts as a crutch to prop up lazy admins, the fact is that many businesses will make that decision as a simple budget matter. There are numerous cases where buying a support contract makes sense, particularly where the company's business is primarily not involved in providing IT-related products or services and, as a result, have no internal IT staff. To those companies, the support contract is often a fixed-cost addition to any technology purchase and is easy to fit into the budget.

To the OP - if your CIO says he doesn't believe in support contracts and has put the kibosh on them, I'd let that issue rest while documenting the heck out of any support issues that come up (hours spent, parts purchased, etc. - anything that costs the company money). When it comes time to run this exercise again, bring out your supporting documentation on the money the company spent by supporting it themselves vs. buying a support contract. If it's cheaper to get the support contact, say so and present your evidence. If not, then it does make sense to support it in-house and you should say that, too, also presenting the evidence you've collected. Basically, since the CIO is looking at support contracts as a value proposition (he seems to think they're worthless), it is your job to communicate to him in those terms. He may play solitaire on his laptop all day (or maybe that's just my former CIOs, I dunno), but he didn't get to be a CIO by blowing budgets left and right. Speak to him in terms of money and have actual data to back up your points.

If he still refuses service contracts after being presented with solid data, I recommend looking for a new job. A C-level exec that makes decisions DESPITE hard evidence typically has ulterior motives and is usually only looking out for himself (or someone else). You won't win any arguments and it's only a matter of time before you're at the pointy end of his bad decision-making.

Good luck!

Re:Support them from your own money

[YttriumOxide]

The boss is always right, because he pays you. That means you get to do whatever dumb thing he wants you to do, because it's his ass on the line.

As a "boss", I thoroughly disagree with you. I do NOT want my team to just "do what I tell them" or to think I'm "always right" - otherwise I may as well replace them all with a few simple bits of code hacked together in my spare. I want my team to be creative; have ideas that they run past me; tell me when they think I've done something wrong; tell me when they think the company as a whole is doing something wrong; and so on.

Maybe if you've got the kind of boss who expects blind obedience and no thought on your part AND you accept this as being perfectly okay, it's time you took a closer look at yourself to see if you're really making the most of your life.

Re:Support them from your own money

[frist]

So what you're saying is that even though he needs an OS that shows up on the common criteria list, he should instead use one that doesn't because it's cheaper...

Re:Support them from your own money

[jemtallon]

I think he's referring to the "Self-support" option ($349)

Re:Support them from your own money

What you say is true, but the people who make the decisions, often do not care about or realize the consequences of what they do. The pointy haired MBA types see "free" and they're all over it. They only care about a quarterly bottom line. Meanwhile I have to support some piece of crap that I advised against. Then when something goes wrong get yelled at by the same morons who left me high and dry with no support. Computers are all all magic to them, so it's my fault that we're in a situation I warned them about.

Re:Support them from your own money

I agree... Don't worry about Redhat's health - your CIO is in a significant minority.

Most execs insist on RedHat for the nice warm fuzzy the support contract brings them.

Around where I work - if it's an official lab asset, and it has to run Linux, it runs RedHat.

Re:Support them from your own money

[muckracer]

> I think he's referring to the "Self-support" option ($349)

Likely. Unfortunately, if you run mostly virtual (RHEL) machines, you will have beefier hardware underneath, with 4 or more CPU's. That goes up even higher with clusters & redundancy (you have to pay for all sockets). Then the self-support option is no longer available.

They also do not offer a per-incident kind of support, which is very unfortunate. If you hardly ever use support, why pay steep money for something, you can't really use? Red Hat is not exactly cheap!
I like Red Hat and their products are very stable and reliable. But they should rethink some portions of their subscription pricings. Otherwise they'll get trounced by VMWare/Suse Linux (if you buy VMware, you get SLES thrown in for free!).

Re:Support them from your own money

Just make sure to document your objections so when/if the sh*t hits the fan and they try to spin it on you, you can say "I recomended this solution which would have avoided this and the CIO denied it." Otherwise, if you dont like the decisions being made, you can always find a better employer or start your own business.

Re:Support them from your own money

[muckracer]

> P.S. I wouldn't post anonymously but I work for Oracle, and Larry
> Ellison is such a vindictive bitch I don't want to hear about it.

Please come to my office!

Larry

Re:Support them from your own money

Got to say, RTFP. He disagrees with the CIO over whether or not they need support.

Re:Support them from your own money

[lsatenstein]

With Centos, the support is from the community. That means that your solution to the problem may never be answered, or answered after a delay of days.

With RHat, you pay for service that starts with the phone call. It is now, and it is from knowledgeable people.

Finally, if your employer finds that RHat is too expensive, he or you can search for local talented linux consultants

Re:Support them from your own money

[SirGeek]

This is NEVER EVER a bad thing to do. You should always have email as backup. If they won't send you an email, You send THEM one and tell them that are confirming what they said ("Get CentOs, we don't need support"). Then if the fecal matter hits the rotating cooling device, then you've covered yourself.

It isn't ever a bad thing to cover your butt in case of failure (when you tried to prevent it).

Re:Support them from your own money

[Domint]

This is true . . . however I feel I should expand on this, if I may. One of the support features you get from a paid subscription to RHN is bugfixes/updates shipped directly from their yum repos. If you're not subscribed, you need to figure out a different patching vector yourself. If you want to guarantee security patches are easily applied as soon as RedHat releases a fix, then a subscription may be worth the cost.

Re:Support them from your own money

[jalefkowit]

Actually he was ranting in Tagalog. It's just that Slashdot's crappy UTF-8 handling rendered it as all-caps English.

Re:Support them from your own money

[sproketboy]

Great post. 100% Correct though it may fall on deaf ears on this forum.

Re:Support them from your own money

What you are complaining about is exactly what the GPL is there to promote! It sounds like you have more of a problem with the idea of open source. The product of RHEL is not the OS but the support.

Re:Support them from your own money

[Nemo137]

At least in the USA, the last two times we let an engineer be president, we got Herbert Hoover and Jimmy Carter.

Re:Support them from your own money

[Larryish]

Why run a RedHat distro at all?

Think "Debian".

Re:Support them from your own money

[Barondude]

Having recently discussed this with our Red Hat rep., you are wrong. According to Red Hat, if you have the binaries installed, you owe them. It doesn't matter if the server is activated or even powered on.

Re:Support them from your own money

Hey - a fellow AS/400 veteran! Our company used AS/400's until we were purchased by a company that does not like paying support costs to ANYONE!
As a result, we are SOL when things take a turn for the worse. If a company makes the decision to take the cheap route, then they should not come down
on IT when things stop working.

Re:Support them from your own money

[omnichad]

Of course, if Red hat were to die, CentOS suddenly has to do all the work.

Re:Support them from your own money

[brainchill]

You say it over and over again in your response but apparently you don't get it FOSS means FREE/Open Source Software. It was never something that companies were meant to be built around providing ... it is the anti-establishment but it also happens to have become the establishment. It was meant to replace the need for big, bloated, EXPENSIVE proprietary operating systems AND the ridiculously expensive support contract model by the likes of IBM AIX, SUN Solaris etc .... GETTING RID OF THE ANUAL MAINTENANCE COST of running unix systems was have the point of linux for most people to begin with .... then comes this company who's sole financial model was built on building that maintenance cost back in ... and that's great for people who need it but for companies that have significant mindshare in using/maintaining linux systems it's just stupid to pay.

Re:Support them from your own money

[ThirdPrize]

Cos what the world needs is another type of license.

Re:Support them from your own money

[TheLink]

And that's why Centos is actually good for Redhat in some ways.

Centos is the free Redhat Enterprise Linux that people use or try instead of using Debian or other distros. Without Centos, more people would just use other distros.

Because Centos is not Redhat, if there are problems with the OS, Redhat can easily say "It's not our product, we don't support it". Many PHBs will prefer to hand Redhat money to cover their butts to avoid this happening. It's usually not their money after all.

This CIO doesn't care, so the submitter should discreetly[1] get everything in writing (so he/she doesn't get blamed later for not buying support - even though it might not have made a difference ;) ), and just get on with it.

[1] In many work environments it might be suboptimal if you get stuff in writing but kick up a big fuss in the process.

Re:Support them from your own money

AFAIK yes you can, however you cannot freely receive updates. (critical or otherwise) without a subscription.

Re:Support them from your own money

[the_B0fh]

Pretty good points. From my personal experience, redhat's support is worthless. We had documented issues and the support people agreed that they see the problems, but keep asking me to test it. I told them flat out - you agree it's a problem, you are able to recreate the problem, then *YOU NEED TO TEST THE SOLUTION OUT BEFORE ASKING ME TO TRY IT, DAMNIT*

Somehow, they don't seem to understand that last part.

Re:Support them from your own money

How is $119 for "Oracle Linux Network" 1/10th the cost of $350 for RedHat Self Support?

http://www.oracle.com/us/corporate/pricing/els-pricelist-070592.pdf

Re:Support them from your own money

The problem is that if Red Hat dies, there will be no new version of RHEL or CentOS. If Red Hat dies, so does CentOS, and probably Fedora too. Yes, CentOS is better in the short term. However, the service that Red Hat provides which its customers pay for is not just trouble-shooting support, it's future release support. It's support for security fixes and platform evolution. Buying Red Hat is the better long-term solution, if you don't assume you're the only entity making decisions and therefore other people are still supporting them.

Re:Support them from your own money

[meustrus]

And once you're through that phase, make sure you keep some Cover Your Ass files to prove that you did indeed recommend X solution when a problem comes up that could have been avoided.

Re:Support them from your own money

[randomencounter]

Of course, some MSWindows apps benefit from the sandboxed environments that Wine can provide, allowing multiple apps to run on the same machine that would otherwise step on each other's shared libraries.

Others require truly native MSWindows support.

So it depends on a lot more than what platform an application says it's for.

 

Re:Support them from your own money

[randomencounter]

If RedHat were building all their own from scratch that argument would hold more water, but RedHat benefits from the development efforts of programmers that they don't need to pay as well as having others benefit from their efforts. Their main staffing costs are for the support they get paid for.

Mind you, a lot of those programmers are paid by other Libris software providers, but others are use-value programmers who submit the odd bugfix or already-programmed feature request upstream.

Re:Support them from your own money

[freshlimesoda]

Do it. Oracle Linux binaries match 100% with RHEL. And its free, with support available when you need it.

Re:Support them from your own money

[LordLimecat]

The devs / community chose a licence that ALLOWS this. They could easily go with more restrictive licenses that preserve some kinds of freedom at the expense of others.

See, its not free-riding if the software is provided with no strings for FREE. Or are you trying to play word games here?

Re:Support them from your own money

[LordLimecat]

There is a difference between running ideas past a boss, or offering advice, and arguing / trying to convince him after he has made his decision. The former is indeed something good employees do, the latter is what arrogant / belligerent / foolish employees do.

Re:Support them from your own money

Its the same reason I doubt you'll be seeing any companies opening their hardware anytime soon, as AMD bent over backward, even hiring coders to help the FOSS driver guys and opened their specs as wide as they could, and what did they get? every forum filled with guys saying "Herp derp, buy Nvidia".

Oh, this one is simple. It's called "too little, too late".

ATI didn't have a decent driver for their cards for many, many years. Essentially nothing worked and nothing was stable with their driver. "Compositing? Who needs that?" "Powersaving? No, fuck you." "Suspend to RAM? No way!". There was a community effort to make the radeon driver have 3d support for their newer cards, where were ATI then?

Some of these issues have started to become better in the last two years or so, but there's still a very long way to go. It still just plainly doesn't work as well as the nvidia or intel drivers. If they can make a decent driver, I might reconsider, but until then it's just talk from a company that just didn't give a shit about their linux consumers back then. Why should we give a shit about them now?

Re:Support them from your own money

[Larryish]

Debian "stable" is a good bet for reliability.

If you stay one release behind "stable" you are in even better shape. (assuming that you do not require the newest version of various libraries or software packages)

Re:Support them from your own money

[Stonefish]

How about you buy a couple of Red hat licences, that way you can have a process which if there is a bug you can replicate it on your production system by moving the app off Centos onto Redhat. The hypothetical risk that you mention is mitigated. Or you could ring the vendor and ask them if they will support Centos, some do BTW.
With the other options you're pissing into the wind, I 'need' to use CC products in certain situations and that mean in a manner confirming the the security target. If you want FIPS compile openSSL with the FIPS option.

The bottom line is that your manager doesn't think that Redhat is offering a value proposition and I don't think that they do either. I really can't justify the service offering of Redhat over Centos. Redhat needs to actually offer value in this space.

Re:Support them from your own money

[bill_mcgonigle]

Yes, this is pure legal eagle stuff ... but it means the difference between passing an audit, or perhaps getting a contract terminated.

It also means your audit criteria are stupid, unless the support system is integral to the validation. Without knowing the details it's hard to say.

This doesn't mean CentOS is bad. It just means that having the certificates that come with the commercial version of RedHat may mean success or failure when the CPAs and the JDs are done extracting their pounds of flesh.

Yeah, this isn't a computing problem.

Re:Support them from your own money

[perlchild]

I was thinking he was in the uncomfortable position of the CIO feeling he was paying the poster for support, and the poster wanted the security blanket of paying red hat to be backup. Paid support also prevents local staff from being scapegoats(it was red hat's fault, we should cut their support!). Without paying for support, he would be the scapegoat.

As sad as it may be, I can only applaud him for perceiving the implied threat, by not having a thick enough support blanket. I also wonder just how much he is paid to manage those servers, and if he couldn't as others said, pay for it himself.

On the other hand, I believe I read on slashdot recently that redhat is growing more this year than any other. I suspect the perception is that they're good enough, and cheaper than alternatives(I am looking at ex-Solaris shops especially) is finally moving in the right direction.

As for how much of a freeloader he is... He's trying to get his company to pay for a service the cio already said he doesn't require. In some places, that's close to a fireable offense. He can be expected to defend the idea, but now he has to fold.

Re:Support them from your own money

Must have been a long time ago. I'm typing this from IBM End User "Services", and let me tell ya, we suck. I have users languishing in a queue going back months and the only thing that the PMs running around with their spreadsheets worry about is billing and approval. IBM: The bureaucracy company.

Re:Support them from your own money

[perlchild]

I find your lack of... damage mitigation from foreknowledge... disturbing

Re:Support them from your own money

Funny, I work for IBM in End User Services, and I have customers languishing in queues for months while management runs around with spreadsheets documenting approvals. I heard there was a time when IBM used to make stuff, now we are just "the Bureaucracy Company"

Re:Support them from your own money

I'm intrigued, how exactly does a Power7 box run McAfee? i doubt there are IBM i or AIX versions of it...

Re:Support them from your own money

[smash]

Good luck getting vendor support for running your typical Windows apps in WINE. And support is valuable to an enterprise.

Sure, you may be able to fix issues with the app running in WINE, but if you leave, want to take a holiday, get hit by a bus, etc the company wants the minimum hassle possible. Running Windows apps in Windows in a fairly secure manner is not hard if you do it properly. However, trying to use linux everywhere or Windows everywhere or Mac everywhere is like hammering nails with your smartphone because thats the only tool you know. It might get the job done, but the cost and performance may be worse than optimal.

There are plenty of "tools" available. Trying to use 1 tool for every job is selling yourself short. If you don't know how to run both *NIX and Windows (and OS X for that matter) in a secure and supportable manner (and are aware of the ACTUAL limitations of both, not just the FUD from both sides), learn. You'll make yourself far more valuable to a prospective employer, and have far more options when you start doing consulting work for yourself.

Re:Support them from your own money

[smash]

Centos are only using GPL software. Or do you think things that have been released under the GPL are somehow patent-protected or sacred because redhat had a hand in their development? Redhat are doing just fine thanks. And if they are not able to differentiate themselves sufficiently to make money, then perhaps supporting the GPL is a failure as a business model. However, evidence suggests otherwise.

Re:Support them from your own money

[smash]

uh, i meant to reply to the parent of the post i replied to... sorry...

Re:Support them from your own money

[mindflux]

5) Oracle Enterprise Linux is cheaper than RHEL, and in some ways better. The yum repo's are open and free, and they offer support that cost less then RHEL, and it can be purchased per incident instead of a subscription.

The yum repos are free from Oracle? Since when? They do the same thing RH does, charges you to access them via a yearly subscription fee. Though, yes I can get 3 years of ULN for the price of 1 year of RHN.

Re:Support them from your own money

http://downloadcenter.mcafee.com/products/evaluation/VCL/AIX/Readme_VCL_UNIX.txt

Re:Support them from your own money

For how many months/years OSS drivers from AMD have been developed? It is stil not on pair perfromance wise with binary driver. To make things worse, AMD themselves said, performance is not on their to do list. Guess what, many people buy their product for the performance. I buy 300$(in many cases far more expensive) vidoe card for what? To be lagging in games? If you ask me, its a BAD choice of vendor if you base decision on OSS. While I have been supporter of AMD(in fact, only had one Intel product in my life, second generation celeron, i dont count network cards, etc) for years and love my linux, which I first tried 12 years ago and did not use dual boot for around 4 years or more now, I will support Nvidia whenever I see fit from performance/expense point of view.

I am gamer, so buying 350$ vido card for OSS sake, which will still performe much worse with OSS drivers and slightly worse with binary, than similar card from nvidia that costs me 300$ - does not make sence. Besides, while proprietary, Nvidia has supported linux for years, far earlier than AMD started to penetate market.

Nvidia still has superior binary quality, as far as I can judge from different forums, though not sure of that. Once AMD will have better support for OSS video card drivers, call me, all right, mean while, EVERYONE, BUY NVIDIA!

Please be adviced, i did not troll AMD for their performance/price.
I troll it for letting down most important aspect of OSS driver they provide. I am sure any gamer/user will say about video driver, its most important aspect of video card are performance and stability, and ease of use. OSS lacks first point big time.

Re:Support them from your own money

[turbidostato]

"The problem is that if Red Hat dies, there will be no new version of RHEL or CentOS."

The problem is that if "Company X" dies, there will be no new products and services from "Company X".

How is that any news? Red Hat decided a business strategy, with its pros and cons, and it is their business strategy. Am I be the one that will support their business strategy? I don't think so, since I'm not a Red Hat CxO.

They try to do their best and I try to do my best. That's called capitalism. Do you want a given company class not to fail? It's easy: make it a State-owned one. Do you want companies that don't deserve people's money from the point of view of those people as they vote with their wallets to still have money guaranteed? Press for socialism instead of capitalism.

"Buying Red Hat is the better long-term solution"

Maybe you are right but, as I think Keynes stated, in the long-term we are all dead.

"if you don't assume you're the only entity makin decisions"

But the fact is that I *am* the only entity making decisions *I* can control.

Re:Support them from your own money

[unixisc]

This is why I have been saying for ages "free as in beer" needs to die and be replaced by "free as in freedom" only. Hell even RMS says there is nothing wrong with making money from your code as long as others have the freedom to modify.

For 'Free as in Beer' to die, Freedom 2 of the GNU definition - The freedom to redistribute copies so you can help your neighbor - would have to go. Otherwise, how does one put any price on a GPL'ed product, when it's perfectly legal for the downstream people to freely distribute them to anyone. This is something that one can't do w/ the eeeevil proprietary s/w - even if a company is stupid enough to want to give away something they themselves paid for, it's illegal to do that w/ Windows or Solaris. Not so w/ any Linux. So if RHEL prices something @ say, $100, and some individuals get their software from, say, a companion DVD, how would RH protect their pricing at all, aside from the support offered?

Re:Support them from your own money

[randomencounter]

Yeah, VMware or KVM with licensed MSWindows virtual machines is a better bet if you need/can expect support from companies with applications that step on each others shared libraries, but that is making the assumption that such support is even available.

Many of the misbehaving applications do so because the support is sub-standard or non-existent, such as mission critical applications that have outlived their support window (or the producing company, even).

Codeweavers makes their money by providing support for Wine, just as RedHat makes their money by providing support for Linux. This can give companies caught with mission-critical orphan software a vendor of last resort to get some degree of support. They certainly can't get support for the application itself this way, but they can get an environment that will support the application (and still gets security patches!)

Re:Support them from your own money

[buddyglass]

What happens to Linux as a whole tomorrow if RedHat dies today? There won't be a next version of CentOS. A huge number of contributors to F/OSS projects will have to take jobs elsewhere - and those jobs may not involve F/OSS.

If F/OSS would suffer unduly from Red Hat's absence (due to lack of profitability)
and if the F/OSS model allows CentOS to legally exist
and if CentOS really does represent a drain on Red Hat's profitability
then the F/OSS model is broken.

Re:Support them from your own money

[buddyglass]

It sounds like CentOS is a non-issue then. The OP should feel free to install it and not pay Red Hat a dime because, as you point out, Red Hat is doing just fine thankyouverymuch.

Re:Support them from your own money

[makomk]

I don't think you can actually, and you certainly won't get any updates - including security-critical ones.

Re:Support them from your own money

I think what he's saying is that he thinks they will need the support

His boss, the person with the right to expect his compliance while he persists in cashing paychecks, says they do not need the support. Case closed.

Re:Support them from your own money

Come On, Give me a break and dispense with the theatrics!

First off, typical deployment practices alleviate almost everything you just mentioned, and by typical I mean redundant production deployments. There isn't a single scenario in reality where you would see a failure across multiple nodes that wasn't the result of outside hacker or something the internal team hasn't done, to create a simultaneous multiple node failure. Either of which, you aren't going to get support for. Now someone may answer the phone, but the response will be, it's out of their hands.

Second, if you are applying updates on production environments without first running them on a test environment, then you deserve what ever downtime occurs, but once again, even if you do get support for this occurrence, you still have internal issues and you're an idiot for blindly trusting anything you receive, support or no support agreement.

Third, support agreements aren't all they are cracked up to be, just because someone will be there in the event of catastrophic failure, doesn't mean they will get you up and running like nothing ever happened, it will still require internal expertise to remedy the situation!

If you have gaps in your knowledge, then it seems like you have deficiencies in your employment. Closing those gaps will also help to alleviate any perceivable DOWNTIME costs. Hire someone who knows CentOS or get someone who does, and move on...

Re:Support them from your own money

[Courageous]

Oracle Enterprise Linux has been CC'd; as to whether or not they are keeping that up to date, I am unaware.

Re:Support them from your own money

[Courageous]

You haven't read the license very carefully.

Re:Support them from your own money

[unixisc]

Free as in beer puts a price cap on software. Why? B'cos if the terms & conditions of the license are that you cannot prevent people downstream from sharing it, chances are you'll share only a few copies. Once you've sold the first, for let's say $1000, the person below you may decide to sell it to 20 of his friends for $50, and recoup that cost, instead of leaving them to buy it from you. If you price it @ $10, those 20 people may come to you, assuming that he doesn't decide to just give it away. So you may get $210 for them, or just $1000. Somewhere in b/w will fall the sweet spot.

That is why the argument that Stallman puts - that one is free to price the software however much one likes is malarkey, since market forces will eventually discover the right price for it. Essentially, while 'Free as in Freedom' is good, Freedom #2 & 3 - the freedom to help you neighbor by sharing your software, as well as the freedom to release improvements to the public so that the whole community benefits - is what makes software development an unattractive career proposition. Greed after all is not the only thing driving software pricing - costs also have to be recouped, and if the philosophy in the 'community' is going to cap the money that one can recoup, despite Stallman's arguments to the contrary, people ain't going to code. After all, people don't just do it as a hobby - they also have to support themselves and their families - not something that can be done by activities that cost more in terms of money and time than they get in.

It's not that the person who codes & gives his code away is a bad person. It's that by having a model where one can just give away to others software that one paid dearly for, a price cap ends up being placed on the software. Yeah, it's great for users, but for developers who've sunk in more than that either in terms of money or time, it's just a clear signal that they're not going to re-coup their costs with this line of work. If they don't mind that, fine. But not everybody - not even most - can afford to make such hobbies a net loss for themselves, and when they have to leave due to these realities, end result is that there are fewer developers of free software.

Re:Support them from your own money

[catmistake]

Having just checked the redhat ftp sever, your rep is wrong. There is nothing stpping you, not even a licensing issue, from downloading and running RHEL. Its the support that isn't free, and if I'm not mistaken, anything downloaded from the redhat ftp server is specifically unsupported. As another poster pointed out, the major issue running RHEL without support is, basically, the lack of patches or updates.

Re:Support them from your own money

[Courageous]

This interpretation might be true for you, but it would only be true for a large legal entity like a corporation if they made a decision to not buy support for RHEL anywhere in the entire company. The license is clear; if you buy support even once, you must have support for every RHEL you have installed. Given this is the case, it's better to flip to CentOS or even OEL, which has that nice internet-only support model which entitles you to patches but no phone calls at literally 1:10th of RHEL's support costs.

Re:Support them from your own money

[ScrewMaster]

I find the boss's ass claim on the line is usually less of a percentage compared to mine. Then add the ripple effect to business decisions, I'm the one tossed around the most by bad decisions made higher up.

Yes, well, that's business as usual. But at least, if you have his fuck-ups properly documented (and make sure he knows that you have him by the short and curly) it can make the difference between a black mark and an updated resume, if you know what I mean.

Re:Support them from your own money

[nobodie]

I agree. The only move that Red Hat has made against companies using their core software for their own distro has been to block anyone from using their kernel patches. This because of Oracle and the "unbreakable Linux" fiasco. Oracle desrved it by deliberately attacking Red Hat's customers and trolling for them. So Red Hat refused to release their patches for the red hat kernel versions that they prepped to begin with. The preps are free, but the patches are not.

Re:Support them from your own money

[hughesjr]

Red Hat did not write MySQL, the Apache Web Server, Gnome, KDE, OpenOffice, etc. They are USING / REBUILDING upstream code to create their distribution too. Granted, Red Hat pays people to help write some of that code ... however, they (and SuSE, and Debian, and every other Linux distro) is using other people's code, they are building that code and redistributing it just like CentOS does.

Re:Support them from your own money

[hughesjr]

This is totally incorrect. There are MANY different licenses in RHEL. In fact, there are 240 individual licenses in RHEL-6.1 ... including: AFL, Artistic, BSD, CC-BY, GPLv2, GPLv3, CPL, EPL, IBM, IPA, ISC, LGPL, MIT, W3C, and many others ... including just Copyright Red Hat and NON-Distributable.

Update & security responsiveness

[dodocaptain]

By and large the CentOS team do an excellent job with the distribution - but it's a volunteer effort and there have been some notable times lately when important or security updates which have been shipped by Red Hat run late with CentOS, sometimes by a considerable amount of time.

If the CIO wants CentOS over Red Hat, he also needs to be prepared to accept the risk of delayed updates, no guarantees to updates or bug fixes and that one annoying time a particular server suffers an obscure bug, there won't be a vendor to go back to for obtaining a resolution.

Re:Update & security responsiveness

[telekon]

The only updates Red Hat is ever prompt with are security updates. Until recently, I was forced to use RHEL for a number of servers (yes, it could have been much worse, Windows, etc.) but I spent a good deal of time rebuilding RPMs from Fedora just to get current libraries. And I'm not talking weird drivers for esoteric hardware, I'm referring to core language support for Perl, Ruby, Python, etc.

One option you could look at is using Ubuntu. The product is free but Canonical offers paid support for the LTS releases. So you could deploy on it now, and if attitudes change, you can add support later. I've never purchased support for an existing install, there may be a consultancy fee for them to make sure you're not trying to buy support after the fact for a system that's already borked... but it's an option worth exploring.

Re:Update & security responsiveness

[gazbo]

I think maybe you're missing the point? If they offered continuous upgrades for non security reasons, they could hardly claim to offer a stable platform. If you want up-to-date packages, why not just use Fedora in the first place rather than backporting packages?

Re:Update & security responsiveness

s/Fedora/CentOS

"The Fedora Project releases a new version of Fedora approximately every 6 months and provides updated packages (maintenance) to these releases for approximately 13 months."

Re:Update & security responsiveness

[Lennie]

I'm not sure, but I think I read somewhere RedHat will even support a CentOS install if you ask them to.

Re:Update & security responsiveness

[poptix]

You're doing it wrong.

Red Hat is a stable server platform.

Ubuntu is *not* a server distribution.

Stop letting your developers (or yourself) think think that you need MongoDB/NoSQL/Sphinx/Ruby On Rails/whatever the latest trash is this week. They're all reinventing the wheel, once they mature and actually have safety/error checking they'll be just as slow as whatever they were intended to replace and the kids will be talking about the next wheel..

Re:Update & security responsiveness

[markus+o'farkus]

Canonical offers paid support for every Ubuntu release. The difference between releases is only how long there will be security and bug fixes.

Ubuntu is supported (in terms of bug fixes) for 18 months for non-LTS releases. On an LTS it used to be 5 years support for Server and 3 years for desktop. 12.04 LTS will have 5 year engineering support for both Server and Desktop editions.

Re:Update & security responsiveness

[JWSmythe]

    I seem to recall something about that also.

    I worked for a place, that was sworn to use RedHat.. Well, RedHat 6.0 through 6.2. The logic was "Our application worked on it then, we'll keep using it forever". Damned the remote exploits. Damned patching it, ever. We'll use it the way it came off the disk.

    {sigh}

    I showed them that their application ran fine on the current Slackware, and even Slackware64. They had 64 bit servers, but refused to consider using a 64 bit operating system. Again, "it's the way we've always done it."

    A few remote exploits later, and new hardware that simply wasn't recognized (damned if they'll let me build a kernel). I had to sneak a few newer kernels on, to support hardware that they wanted. (shh, that's still a secret).

    They did decide to start using newer hardware, with a modern operating system. They wanted RedHat, they wanted support, but didn't want to pay for RHEL. I asked them "how many times have you asked for support in the last few years?" The answer was, "zero". Actually, they did ask for support. The folks over at RedHat laughed at them. Well, very politely. It was something like "You're using an ancient unpatched patform. Go download something resembling modern, and we'll help you."

    There was a running theme there too. They used the version of Postgresql that came on the CD. They used the version of Apache that came on the CD. Regardless of what improvements or security fixes showed up in future versions, they didn't come on the original CD, so they weren't trustworthy. I was really surprised that we didn't have a higher suicide rate. I found that talking to a brick wall while on long smoke breaks was far more rational than trying to argue with them.

    The ended up going with CentOS, because it was modern, it did have pay support available, and they could get the OS for free.

    I have a serious problem with RedHat and all derivatives. They patch known stable code to make it theirs. On so many developer sites, I've seen statements saying that they can't support known bugs in the RedHat tainted versions, because the changes destabilized it. Basically, if you want help from the author, go get a fresh copy, compile it, and install it. If you're allergic to compiling (sadly, so many people are), most authors have a RPM version available.

    It's not just a few authors who complain. It's not just some edge cases that become troublesome. I ran into them all the damned time. In quite a few cases, I had to go compile static binaries from original author sources, on my Slackware machine, and copy them over, so basic things would "just work". They refused to accept that anything with "Slack" in the name could possibly work, regardless of the fact that I ran an enterprise network for years, fully automated, without any problems.

    The fully automated part was the reason I wasn't there any more. My babies (the servers) were self sufficient. I was just a babysitter, in case something went wrong. Failed hard drive, CPU fan failure, the occasional bad network cable. You get the idea. I didn't spend every day logging into well over 100 servers, fixing things. And we were always patched up to current. If Slack didn't have a package, or if we wanted something different, we managed that ourselves. As I recall, that list was 3 things. Apache, Sendmail, and OpenSSH. Those three were customized for our purposes.

Re:Update & security responsiveness

[smash]

People who suggest ubuntu over RHEL on mission critical enterprise servers because of the lack of non-security related updates are clueless noobs who are going to be severely burned one day by dependency hell on some random piece of shitware that is not required for the operation of your server.

Mission critical servers are installed and then maintained with the bare minimum of patches required to ensure continued secure operation. You install new pieces of random shitware in TEST, and upgrade software in TEST then roll out as a major upgrade after a few years - not every 2 weeks.

Re:Update & security responsiveness

[Red+Storm]

Before I came to Red Hat I had a similar opinion. When I worked in Silicon Valley I thought "Why would anyone want to pay for Red Hat, I can't afford it so that means it's expensive." However after being at Red Hat for over a year my opinion has changed, and that has been because of some things I have witnessed.

Support is one of the first things people think about, however there is a little more than meets the eye here. Let's start with the packages. Let's say there's a major exploit in SSHd, you will likely see a fix from Red Hat within a few days, which will then be available via RHN. The source to the rpm will also be available at ftp.redhat.com due to the GPL obligations. (More on the GPL and RH later.) At this point in time RH customers have the patch available, in this fictitious scenario let's say it took RH 3 days to release the patch from time of exploit publication. CentOS users still don't have the fix, plus CentOS operates somewhat as a "Black Box." You will get the fix when they get around to it, let's say that takes two weeks before it's released (Could be more could be less). That means your systems are vulnerable for about two weeks, in some shops that's an acceptable risk, in other places it's not.
* Support from people is the other thing that people think about. Have you ever had to call RH support? If yes have you ever talked with an idiot? In the many times I have called RH support I have not dealt with anyone who I felt was sub-standard. Most often the problem I have seen is when the clients I'm working with do not present RH support with the information required in a timely manner. When the answers come back they often link to other knowledge base articles and have clear steps to either solve the problem or to better understand some of the complexities. When a solution is found and there is not a KBase article I understand (I may have heard wrong here) that there is an obligation to write a KBase article. I know that tickets are reviewed after they are closed. One ticket I opened regarding Satellite for a customer is getting discussion amongst the Satellite developers about how to best handle the same scenario in the future.
* Support from Articles, this I feel is a real hidden Gem of RH. Nobody knows about it until you have a subscription, and then everyone is so used to using Google for their answers they forget to start here first. The KBase articles from RH are phenomenal! I had a customer ask me how to rebuild the RH ISO image to include their own KS script. I could Google and find 10 articles talking about much of what I'm looking for or search the KBase and find one article that has every step needed for modifying a RHEL disk to have the KS script on the disk.
* Training. Having been through a few RH training classes I can say they are all very good. Yes there are some areas where I have questioned the need to know some things, but that is normal, but I'm never left feeling like the class was a waste. I have always walked out having learned many things which I can use later.
* Consulting. Yes there are many open source consultants who can come onsite and help implement a solution or fix something, however how many of them have access to the people who wrote the Distro or maintain the upstream project? RH has an internal list just for technical questions, many of the engineers are on this list and very technical answers are delieverd. Often SAs (Solutions Architects) and Consultants will post questions their clients have asked. I have yet to see a response of "Why would you want to do that?" or "RTFM."
* Additional products. Red Hat takes upstream projects and repackages them to integrate tightly with RH. Satellite is one example, it comes from Spacewalk and is designed to help keep internal systems up to date and patched according to their channel assignment. Could you use Spacewalk to manage your CentOS machines, yes you can! However let's say you have a problem getting Spacewlak to work right, or there's a bug, what kind of support

Re:Update & security responsiveness

[innocent_white_lamb]

If you're allergic to compiling (sadly, so many people are), most authors have a RPM version available.
 
If you're talking about compiling a tarball and installing it (configure;make;make install) that's generally a bad idea on something like Red Hat, Fedora, or Centos. You're almost always better off to create a rpm or compile a srpm if it's available. A lot of srpms for Fedora can be compiled for Centos with little or no modification.
 
Of course, if you're talking about compiling one single executable that can live in your own personal ~/bin directory, that's a horse of a different colour.

Re:Update & security responsiveness

[rwa2]

By and large the CentOS team do an excellent job with the distribution - but it's a volunteer effort and there have been some notable times lately when important or security updates which have been shipped by Red Hat run late with CentOS, sometimes by a considerable amount of time.

You could also use Scientific Linux instead of CentOS. SL has the backing of CERN behind it, and as a result it has been much more responsive to that sort of thing. SL 6.0 and 6.1 came out much sooner than the CentOS team could port (hell, I think we're still waiting for CentOS 6.1). SL is pretty much otherwise identical in spirit to CentOS... pretty much a white-box clone of RHEL. Sure there are a few minor improvements. And there's a LiveCD!

CentOS itself was apparently launched by a diskless clustering company, which has since started primarily developing on Debian. So I kinda anticipate SL becoming the premier RHEL clone.

Most places I've worked for would develop on CentOS, then swing for the RHEL license when they deploy to clients (probably so they can bill it and markup a "handling fee").

There is a movement to migrate everything to RHEL for security reasons (mainly so you have someone else to blame if your server gets hacked for any reason, I suppose if you're running CentOS you basically might have to suck up the blame).

I would like to support Redhat financially, but I'm more of a Debian guy, and the RHN is more or less broken on the RHEL6 licensed VM that work bought for me due to some certificate error :-P

Re:Update & security responsiveness

They had 64 bit servers, but refused to consider using a 64 bit operating system.

Do you even know what that means? Do you know the advantages of a 64 bit OS over a 32 bit system? I bet you don't, I bet you didn't even need "the extra 32 bits" and based on the rest of your post, I bet you certainly couldn't explain adequately why your servers should be upgraded to a 64 bit OS other than "it has more bits."

Re:Update & security responsiveness

[JWSmythe]

    If I'm compiling for system-wide use, I remove any distribution installed packages first. For example, Sendmail. I use my own fresh compile. Well, it's a lovely script I put together years ago, to build and install, make my custom sendmail.cf, put them in place, makes some symlinks for apps with hardcoded paths, put a check and restart script in place, and add the check script into the cron. It makes upgrade day simple. Grab the current version sources, update my script with the current version, and let it run. I only do the custom sendmail on mail servers, so there's no need to package it up for distribution. I run it twice. Once in a test environment, and then do it in production.

    For something like Apache, I have a much more complicated script, as there are all kinds of prerequisites. For that, I use slackbuild scripts (http://slackbuilds.org) to make my install package for libraries that aren't distributed, or aren't up to date. Apache goes in a standardized directory for my environment, and I let it rip. With the exception of httpd.conf, my Apache directory can be directly replaced. No install/uninstall necessary. If I want to uninstall it (like, demoting a web server to be a redundant DNS server) , I just wipe out the directory, and remove the cron entry for the check script.

    And, if you're a user with sudo access on my systems, and you haven't been explicitly told to make a system wide change, you'd damned well better put your binaries under ~ somewhere. Putting your binaries in the system is grounds for ... well ... some really harsh treatment. I hear building maintenance needs help washing out the dumpsters. :)

Re:Update & security responsiveness

[gridengine]

Then why is the HP Public Cloud built on Ubuntu Linux?? http://blog.canonical.com/2011/10/06/ubuntu-powers-hp-public-cloud/

Re:Update & security responsiveness

[Delusionner]

ouch, how much time did you stay there? I wouldn't have gone through this for too long.

they hired you as their sysadmin to get some professional advice and technical skills, but they just don't want to listen to your advice..

Sometimes, though, you just need to find the right way to explain to your bosses / clients what you're thinking of.
For example, I started working for a client some time ago who was saying "Could you have a look at our servers? We got busted (security issues) around 3 months ago, but I would think that everything is now going well." They didn't resinstall their busted server, or fix the problems in any way.. the botnet running in there was just "less active" :P
I needed the client to go from "Everything's going fine" to "Ouch, WTH is happening on my servers?" So the way I found out to prove my point that things were not OK was to setup tighter monitoring. Since the client was receiving the alerts, too, he started seeing when the ssh binary got replaced and when other problems were around. The idea to ask me to really fix things up "came from himself". heh

now for the OP: hmm... I guess I'd go with other comments: paid support can be good for situations where your team really isn't prepared to handle most situations.
but if what you're afraid of is to have that really weird quirk that brings your server down and that you don't know how to handle, you could do two things:

1. convince your CIO to have a team of consultants around that are specialized in the software you're most afraid of so that they can help you out when it busts down.
2. don't stop there, designate people who should attend formations on how to manage this software and if possible, try and have the consultants teach those people how to fix those weird quirks.
3. have the people on formation write documentation on the procedures and config twists that they learn.
4. when the designated people are starting be able to manage the previously unknown software appropriately, have them teach others so that it becomes general culture in your whole team.

Re:Update & security responsiveness

[JWSmythe]

    No, there are tremendous reasons to upgrade. I am guessing that you are one of those people who resisted the move to 32-bit, when "16-bit is good enough, and I love my 286!".

    First, and not least, is performance. 64-bit Linux will run 10% to 30% faster, depending on who you reference. In the real world, I saw increased performance in my servers. We bought our first couple 64 bit machines as an experiment. After seeing the performance increase, we used them for all new purchases.

    Next is memory. 32-bit Linux has a kludgy ways to access large memory pools (PAE). 64-bit is managed much better.

    Lets not forget about the binaries you may be using. Since we're talking about RedHat, they're probably optimized for i386 or i686, not for what your hardware can actually do. Well, the Gentoo kids can, but they apparently have way too much time on their hands. :)

    And.. You (they) spent more money on those machines. Why the hell would you only partially utilize the available hardware? It's not so obvious if you have a single low-load server, but in larger setups, it could be the difference between needing 100 servers, or 125 servers. I guess if your company is bleeding money, and salaries are already in the mid to high 6-figures for everyone, then who cares about blowing cash on unnecessary equipment. I'd prefer the savings coming back to me and my staff.

    I'm sure some other folks can elaborate more on this.

    I'm avoiding the whole Windows 32-bit 3GB memory cap thing, since that's an artificial limitation.

   

Re:Update & security responsiveness

[metamatic]

I worked for a place, that was sworn to use RedHat.. Well, RedHat 6.0 through 6.2. The logic was "Our application worked on it then, we'll keep using it forever". Damned the remote exploits. Damned patching it, ever.

[...]

If I'm compiling for system-wide use, I remove any distribution installed packages first. For example, Sendmail.

You ridicule people for using obsolete code that's full of security holes just because it's what they know... and you still use sendmail? Do you not see the irony there?

Re:Update & security responsiveness

[MattW]

HP Public Cloud? Vaporware right now.

Re:Update & security responsiveness

[Sun]

Not much experience, one way or the other. I did have a client, once, who decided to pay me emergency fees in addition to activating their existing RH contract to solve a problem. The problem turned out to be documented in a RH KB article, which required recompiling (I think it was) perl in order to solve. That is not what I call support. If there's a problem like that, offer the RPM. The reason they called me was because they were dissatisfied with RH support in the past.

This was back around 2004, so things might have changed since. Still, my advice is: If a 3rd party product demands RedHat in order to provide support (as many CAD, VLSI and other proprietary products do), go with RedHat. Centos will not do under those conditions. If not, Debian is a better community distribution anyways.

Full disclosure - I am a Debian Developer.

Shachar

Re:Update & security responsiveness

[Antique+Geekmeister]

RHN is broken, period. Fortunately, it's easy to set up a local mirror with a single licensed server and use that as your local yum source: just make sure you have licenses for the "channels" you use.

In fact, the "channels" of Red Hat's current licensing and deployments is one of the largest support reasons to use use CentOS or the much better supported and integrated Scientific Linux. Having to track the licensing and activate separate chennels was quite surprising when a partner bought server class Red Hat licenses, because the workstation versions had it and because CentOS had it, and they spent quite a bit of political capital apoligizing to their developers when their installer tools failed to discover OpenOffice components without painful manual "channel" activation.

But if you're not a licensed Red Hat customer, you have no leverage to get them to include new drivers in the kernels. Another partner ran into this with their new 10G network components, when they'd assumed without checking that the new components from HP were supported because "HP supports Linux" but found that they couldn't run it on their locked down RHEL 5.2 systems which they refused to do updates on. I had the opportunity speak with the engineer who had to resolve this, and put him in touch with the kernel engineers at Red Hat he needed to talk to and find out what components besides the kernel itself he'd need to update, becuase another client had had other issues they needed resolved and I still had the engineer's number. (And I note that the Red Hat and Linux kernels were solving bugs that Microsoft had not even acknowledged yet, so that wasn't even an option.)

The CentOS community would have been utterly useless: they have no access to Red Hat's engineers who actually do the kernel updates for new hardware, and Red Hat's engineers actually *wrote* some of the drivers. So the licenses to get support there were invaluable.

Re:Update & security responsiveness

[JWSmythe]

    I was there for about 8 months. Then I got a better gig. The "better" gig ended up turning into a clusterf*ck of an embezzling CFO, and a stupid CEO. When I reported the problems of the CFO to the CEO, he took the CFO's word and fired me. A few months later, no more company. You'd think it's a bad idea to hire the guy who put your father in prison doing a scam a couple decades earlier..

    I went back there after 3 months of not finding anything. It was when we were in fairly deep into this shit economy.

    They did take a few pieces of my advice, like "don't give everyone root access, use sudo, and only for people who have a specific need". They missed the big ones like "keep up to date with security".

    It's funny that you mention the botnet. I saw my first Linux virus at that place. They knew the machine had been compromised about 3 years before I started. They had put the machine up with SSH still on port 22, and the root password of "password". They may as well have set the hostname to be "please.hack.me.example.com". :) Anyways, the did change the password after the break in. I found a couple back doors, some other script kiddie toys, and .. my first Linux virus. It was great. I was so excited. It was your run of the mill file infector, except it opened a port for listening. Did I mention, no firewalls?

    They (the bosses) didn't like the fact that I killed several processes that were back doors. I presented them with the information that the machine had a virus, and it would keep opening back doors as long as anyone ran anything as root (the entire /bin/ directory was infected). I found a program that would detect, disinfect, and protect the binaries from being reinfected. They insisted on a lengthy QA process. I guess they thought I was a smart ass when i asked "Did you QA the virus?" So they had me infect *another* machine. Ok, easy. copied a binary over, ran it, there, you're infected. They tested to see if things ran ok *with* the virus. They infected another machine in the process too. :) I then disinfected the testing machine, and they tested again.

    A few months later, I still hadn't received permission to disinfect the **PRODUCTION** machine that was infected. A couple others got hit meanwhile, because someone didn't see the memo of "This machine has a virus, don't copy anything to or from it!".

    I'm not all that sure that they ever cleaned it, but the machine was finally removed from production, and had a fresh OS put on it. Well, fresh RedHat 6.2. {sigh}

    For the most part, most shops only need a couple people who know Linux well enough to build their own kernel, and fix missing library errors if they're compiling something special. Like, "oohh, libmcrypt is missing, grab the package from our repo and install it." If they can do that, they usually know enough to fix corrupt filesystems, and swap hard drives.

    Places that run custom stuff usually have their programmers who wrote it. Well, unless they're locked into an ancient OS, because the guy who compiled it left years ago, and took the source to everything with him. {sigh}

Re:Update & security responsiveness

[JWSmythe]

    At least I run recent versions of Sendmail. :) After dealing with Lotus Notes, Exchange, and iMail, I'm very happy to deal with Sendmail and it's little insanities. It handles everything I need, which I haven't been able to gracefully switch over to something else. I guess after dealing with Sendmail since the 90's, it seems pretty simple. Newbies though, aren't quite daring enough to hop into sendmail.cf and make simple changes. :)

Re:Update & security responsiveness

[F.Ultra]

Problem is that Scientific doesn't try to be compatible with Red Hat at all times so software that is ceritified for Red Hat that works with CentOS might not work with Scientific.

Re:Update & security responsiveness

[Just+Brew+It!]

Didn't one of the principal maintainers of Scientific Linux recently jump ship to take a job at Redhat? I'm not sure how big the team is, or whether this will have a significant impact on Scientific Linux's future...

Re:Update & security responsiveness

[John+Courtland]

au contraire mon frere: http://www.ubuntu.com/business/server/overview

Re:Update & security responsiveness

Let's say there's a major exploit in SSHd, you will likely see a fix from Red Hat within a few days, which will then be available via RHN. The source to the rpm will also be available at ftp.redhat.com due to the GPL obligations.

OpenSSH is not GPL, it is BSD. And for all the commercial posturing, OpenBSD will have the fix much faster than the expensive linux distros that you pay through the nose for support with. Evaluate the project itself, not the price.

Re:Update & security responsiveness

This is why the company I'm with is going with Scientific Linux over Red Hat or CentOS. Scientific Linux is still free like CentOS, but has more money behind the maintenance, and is still close enough to "Red Hat Enterprise Server" that we get support from our vendors (something we lacked with Suse).

Re:Update & security responsiveness

[metamatic]

Postfix. Seriously. Makes sendmail look like the creaky hack it is. Most Linux and Unix distributions have switched at this point.

Re:Update & security responsiveness

[petermgreen]

It seems to me that one of the main reason to use the rhel rebuilds over debian/ubuntu is long term security updates. If you install a fresh copy of the latest stable release of debian you have 1-3 years (depending on where you are in the release cycle) of security updates before you have to upgrade to a new major version. Ubuntu LTS is similar on the desktop and a bit better (3-5 years) on the server.

Since RHEL provides longer term support and rebuildling redhats updates is relatively easy compared to doing your own backporting centos can provde security update support for much longer.

Re:Update & security responsiveness

SL is actively worked on by Fermilab, CERN, ETHZ, and DESY. This means a number of major research institutions with government funding are going to work on keeping it up to date and actively patched.

http://www.scientificlinux.org/about/credit

Re:Update & security responsiveness

[Murdoch5]

IT is the solution, they should be right on getting the fix rolled out. At a very minimum every IT "professional" should have the ability to roll out a patch / diff fix and to fix programs at the source code level. If the CIO is saying no to Red Hat then it's not really an issue as even an IT coop should be more then capable of managing a decent Linux install. As long as all the servers are running the same distro then just write a decent script to manage the bug fixes for you, as in your drop a patch into a folder and it get applies company wide.

Re:Update & security responsiveness

[tokul]

Let's start with the packages. Let's say there's a major exploit in SSHd, you will likely see a fix from Red Hat

Let's say there is a bug introduced into the package by doggy RHEL patch. How fast can this be fixed? My current experience says that it will never be fixed. Your company keeps postponing bug report.

Re:Update & security responsiveness

[bill_mcgonigle]

Have you ever had to call RH support? If yes have you ever talked with an idiot?

The only problem I ever ran into was with which parts of the distro Redhat deigns 'supported'. I advised a client to buy a RHEL license for a server once, and we only ever needed that support one time. They had a big firewire-connected drive that kept going offline, but worked fine attached to a Mac.

Calling Redhat, I was told that firewire wasn't 'supported' and that they wouldn't help. Somewhere on the website was a list of supported tech that they could point to to back that, but it wasn't what we expected. We figured if it was in their linux, they'd help. It's hard to know what exactly is being purchased with a RHEL support contract - general assumptions aren't at all useful here.

I finally found the answer through community support, and it wasn't all that complicated a fix.

So, yes there are no idiots, but a dumb tech isn't the only way for customer service to fail.

Re:Update & security responsiveness

I have worked in support at Red Hat and most of what you say is generally correct (even if a bit idealistic/simplified). I just wanted to correct the following point but it's not really relevant:

> Satellite is one example, it comes from Spacewalk

Satellite was started as a proprietary project within Red Hat. Then it was open sourced as Spacewalk.

Re:Update & security responsiveness

[makomk]

Not to mention that Red Hat have since taken to intentionally concealing the list of patches they've made to the kernel and added a bit to their contracts forbidding their customers from revealing what patches they'd applied. I think someone actually ended up writing a tool to deduce some of the patches they'd added just so that the maintainer of the official 2.6.32 stable kernel could keep it vaguely in sync with what Red Hat were calling 2.6.32; all the other major distros were quite happy to cooperate and push their patches for it upstream.

CentOS basically have no idea what's actually in the kernel they're shipping.

Re:Update & security responsiveness

This is somewhat confusing. Red Hat follows the GPL assiduously, and communicates directly with the the Linux kernel developers and submits patches directly, so they're clean. What they stoopped doing was publishing the patches as an ordered list, becuase *Oracle* started hiding pasted on, proprietary "optimizations" tint their so-called "Unbreakable Linux", which is really Red Hat Enterprise Linux with the label scraped and resold as a separate commercial product.

Unfortunately, it's made patch integration harder for my colleagues who do such integration and who send their modifications back upstream to Red Hat: they don't always have licenses for their development hosts, and often use CentOS or now Scientific Linux to detect the bugs, verify under RHEL, and submit the changes or work request under the RHEL license for the production systems.

Re:Update & security responsiveness

CentOS was NOT started by that company. CentOS was started by a group of developers from this list. How do I know ...I was on that list, and I was a founding member of The CentOS Project. I built and released the CentOS-4 release. I currently maintain the CentOS-5 release.

Because

[xbeefsupreme]

Red Hat is a cooler name, duh.

Still not Windows

You are lucky your CIO is not wedded to Windows. Stop complaining.

Re:Still not Windows

I'm constantly amazed at how much Windows mindshare there still is.

Re:Still not Windows

To me, it's not that his CIO is not wedded to Windows, it's that he's into FREE stuff. His CIO doesn't not seem to understand the value of support.

Years ago, I pushed Linux at my job but the push only worked because it was free versus anything in the Windows world. It didn't matter how better or easier it was for us so long as it was free.

Re:Still not Windows

[smash]

If (cost of downtime per day) (cost of RHEL support) and (app is trivial/simple/non-mission critical) then perhaps the value of support is not worth the $.

Re:Still not Windows

[Smallpond]

Plus there are third parties who also give great support

Re:Still not Windows

You are lucky your CIO is not wedded to Windows. Stop complaining.

Amen to that

As with other paid software

Cover your ass policy.

Enterprise support

CentOS wouldn't be around without RedHat. When you buy RedHat, you aren't really buying the software since it's free anyway. If he doesn't trust the technical support RedHat offers, that's what you'll need to research well and present to him for a decision.

Re:Enterprise support

[dolmen.fr]

RedHat support is not just what I see when you refers to "technical support": this not just answering the phone. This is also providing software patches to issues (and in particular security issues) quickly. CentOS also provides those patches, but they garantee that there is no time garantee, and also ask you to help to do the job.

The risk of running a system with unpatched vulnerabilities with public exploits is much higher with CentOS, by construction.

Linux is free if your time is worthless.

If your CIO believes his bench is strong enough to support CentOS without formal support (or using CentOS consultants instead of prepaying for RHEL), then he's making the right call.

Incidentally, I have very rarely gotten paid support for any software product that was anywhere near worth the price paid; support calls would typically devolve into blame games and shit would not get done until I got out strace or ethereal and could call folks out on their shit.

If your org does not have a strong linux bench or the linux stuff is not a core infrastructure component, or if your CIO manages via powerpoint and bullet points, then outsourcing linux skills to RH could make sense.

Re:Linux is free if your time is worthless.

[Ritz_Just_Ritz]

I completely agree. Many firms/individuals have the chops/staff to manage things without a support contract. We've got a few hundred production Linux boxes around (mixture of Redhat/CentOS/Oracle) and I can't remember us EVER dropping the dime on a call to RH for anything. We've got enough Linux savvy admins around that we can usually get things sorted quickly on our own. Our corporate overlord has dictated that we stop using RHEL (cuz the support contracts are expensive) and begin standardizing on Oracle's "unbreakable" cruft, which is apparently cheaper to buy support contracts for. Fortunately, the CIO of our subsidiary had some sack and backed our decision to go the free route. We decided to skip the circus that is the CentOS development team/process and will be standardizing on Scientific Linux for all new installs and will be migrating any public facing boxes to SL since CentOS has been unable to meet commitments to get updates out in a timely manner for a couple of years now.

So if you don't need support, there's no moral imperative to buy any. Personally, I'd rather use our finite budget on hardware and making sure my staff is appropriately paid.

Best,

Re:Linux is free if your time is worthless.

[chrb]

"Linux is free if your time is worthless".

This is possibly one of the most useless quotes ever. Does it take zero time to build and deploy a solution on Windows? No. Does it take zero time to build and deploy a solution on any other platform? No. Building and deploying a solution on any platform takes time. So what is the point of this quote? If it is to state that building and deploying software takes time, then it is stating the obvious, and needlessly singles out one platform, when the principle applies to all. If the point of the quote is to suggest that Linux based solutions require more time than those of other systems, then the evidence suggests otherwise, as studies have shown that the average Linux admin is able to support a greater number of servers than a similarly qualified Windows admin.

Linux is free. You can download it for free. You can run it on as many servers, with as many CPUs and users as you want, and you don't have to pay anything to anybody. That is what free (in this context) means: "Free: Without cost or payment." Nobody ever claimed that by choosing Linux you would have no work to do - that somehow, amazingly, your servers and systems would get built and deployed by magical Linux elves, who do your job for free. It's an absolute strawman argument.

Re:Linux is free if your time is worthless.

My last job did Linux development, and RHEL was the supported platform for a number of reasons. We paid for RHEL support because we used it frequently. So if you're running servers sure you don't need support. If you're developing you probably want to fork out for it.

Re:Linux is free if your time is worthless.

[MattW]

His point is that the cost of a RHEL license is only a tiny component of the TCO of a server. After that, if anything goes wrong, then the question is: is the price you pay for RHEL support less than the time it would take you to handle it yourself? Also, as someone else pointed out, RHN adds configuration management and faster patches. Time to set up some other system to management system configs; time to repair or replace hacked boxes because a centos patch was too slow... In the grand scheme of things, those may not be worth it. For example, in a fully-loaded 12-core system being used for virtualization hosting with a 4:1 cpu overcommit, RHEL only costs $.0019 per vm-hour.

Also, long term support is a big deal in enterprises. A lot of times large enterprise projects are built over the course of years. Having Red Hat means that when some change to a piece of hardware firmware causes some inexplicable OS crash 5 years after deploying. It may be very specific to your environment and your hardware and software. You can call up Red Hat, and if it hasn't been fixed, they will go in and fix the source code in order to fix it for you. There are cases where the systems and their function is worth hundreds of thousands or millions of dollars; having Red Hat able to "stand behind" Linux is worth paying for, for some people.

Re:Linux is free if your time is worthless.

[chrb]

I agree with the point - I actually think RedHat support is a pretty good deal when compared to similar offerings from IBM, Microsoft, Oracle etc. But I still disagree that "Linux is free if your time is worthless". When accounting, we don't lump TCO in with the purchase cost of any other operating system, so why single out Linux? We never hear anyone say, "Windows is only $200 if your time is worthless".

Re:Linux is free if your time is worthless.

[im_thatoneguy]

We had a large free solution deployed for several years. It was kind of aggravating to manage and finally invested in a commercial payed solution.

I just calculated that the commercial solution saved us the full price of the software and its support contract every 2 years on electricity. And that's ignoring the hundreds of hours gained from efficiency.

All operating systems are effectively free. If $120 every 3 years for Windows is a sizable expense per employee... your'e doing something horribly wrong at your company. That's probably 1/3rd of their coffee expenses.

If you payed me $40 a year to use linux I would say no. I've setup both linux and windows pipelines before. The setup and maintenance time I had to invest in finding esoteric software incompatibilities with XYZ build of linux were double or quadruple on Windows. Software says "supports Win7" and it probably supports Win7. If software says "Supports RedHat" it... usually, sometimes kind of maybe supports it depending on what version of graphics drivers you're running and what version of OpenGL you have installed and whether or not you're running on Intel... etc etc..

My time is billable at $100+ an hour. If I have to spend 20 minutes a year dealing with Linux incompatibility bullshit or how to get two monitors to work... it's costing me money.

Re:Linux is free if your time is worthless.

[im_thatoneguy]

*Double or quadruple [that of] Windows.*

Oops. My poor grammar could be read opposite of the intent.

Re:Linux is free if your time is worthless.

[CAIMLAS]

In contrast, Windows is cheap if you don't consider many, many small things expensive.

Windows normally has problems at the user level. Every once in a while there's a big problem which normally results in an outage. You'll get lots of end user support issues and you'll need a lot more people to field the calls. (They won't be highly paid, so they'll be easily replaceable and anyone can do that job, but still.)

With Linux, you've got to pay your admins well, because they can't just be clicky-clicky monkeys: they've got to understand the systems, know how to not break them, and importantly, know how to perform clean upgrades of quite a few systems.

In essence, you need a couple project managers and some gurus instead of just one PM and an army of click monkeys. Arguably, it's a wash, financially - at least up front. The differences is you'll see one outage vs. an upgrade and minor conveniences, or many small conveniences ("support costs") vs. clean running.

Re:Linux is free if your time is worthless.

And claiming setup time and deployment is the only thing to compare is another straw man argument.

Unless you are able to fully understand any code of the OS (including utilities, kernel, driver interfaces, firmware interactions etc) you cannot, as an administrator, support an operating system by yourself - it simply is not your job. Knowing some of this is good, its useful for trouble shooting. But at some point you will hit an issue you can not solve yourself, and you will lack the time necessary to resolve it under your own investigations. Same applies to a vendor supported OS -while you can diagnose and drill into a lot of things, at some point it becomes more cost and time effective to engage someone who knows the product directly.

So, if you are willing to compromise your work time or own time to resolve a Linux issue, go for it, but you can't claim that is not time you could either be spending doing something else or doing more productive work. Paying for support is insurance to cover that eventuality.

As to the original question, in my own experience we have had Redhat send our support questions directly to kernel mailing lists verbatim, and at other times been unable to fix a udev issue because the maintainer for it was unavailable for several weeks. That seemed to be the extent of Redhat skills- maybe that has changed, but in my view they lacked any real knowledge of large scale deployments in environments more complex than web serving, and were generally useless when it came to real support issues. I would hesitate to put in a non-supported operating system anywhere - but at least with Windows, Solaris or AIX you are being supported by a company that controls and owns the product, and is not simply riding the whims of the development base.

Call RedHat sales and ask them?

If anyone knows....

Give Em A Call

[Frosty+Piss]

Give Red Hat a call. Seriously, if their sales department can't justify it for you, it's not justified.

Re:Give Em A Call

[wonderboss]

Good advice. It is Red Hat's job to sell their support.

Re:Give Em A Call

[CuriousGeorge113]

This is really good advice. Not only will they give you some bullet points for making your case, but there's a good chance the account trip can give you a few discount points to try and win the business.

Re:Give Em A Call

[King_TJ]

Fair answer... but I'd say truthfully, the SALES department isn't really the group you want to rely on if you need an honest answer. It's their job to maximize sales, so you can expect them to sugar-coat a lot of things and exaggerate the usefulness and capabilities of whatever they're hawking.

They're not bad if YOU already know you want the product and want some more ideas to make a good case for it. But what I'm seeing here is a guy who seems concerned that businesses the size of the one he's in are "supposed" to be buying Red Hat to help support the project, yet they're opting out because they feel they can get by fine with a free alternative that wasn't necessarily made available with intentions of companies like his using it to bypass paying for Red Hat.

To that, I'd say -- no, Red Hat is a commercial business like any other. They're not a charity. The CIO may be the smart one here. I haven't had to work with Red Hat support before, but my workplace pays a lot of money out in support contracts that generally get very little real use. I think they pay for them primarily as a form of insurance, out of FEAR of what might go wrong in the future. Regardless, if I looked back for the last 5-6 years at all the maintenance/support agreements we own and tried to actually cost justify them based on incidents where we used them? Wow ... that would easily average out to several thousands dollars for each hour of time spent on the phone for support!

Re:Give Em A Call

This 1,000,000x. Let the salesmen be salesmen.

Re:Give Em A Call

[Foolomon]

I call bullshit on the first statement. I work in a sales related capacity (after spending 18 years in IT) and I don't exaggerate to make a sale.

Ask for financial metrics or calculate them yourself: what is the percentage reduction based on historical data of determining root cause of problems with Red Hat support vs. without? Multiply that by the going FTE for your industry / geographical region and you have hard dollar cost savings. Use a 20% discount rate (aggressive) to calculate future discounted cash flows (and determine Net Present Value). Solve for n% discount such that NPV = 0 and you have the Internal Rate of Return (IRR).

Then ask the CFO / Controller what the Hurdle Rate is and see if the IRR > Hurdle Rate. If so the investment is sound assuming the data on % savings for root cause analysis is sound.

Re:Give Em A Call

You may not have had a single incident in all that time. If the business goes down and you are losing millions of dollars a day the thousands over the last several years won't matter. It is more of an insurance package AND even more importantly to ensure you get updates (if you aren't spending money Redhat may not be producing a cost effective distribution competitive to the crappy alternatives in a few years). Do you really want that? In the end it could cost you more by not supporting Redhat. Redhat does more than just offer end-user support. They actually write code. Just because you don't have to pay for that code / and or need end-user support doesn't mean it isn't in your best interest to buy Redhat products.

Re:Give Em A Call

[k8to]

A salesperson who does not bend the truth is far and away the exception. Good on you. But more good on your employer who doesn't structure your pay to essentially require you to compete with your colleagues (on a quarter by quarter basis, not over time) who all DO bend it. Because if they did, you'd get let go if you fell behind, so you'd be similarly dishonest or let go. That's how the vast majority of sales organizations are structured.

Re:Give Em A Call

[CAIMLAS]

I'm not a fan of Redhat or RPM based distros in general, but I will say this: as someone who's come in behind admins who can't admin to save their life (half assed is being generous), RedHat support is able to pull up the slack quite nicely when it comes to having the knowledge to do things relatively sanely. If it wasn't for the changes they made/recommended in the configurations, I doubt anything would work.

Re:Give Em A Call

The company I work for pays Red Hat for support for all of its Linux boxes. The one time we used their support network in order to get an issue resolved, it took well over a year for us to get an updated binary for the offending package. We ended up patching the package locally (using a patch we wrote) while we waited for Red Hat (and the upstream maintainers) to do anything. About halfway through Red Hat ignored our patch and sent us a new version of the package which was still broken. When Red Hat finally did send us the fixed version of the package, they yet again ignored our patch.

So to recap, we did the following:
- reported an issue to Red Hat
- provided all of the debugging necessary
- provided simple and reproducible test cases
- provided a working patch that solved the issue in production code for over a year

Red Hat took all of that, and over the course of a year gave us one broken updated package and eventually a working one. Red Hat support is not worth it.

Support and Release Schedule

[bragr]

The only 2 reasons I can really think of are Redhat support (which, at the place were I work, barely gets used. In fact I believe we are migrating to CentOS because we can't justify the cost of support with how often we use it), and the release schedule, because it seems like CentOS is run by the seat of their pants, and they'll release when they feel like it.

Re:Support and Release Schedule

[innocent_white_lamb]

There are good and valid reasons why Centos is currently falling behind RHEL in doing updates. Red Hat is making it more difficult for Centos to keep up. This may not be intended to target Centos, but rather Oracle who has been using Red Hat's own work to sell a competing tech support service.

However, Centos gets caught in the crossfire. This email from Johnny Hughes lays out some of the issues that Centos now has to deal with that were never an issue before.

Here is what he has to say:

QUOTE:
Yes, and NOW the release process is MUCH harder.

Red Hat used to have an AS release that contained everything ... we build that and we get everything. Nice and simple. Build all the packages, look at it against the AS iso set ... done. Two weeks was about as long as it took.

Now, for version 6, they have:

Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Workstation (v. 6)
Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Workstation FasTrack (v. 6)
Red Hat Enterprise Linux Server FasTrack (v. 6)
Red Hat Enterprise Linux Desktop FasTrack (v. 6)
Red Hat Enterprise Linux Scalable File System (v. 6)
Red Hat Enterprise Linux Resilient Storage (v. 6)
Red Hat Enterprise Linux Load Balancer (v. 6)
Red Hat Enterprise Linux HPC Node FasTrack (v. 6)
Red Hat Enterprise Linux High Performance Network (v. 6)
Red Hat Enterprise Virtualization

They have the same install groups with different packages based on the above groupings, so we have to do some kind of custom generation of the comps files to things work.

They have created an optional channel in several of those groupings that is only accessible via RHN and they do not put those RPMS on any ISOs ... and they have completely changed their "Authorized Use Policy" so that we can NOT login to RHN and use anything that is not on a public
FTP server or on an ISO set ... effectively cutting us off from the ability to check anything on the optional channel.

Now we have to engineer a compilation of all those groupings, we have to figure out what parts of the optional channels go at the point release and which ones do not (the ones that are upgrades). Sometimes the only way to tell is when something does not build correctly and you have reverse an optional package to a previous version for the build, etc.

We have to use anaconda to build our ISOs and upstream is using "something else" to build theirs .. so anaconda NEVER works anymore out of the box. We get ISOs (or usb images) that do not work and have to basically redesign anaconda.

We can't look at upstream build logs, we can't get all the binary RPMs for testing and be within the Terms of Service.

And with the new release, it seems that they have purposely broken the rpmmacros, and do not care to fix it:

https://bugzilla.redhat.com/show_bug.cgi?id=743229

So, trust me, it is MUCH more complicated now than it was with previous releases to build.

With the 5.7 release, there were several SRPMS that did not make it to the public FTP server without much prompting from us. And with the Authorized Use Policy, I can not just go to RHN and grab that SRPM and use it. If it is not public, we can no longer release it.

So, the short answer is, it now takes longer.
END OF QUOTE

Re:Support and Release Schedule

Creating CentOS is exactly what someone trying to harm FOSS would do.
So let him whine and let his project die.

Re:Support and Release Schedule

[Tolleman]

Sounds rough, but I wonder how Scientific Linux can still get their releases out the door so much quicker. I guess more manpower or something? Granted, from the stuff I've read, the CentOS guys do not really want any additional help.

Re:Support and Release Schedule

[innocent_white_lamb]

It's my understanding that, unlike Centos, SL isn't as concerned with exact binary compatibility with RHEL. So, if it compiles and runs, ship it.

Re:Support and Release Schedule

This is just standard rant from Johnny Hughes on why CentOS falls behind. If this really was the case, then how did Scientific Linux manage to get out 5.7, 6.0 and 6.1 out the door, before CentOS basically? CentOS prioritised 5.7 over 6.x (fair enough - and a good call IMO), but considering the total time spent on these releases, CentOS falls behind. CentOS developers are far more closed than what Scientific Linux is. People want to help out in CentOS, but the core developers makes that a difficult path to walk.

In addition CentOS developers even yells and screams at their users if you don't worship them properly enough - and in most cases tell you to buy RHEL subscriptions if you're not satisfied with CentOS. Don't waste your time on CentOS, it's a tasteless community due to misbehaviour of core CentOS people. If you want something for free, go to Scientific Linux instead, seems to be a much more civilized community which has releases which is usually in same time frame as CentOS (if not earlier).

But also remember that CentOS and ScientificLinux would not exist as we know it today if it hadn't been for people buying Red Hat products. So if you appreciate the RHEL/CentOS/SL platform ... buying a RHEL subscription also contributes and supports indirectly CentOS/SL.

More people began ditching CentOS for SL as SL was quicker to release the 6.0 release. I've began migrating CentOS5 boxes to SL6, and have had no issues with that migration. In fact, I feel far more confident with this setup than I was before.

Re:Support and Release Schedule

[sunderland56]

Red Hat has differing levels of support at different price levels.

e.g. for a very basic 2-socket x86 server:

• Self-supported: $349
• Standard support: $799
• Premium support: $1299

So the OP could save significant money by continuing to purchase Red Hat, but dropping support.

They are both awful

Centos is awful. I have no idea how to track security updates which is probably the most important thing. Other distributions have security updates linked from the front page and make things easy.

Tracking security updates should be your number one priority, everything else is easy.

Re:They are both awful

[MattW]

yum update = get security fixes

One of the nice things about Red Hat (and thus CentOS) is that they do binary-compatible patch updates, meaning in almost all cases, updates will not break interoperability at all. Say there's a bug in PHP-5.3.6 and it was on a RHEL distribution (no idea if it was). The PHP developers release PHP-5.3.7 (and then 5.3.8 because 5.3.7 was broken) to fix it. RHEL doesn't update you to 5.3.8, Red Hat backports the security fixes to 5.3.6 and released a patched 5.3.6.

What does support mean?

[TheRaven64]

If you can't answer the question 'what does the support buy you?', then you can't answer this. Most of the time, when people talk about support at the enterprise level they mean adding features and fixing bugs that are important to the company paying the bills. Do you have the expertise in-house to do this? If so, then there is no advantage in Red Hat over CentOS (unless it means you can make some of your in-house people redundant). If not, then it has some value. If you can do it all in house, then do: that's the main economic advantage of Free Software, that you always have competition when it comes to providing support, you never have one vendor that is the only one that can fix the bugs that you care about.

If you can do it in house, then don't try to persuade your boss to let you pay Red Hat, persuade him to let you send any fixes or enhancements that your team makes to the relevant upstream projects. This is likely to be much more valuable to those projects than your handing over a pile of money to a third party.

Re:What does support mean?

[Kjella]

If you can't answer the question 'what does the support buy you?', then you can't answer this. Most of the time, when people talk about support at the enterprise level they mean adding features and fixing bugs that are important to the company paying the bills. Do you have the expertise in-house to do this? If so, then there is no advantage in Red Hat over CentOS (unless it means you can make some of your in-house people redundant).

The real question is: Have you ever used your fire insurance? If no, do you think it would be a good idea to drop it? I'd call it excessive if you used it even once a decade. Most companies I know really have support because they can't afford to have a big staff waiting around for shit to hit the fan, but if shit hits the fan they can't afford extended downtime. What if your main man is on vacation or hospitalized or just left the company? The minor features and bugs that get fixed might be perks but that's not really why they're paying. And that's why the CIO's suggestion might work fine this year. And next year. And the year after that. But when your production server just keeps crashing and the backups just keep crashing because it's hit some ugly condition and you need people that really know the system and you need them right now, that's when you want support. But it's rather hard to argue with a man that think lightning never strikes.

Re:What does support mean?

The real question is: Have you ever used your fire insurance? If no, do you think it would be a good idea to drop it? I'd call it excessive if you used it even once a decade. Most companies I know really have support because they can't afford to have a big staff waiting around for shit to hit the fan, but if shit hits the fan they can't afford extended downtime. What if your main man is on vacation or hospitalized or just left the company? The minor features and bugs that get fixed might be perks but that's not really why they're paying. And that's why the CIO's suggestion might work fine this year. And next year. And the year after that. But when your production server just keeps crashing and the backups just keep crashing because it's hit some ugly condition and you need people that really know the system and you need them right now, that's when you want support. But it's rather hard to argue with a man that think lightning never strikes.

If using the money I saved by dropping fire insurance, I could buy a new house every few years... then YES I would drop it. However in my world fire insurance is not prohibitively expensive.

Similarly, if support was used so seldom, that paying a 3rd party on an incident basis (although potentially expensive), would still save money... Then doesn't that still make financial sense? For a smaller business, that does not stand to lose piles of money because of downtime. Or for a project that is internal only, and does not have a significant financial impact, the price cannot always be justified.

If the price of downtime, makes the support contract seem cheap, then that too would be a pretty obvious IMO.

I work with a medium sized business that had RH support for more than 5 years. We've since migrated to CentOS. As far as business is concerned, the only difference, is that this business is saving the money from ~100 servers worth of support licenses.

Re:What does support mean?

Ok... where does it end? If you buy support for RHEL, why not Tomcat, JBoss, Java, [monitoring software], or whatever other solutions $Free Software are typically thrown at?

Look on the bright side...

If your CIO would rather pay you for support than contracting with Red Hat for it, you're getting that much more job security.
I work for a institution which uses Red Hat, and honestly we haven't gotten any support from them in the 18 months I've been here.
I'd much rather use a Debian based distribution (like Ubuntu), because upgrading is easier -- currently we're struggling to migrate from RH 5 to 6.

or... when Debian exists!

I also use centos, scientific linux and redhat, but prefer debian...
ftaurino

Have it put into writing.

[digital+photo]

Seriously, if your recommendation was to go with a product with paid support and your CIO is opting to go the other way, then get it in writing detailing the exchange. Nothing wrong with Centos. Nothing at all. Great platform and great support. However, there are products out there, or drivers for said products, which will ONLY work on a RHEL box because of RPM package dependencies or library linking to libraries of different names/etc. When that time comes up and it results in downtime, you don't want your manager or worse yet, the same CIO riding you for an answer as to why it is taking you so long to get a "standard" RPM installed to get things working again.

I've used RHEL, CENTOS, Oracle's EL, and Ubuntu... and there is ALWAYS something that needs a driver or a package installation that breaks because it didn't support the distro/flavor/version you have installed. Alien and other tools can only do so much... you don't want to be pulling your hair out at 2am in the morning... or worse yet, at 2pm in the afternoon, during a deployment/conference/expo/etc.

Re:Have it put into writing.

[Slashdot+Parent]

you don't want to be pulling your hair out at 2am in the morning... or worse yet, at 2pm in the afternoon, during a deployment/conference/expo/etc.

If you're deploying anything straight to production without testing that exact thing somewhere else first, you deserve whatever you get. RHEL can't cure that level of stupidity.

Re:Have it put into writing.

[turbidostato]

"there are products out there, or drivers for said products, which will ONLY work on a RHEL box because of RPM package dependencies or library linking to libraries of different names/etc."

Will it's probably the case that some vendors will refuse to support their products on CentOS instead of Red Hat, that's a political decision, not technically-based.

AFAIK CentOS is supposed to be binary-compatible and certainly will have the same package dependencies/libraries names than the "genuine" Red Hat.

Then you go mixing apples with oranges about RHEL, CentOS, Oracle's EL, Ubuntu... So, please, can you offer an explicit example or are you just spreading FUD?

Re:Have it put into writing.

[turbidostato]

"If you're deploying anything straight to production without testing that exact thing somewhere else first, you deserve whatever you get."

So you do own an exact replica of your production environment, including all expensive hardware, load and size for staging purposes?

Re:Have it put into writing.

[PAjamian]

Exactly what driver have you found that will run on RHEL but not on the same version of CentOS? CentOS is fully package and binary compatible with RHEL and they take great pains to make it so so I would be very surprised if there is any RHEL package or driver that won't work with CentOS just as well, or vice-versa for that matter.

Re:Have it put into writing.

You have never worked in a place where there are a sales and/or marketing departement, have you?

The choice wether prototypes should work in a critical environment a week before deadline or not is not always yours to make. Sometimes you just have to make sure that the show goes on.

Re:Have it put into writing.

[Slashdot+Parent]

"If you're deploying anything straight to production without testing that exact thing somewhere else first, you deserve whatever you get."

So you do own an exact replica of your production environment, including all expensive hardware, load and size for staging purposes?

No, I do not. Neither do I own any of the hardware in my company's production environment. It is all virtual nodes in Amazon's EC2.

But to answer your question: Yes, I do spin up an exact replica of my production environment in EC2 for staging purposes. Once the deployment procedure is executed, and regression testing and load testing are complete, and rollback procedure tested, I terminate the staging resources and deploy to production using the exact same deployment procedure. As you might probably guess, my deployments never result in any four-letter-words being uttered.

Excellent question, though.

Re:Have it put into writing.

[AK+Marc]

Some do, with port mon used to get real traffic into the test network. If it's really "critical" why would you do any less?

Re:Have it put into writing.

[turbidostato]

" As you might probably guess, my deployments never result in any four-letter-words being uttered."

Oh, that's good. That means you couldn't be hitted by the DNS TTL (bug? feature?) from Amazon, or could you?

Re:Have it put into writing.

[Slashdot+Parent]

Oh, that's good. That means you couldn't be hitted by the DNS TTL (bug? feature?) from Amazon, or could you?

I can state with pretty high degree of certainty that you do not understand what you are talking about and are just regurgitating slashdot headlines from a few days ago. I say this because this is not really an Amazon bug. Amazon is following the DNS spec. It is broken clients that are not respecting TTL values that caused the reported issue.

That being said, there are measures that Amazon could take to mitigate this issue. The most obvious would be to use virtual IPs (they already support "Elastic IPs" for EC2 instances) and remap an IP to a different load balancer when they need to migrate a customer onto new hardware. Right now, they rely on short DNS TTL values to remap a DNS name to a new IP. Unfortunately, in the real world, not all clients and ISPs respect this value.

Perhaps now that there was a front page article on slashdot, that might alter the priority of fixing this. On the other hand, I think the front page story only garnered about 50 comments, so I guess that might give some clue as to how minor this issue is.

All that being said, none of my EC2-based applications are vulnerable to this issue, as I do not use ELB. I've used nginx since long before ELB was available, and there has been no compelling reason to "upgrade" to ELB and all of its quirks. I don't know if they've fixed this yet, but it used to be that you couldn't even map your zone apex (blahblah.com) to an ELB. It had to be a subdomain (www.blahblah.com). If it ain't broke...

Bottom line: EC2, as well as any shared hosting environment, has its own benefits and drawbacks. If you run your own datacenter, I can virtually guarantee that you won't get pummeled with millions of Netflix API requests. On the other hand, if you run your own datacenter (as in singular datacenter, as opposed to multiple datacenters), I can pretty much guarantee you that your application is more likely to experience unscheduled downtime than a properly-architected EC2 application that is hosted across multiple regions.

Tell me again what the problem is here?

[Kjella]

The boss doesn't believe in support. CentOS is a product with no support. Do it, and if shit hits the fan you have your big "I told you so", hopefully in writing. If it all goes to hell, show that to his boss, assuming he has one. It's one thing if management doesn't understand, here they apparently do understand but disagree. Then they're free to fall on their own sword IMO.

Re:Tell me again what the problem is here?

[tftp]

The boss doesn't believe in support.

This is often the case with people who are sufficiently competent in what they are doing. I have my own domain, mail and Web server. I'm running an Ubuntu LTS distribution. I don't have support - never even considered it. First, the server is not mission-critical to that extent. Sure, it would be sad if it crashes and burns. However the monetary loss to me would be nearly zero. Second, I can fix most of the common problems myself, being somewhat aware of Linux and using it since 1997, probably (don't even remember.)

We don't know what that "large project" is for. The fact that it's large doesn't mean that it's mission-critical or that it uses one server and a million of terminals. If the latter I can understand using Red Hat - you need only one or two servers. But what if that "large project" requires installing one server in each out of 10,000 little stores that the company owns? Well, that becomes a very different story; licenses on *that* would kill you pretty fast. The OP doesn't elaborate on the economics of the project, but the CIO of course has that in mind.

Then they're free to fall on their own sword IMO.

Perhaps they have a backup plan. Red Hat is not the only source of support. There are consultants that are ready and willing, for an appropriate fee, to jump in and fix whatever needs to be fixed. That fee is generally known. The CIO is likely to be aware of it, and his decision to skip the RH support necessarily includes the plan how to fix things when they inevitably fail.

Note also that the RH support does not work by magic. People at RH don't just read a spell from a grimoire and your server fixes itself. People at RH require someone competent near the broken server. And if the tech is that competent he probably can fix the problem himself. Another possibility is to simply swap the bad server for a new one, out of a pool of spares. With CentOS that costs you nothing. It would be actually a good way to fix things because this covers hardware failures too, and the repair time can be very low and predictable. The backups, configuration and such should be already set up to cover the hardware failure because that's the most likely cause of a problem anyway.

The RH support is also different from IBM support. In the IBM case all you need to do to fix the problem is to unlock the server room door to let the IBM guy in. You pay a lot but you know what you are getting (a guarantee.) But RH can't guarantee anything hardware-related, and they won't be sending anyone with spare parts and tools. They can only advise. The value of that advice may vary from reasonably high (you need to reconfigure something on a live server) to abysmally low ("your RAM is probably bad, or something else.")

Re:Tell me again what the problem is here?

[turbidostato]

"The boss doesn't believe in support. CentOS is a product with no support. Do it, and if shit hits the fan you have your big "I told you so""

And you surely don't forget to add to your "I told you so" the exact way in that having payed for Red Hat support would have avoided or at least alleviated the effect of the shit hitting the fan.

Because without that, you still have no damn case.

Re:Tell me again what the problem is here?

Do it, and if shit hits the fan you have your big "I told you so", hopefully in writing.

You're an engineer. Your job is to take a large pile of Shit and make it smell like Roses, not to sit around blaming people for it. Engineers make things work despite the obstacles placed in front of them by customers and management, not to dig in their heels and pout about how everything isn't Perfect According to Theory.

Or to put it a little differently, the main difference between a Programmer and a Software Engineer is this: The Programmer makes a piece of software which requires (for example) 1 gig of RAM to function at all. A Software Engineer takes that same piece of software and figures out how to shoehorn it into a 1/2 gig system.

Yes, you need to have everything detailed and the requirements made plain, and the consequences for not meeting them spelled out. That's part of your job and also good self-preservation. But then your job is to deal with what you get, regardless. The CIO made the call, stop pushing him and questioning him on it and do your job. When shit hits the fan, don't go running into his office with a big "I told you so." Don't say anything unless you are called to account specifically- he already knows you "told him so" and all you'll do is piss him off by rubbing it in his face.

Ethics

This is about ethics. Companies don't act ethically. It's that simple.

On the other hand chosing software without commercial support makes the IT people in the company less expendable. It's not ethical, but going with CentOS puts you in the position of power. Getting a raise will be easier....

Re:Ethics

[mabhatter654]

And the first time that bites the other "C" guys in the ass the whole department gets shipped to India, damn how much it costs.

Maybe this is a non-critical business that can afford time to fix things. But if the CIO thinks lack of payed support makes your team MORE valuable, it ALWAYS backfires. IT is always expendable.. We make too much money and aren't part of the "golf and hookers" culture. They'll never really trust us.

Re:Ethics

[hairyfeet]

Ya know, I've never really understood that either. I had a former boss that like me got fed up with corp work and walked away and by the end he would just tell them flat out "Does your desktop come on in the morning? Can you get your email? does the web work without you being spammed by Viagra ads? Well do you think that magic elves come in and do that work?"

One of the last straws for me was this law firm I set up, which I thought I did a beautiful job even though they were cheap bastards. Everyone had a standard Dell Optiplex PC, a nice sonicwall in the closet, it all ran like a Swiss watch. I told them i didn't have time to be their admin but I knew a couple of guys, both damned good AND affordable, and gave them their numbers, so what do they do? One of the PHBs says 'Oh that's too high, I know a guy that's a WIZ and computers, he'll do a great job!" and I bet half the admins here are ALREADY cringing, but you ain't heard nothing yet.

So I get called back out about a year or so later because the "Wiz" got caught surfing porn and running a Quake III server on company time and "things are acting funny" so they paid me time and a half to come right out....acting funny....damn. I get there and the wiz has thrown out EVERY SINGLE BOX that I bought because they were "too slow" and instead put together a bunch of gamer rigs from Tigerdirect barebones. NOTHING matched, ALL of it was this nasty unstable OCed mess. I thought that was bad and then...I went into the closet...Jesus Tapdancing Christ! The braintrust had tossed the sonicwall for a pile of d-link routers you know, the shitty blue bastards? yeah those. and instead of the ISP I had set up he had set up a DIFFERENT ISP for damned near EVERY router! Apparently his idea of adding bandwidth was to chain on another D-Link and get another connection!

That episode and a couple of similar ones broke me of working corporate. if you work corp, you have my sympathy. They are constantly fucking you on the budget, constantly giving you too much to do with too little to do it with, and what is your reward? To get offshored or even have to train the H1-B they are gonna fire you for.

I don't know, maybe IT guys need a union or something. All I know is having family in construction and working IT frankly the plumber gets more respect than the guy who has to keep millions of dollars of hardware and software running, and that just ain't right. Maybe IT needs to have a case of the "blue flu" and everyone take off for 3 days, just to let them know how much you really do? something has to change because at the local college IT has become a ghost town. Nobody is learning IT anymore because they've seen how shitty the rest of us have been treated. Everyone is in either medical or legal.

Typo in headline

[lexcyber]

How can I justify redhat or redhat-based distribution when there is debian?

Re:Typo in headline

Start running big-shop apps like Oracle DB, Siebel, SAP, etc. See what kind of support the vendor will provide when you tell them you're running on debian.

Re:Typo in headline

[Dwonis]

There are, like, 3 people who do that.

Re:Typo in headline

[PrimaryConsult]

**This**.
While RedHat is IMO the best Linux money can buy, if you don't have that money a RedHat clone isn't going to help you much.
Why? Debian is easier to roll your own fixes because the free support you get is excellent. Between IRC, forums and the tons of howto sites you get out there, someone, somewhere has definitely wanted to do what you are trying to do. Since there is no paywall to Debian's support, you will not have better answers hidden from public view.

Also, think about staffing:
-Someone who knows the ins and outs of a RedHat system to be able to function without a support safety net is probably RHCE (or at the very least, capable of getting said cert). This automatically makes them more expensive. Your rank and file sysadmins would need to be at RHCSA level.
-In a pinch, anyone who messed with Ubuntu enough to have dealt with the command line can perform minor system administration on a Debian box. These could be employees within the company working desktop support, a call center or some other IT function. The learning curve to turn these people into full sysadmins is much smaller, and you'll already know the type of person they are, eliminating the hardest part of hiring someone new.

CentOS has it's own problems

There are other issues with using CentOS instead of Red Hat. As of late, the timeliness of updates has not been acceptable for a security minded organization. The leaders of the project have shown no desire to open up the process to other contributors from within the community. It's gotten bad enough that quite a few companies that I consult for have started switching to Red Hat (or Scientific Linux). I think it's a fair assessment to say that the future of CentOS as an enterprise distribution is in question.

If your CIO won't consider paying for Red Hat, you owe it to yourselves to look at SL. It's backed by quite a few research organizations and universities. They release quarterly status updates. They turn out updates significantly faster than CentOS (many months faster for 6.0 and 6.1) and security updates for packages are faster as well.

Paid support

[nurb432]

From the people that created what you are using.. That is justification enough.

Having someone else to point fingers at when things fail should not be discounted.

Re:Paid support

[sjames]

You'll never be able to sell the blame game to the person who would be looking to assign blame. That's an argument you can make to middle management, not a CIO.

we have 3000 linux machines

1/3 of them desktops, 2/3 of them render farm. We have no support of any kind.

Re:we have 3000 linux machines

[mabhatter654]

But that's OK. In reality you get about as much desktop Linux support as Windows support... Buy the time you GET the support you could have just replaced the machine anyway. Systems configured to keep all the data on the network have their own "support" built in.

Obviously, the servers are for something critical enough poster things they need support... If only to cover his own ass.

I'd add it's fun to be the hero in an IT situation... Then you grow up and want to do the same work that took 60 hours in the normal 40 to do other things. Careful use of support contracts is how you make that happen... IT is funner when it's boring.

Business Case

The -only- way you'll persuade the business mindset is to write the business case as to why to use Redhat over CentOS. So, either go with the flow, or use your spare time to create the convincing argument f

Depends....

[larien]

This very much depends on the organisation and the risk appetite.

If you have a technically skilled support team who are willing and able to get into a bit of C coding, the "free" linux distros are viable. If your support staff are pure admins and don't do C coding much/at all, they'll struggle to maintain Linux without someone like Redhat backing them up.

Also, it depends on the app - if it can fall over for 2 days at a time without much of an issue, who cares about support? If an hour of downtime is a big issue, you need someone who is able to fix it Right Now (TM). If your local team is good enough, that's fine, but mailing list/forum support of free software is down to the goodwill of the community. They don't care if your app is down, they have day jobs and social lives as well. With Redhat, you can get someone on the end of the phone 24x7.

Re:Depends....

[vlm]

they'll struggle to maintain Linux without someone like Redhat backing them up.

I have to call that out. It has not been 1993 in almost 20 years.

Re:Depends....

[larien]

Ok, scenario time:

One of your key system daemons has just crashed (SEGFAULT). Restarting it causes yet another crash; what do you do? If you know C coding, you start doing stack traces. If you have a support contract, you call them up. If you have neither C skills or a support contract, you hope like hell that Google can help you. If not, you're reliant on someone on a webforum/mailing list helping you out, possibly including handholding on "how to run a debugger on a core file".

I don't care whether it's 1993 or 2011, the fact is if something goes wrong, you need someone who can investigate, find root cause and recommend a fix. That pretty much has to be a skilled internal admin with C skills or a 3rd party support contract.

It's easy to maintain an OS (Linux, Windows, Solaris, AIX, whatever) when things are working, the problem is what you do when things go wrong. That's when you need the support.

Re:Depends....

[wgibson]

One of your key system daemons has just crashed (SEGFAULT). Restarting it causes yet another crash; what do you do? If you know C coding, you start doing stack traces. If you have a support contract, you call them up.

I'm sorry, but I live in the real world. I can't justify the risk of lost time involved with the options you provide. I will make a copy of the core-dump and the data currently "live" with that daemon, before rolling back to a backup from disk, VTL or tape.

99% of the time, the problem is gone, because 99% of the time the problem will be caused by bad data triggering a/the bug. And most likely, the copy+rollback took about the same amount of time as the phone-call to support would have taken (most often less), and unless you are very experienced at debugging other peoples code it is almost guaranteed to be faster than pulling out strace, gdb and the source.

Of course, there is a reason I say "make a copy of..". After rolling back and getting things running again, I am very much interested in figuring out what went wrong. But now I have plenty of time to either do the debugging, or seek out someone who knows how...

Re:Depends....

[vlm]

You've gotta be kidding me. Nobody does stuff like that.

You pull the git logs on the config to see what changed either on that machine or the git config of the puppet server to see what happened. Roll back the changes and restart. You're doing this on a maintenance notification using your standard change procedure so you could work off that instead of poking around randomly in git.

Or, you just got owned and thats why binaries are weirdly crashing, an incompetent script kiddie.. Why your IDS didn't detect it is a mystery to be solved later. Disconnect from public network, reinstall a vanilla system, and let Puppet and GIT configure it to your needs, should take less than a half hour on bare metal, literally 5 minutes on any virtualization system.

I don't care whether it's 1993 or 2011, the fact is if something goes wrong, you need someone who can investigate, find root cause and recommend a fix.

That might be a support contract, might not. Review their hiring ads and compare them to your own internal talent. If they are wizards like the Cisco folks, then you rely on them and buy a contract from them. If its like HP or Dell and all you can expect is a script reader in India telling you to wipe and reinstall windows, don't waste your time.

That's when you need the support.

Some places will take money for a contract, and not provide the kind of support you believe exists in all areas of IT. No opinion here on RHAT

Re:Depends....

[Brian+Feldman]

Okay, now how about when no system packages changed?

Re:Depends....

[zaphirplane]

no way redhat support will be useful if you have less that a couple of thousand subscriptions.
If you say they are then you have 10,000 subscriptions or you are a redhat 2 level support trolling.

Re:Depends....

Interesting. In windows world, we don't need to call Microsoft for support. At least I never had to.
Therefore I doubt that in Linux world you really need support so badly.

Re:Depends....

[RogerWilco]

they'll struggle to maintain Linux without someone like Redhat backing them up.

I have to call that out. It has not been 1993 in almost 20 years.

Unless you have people who have been doing that since 1993. (Or even earlier, some people in our IT staff have been there since the PDP-11 days). There are some really experienced and skilled Unix admins out there.

But for what it's worth, I've also seen RedHat solutions work really well. For the less experienced who need high uptime, security, and have a complex setup, it can work really nicely.

What do you want?

[0123456]

CentOS is good but slow; AFAIR Red Hat are working on 6.2 whereas CentOS 6.1 isn't even out yet. I use CentOS on my telecommuting system but considered paying for Red Hat last year when security patches got weeks behind.

So CentOS will save you some cash, but if you want to keep the OS up to date with fixes then you'll need to spend some money and buy Red Hat.

Re:What do you want?

[Pharmboy]

To be fair, CentOs is pushing out all the 6.1 security releases to 6.0 users (like myself), so it isn't quite as bad as you state. Granted, it isn't great, but the systems are still fairly secure.

That said, I would be lying if I didn't admit I have been looking at Scientific Linux, only because I cut my teeth on RH back in the 90s and used to the layout, and Scientific may have a better product when it comes to updates.

Re:What do you want?

[0123456]

Yeah, we've switched a number of CentOS systems to SL over the last few months. I've considered doing that with my telecommuting box, but since I'm connecting to CentOS 5 machines I'd rather have the same OS here.

Re:What do you want?

[nicoleb_x]

Patch Someday?

Re:What do you want?

[Capitalisten]

+1 on this one.

The current state of CentOS6 is really not optimal: Lagging more than half a year behind Redhat means that there are security fixes for known vulnerabilities that are not applied to your system, and the same goes for bugfixes that may have an impact on overall stability of your systems (as in "lost man hours because of inaccessible services). I know that CentOS has promised to back-port critical security fixes from RHEL 6.1 to CentOS6 but that honestly makes me feel worse about the hole thing - in that case we would have a CentOS6 that was some unholy mix of RHEL 6.0 and RHEL 6.1, something I *really* don't want to be responsible for.

About a year and ago we had 8 RHEL subscriptions that were mainly maintained because we wanted to support OSS development - today we've replaced 30 of the CentOS installations we had back then with RHEL installations, simply because we had too many instability problems with virtualization on CentOS. Converting the servers to RHEL (not reinstalling - just changing a few configuration files and adding them to our Redhat Network) and installing the latest RHEL 6.1 kernel solved the problems in every single case - no exceptions.

Tell your CIO from someone who has been there that he will most likely be wasting more money on spent (or lost) man hours during the year than the subscription will cost you. If someone is relying on the services provided by the servers, there is a real risk that they will spend at least some time on waiting for you to get things back on track, and that is probably going to amount to real money lost pretty quickly.

Re:What do you want?

AFAIR Red Hat are working on 6.2 whereas CentOS 6.1 isn't even out yet.

But that's just version numbers, those can be fixed!

Go with CentOS plus one action

[mbkennel]

Go with CentOS as the CIO asks, and suggest one additional action: a modest donation to the CentOS team (less than RedHat support of course).

The real motivation is to get on the good graces of the primary CentOS developers/packagers, and develop a relationship so that if the company runs into something very difficult that they can't solve at once, they will pay for some direct one-on-one consulting from these developers as needed, and not as an ongoing expense.

Re:Go with CentOS plus one action

[sgt+scrub]

Agreed. In addition. Businesses, and people, should toss distro_of_choice $25 per installed copy just to keep distro_of_choice around. If they like it enough to run a business on it, they should contribute in one way or another.

Re:Go with CentOS plus one action

Getting in the good graces of the centos team? Are you kidding me? We have donated over 100K US dollars over the years and can't even get an answer about when critical security updates will be issued. Updates seem to lag more and more with every passing release from Red Hat.

We have stopped making donations until the project pulls its act together.

Re:Go with CentOS plus one action

Getting in the good graces of the centos team? Are you kidding me? We have donated over 100K US dollars over the years and can't even get an answer about when critical security updates will be issued. Updates seem to lag more and more with every passing release from Red Hat.

We have stopped making donations until the project pulls its act together.

You mean you've stopped donating because the project stopped accepting donations 2 years ago? I also don't believe for an instant your claims of $100k in donations. Perhaps you can troll elsewhere?

Re:Go with CentOS plus one action

The CentOS team do not accept donations of money,

Lack of confidence?

Your CIO is already paying you. Do your job correctly and your CIO won't need a support subscription.

If your concern is over the ethics of it, wash your hands because it's not your call. When you get to be CIO you can make decisions about where to spend the IT budget. Raise your concerns, do what you are able and move on.

We use Centos at work...

[djsmiley]

And while sometimes the community is great, other times they make me want to stab myself in the eyes.

It really depends how deep into system your getting. If its the kind of thing that could run on ANY linux distro, you'll be fine as there is such a large community that can help. However if you find issues which crop up perticuallry with _centos_ and nothing else, and you require something which isn't "normal" in centos.... i.e.. not in the repos and your not happy building software yourself (which is kind of silly in linux but wouldn't surprise me these days) then you could be well and truely out of lucjk.

So...

If you can admin yourself, build your own software and fix it yourself - centos works fine
If you can't, you need that levle of extra support red hat offers.

Disclaimer ( I've never used red hat technical support, but have worked with random other companies who do technical support as my roles in IT work places and I think I know what to expect.

Re:We use Centos at work...

[billcopc]

This is what pushed me away from CentOS after about a year or two. It makes it rather frustrating to compile your own stuff, due to the RPM hell that hasn't changed all that much since the early RH days (I'm talking 1990's). If a tarball doesn't come with a Spec file, you're fucked and will be spending an extra couple of hours figuring it out on your own - either that, or you install the CentOS-maintained version and install the source-built on over top, fingers crossed hoping you don't break some critical lib.

As suicidal as it may sound, I got frustrated enough with RPMs that I switched for Gentoo. Yes, I would rather build _everything_ from source, than fuss with binary packages that almost never provide what I want. While Gentoo's quality has slipped in recent years, it's still quite pleasant to maintain, especially if you set up a private Portage mirror to ensure consistency across all your hosts. Sync the master only when you want/need it, and network-wide maintenance becomes a simple matter of testing the update once, and rolling your own binary packages out to the nodes.

Re:We use Centos at work...

[I'm+just+joshin]

I use Gentoo for this as well. I build binary packages on my master host, test it in our test environment, then install to production. It works great and I can turn off features I don't need.

Re:We use Centos at work...

You may want to look at Arch Linux as an alternative to Gentoo, it is pretty easy to build custom packages on Arch.

What's the issue?

The summary doesn't state why the person posing the question wants to pay for support. Do they not have the expertise? Is it a simple matter of wanting to support a Linux company? It sounds like the CIO is, reasonably, looking to get a good deal on their software purchase. If you can't give them a reason why Red Hat is the better option then I don't see what the problem is.

Your boss is in the minority

[etymxris]

From what I've seen, large enterprise customers prefer to have support. Many will in fact not use anything that doesn't have "enterprise class" support. Maybe your company will be fine without such support, but then again, maybe it won't be. When shit hits the fan the CentOS developers aren't going to help you out, and Red Hat certainly won't either. But if you don't think you'll ever have a problem with the OS or a distro provided package, then go ahead.

I sympathize with your boss's disposition. Paid support often is absolutely worthless. I don't think Red Hat's support is worthless though.

Re:Support and Release SchedCentos, Seat of panule

[djsmiley]

Seriously if you think centos is anywhere near cutting edge.... oh dear.

He's the CIO, what is your justification?

It seems like the only reason you've outlined is "because we have money". What is your justification for wanting to use something that costs money (usually not a small amount either). If you really just want to spend money, you could always identify those instances where RHEL support will buy you something beneficial and spend it on those. Alternatively, you could donate (equipment or money) to the CentOS project.

How can you justify using Red Hat?

[lanner]

In order to make the headline question nice and small, you didn't specify why you want to use Red Hat over CentOS.

Was it because you find the support from Red Hat valuable? You've had trouble in the past and really want to be able to get some technical help when problems come up?

Was it because you just want to make sure that Red Hat gets paid for the work they have done, or which the CentOS goons just leach off of?

Personally, if my direct reporting manager made such as requirement of me, I'd just up and quit. Actually, I already did that, and recently. That being said, I'm a Debian guy so I don't really have this particular problem, but when PHBs make demands of saving money now in the name of causing problems later, I'm out of there.

Red Hat isn't a charity

[FoolishOwl]

The only thing it lacks is support, which the CIO doesn't want.

The only real question here is whether the CIO is in error about whether you need a support contract. If you don't need a support contract, it simply doesn't make sense to use Red Hat instead of CentOS.

Red Hat is a profitable company. They make money by selling support contracts and by providing training and certification. Training for Red Hat is training for CentOS, and software developed for CentOS is software developed for Red Hat, so Red Hat actually stands to benefit from the popularity of CentOS.

Security, CEO/CIO due diligence

[syousef]

Centos is a community effort and would be easier to infiltrate and infect with malware than official Redhat. While it's not the most likely scenario, the CEO and CIO may find themselves in a position where it could be argued that they did not exercise due diligence and care should your company lose data or be compromised in some other way. The breach doesn't even have to be related to Centos itself. They just have to be audited or investigated for some sort of breach and it happens to come up that instead of going with a cheap and trusted supported and paid alternative, they got cheap and greedy and cut corners.

The only problem with this line of argument is that it can backfire big time: the execs may panic and go too far - for example banning all open source or free software.

Support contract of third party app...

Why you needed Redhat? Does any application requires, as a contractual clause, the use of a "enterprise" distribution as Redhat Enterprise or Suse Enterprise? IBM, Oracle and may other ISV vendors require this to have support for their product. This is the ONLY reason I see you would need a "enterprise distribution"... and, true to be told, even with your contract support, if you aren't a big customer (believe me I work for one of those two) is fairly remote the support you will get, and not much different than the support or information you could get from your google-fu skills. If you are worry about support, contact local linux enterprises and ask for a bid for support... with Linux, you will have troubles very early in the implementation, or relatively easily identifiable hardware issue (yesterday we had network, not today). If you get "random issues" that could be 2 things... software (specially if you are using java) tne 95% of the time, or faulty ram...

But for example, you have faulty ram, they you are in the need of better hardware, with hardware based memory error detection, and if you are worry about future issues because your skill level, Improve it, and make tons, and tons of backups...

Don't spend the enterprise money in software licences, better use it to get MORE and Better hardware....

Re:Support and Release SchedCentos, Seat of panule

Seriously if you think centos is anywhere near cutting edge.... oh dear.

I do believe that's the opposite of what he said. They're not committed to a release schedule, so they're far behind red hat, releasing whenever they feel it's ready.

Support

[devnullkac]

There's really only one question to ask the CIO: if we're not paying for support, what will we do if we encounter a problem in the OS that we do not have the expertise to solve?

If you've got a Scotty-like reputation for problem solving, then it may simply have never occurred to the CIO that there's a problem you and your team can't solve. Make it clear that there are specialized areas of expertise involved here and you don't staff to investigate and solve them all. If you're running a mission critical system, then time-to-resolution matters. With Red Hat you can presumably get a service level agreement with a time-to-resolution clause. If you're just Googling and begging for help on forums, you can't make any guarantees. The CIO may assert that this is a reasonable risk. Make clear that it's his risk, not yours, and if failure comes knocking, make sure it's at his door.

Public or internal systems?

[perpenso]

I think we need to know if the centos systems will be accessible by the public or if they are strictly for internal use. If for internal use I think rhel support would be less of an issue.

Re:Public or internal systems?

[petard]

As someone who sometimes gets paid to break into "internal" systems, I would like to encourage this mentality. The farther behind "internal" systems get on patches, the easier it is for me to demonstrate success.

Re:Public or internal systems?

[perpenso]

As someone who sometimes gets paid to break into "internal" systems, I would like to encourage this mentality. The farther behind "internal" systems get on patches, the easier it is for me to demonstrate success.

If "farther behind" refers to the time frame between a RHEL patch and the corresponding CentOS patch you may not have much to work with. We are not talking about leaving internal systems unpatched.

Get what you are told if you have it in writing

[asdf7890]

If you have the conversation in writing where you have recommended RedHat and why but you have been told to get CentOS instead, go CentOS. Chances are all will be well and it will be money saved. If something does go wrong that a support contract would have dealt with, no one can blame you for choosing CentOS over RedHat and you might even get a few hours paid overtime fixing the issue yourself...

Liability

[Yo+Grark]

The only thing I can add is Liability. RedHat assumes some liability in the day to day operations of your company. Liability which if you sell to customers (aduh) they require for certain forms and certifications. Insurance is not enough. We're talking SOX, we're talking HIPAA etc. At the end of the day though, just remember that these are just tools. No different than someone saying "I want a stanley hammer" and you getting a black and decker.

I've written a few whitepapers on Support and Maintenance, and in my surveying of customers, liability or the ability to checkmark that their supplier/vendor has liability for the code they use to produce their goods has been a very GOOD thing in a few cases like government and lawfirms.

Yo Grark

Re:Liability

Good in theory, but mostly insignificant in practice. Liability refers to the legal responsibility of a service/product when such item fails with negative consequences. Having a piece of paper saying a vendor holds liability is much different from taking them to court and collecting.

Re:Liability

[Yo+Grark]

Oh I never said it was REAL. I just said it was a good thing CIO's need to checkmark their responsibilities :)

Yo Grark

Re:Liability

I like the liability comment. At one time, Red Hat defended linux and code with in it. Go back and look at the SCO group lawsuits. If you get something free off the web and it contains content that you may not be allowed to have (stolen code, copyright infringment, patent violations), you might want to ask who might in trouble. SCO randomly chose companies to chase after. I remember that Red Hat and EFF said that they were
going to stand up and help the companies that were going to be sued. If you are not running their products you might be taking on a lot of liability. Right now might be especially important as reduced income at companies appear to be increasing legal actions [look at andriod, tablet size/look alike issues]. If you pay someone for it, i think that it is a different ball game. Red Hat is assumed would have done the due diligence. If it is found to have issue they are the ones to take care of it and/or defend it. IANAL.

Re:Liability

I would love to see that RedHat license where they do anything other than totally disclaim any and all liability for the day to day operations of your company.

Re:Liability

Its not just liability, its intellectual property indemnification.

I'm not a lawyer, but I know that reason is much more important to a big-company's lawyers than support. You might remember a small legal case from SCO...or perhaps a few more recent legal cases involving Android.

If you don't mind your company being on page 1 of the business section, then go right ahead and accept that risk yourself. If you want a little backing in your court, man up and buy a RH subscription.

Why? Simple, lack of security updates

CentOS went three months without a single security update earlier this year, who in their right mind would touch it given that history?

Why are you so insisting on Red Hat?

If CentOS does the job equally fine, why do you insist on paying for Red Hat? Don't you have people around who will make sure your project works? Do you really need others to do it for your company? (re: red hat support)

Re:Why are you so insisting on Red Hat?

[spooky_d]

Red Hat is probably the #1 contributor to the Linux kernel. Need I add more?

You pay for it one way or another

I suspect your CIO feels this way about paying for support because he/she is surrounded by highly skilled technical people. Most any problems are thereby expected to be solved in-house. Regardless, its something you probably can't influence one way or another, unless you're willing to commit to a Corporate Re-education Campaign. As with all things with management, YMMV.

Either you pay for it by having to keep technical staff on hand that are able to solve problems (e.g. read documentation) or you pay for it by buying a support contract. It's definitely cheaper to buy support contracts than to keep a few experts on hand. But then you also run into the gray areas when trying to gauge what's appropriate. In the case of Red Hat, the support isn't that great in my past experience. For example, if you have an issue that is kernel related, it will take a while to get you up and running again. In some cases you can end up with a reasonable workaround, but that's not a given. If asked, I would probably side with your CIO to opt out of paying for Red Hat support. The value in Red Hat support is the updates, but you get those for free with CentOS.

Re:Learn to use English

[thaylin]

It is ironic that you tell him to use English, yet your grasp of the language seems much weaker then his.

Comment removed

[account_deleted]

Comment removed based on user account deletion

A good backup plan

[nukem996]

RHEL support gives you a very good backup plan. If something goes wrong with your Linux systems they will stand behind it and help you get it right. CentOS your on your own. While that might be fine most of the time a case could come up when no one on your team knows how to fix or do something and your stuck. RHEL will help you through it in a timely manner while CentOS might lead to long down time. As others have mentioned CentOS is way behind on building updated packages. Because of this you may be open to a security hole for much longer then you would with RHEL. The other thing to keep in mind is if your using any third party software they won't support you running CentOS. If your CIO really wants a free Linux distro I would go with Ubuntu. Your getting the same binaries are the paid version and if something bad happens where you need support you can get it pretty easily.

Re:A good backup plan

[nukem996]

The other thing I forgot to mention is if you do run into a bug RHEL is much more likely to fix it in a timely manner then CentOS will. This is especially the case if you run into a bug that is unique to your situation.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Why? Simple, lack of security updates

[VenomousGecko]

I agree with this. I have had customers running RHEL and CentOS and there have been a few times where CentOS does not keep pace with RHEL (most notably with the RHEL 6.x release). Support for issues is one thing but if the OS is not patched because the vendor, in this case CentOS, does not push them out then what recourse do you have as a CentOS user? You didn't pay for it so, to be blunt, "Sucks to be you." You take your chances when you choose CentOS for production environments.

CIO may be reasonably well informed

[perpenso]

You are lucky your CIO is not wedded to Windows. Stop complaining.

Not only that the CIO seems to know that Linux has various distributions serving different needs and knows of CentOS' relationship to RHEL. Not being a Windows only guy is great, but knowing that Linux is not a singular unix-like operating system is even better. There is actually no real evidence that the CIO is making an ill informed decision. He may be of the opinion that it is, or should be, within the IT department's capabilities to support these systems. More so if the systems are for internal use, less so if they are accessible by the public.

Re:CIO may be reasonably well informed

[JWSmythe]

    So, you're saying that he (the CIO) knows what he's talking about, and made an informed decision. I may disagree with the whole RedHat family, but there's one thing that we have to remember. The CIO gets to make those decisions. There's nothing that the folks in charge hate more than some subordinate continually attempting to undermine their authority.

    "No, Boccaj (the OP), I told you, you will be using CentOS. Rather than doing the work assigned to you, you've wasted time asking your friends how to change my mind. Now you'll have plenty of time to consider such decisions, while you're looking for a new job."

    Ya, it's a weekend.. Ya, it's his personal time. But he's decided to use that personal time to pursue work matters. Imagine what he could be doing, instead of writing that complaint, and reading through all these posts. Damn son, you could have finished the project before Monday morning.

    (FYI, no, he doesn't work or with me. I just hate people wasting time complaining about something that they can't change, when they could be doing something productive.)

Re:CIO may be reasonably well informed

There is actually no real evidence that the CIO is making an ill informed decision.
 
There's no evidence to say he's making an informed decision either. The knowledge base you'd have to have to make the decision that the CIO made could be gotten in most Tech Republic top 10 lists or in the side blurbs in every issue of InformationWeek.

Re:CIO may be reasonably well informed

[bigstrat2003]

It's his time to waste. It's no business of the CIO's how he chooses to use his free time (assuming that it is free time, which seems reasonable).

Re:CIO may be reasonably well informed

[AK+Marc]

It was likely covered in a CIO magazine and the article recommended RHEL over CentOS, but he only remembered they were associated and CentOS was cheaper.

Re:CIO may be reasonably well informed

[JWSmythe]

    I'd be willing to bet that his behavior isn't exclusively on the weekends. He probably sits in his cube researching why the CIO should change his mind, and complaining to other employees that he's right and his boss is wrong. I've seen it happen so many times, it isn't even funny.

Re:CIO may be reasonably well informed

[ryanov]

I wish the "boss" would let us run CentOS -- I would run it on development machines and save RedHat licenses for production. They're not that expensive for us as we're an EDU, but... it just seems silly to bother. But oh well.

Ask the CIO: will we be opensourcing our software?

[jerryasher]

I've been on many projects that opted for Centos over Red Hat, and some in which the CIOs demanded Red Hat over Centos. All on various perceptions of what free means and what paid for means. Sort of a Rorschach test.

If you feel strongly about this, you might ask the CIO if you folks will be open sourcing the software you write, and if not, why not.

Penny wise and pound foolish.

[Wakko666]

Ultimately, it's a question of paying in dollars or paying in other resources, such as admin time.

Instead of paying Red Hat to spend their time supporting their OS, he's going to be paying his own folks to provide that support. There will be no guarantees about how quickly vulnerabilities are addressed, no guarantees on when his systems will receive updates regardless of severity. His admins will be dedicating time to supporting the OS that they could otherwise be spending building *on top of* that base OS.

Free may save him some dollars in the short run, but as someone who's done sysadmin and ops work for the last decade, I can say with certainty that he *will* be paying those exact same dollars (or more) over the long run. Maybe he's okay spending dollars out of operating expenses rather than capital expense, but one way or another, those dollars will be spent. The main question he should be answer is how much value he's really receiving for those dollars.

In my opinion, he should spend the money on RH entitlements and let his sysadmins work on projects that aren't simply reinventing the same wheel.

This also doesn't get into any of the value-add stuff that the RHN or RH Satellite provides, such as easing and speeding up the audit process for SOX and PCI audits.

Support, up to date products + perfect parachute

CentOS cannot have that - as someone said, CentOS is 6.1 barely, RH is 6.2.
I do understand why you want to buy RedHat. It's the support, but it's also buying from the cow, since RH are one of the largest (if not the biggest) contributors to the Linux kernel + many other stuff. I think it's the fair place to put your money, but if your boss doesn't understand that, try to make him understand the dangers of being out there in the open without guarantees (things that RH offers). Like patching a vulnerability in a specified time limit. You know, the kind of stuff that will save you from leaking client data and other things similar. CentOS can never provide that, nor can they be made liable. Tell him that RH is his parachute if something goes awry - and he will not be held responsible if he made the right decisions.

For the guys that recommend Debian: while I admire the wonderful debian tools, that's about it. RH invested a lot in the core OS and I think that Debian also profits from the success of RedHat. While I do agree that Debian is great, I don't recommend it for enterprise.

That's why people buy Windows, btw. It's because they have the perfect parachute in the MS support.

Linux is free if you have a brain.

[khasim]

Since ANY system you use will require that you learn SOMETHING about it your title is misleading.

The scenarios are:
1. Your people can already handle the task
2. Your people need to learn more and do so without additional expenses
3. Your people need to learn more and do so with additional expenses
4. Your people need to learn more and do NOT do so
5. You outsource the project and dump the scenarios onto the outsourcing company.

It doesn't matter which platform you choose. So Linux is still free (and Free like speech) as long as you have a brain and can learn.

You're wrong.

[Frosty+Piss]

Otherwise, it's just a compilation of others software, just like CentOS is.

No, that's not so. Red Hat does much more than simply repackage other people's software.

Have a look at Fedora.

Re:You're wrong.

[Smallpond]

Also, Redhat is the largest single contributor to the kernel and wrote RPM.

Re:You're wrong.

[dolmen.fr]

I would not use RPM as a reference in a discussion about RedHat software now: the current state of RPM development is a bit fuzzy (at least from an outsider point of view) with two separate forks in existence.

Your CIO geenralizes a little bit strongly.

[drolli]

> Our CIO is convinced that technical support for any product is worthless.

I know of people who were lucky to have bought Redhat on a supported Hardware and getting a quite subtle question about a specific raid controller config which blocked them from using their compute cluster answered promptly.

Why do you want to

[sjames]

You haven't given us any information to work with. The best I can infer is you want RHEL because the company has money. That's not a reason.

WHY do you prefer RHEL over CentOS? Are you at all likely to encounter an issue covered by RHEL that you can't solve in-house? If so, wehat sorts of issues? Are they things your department is supposed to be able to handle?

Bug fixes

[tanawts]

With commercial support, if and when you find a bug in the distribution, you have the means and leverage to have the bug fixed and possibly interim workarounds.

I work on an Open Source project

I work on an open source project which shall remain nameless. Myself and the other maintainer both work on Commercial projects that use said project and both of us have a similar philosophy when it comes to bug fixing. If it effects the people that are paying the bills fix it, if it doesn't review patches (when we get time) and accept them if they don't break our uses of it. When it comes to RH or CentOS your choice is to be the customer or to be the random dude with a bug report. If you have the technical expertise to fix bugs and possibly manage custom versions of software if upstream doesn't accept your changes go for the "free" version, otherwise you are better off paying someone to do that for you.

No Brainer For Me

[StormReaver]

I tried putting a client on CentOS 5, and it was a disaster. EVERY Qt or KDE program randomly crashed on startup (sometimes it would run, sometimes it would crash), but there was no rhyme or reason to it. After limping along this way for a few months, they insisted that I do something. I removed CentOS, and replaced it with Kubuntu. Not a single problem since.

CentOS had demonstrated very poor quality controls, so I decided to stop using it. For customers with 3rd-party software that must run on only officially approved distributions (which boils down to Redhat) such as Oracle or ESRI, I use RHEL. For everyone else, I use Kubuntu. CentOS will likely never see another installation on any server I manage.

The CIO is correct.

[SuperQ]

The CIO is right for the most part. But I would say this. You will need to replace the redhat support with one extra FTE in order to make sure that security updates match what redhat is doing.

I can't see why anybody would use redhat

Really.

Upgrades are worse than windows. Package manager is only recently catching up (but not yet met) where other distros have been for decades. C'mon, why RH OR CentOS (which suffers the same shortcomings as RH). I haven't used any other distro that recommends against an upgrade. Also, what is with needing a CD to upgrade even if you are willing to "risk an upgrade". RH does upgrades the worst of all distros, I think Debian does it best. just a simple command to upgrade a host to the next major version, and there are tons of Deb systems that have been through many version upgrades, and work perfectly (no "risk" here).

The only reason we have ever run a RH or CentOS box is when a commercial vendor requires use of this inferior distro.

RH also packages almost nothing. Had a box running one of those commercial apps, and RH (not centos), and it needed some sort of AV. RH didn't even package ClamAV! (not sure if this has changed with recent versions, but, again, c'mon!

Re:I can't see why anybody would use redhat

I'm willing to bet all these "RH sucks, Debian is teh bestest" posts are from the same guy.

What about Oracle Linux?

[hejish]

If you consider CentOS, have you considered Oracle Linux. Why I've used RedHat: I use software packages not supported under CentOS. Those packages (including Oracle database software) are supported under Oracle linux. With Oracle Linux, you can choose to go a very-much-like CentOS path and not get support and not pay, or you can choose to pay and get support where you need it. Real support, not the "it is better to get help from the community than expect actual help from the company you are paying" kinds of support. I am NOT an Oracle linux user. I am evaluating this issue right now.

Support = you

[vlm]

The only thing it lacks is support

That's you, right?

Its a whole different ballgame if the boss is willing to hire someone who happens to be a dev for the OS.

That is roughly the position I operate in since 1997, but in a Debian world.

You Can't

Under the context you describe you can't justify Red Hat.

The CIO has determined that his strategy is to take on support risk in house. That may mean that he pays for experts he controls, it may mean he has an operational strategy that makes the impact of technical incidents related to the OS have less impact, or it may mean he ignores the risk because it isn't likely enough to occur or if it does occur isn't a big enough of an impact economically to justify the cost of vendor provided support.

The reason he has chosen this strategy is relatively unimportant (unless of course he has solicited your input on the strategy). Under his current strategy the decision to use CentOS even if you can afford RedHat or even to build your own OS is irrelevant. Take a requirements based approach, determine what your operational and non-functional requirements are, and implement his strategy to meet those requirements. When you're CIO you can change the strategy.

Re:Learn to use English

[Jeremiah+Cornelius]

"Then"

3rd party software certification

What if you've got to use RedHat with a closed source solution... and that solution is buggy an requires undocumented tweaks? Having Redhat support in the loop could help take care of that. Is the configuration your using even supported?

YOU are the ongoing support contract.

I think what you don't realize is that you have a very forward-thinking CIO who supports open source so much he's willing to hire staff to implement and support it. If you find a bug in centos, fix it on the job. Get paid for your time. Submit a patch to the community. There: you're a paid open source developer. Are you failing to see how awesome your boss is being?

Lacks more than that...how about: QA, certs, RHN..

[dAzED1]

"The only thing it lacks is support, which the CIO doesn't want"
There's more than that it lacks, even for the basic customer. Something more important (to me, at least) that it lacks - RHN. RHN is great. Yeah yeah, one can set up a spacewalk server and update locally. I know. But...why?
Another thing CentOS lacks which is extremely important in the industrys I tend to work in: certifications. Has CentOS been EAL certified at any level? No. Will the DoD let you use RedHat over CentOS? No. Will a PCI auditor be a fan of your use of CentOS for your externally-facing website that processes credit cards? No. Does CentOS have enterprise-level QA processes for each and every thing that they are (because they are...) modifying? No. Would the FDA be happy with an OS vendor with no QA process? No. What's the indemnification that CentOS will give you in suits against Microsoft?
It's not as though the options are "CentOS" versus "Redhat with full support" after all. There's the self-support option, which just gets you access to allllllll the other things. And you can even be "that place" that has 500 servers but only bothers getting 50 seats...eh, whichever, won't really matter except for the indemnification part.
I mean, what industry are you in that the question is even worth pondering? If you handle money, sensitive material, or PHI you'll spend WAY more than that tiny self-support price in the bribes and obfuscation necessary to get ok'd with CentOS. I mean hell, Fedora has a more extensive QA process than CentOS. Maybe you should just tell your boss you agree with him so much you think you should use Fedora!

CentOS Goes Missing

Yes CentOS is great in fact I use 5.7 as my webmail server, but what happens when the guy running Cent OS decides to vanish for 2+ weeks without anyone being able to get in contact with him as happened only about a year ago

http://www.osnews.com/story/21921/CentOS_Project_Administrator_Goes_Missing-in-Action

Sorry, don't see Redhat doing that one....

Two words: RISK MANAGEMENT

[mikelieman]

When your production instances running on Centos get rooted because of an unpatched vulnerability, and your company gets the same reputation for security as Sony, your entire board of directors will understand why you need support -- even if the CIO doesn't get it..

"Red Hat had this patched on 01-October, why were we still vulnerable?" is the kind of question a CIO hears right before he's fired...

IP Indemnification?

We have faced a similar question and ultimately went with Red Hat for the IP Indemnification found in their "Open Source Assurance Program" -- the way I understand it, if someone decides to pull a SCO, Red Hat will go to bat for us.

http://www.redhat.com/rhel/details/assurance/

Re:Why? Simple, lack of security updates

CentOS went three months without a single security update earlier this year, who in their right mind would touch it given that history?

It's fine for development systems that need to operate certified software. Only a clueless spreadsheet monkey would try to save a few bucks by deploying it on a production system that's accessible from the internet. Whoever posted this question should forget about arguing with his CIO, it's pretty useless. And he should get his parachute ready because if these systems get hacked that CIO is going to make sure the fan is pointing his this guy's direction when the shit hits it.

Three Reasons why you might want Redhat.

[Vellmont]

1. Redhat provides more timely security updates. One ownag3 due to a patch being late in Centos, and your CIO will wish he had spent the extra bucks. This isn't terribly likely, but it should still be a concern.
2. Redhat provides indemnification. This can be a Big Deal if you get sued by someone. A large enough company with deep pockets is a target to be sued. (Patent lawsuits anyone?)
3. Redhat provides 24/7 support. Sure, your admins may be Super Great, and you never need the support, but what happens when the admin is on vacation, fishing in the middle of Alaska with no cell coverage? What happens when the Super Great admin finds better pay somewhere else?

With that said, I think Centos is a great option for a lot of people. I use it myself for my home machines, and have used it for small businesses. None of the above are terribly important for either of these cases, so Centos is a much better option. But at a certain point, largely dependant on company size, the above reasons are going to overshadow the additional cost.

Flat-out contradicting will not help.

[jimicus]

There's a number of ways you can deal with this, but one of the most important aspects is how you approach your CIO.

I'd strongly recommend you pick up a copy of Dale Carnegie's "How to win friends and influence people". It's mainly aimed at salesmen but there's a lot of information in there that's useful for people in all walks of life.

Why we stopped buying RHEL

[digipres]

Some years ago we set up all of our systems using RHEL with a paid support subscription. As a government agency we considered this the proper risk averse thing to do. When we had an actual issue that required technical support, we discovered that the people tasked with delivering the support were clueless and once the query was laboriously escalated up the chain, we found that we were met with apathy, not much more clue and no effort to dig into the issue.

So we changed to another distro, stopped paying for support, and on the occasions where we do run into something strange, a few minutes of web searching usually uncovers an answer.

It would be *very* hard to make a compelling case to us for paid support these days.

Why bother with Redhat?

What does Redhat support get you? In truth, it doesn't get you much at all. We pay for Redhat licenses, but we use Centos as well for dev & test environments. I don't really see what paying for Redhat gets us at all. It is a waste of money.

It's all about horses for courses.

[prowler1]

One company I worked at would _only_ let us use RHEL because it was an Enterprise level OS which meant if there was a problem with it, then we could get support if it was beyond the SysAdmins but mainly because it meant they had accountability.

Most of the other companies I have worked at have used CentOS because it is free.

If you need the support, accountability and the stability with release cycles and patches etc then go RHEL. If cost is a factor and you don't mind not having the backup there if things go really bad with support, go CentOS. Just weigh up the pros and cons and go in batting for the more appropriate solution.

I have to admit that the place where we used RHEL, management changed and the new manager in charge of signing off my PO's was a bit of a Microsoft fanboy and wouldn't approve the renewal of our RHEL support agreement because 'I don't see why I should pay for support for a free Open Source solution' which I got told after he spent a decent amount of money for an Exchange+Blackberry solution. Due to his attitude, we lost a sale to a bank after they did an external security audit on us and needless to say, he only kept his job for a few months after that. It didn't stop him trying to blame me for the servers not being under support, thankfully I kept all the correspondence about the situation :P

Now I am currently stuck with our preferred vendor for Linux being OEL (Oracle Enterprise Linux).

Sounds like you consider RH to be a charity

[petes_PoV]

We are not those people. We have money.

So your argument is that you should pay for it because you can afford to. Not because you have costed the benefits or one solution or another, but simply to "reward" RH because your company is in a position to pay.

On that basis your CIO is making the right decision for the company and its shareholders.

there are other expenses

[YoungHack]

To be fair to your boss, I've witnessed plenty of "issues" arise with different software platforms that had commercial support and where the vendor wasn't particularly interested in resolving the issue. Perhaps we weren't big enough fish in the pond. I've also watched IT staff use that as an excuse for failure. In my personal opinion, designing around a closed source solution and having poor response from a vendor shouldn't let you off the hook. In a way, it's worse than an open system, because often you can't even get into the guts of the problem to fix it, even if you might have the ability.

The cost to a company for using a commercial platform is not merely in the cost of the licenses, either. You have to also consider the cost of license compliance and tracking. The energy my workplace spends in a year on tracking "seats" and negotiating licenses for closed-source programs is just depressing.

One word CVE Support

[JTW]

If you need to explain why you were hacked with a common exploit that's been in the wild .. say 12 hours after Defcon.. you need real support, even if it appears passive and monitors your vulnerability and sends you a little reminder to "patch". One of the realy nice things about Red Hat Network is it "proactively" monitors the status of your machines and "suggests" patching for specific vulnerabilities by CVE.

I can't imagine "anyone" with experience suggesting such a thing.

CentOS is great.. and has stated goals.. but no one is paid on the CentOS project to create patches and update systems using CentOS.. its best effort only. At times its only porting of a patch released by Red Hat with no testing. And it almost always, by definition "lags" behind RHEL. CentOS does not port forward, patches originate upstream and port downstream.

While some third party software that you buy will state "should work with CentOS" that rarely extends to "supported" since they would be on the hook to support the OS as well.. or defend their position its an incompatibility with CentOS.

The more binary capability you need the worse the situation gets, for example with Tape Libraries and Backup Software, Antivirus software, SarBox software.

You might get away with it for a very short time, but as the subrelease numbers increase the differences begin to appear.

The most sensitive point is CentOS cannot be recomplied to be identical to RHEL, they have to use different kernels and or compilers since they only have access to source.. so its not a true clone. It strives to be that, but its still not the real thing. And with recent changes in packaging greater differences are going to appear.

Its such an obviously, strange suggestion, its almost not really worth discussing.

People who arrive at a conclusion "irrationally" without all the facts can rarely be "reasoned" out of the conclusion.

Bottom line, it is not Red Hat Linux.. it strives to be as much as possible and that is its charter.. but there are differences.

Paying for support is a whole other issue.

Support can be defined to be "community forum support", "email support", "phone call support", "remote login and fix my problem support", "custom software development support", "patch support" which can be broken down into "security patch support" and "bug fix support".

At a bare minimum you want "security and bug fix" support that's the real reason for signing up for Red Hat Network. You get proactive monitoring and timely patches for known documented CVE exploits that are retroactively tested and easy to apply. You get access to a bug tracking and resolution system which lets you log a bug, and see it progress throughout the system. You get access to incremental subrelease media so that you can deploy new systems without rolling all of the patches released since the initial release across the new system.. it keeps the install system up to date and concise.

I mentioned before, but really like that the agent you run on the system notifies Red Hat of the patches installed, they diff those between what they know is available and proactively send you an email to remind you if one of your systems is "exploitable" by a known CVE. Red Hat documents or converts bugs into CVEs that are industry wide that can be referenced and tracked across distributions, even across different Operating Systems. That is "Hugely" important, it becoming the gold standard for stating "yes we are test and verified and safe from that exploit" to a co-worker, a boss, or a judge.

Re:One word CVE Support

[jroysdon]

Not to mention you can patch based on CVE, RHSA, security severity, etc. with RHN. CentOS has no such support for patching based on a specific security release (yes, there is a yum plugin, but there is no repository/package information for any security content).

CentOS doesn't keep around older updates once they are superseded, but many times you may need to patch up to just a certain point (see the update-minimal yum option). Not a problem with RHN.

Here are the yum options that are rather useful and supported with RHN:
    Plugin Options:
        --security Include security relevant packages
        --bugfixes Include bugfix relevant packages
        --cve=CVE Include packages needed to fix the given CVE
        --bz=BZ Include packages needed to fix the given BZ
        --sec-severity=SEVERITY
                                                Include security relevant packages, of this severity
        --advisory=ADVISORY
                                                Include packages needed to fix the given advisory

Some software only works on RHEL or SLES

[loufoque]

For example some stuff from IBM.
Their installers will refuse to install on any other linux variant, and rewriting the installers yourself is just not worth the effort.

CentOS have been lagging on updates lately ...

[Paska]

CentOS's release schedule has been really struggling recently. Release 6 was almost edging a 250 day delay over Red Hat.

CentOS have still to announce an official date for 6.1 to be released, which Red Hat released back on May 19th. There is a lot of uncertainty regarding CentOS releases and as such in my opinion makes CentOS not the ideal choice for the enterprise.

Other advantages are Red Hat's support services and the Red Hat Network (RHN) are second to none. RHN alone is what convinced us to pony up money for licenses.

The gist of the advantages are: better support, quicker updates/security fixes, easier and centralised management of multiple servers with the only disadvantage being a price tag.

Re:CentOS have been lagging on updates lately ...

For this reason alone I'd recommend going with RHEL - the delay between RHEL 6 and CentOS 6 was surprisingly high when it is basically just a re-distribution of the same packages. Or go with Scientific Linux, which is also based on RHEL but is more up to date..

Re:CentOS have been lagging on updates lately ...

[jroysdon]

Not disagreeing, but I would point out that the CentOS CR repo has been pushing security updates found in EL6.1. So while CentOS 6.1 as a full release is behind 250 days, the updates are still flowing, just delayed. For instance, Firefox 3.6.23, shipped for RHN 28 Sep 2011 vs. CentOS CR repo on 06 Oct 2011. 8 day delay - much better than CentOS had been at for a while.

On the other hand the Apache webserver, httpd, was delayed a far longer amount:
06 Oct 2011 vs 21 Oct 2011 - ouch.

To me, a 1-3 week delay for an internal-only server/service is acceptable. For something Internet-facing, totally unacceptable.

Re:CentOS have been lagging on updates lately ...

Centos is dying a slow painful death.

Slow and slower releases, delayed updates. This entire CR process is a joke. Packages getting shoved off builders onto mirrors making users the alpha testers.

Remember you heard it here folks...

Re:CentOS have been lagging on updates lately ...

If you go to the CentOS Site, you will see information relating to the 6.1 release.
They are moving from 6.0 to 6.1 on a rolling release. i.e. they are releasing the packages as they are built that will...

  move a vanilla 6.0 installation to the same patch level as 6.1 (on an individual rpm basis)

It is not hard to setup a 6.0 vanilla repo plus an updates repo locally. Just update the updates repo with a cronne'd update from one of the mirrors.

Re:CentOS have been lagging on updates lately ...

The release schedule isn't as important as it sounds. Enterprise customers are even slower than the CentOS release teams at moving to new releases. I regularly see new RHEL 5 (RHEL 5 for god's sake!) servers being stood up because that is the "company standard" and they haven't bothered to move ahead.

The packaged software issue is the serious issue. If you plan to run ${COMMERCIAL_SOFTWARE} on these servers, chances are there is a support policy on that software that lists supported OS's, and chances are _very_ good that the only supported OS's are the commercial ones (RHEL, SLED, maybe Red Flag if they are in that market)

This doesn't mean that the software won't work fine on CentOS. What is means is that if you need support on the software, and the folks on the other end of the phone get wind of the fact that you aren't on one of their supported OS's, you are SOL. "Please call back when you can reproduce the problem in a supported configuration. Good by."

If you do go with CentOS, then you either need deep in-house OS skills, or you need to pay someone with deep skills to support you. One way to not be a fsck'n leech is to participate in the CentOS community. Take the cost of the equivalent RHEL subscriptions, and dedicate that $$ amount of effort into the CentOS project. This would be a win-win. It would keep CentOS alive, and keep your deep skilled in house folks at the top of their game.

The answer depends on the company size

[br00tus]

The answer depends on the size of a company. If you are at a small, cash-strapped company, where more possible server downtime is an OK risk because the company really doesn't have any money, then CentOS may be the best route to take from a business standpoint.

We can get a rough idea of the size of your company from what you said. You said they can afford Red Hat, which would tend it toward a larger company. The company also has a CIO, which also tends it toward the larger. That you have input into the discussion of Red Hat or CentOS, and the CIO is involved in this kind of discussion, and he goes for free over supported as he isn't high on support would be something that would show you are probably not at the largest company.

Shit rolls downhill. There is a tendency of the higher-ups to not want to pay for support, not want to pay for new machines and software updates and the like. Why have 100% patched, supported software and hardware when they can have you running around all weekend trying to fix things and plug leaks when this old, unsupported infrastructure goes down. And then that it went down is your fault - you're supposed to keep the systems running and they did not run.

A CEO or CFO pushing against a CIO and saying lets not buy supported OS software is normal. A CIO should be pushing back and saying, except in extenuating circumstances, every server, every server OS, and certain types of software (Oracle or whatever) running on those servers need to have support. A CIO should be looking out for his infrastructure, his team etc. Weak, incompetent CIOs are the ones who never argue with the CEO and upper management - they say yes to everything top management says, and then run to their team in a panic telling everyone they have to implement the top managements crazy demands. Competent, smart CIOs have a little more backbone, and know when to say yes and when to say no. I have been at many companies over the years, and honestly, the entire company is much better served by a competent CIO who says no to the CEO once in a while, then a weak, incompetent CIO who says yes to the CEO for everything, even when he can't deliver.

A CIO who says something like yours did about OS support is either weak or stupid, or both. Honestly I'd polish my resume, spend more time professionally networking, start going on interviews, and seeing if I could find somewhere better. A CIO who says we just don't have the budget or there's extenuating circumstances or whatever for no OS support might be understandable. What he said is a sign of him/her being weak and incompetent, and you can probably do better. It's also a potential sign of bad times for the company - if your CIO is weak, who else in top/middle management is weak? Why does the CEO allow a weak CIO?

Re:The answer depends on the company size

As a CIO I laugh when I see answers like yours.

It's a combination of risk, cost and priorities. With out knowing the details of any of those you cannot make the call.

As a CIO for a small College my biggest frustration with service contracts was they are not priced on the value of the service, but, what is the most they think you can afford. The software service contracts prices were based upon the number of students enrolled. The funny thing is, generally the school with bigger students have more support staff and call the software vendor less.

Re:The answer depends on the company size

[Stonefish]

This is not stupid or weak, it is the response of a well informed CIO that understands the capabilities of the market.
For example does google, facebook or twitter buy support by the OS install? No...

How will your sysadmin organisation look like?

[SpaghettiPattern]

How will your sysadmin organisation look like?

Who will be responsible to do the updates and upgrades? Who will administer the systems? Who will be doing housekeeping? Who will train the admins? Who will add new nodes? Who will decommission old nodes?

If to most of the above questions you are the applicable and sole answer then you have a severe problem. Otherwise you should be able to convince the CIO.

However, I wouldn't be surprised if your IT depts. combined amount to a rather small number of workers. And that the title CIO is an euphemism for "the guy that knows the owner and is responsible for IT". Starting from 20+ workers you really shouldn't have this argument and support fees should be a given.

One last tip: Be prepared to seek employment should you decide to let the "CIO" read this story.

Re:How will your sysadmin organisation look like?

[tftp]

Be prepared to seek employment should you decide to let the "CIO" read this story.

It's very likely that a CIO who knows the difference between CentOS and RH and can take a risk of skipping support reads Slashdot on his own.

Re:How will your sysadmin organisation look like?

[SpaghettiPattern]

Be prepared to seek employment should you decide to let the "CIO" read this story.

It's very likely that a CIO who knows the difference between CentOS and RH and can take a risk of skipping support reads Slashdot on his own.

No it isn't quite. On the *IO level the financial rumours kitchen is more influential than techies reading /. My take is that the CIO merely heard through the grapevine that Centos was free RedHat. Cheapskate.

Re:Learn to use English

Yes. Funny way of putting it. And redundant. Obviously, if there are two people of whoms grasp is poor and person a is worse, then comes person be. They could just have used the word "than", which will compare the two grasps finely.

Dev/QA/Stage/Prod?

If you have multiple environments, use RHEL on Prod and Stage and CentOS on Dev and QA.

Generally the most important point/s have been made: official support from many third-party vendors, and timely support for updates (which CentOS will always lag behind). The RHN network (and Satellite) are also handy for keeping track of machines and (security) updates.

At the end of the day though, it's the CIO's job to manage risk, and if they're okay with it and start rolling things out I guess.

GPL

[Stephen+Chadfield]

If Redhat are not happy with organizations like CentOS benefiting from the contributions they make to GPL protected software they have a simple solution: stop distributing Linux and write their own proprietary Unix clone from scratch. If they choose not to do so CentOS are free to build and distribute their Redhat based distro and users - commercial or otherwise - are free to use it as they wish,

Re:Two words: RISK MANAGEMENT

That's why sensible people and organizations use OpenBSD. No patch would have ever been released, because the flaw would never have been introduced in the first place. This is due to OpenBSD being developed by some of the smartest and best developers around, due to them caring about quality and security, and due to them reviewing code changes properly.

...the whistle you don't blow

[rbrander]

Are you kidding? This is *perfect*. Complain three times in meetings with as many witnesses as possible that "this exposes us to risk of downtime and high support costs", and be sure to end with "...this is your call, but its against my professional advice". Have that minuted.

Then, if the "train jumps the track", it won' be you who catches hell. You'll get your RH soon enough.

And it's *perfect*, because, like a military man asking for $800B next year instead of $700B, you come across as money-hungry, but honestly so, in service of doing your job well. No special approbation will attach. So, you don't lose significantly in the event that all goes swimmingly for many years on end, and you look prescient and wise if anything goes bad.

Re:...the whistle you don't blow

[swillden]

Are you kidding? This is *perfect*. Complain three times in meetings with as many witnesses as possible that "this exposes us to risk of downtime and high support costs", and be sure to end with "...this is your call, but its against my professional advice". Have that minuted.

That's a great approach if you are interested in competing with your boss, and taking his job. But you'd better be sure you can do it before you get that aggressive, because if he's politically savvy -- and it's not likely he got to be CIO if he's not -- he'll recognize that you're setting yourself against him. Depending on his character and his level of confidence, he may do nothing, he may just put a mental black mark against you to be remembered during next year's performance reviews, or he may set out to force you out.

Saying it once in front of witnesses, before he's already made the decision clear, is fine. That's not making a play, that's just doing your job and pointing out options and issues. But three times? In front of lots of people? And especially if you ask to have it written into the minutes... that's going on the offensive and he's very unlikely to miss it, or to take kindly to it.

Re:...the whistle you don't blow

I back this comment.

Do what you're told, but make sure your position is made clear. In writing, and not just to the CIO, but to the team. If you need them, you need them _now_, and by then it's too late. Support will be a losing proposition on paper until it's needed, then the blame game begins.

I never want to live without support in an enterprise context. Ever.

For another option, figure out the _business_cost of an outage, where support resolves the issue, say, twice as fast. Suddenly support will seem cheap.

Re:...the whistle you don't blow

I hope this was sarcasm, it's people with this mentality that drive me crazy. Not because your foundation is flawed, but more often than not, these people passive aggressively allow things to fail that they could have prevented, just so they can have their "I told you so" moment. Get the fuck out of the way and let real people take responsibility and own their infrastructure, instead of this political bullshit ladder climbing.

Back on subject. RH gives you peace of mind. CentOS is _not_ open, it's a closed community of devs. If they decide to close shop, there is no open procedure for interested parties to take the helm. So the question is, do you and your CIO trust that CentOS will be around for the foreseeable life of your project? If so, buckle up, and make CentOS work. It would be great if RH sold a low cost maintenance package. Just updates, no support.

Not just support

[quantaman]

Just compare the release histories

Cent OS has a lag of anywhere from around a month, to 9 months in the case of 6.0, and 5 months and counting for 6.1. I have no idea of the delay for bug fixes, particularly security bugs, but I wouldn't be surprised if there was a decent delay there as well.

For the support angle, it's not so much the case that you're going to call them up and ask how to configure apache. But if you do encounter a bug that a real issue they're going to take it a lot more seriously if you're paying them some money.

Also note that 3rd party packages are generally packaged for RHEL, I recently tried to set up a Cent OS virtual server for my own use and ended up switching to Fedora since the LDAP package I wanted couldn't be installed on Cent OS. And that's not just the first example, I remember a previous co-worker who convinced his manager to get RHEL after screwing around with another 3rd party app that didn't like Cent OS.

Cent OS is great for some uses, but it can also be an extra hassle, and if you've got the cash to avoid the potential complications I'd go for it.

Re:Not just support

The differences extend beyond release schedules and application compatibility.

RHEL also gives you the potential to use tools to make patch administration much easier. With the base support, you get Redhat Network and the ability to use a web portal to decide what updates will be applied to which system. Additional-cost options exist that let you schedule the updates and add local cache servers so that machines to speed up the update process and reduce bandwidth consumption.

So, IMO, the reason "why Redhat" is the combination of faster releases of new versions and critical patches, guaranteed compatibility with many third party applications without mucking around, and the ability to use tools to reduce the sysadmin burden.

Re:Not just support

It is a little misleading to say the LDAP packages you wanted to run wouldn't work when the issue you linked says RHEL 6.1 is required. Since (as you state) CentOS has no 6.1 build as of yet it would follow that any rpm requiring it woulndn't work in CentOS. The only issue I have had in the past is /etc/redhat-release needed to be changed to match the real Redhat version for the CentOS release I was running. I even got Oracle E-Business suite (11.5.10.2) running in CentOS 4.

It's a business decision

[whitelabrat]

It's hard to argue with free. And frankly in the many years I've worked with Red Hat, I've only needed support once or twice and in those cases the support was useless. Google'ing for answers is faster and more effective.

The view from the trenches isn't everything.

[The+Bastard]

First of all, if "because we have the money" is the best persuasive argument you can make, I don't see your career going too far. What is your real justification for obtaining support? Do you do custom development which may expose the need for kernel patches? Or, are you looking out for your own career and thinking RHEL will look really good on your resume? Second, are you certain your company "has the money" to purchase support? Having been on both sides, I can guarantee the CIO has a far better view of departmental financials and the corporate big picture than you. Add to that one-time purchases are often treated differently than on-going operational expenses in the budgeting process. (People think IT is black magic; accounting is the root of all evil and makes technology look like child's play.) My guess is your CIO is facing one of two things. Either there isn't the money to spend, or he's under pressure to keep on-going operational expenses as minimal as possible. There is still the very real possibility of another economic downturn, and companies don't want to be left holding the bag of unneeded expenses. As such, he's asking just how often support would be used and not seeing a justifiable number.

Without RedHat there would be no CentOS

[Mistah+Blue]

Enough said! I suppose your CIO is capable of doing everything himself? Let him. [I work for a commercial software company.]

I agree with the CIO

As far as support goes, google is your friend.
Perhaps he's trying to save money on something he really doesn't care about?

support contracts

[llamapater]

you can call red hat if you have questions you can't call centos it's the biggest don't use linux argument that support contracts for free software are hard to find

How valuable is the data held/services provided?

[NZheretic]

Put an arbitrary valuation of the businesses data within each server per licence needed and lost of service by hour for each and compare it to the cost of Red Hat licensing. If the data is valuable enough and downtime expensive enough then Red Hat Support is really worth every cent.

The "other" kind of support...

[Shoten]

Support for the OS is one thing, but what about support from other vendors? For example, I'm involved in a project where a client has used CentOS throughout their solution. Now, they want patch management, backup/restore, etc...and have found out that none of the commercial solutions (and they need enterprise-grade commercial solutions) support CentOS, even when they have support for RedHat. So now they are pretty much screwed.

Re:Two words: RISK MANAGEMENT

The network admin is more likely to be fired for not keeping CentOS update to date.

"You didn't patch our servers for 2 years??"

RHEL vs Oracle Linux

[gridengine]

If downtime cost is non-zero and money is an issue, you can try Oracle Linux. It is free for download & use / deploy, includes optional support, and it is compatible with Red Hat Enterprise Linux and CentOS. A lot of people argue that Redhat develops RHEL, so they pay Redhat for support. However, that is not fair to the other contributors - the Linux kernel is developed by many others including IBM, Novell/SuSE, AMD, Intel, and yes, Oracle. Redhat packages a lot of code from many open source projects (I know that is a lot of work), but most of the code is not contributed by any single individual or company. For example, filesystems like Brtfs & OCFS are developed by Oracle, and performance fixes including OLTP, Infiniband, and SSD disk access, NUMA-optimizations, RDS, async I/O, OCFS, and networking are contributed by Oracle as well. And the Oracle "Unbreakable Enterprise Kernel" is developed by Oracle and licensed under GPLv2.

Quit

[jsepeta]

seriously, if you don't like your boss' decision, then leave. too many times CIOs have their heads up their asses and don't listen to the techs in the trenches.

RHEL is supported

[smash]

If you need support you buy red hat. If you don't need support you download Centos, or some other free for download Linux variant. It's not that hard.

Investment in knowledge

Investing into the knowledge of your engineers above choosing for a vendor in order to look pretty and cover his ass at the next shareholder's meeting is an admirable thing to do, however it looks like the financial part seems to be the only motivator in choosing CentOS above Redhat. That might be even worse as the next decision in line might be to offshore the it department.

He's your boss

[Eil]

There's probably nothing you can do. You don't say what the project is about, or what you might possibly need support for, so I'm forced to assume that you're going to be running CentOS/RHEL in a common configuration on commercial-grade hardware. And if that's true, then your boss is right.

But more importantly, recognize this: the CIO is your boss. He made a decision, you questioned it, he reaffirmed his position, end of story. You deploy CentOS. If or when you need support for the OS (and not the application you're paying for), the blame will have to come back to him since it was his decision. And unless you weren't smart enough to get it in email, there's a paper trail too.

Now make way for the comments from other bitter Slashdotters who will tell me I'm wrong because they've allowed themselves to be scapegoats for their bosses' inept decisions.

Consider the Long Term

[Starky]

If the firm uses CentOS today because they find that optimal, they may find paying for Red Hat support tomorrow optimal. If they use some other operating system, they will be less likely to ever send Red Hat money. So take this opportunity to educate the CIO so that if your firm is ever in the position of needing their services, he or she will know where to go.

The goal should not be to eliminate free riders. In fact, free riding is an inherent component of the open source model and many who are free riders today will become paying customers tomorrow. The economic model works when the number of free riders is not so high that it chokes off resources necessary to develop the platform.

Whether or not that is the case for Red Hat is going to have little to do with your firm's decision or people's sentiments about whether paying for open source software is the right or wrong thing to do, and much to do with the general incentives that their economic model produces. Red Hat knows there are firms like yours wrestling with the same decision, and that many of them will chose options such as CentOS, but hopes that there are a sufficient number for whom it is a good business decision to avail themselves of Red Hat's (and other open source contributors') services that the product will command sufficient resources to continue to improve.

He's unlucky his CIO's a fool then

Especially in terms of unpatched security vulnerabilities - to wit/e.g. (and, we'll compare them, "Apples-to-Apples", by the types of softwares involved for enterprise class development for business):

FIRST, OPERATING SYSTEMS:

Vulnerability Report: Microsoft Windows Server 2008: (10/30/2011)

http://secunia.com/advisories/product/18255/?task=advisories

Unpatched 3% (4 of 153 Secunia advisories)

vs. Linux's "latest/greatest" KERNEL ONLY (mind you, just a kernel - toss on the rest of what's in a full linux server distro? You'd have even MORE than this (which is 4x++ that of Windows Server ALONE)):

---

Vulnerability Report: Linux Kernel 2.6.x (10/30/2011)

http://secunia.com/advisories/product/2719/?task=advisories

Unpatched 6% (18 of 281 Secunia advisories)

---

AND YES, there are 3 remotely vulnerable unpatched security problem outstanding in Linux there too, unpatched (despite all the "Open 'SORES' eyes" out there to fix it (yea, "right", not!))

* Additionally/again - so it "sinks in":

That's also more than the ENTIRE GAMUT of what MS gives folks to do business & build tools for it as well has & LAMP certainly cannot show less errors in unpatched security vulnerablities than 5 total from MS...

---

SECOND, DATABASE SYSTEMS:

Vulnerability Report: Microsoft SQL Server 2008: (10/30/2011)

http://secunia.com/advisories/product/21744/

Unpatched 0% (0 of 1 Secunia advisories)

vs.

Vulnerability Report: MySQL 5.x (10/30/2011):

http://secunia.com/advisories/product/8355/

Unpatched 4% (1 of 26 Secunia advisories)

---

THIRD, WEBSERVERS:

Vulnerability Report: Microsoft Internet Information Services (IIS) 7.x: (10/30/2011)

http://secunia.com/advisories/product/17543/

Unpatched 0% (0 of 6 Secunia advisories)

vs.

Vulnerability Report: Apache 2.2.x (10/30/2011):

http://secunia.com/advisories/product/9633/

Unpatched 8% (2 of 25 Secunia advisories)

---

FOURTH, DEVELOPMENT TOOLSETS:

Vulnerability Report: Microsoft Visual Studio 2010: (10/30/2011)

http://secunia.com/advisories/product/30853/?task=advisories

Unpatched 0% (0 of 2 Secunia advisories)

Vulnerability Report: Microsoft .NET Framework 4.x
(10/30/2011)

http://secunia.com/advisories/product/29592/

Unpatched 0% (0 of 8 Secunia advisories)

vs.

Vulnerability Report: PHP 5.3.x (10/30/2011):

http://secunia.com/advisories/product/27504/

Unpatched 8% (1 of 13 Secunia advisories)

---

* "Proofs in the pudding" & "argue with the numbers" + "read 'em & weep", penguins...

(Simply because I could put out nearly ALL of what MS gives folks for business & development here, and they're STILL be ZERO UNPATCHED security vulnerabilities in MOST the rest of, if not all of, their apps they put out (per my normal list I post here of that), & certainly less than the "Open SORES" world shows us, see above for a sampling)...

APK

P.S.=> Now, I predict I'll hear LOADS of unsubstantiated bullshit with no backing proofs to disprove the documented, concrete, & verifiable FACTS I posted above - why? It's typical "penguin/Pro-*NIX" fanatic behavior (along with adhomi

Re:He's unlucky his CIO's a fool then

You're a fag.

Re:He's unlucky his CIO's a fool then

[AdamWill]

Just a very short refutation:

counting numbers of security advisories issued for a product is an entirely useless metric when it's up to the creator of the product under what circumstances to issue an advisory. Red Hat could stop issuing security advisories for anything tomorrow, and by your metric, it would then be the Most Secure Thing Ever.

By counting advisories and then ranking on the basis that more advisories = less security you're essentially punishing good behaviour. It's not a _good_ thing to encourage companies to stop telling you about security issues.

Re:He's unlucky his CIO's a fool then

[Smallpond]

Especially in terms of unpatched security vulnerabilities - to wit/e.g. (and, we'll compare them, "Apples-to-Apples", by the types of softwares involved for enterprise class development for business):

FIRST, OPERATING SYSTEMS:

Vulnerability Report: Microsoft Windows Server 2008: (10/30/2011)

http://secunia.com/advisories/product/18255/?task=advisories

Unpatched 3% (4 of 153 Secunia advisories)

vs. Linux's "latest/greatest" KERNEL ONLY (mind you, just a kernel - toss on the rest of what's in a full linux server distro? You'd have even MORE than this (which is 4x++ that of Windows Server ALONE)):

---

Vulnerability Report: Linux Kernel 2.6.x (10/30/2011)

http://secunia.com/advisories/product/2719/?task=advisories

Unpatched 6% (18 of 281 Secunia advisories)

Let me look at the links.

How many of the Linux kernel bugs were marked critical by Secunia (4 or 5 of 5)? Oh, none. How many of those 153 Windows bugs were critical? 60!!!!! They released a product with 60 critical bugs!!!!!

Wow. Thanks for the links. It makes it clear who has the more secure product.

Re:He's unlucky his CIO's a fool then

[ryanov]

Hey, if you consider clicking on [OK] every once in awhile to be a good way to make a living, so be it.

Re:He's unlucky his CIO's a fool then

Nothing wrong with working gui faster & smarter, instead of commandline harder (as is in the case of *NIX usually vs. Windows for many things, but Windows also has its batch + powershell too if needed for that *NIX like scripting shell type power also).

One thing Windows is noted for over *NIX variants is that its mass/group policies configuration networking tools are a hell of a lot less primitive than they are in *NIX variants, and its development tools like Visual Studio are worlds above what *NIX has overall, which is primitive & crude by comparison largely.

Your statement however tends to tell me that you've never used Windows in a LAN/WAN Network Admin side capacity either, or you'd know the above facts.

Re:He's unlucky his CIO's a fool then

[ryanov]

I know that Powershell is not terribly useful without even being a Windows admin.

Essentially what you've said is that the graphical IDE's are better -- something I've never bothered with in Windows or UNIX -- and that Windows is better with policies to manage itself -- which is far less necessary on UNIX to begin with as you simply can't muck with things that aren't yours.

Re:He's unlucky his CIO's a fool then

You're nuts then: Powershell's got a lot more power than batch files do, and I'd even say it can do more than shells in *nix because it's essentially nearly a full blown language (basic variant) running in an interpreted environment (command shells just like *nix shells work).

Re:He's unlucky his CIO's a fool then

basic variant? What the fuck are you talking about?

Re:He's unlucky his CIO's a fool then

[ryanov]

You're really bringing batch files into this? There's no comparison between batch and UNIX's who ecosystem (IPC, etc.).

Re:He's unlucky his CIO's a fool then

No one said that. Ur putting words in others' mouths. Powershell is being compared here (batches are just another scripting system via the command interpreter & DOS legacy commands that can also be used for various tasks, but isn't as powerful as powershell & its namespace).

Re:He's unlucky his CIO's a fool then

[ryanov]

There is flat out NO comparison between the level of stuff you can accomplish in Windows via the command line vs. UNIX, which leaves you to box clicking.

What's your required SLA?

[Dishwasha]

It's difficult to believe nobody here has discussed what availability http://en.wikipedia.org/wiki/High_availability#Percentage_calculation your boss wants for your systems. Likely different systems need different levels of service. Perhaps you only need 98% uptime for most of your systems and 99.9% for some others. Can your internal team ensure a particular system is back up in 8-9 hours? Perhaps a particularly critical system needs 99.99% uptime or better. In this situation it is unthinkable to not have external support available at a minute's notice. Now you have to look at what kind of SLA Redhat support can give you. Do they have a band of service where you can get on the line with an actual support person in less than an hour? You really need to know your reasons for each system rather than just setting a carte-blanch policy across all your servers, otherwise you're just paying a tax for having a running computer. And if you ask your boss if he wants 98%, 99.9%, or 99.99% availability and (s)he says "yes" with that blank look in their eye that shows they really don't comprehend the technical implication of each guarantee then don't even bother trying to handle this battle; you'll get nowhere.

Put a Dollar Estiamte to Hidden Costs

Exposure to Risk due to patching delay of CentOS.

Ease of patching: CentOS doesn't (at least didn't' used to) have the ability to just apply security updates.

Safety net option w/ professional services (you don't have to use them, but it's there if you need it)

If you are familiar with quantitative risk management, putting a dollar estimate to these shouldn't be too hard.

Besides ... you're using Linux because it's a better, more stable OS (when wielded by an experienced person) ..... not b/c it's free ....... right?

This is basic mgt 101 ... risks have an associated cost.

In contrast, how much support does Linus give?

Pretty quiet in here, no?

Re:In contrast, how much support does Linus give?

[mabhatter654]

Drop him $100k and he might help you out?

And that's the point. When you pay for support, you are paying for somebody to be ready to help. That's expensive. But when you have $10k per hour on the line that kind of money is a bargin the one time in the year you really get stuck. Or better, you DON'T get stuck down because you had somebody to call before a crisis started costing your company money.

Re:In contrast, how much support does Linus give?

[rubycodez]

Here's your loud answer. You can buy all the support for GNU/Linux you want same as any proprietary software. The actual designers and coders of OS/400 (now System i) and other proprietary OS don't support their work either, others in their company do.

Re:In contrast, how much support does Linus give?

[AK+Marc]

Support isn't worth anything if it's a guy in his garage that supports 10 other people. What happens when two have an outage at the same time? But when you contract for a larger company (someone who makes the product) and they say "we can't help now" you will be held blameless. Most of business in the US is driven from ass-covering, not innovation.

Re:In contrast, how much support does Linus give?

[slim]

Support isn't worth anything if it's a guy in his garage that supports 10 other people.

Er, what's your point? Buy your Linux support from a company that has the resources to do the job.

Re:In contrast, how much support does Linus give?

[stiggle]

Apple, HP and other large companies started out as a couple of guys providing hardware, service & support from their mom's garage.

Re:In contrast, how much support does Linus give?

[rubycodez]

So buy your Linux support from a company with tens of millions or more in revenue. My employer is one such place, we support major GNU/Linux distributions including Debian, Centos, Scientific Linux, Fedora, Ubuntu, Arch, SuSE, Mandriva and have clients in municipal government, manufacturing, healthcare, and insurance.

With data

[The+Man]

You should collect data from your own organisation or others within your company that have used either Red Hat or CentOS in the past few years. You are looking for statistics like downtime (and impact/cost), number of cases opened and how they were resolved, and general information -- facts -- about their respective experiences. If your company has no experience with either, try to gather this kind of data from your professional network if you can. Then evaluate the data and produce slides showing both the raw data and its applicability (of lack thereof) to this particular project. Be sure to make the connection clear by showing how the risks and costs apply to this specific situation. You should also be able to clearly show the total costs in each year of each solution along with your projections -- again, based on applicable HARD DATA -- for how well each solution will work for your project. In the process of doing all this, you should have an open mind yourself about the outcome; that is, you should not enter it intending to justify one solution over another but rather you should be looking to see what the data justifies and supports. While your gut instinct has value, it is not a compelling argument, especially if the data don't support it. If that's the case, look harder: what are you missing about the situation? What information can you gather that addresses the missing pieces? Or maybe you changed your own mind by doing rigorous research.

If your company's CIO is a good manager, then this kind of data, compiled correctly and presented well, will sway him. At minimum, it will provide a clear focal point for discussion: he can argue about your assumptions, point you to other people to talk with to adjust them, or direct you to find ways to lower the costs you present. All of these are victories for you, because they give you an opportunity to change the outcome. You may not get your RHEL licenses, but you may get another head, or help from another department, a meeting with Red Hat to negotiate lower pricing, or something else that you can come up with to mitigate the risks and costs you identify. Worst case, you've made a clear presentation of the options that will be remembered if things don't turn out well; again, a good manager will at that point be honest enough to acknowledge that he made the call, and will admit to you privately that you were right. At that point, you should be ready with a set of recommendations for fixing the problem going forward not just for other projects, but also to salvage this one. If it's 2 years on and the underlying business need will be changing or going away soon, does it make sense to switch to RHEL at that point? Is there another option you've been researching to mitigate the problems you're having? Be ready with recommendations that show you understand not only the technical situation but also the business impact and the full gamut of possible solutions. Show that you are focused on solving the problem; don't miss that opportunity by gloating or showing him that you don't have answers!

Bad managers are difficult to convince of anything, especially if they are biased for some reason other than a desire to see the business succeed. If you're stuck working for such a person, there may be little you can do. In that case, you have to ask yourself whether you want to try to get a larger audience, preferably including the CEO, when you make your presentation. That path is fraught with career risk, but if your data is very solid and you are a good communicator who understands the business, the project, and the people involved, it may be worth it. You don't have a lot of other options. Frankly, the best thing you can do is find another job. It's usually not worth waiting for these people to hang themselves because bad managers tend to be hired or promoted by other bad managers; his boss probably isn't going to hold him accountable either, and will let him make you the scapegoat if things do go south. The middle and upper management ranks of most larger companies are full of people like these and your best bet is to look elsewhere if that's the situation you're in.

Free RHEL versions may not be there tomorrow

Without wishing to FUD, there is less likelyhood that Red Hat wont be there tomorrow. Centos has already had a few concerning moments, founder disappearing, very late rhel updates. This is fine for lots of applications but for a mission critical you need guarantees they wont just stop one day for some reason.

But you need to weigh in this risk. if this app is worth 20million to you you'd be insane not to pay out a few thousand for rhel say.

Re:Lacks more than that...how about: QA, certs, RH

[vlm]

What's the indemnification that CentOS will give you in suits against Microsoft?

If my employer is bigger than RHAT, does this even matter?

Does it matter at all, other than being a marketing FUD-ish topic?

Don't be a nancy LOL

It's linux man, grow some balls. We don't use linux because of support, we do it because we're bad asses.

Good luck tomorrow ..

.. morning when your CIO tells you he also reads /.

Single distro?

[vlm]

You're dead man walking already if you're tied to one specific distro and only that distro.

You carefully avoided describing why you selected red hat / centos.

If all you need is a generic "Bind" install or a generic "Apache" install, why deeply tie yourself to one distro? A sysadmin that only knows and can only learn one distro is about as useful as a dev that only knows one language or a salesguy who only knows one product and pitch. If thats all you got, you need hand holding and lots of space in the budget for the inevitable brain fart monetary losses.

Scenario: Horrific bug appears in red hat / centos / debian / ubuntu / whatever. Not in the other distribution red hat / centos / debian / ubuntu / whatever. You should be able to roll your app out on a new install of the safe distro in a couple minutes. Not hard if its all done in GIT and puppet and possibly running on a virtualized server.

Re:Single distro?

[silas_moeckel]

You do realize that there is little to no vendor support outside of centos/redhat. If there is a serious bug in centos rolling your own replacement rpm is pretty straight froward.

RHEL, SL, CentOS, good to have choice.

First things first, I appreciate CentOS for what it is and the advantages it brings to multitudes of people who wouldn't go another way.

I always end up prefering RHEL and Scientific Linux (a similar sibling) over CentOS for the fine reason that the latter claims but, does not provide 100% compatibility at the rpm deps level. I have seen such troubles in the past while trying to install postgresql rpms, I think from pgsqlrpms. What a time waster.

Generally speaking, RHN pays back its money very fast when you manage a network of multiple servers (gives automated overview/alarms for pending updates). You can initiate updates from the RHN web interface (if your clients are setup right) and works smooth, since many many years. No other company providing an OS has given ever such a decent service. Do you buy in that? http://en.wikipedia.org/wiki/Red_Hat_Network

Also, when a security issue pops up -eg kernel hole-, there is perfect accountability about who does what when and if you are decent enough in your configuration you'll never fall victim of the blame game. With CentOS, you can still whine that a bunch of volunteers were slower than a determined group of hackers.

btw.
If you have a funky issue against funky hardware against the Linux kernel, with RH you get a good chance to have some support for serious debugging rounds;
without it you will be left on your own devices. If you can write decent technical support requests, reasonable responses come back within the hour. I like this. Sometimes I just don't need to prove to myself I can a big manual and 100s of online FAQs. I just need the damned answer.

Consultant(s)?

[vlm]

Why buy a support contract from an open source company if you can hire equal or better skilled consultants, or have an arrangement with a consulting service to always have a local guy on call? Aren't you better off with a local onsite guy who already knows you, your business, and your configuration? Thats kind of how it works in the Debian world... there's thousands of locals willing to provide support... for a price.

If, for the sake of example, you needed a Bind server running on Debian, why not hire on a contractual consulting basis a genuine Bind dev and/or one of the Debian Bind packagers?

You don't need support for "how to run the ls command", hopefully, anyway.

Help? Why, your boss is right!

[Delgul]

I would say, if you are able to support CentOS using the skills available in your organization, by all means, go for it! You will not need the RH support. On top of that, you are not buying a whole lot with RedHat support. Look at their conditions and you see a lot of things like:

- No support if you run a customized kernel.
- No support if you run non RH packaged software.
- No support if you run it on "certified" hardware.

So basically, if you run it according to the conditions, you will not need the support. As soon as you do something that makes you need the support, it will fall outside the contract and you end up paying for it.

To be frank... your pointy haired boss seems to have gotten it right this time. Cherish it. Most of us never get to see that day!

You have done what you can

i agree with you, CentOS, being a copy of Redhat, will not receive updates if CentOS doesn't. And supporting Redhat is a good thing in a case like this. But, you've made your case, and the boss is going the cheapskate route. There's just nothing more you can do about this. I figure, if you do find a support problem or bug, then try to solve the problem or come up with a patch... tout it on the appropriate forum or bug tracker. If you can't support Redhat financially, this at least supports them "in kind" by fixing some bug that otherwise they may have to spend time (time=money) fixing themselves.

Support for Applications

The other side of the coin is that applications which are certified to run on RHEL systems will not be supported on CentOS. I'm willing to bet that a lot of the systems you run today have supported OS's, is CentOS on there ? It may or may not be. Either way, as others have said it's important to examine the uptime of a software solution as well as the downtime. Downtime is mighty costly.

    As a maker of software running on RHEL systems, I've seen a couple cases where the software only works properly on RHEL systems and not CentOS. these cases are rare, but those clients that wish to run CentOS get to figure out by themselves why CentOS differs from RHEL releases.

    Additionally don't forget the excellent Red Hat Network. The significant amount of time this tool saves you is worth the cost of subscription. Want to deploy a package to 100 hosts ? Click a few buttons and it'll deployed on the next check in. How easy is it to setup ? How about a simple: "rhn register". Hits the net and you're up. Want to see what the specs of a bunch of machines ? Select them from the RHN and pull out the stats.

The purchase of an OS has to do with :
    1. workloads
    2. support contracts of applications which run on the platform (this is really *serious* if you use any software which is written by a third party)
    3. support contracts of the OS
    4. support contracts of the employees managing those systems
    5. ongoing maintenance costs

Think of this as Total Cost of Ownership, beyond what the Microsoft F.U.D. talks about. Assign numbers for these tasks and contracts on a recurring basis and see where things may be cheapest. Next, consider some of the intangibles :

1. How well trained are your staff on OS XYZ?
2. What is the cost of moving your software from one OS to the next ? ( How easy is this? )
3. What other things must you achieve in the near future and how will support of this change impact those deadlines ? (you might be able to take a guess and how much this would cost in terms of man-hours )

Good luck. Might want to have a serious sit-down if you're up to that level of things. Religious affinity to a product typically does not go over well in a business setting -- sell *WHY* Red Hat is a better product. Talk about the kernel commits that they make, talk about the support available at various levels of their organization from the kernel developers, driver writers as well as commitment to making the reams of documentation available that helps you do your job on a daily basis.

At the end of the day it's the CIO's choice, he has enough rope to hang himself with a poor decision. "Feed that rope out" and note your objections without getting emotional about it.

-Enjoy.

Arguments

[DaMattster]

There are arguments for using CentOS because you don't necessarily have to wait for the CentOS team to release a bug fix. You may be able to rebuild the software from source and just install it in either /opt or /usr/local. There are also companies that use CentOS on public facing servers. For example, host gator uses CentOS successfully. It isn't like there is not a precedence for using CentOS in the enterprise.

Then in my mind there's only one reason...

Many times the commercial application or framework that runs on top of the servers require RedHat or some other commercial distro in order for them to support their software. There are many commercial software products that require the Operating System be on their list of "supportable" environments. I can't remember ever seeing CentOS on one of those, RedHat has been on every one.

If you only want to build one infrastructure for build, configuration management and repo then that one commercial application may dictate the rest of the Linux environment. If you don't have that application and don't expect to get one then I'd go with CentOS.

One ungodly, yet potential solution might be the Oracle Linux distribution. They're actually doing _some_ cool things technically with it. Like updating the kernel more than once every three years. Pay for the support you want. Of course you can build your world on Oracle and wait for their rules to change next week that invalidates all of your plans.

Self-support Subscription (1 year) $349

[jroysdon]

Don't buy support, just buy timely updates.

Self-support Subscription (1 year) $349

Although, I would suggest buying support for at least one set of systems in your test environment. That way you can get RH support and resolve any issues there.

What are your OpEx costs for CentOS?

[HockeyPuck]

So it's all great that the CapEx costs for CentOS are much lower than those for RHEL, however, what are the OpEx costs associated with the two? For most companies the initial expenses to purchase a product are nothing compared to those that are required to maintain it over the life of the product.

Morality

[HRbnjR]

You can try to tackle this from a financial, support, or business perspective, but that's not the direction I'd go...

Red Hat funds a large chunk of the GNU/Linux development which you are benefiting from. They make a good product for a reasonable price (enterprise wise), and their competition is good for the software ecosystem. I want to see more companies follow their business model and promote Free Software. Given all that, personally, I think there is some, however small, level of moral obligation to support them if you have the resources. It's just the right thing to do - I think you feel it, and I know I feel it.

Tell your boss that you want to work for a moral company, and that includes things like not exploiting employees, recycling and green initiatives, and things like buying at least one copy of Red Hat Enterprise Linux if that's what you are using on your servers.

When he calls you a "linux hippy", just be like "yeah I'm a hippy, just like all the other hippies that got together, did what most people scoffed at, and created this software from scratch, for free, which you now want to run your whole enterprise on".

Re: Red Hat vs CentOS or vs Oracle "Unbreakable"

Hello everyone,
I've been in the same place, replace CentOS w/ Oracle "Unbreakable" Linux and you have the same story. I've been using RH Linux since 1995 and, honestly, so far I was not disappointed. Not that I liked when they started to charge for the OS (read support) but, now it all makes sense. RH has to survive one way or another and, so far, from what I read and experienced, their support is decent (good but not great). By the same token, what CentOS and Oracle Linux take from RH is purely open source software (got it so far ?) BUT RH puts a lot of QA, effort and implicitly money into the RHEL and CentOS and Oracle are taking that too, for free. The difference is that CentOS has the decency to NOT RESELL what they have taken from RH but Oracle, in it's infinite greed, RESELLS what they've taken (read support) at a much lower price than RH, directly undermining RH. Well, it's a wild world out there, and the strongest will survive.

But let's look at some facts: RH is one of the top contributors to the open source community in multiple respects, the last time I researched their contribution was somewhere around 13 % while, get ready for this.... Oracle had a mere 2 %, not sure about CentOS though. So, what Oracle is doing is taking away customers from RH, diminishing RH's revenues (OK so far, business is business) .... but, less revenue for RH means less contribution to open source while Oracle's contributions don't increase. Hmmm, this looks like a lose, lose situation to me. Extrapolating, Oracle's strategy will work until RH will go under (worst case scenario, I bet IBM will jump to buy RH .... or Oracle will jump to buy RH); at that point what is Oracle going to take anymore ? What's going to happen w/ Oracle Linux ? Same logic applies for Cent OS too. I bet that M$ is laughing in their beards, waiting for their main competitor, not to destroy itself (really?) but to not be a competitor anymore ...

Enough with this stuff, my advice is to get RHEL, pay for support and indirectly encourage and support the open source community
Have fun !

We wrestled with this question

When I started at my current job, CentOS was the Linux distro used on production systems. We decided that we were big enough and wanted to graduate to something with support, patches, hot fixes, etc. In other words, we had proven Linux was viable by testing with CentOS and now we wanted the "real" thing (not that CentOS is functionally any different). We wanted the comfort to be able to have someone we can call when we get stumped or too busy to dick around. So we got RHEL and all was happy, until Red Hat screwed up their licensing and quadrupled our annual cost. See, we use VMware. Red Hat USED to sell licenses that we compatible. Then someone at Red Hat got the bright idea to try to use price to drive VMware shops to convert to Red Hat's virtualization technology. So the special Red Hat VMware licenses vanished and were replaced with single server license OR special Red Hat virtualization licenses. Therefore our cost quadrupled overnight for RHEL. We complained to our vendor and then to Red Hat. Eventually, to prevent from not getting any money, Red Hat extended the special VMware license for us. Not anymore. So we seriously considered moving back to CentOS or SUSE. I have used SUSE at other jobs and think it is a very good distro. The cost for SUSE license would have brought us back to where we were. The transition was not something we wanted. So we talked to Red Hat again, and again they have changed their licensing. It is obscure and not advertised well, but they sell licensing based on physical sockets for any virtualization (which they don't specifically say). So we stay with Red Hat. Our cost has gone up a little, but we went with the "unlimited" per socket. Who knows how long this will last.

My story may not help. One thing we did toss around was how much we used the support, which was maybe once or twice per year. However, when factoring the security patches our management did not question the need. They only questioned to change in cost. My advice, if they can afford it then they should buy it. The reason is this, if you get hacked or if you have downtime or any problems then one of the first questions asked is "could this have been avoided". If the answer is "we didn't buy Red Hat support to save a few thousand dollars per year" but the incident cost millions, then the decision maker is getting fired. I once mentioned to my boss that backup tapes were expensive. His response was that the data for which those tapes protect is worth millions. If a company need to rely on a tape for it's well being then cheaping out is a very bad decision. The tapes could have been 10 times their cost, so long as they work then the cost is justified. If a company runs so lean that they cannot afford the things they need and must get substandard components then that is the sign of a failing company. My guess is that your CIO is not fiscally smart. Pose the question to the CFO (granted CFOs don't want to spend any money). Ask the CFO if he'd rather have a free, unsupported OS for his financial system or a paid, supported (24x7) OS. I have yet to see a money tight CFO not spend wildly on insuring their own systems be working 100%.

They tried to get me to deploy 32-bit boxes...

Cuz the oracle team wanted to give up easily and not deal with the 11.x to 12.x 64-bit issues.

I told them, no, I'm not going to maintain 2 distributions of Linux.

Cost-Justifying your Dept?

Maybe your CIO is selecting CentOS is so that your I.S. Department's funding makes sense when he takes the budget to the CEO/CFO. By saying "we need to pay for support", in some people's minds, the thought process goes: "If we're paying them to support our systems, what are you for?". I'm not saying that it's right being in a similar position, but that may be how he is justifying some of the cots of the department.

your cio is cheap!

if he thinks redhat is support is for nothing he is cheap.
if he thinks there is no free alternative he is an idiot - look at debian.

Don't understand CentOS

[Spazmania]

Personally, I don't understand the case for CentOS.

I get the case for Red Hat. If you install Red Hat, it *exactly* matches what the third party developer for the paid software you're using had when he developed and tested his software. When you need a bug fix, or you need him to examine a problem, your system will match his. And if you're doing any sort of government work, they have a process in place for accrediting your Red Hat system. Not so for CentOS even though it's so very similar.

If you're not buying third party software, a distribution like Debian or Ubuntu has so vastly much more open source software under package management (and integrated into their security updates process) that I can't imagine why you'd want to use either Red Hat or a clone like CentOS.

It seems to me the only real value case for CentOS is that I can use it at home for free and it's very close to the comparable version of Red Hat I use at work.

Advice to the poster: if you're buying any other commercial software to install on top of the OS, get the $350 "self-support" Red Hat option and pitch that to your boss on the basis that it will facilitate debugging of any issues which arise with the other commercial software. Otherwise, go Debian.

Thanks 4 proving me correct

1st, an application of a program I call "ReVeRsE-PsyChoLoGy for trolls online" ->

"gaf a er'uoY" - by Anonymous Coward ANOTHER "ne'er-do-well" /. OFF-TOPIC TROLL on Sunday October 30, @07:37PM (#37889002)

"???"

Uhm... Could we get a translation of that off-topic "troll-speak/trolllanguage" of yours, please?

* And, you're an off-topic troll - no questions asked...SEE MY SUBJECT LINE ABOVE!

You prove me correct (see my quote below)!

Not only in regards to security vulnerabilities unpatched (where Linux's KERNEL ALONE has 4x++ more unpatched & 3 remotely vulnerable ones too, no less, the most dangerous type!), but?

Well, also in regards to the illogical off topic adhominem attacks I'd get because you're off/wrong & you know it, you cannot defend against facts I posted, & that's that!

(Yes: You again, 2x now, help prove ME right - that's one thing you penguins always end up doing, is making ME, look good & me? Heh, I love it, lol - why? Well, that's simply because it's just "too, Too, TOO EASY - just '2EZ'", lol, every time!):

P.S.=> Now, I predict I'll hear LOADS of unsubstantiated bullshit with no backing proofs to disprove the documented, concrete, & verifiable FACTS I posted above - why? It's typical "penguin/Pro-*NIX" fanatic behavior (along with adhominem attack based illogical off topic replies of course, or spelling/grammar-writing style critic b.s. too) by Anonymous Coward on Sunday October 30, @07:04PM (#37888756)

"Pats self on back", lol... & funny part is, that you made it so with this off topic illogical adhominem attack of yours in your reply I just replied to:

APK

P.S.=> Yes, it must have just have been another off-topic done nothing of significance with his life troll spewing his off-topic b.s. again & not contributing to the ongoing conversations. Oh well - No biggie!

("ReVeRsE-PsYcHoLoGy", for trolls - Courtesy of this code by "yours truly" in less than 1 second flat):

---

#TrollTalkComReversePsychologyKiller.py (Ver #2 by APK)

def reverse(s):
    try:
        trollstring = ""
        for apksays in s:
        trollstring = apksays + trollstring
    except:
        print("error/abend in reverse function")
    return trollstring

s = ""
print reverse(s)

try:
  s = "Insert whatever 'trollspeak/trolllanguage' gibberish occurs here..."
  s = reverse(s)
  print(s)
except Exception as e:
  print(e)

---

... apk

Re:Thanks 4 proving me correct

[Toonol]

Guys, this is a Kristopeit comment that isn't modded down to -1 yet. I don't have any points, or I would do it myself. Can somebody else chip in?

Re:Thanks 4 proving me correct

Why? I want to see a Kristopeit vs APK troll war!

Re:Thanks 4 proving me correct

Wow. I think you might be completely and utterly insane.

What does "4x++" mean?

Re:Thanks 4 proving me correct

APK always wins. He's burnt Mike K. before and soundly. Mike K.'s just a sock puppet anyhow for registered lusers who can't handle themselves versus the likes of apk and others who are technically kung-fu around here, and we all know it.

Re:Thanks 4 proving me correct

Who said U could think in the 1st place? It's not a strong suit of urs, as ur off topic here, U off topic troll.

RHN, e-mail alerts and systems management

[abelb]

Software updates from the dedicated commercial Red Hat Network servers rather than relying on the public mirror system (which is superb but for a corporate network RHN may be more reliable in times of crisis?). Frequent e-mail notifications of bugs and security holes. I guess this falls under the support category and the information is available elsewhere on the web if you know where to look, but it's handy having notifications which are specifically relevant to your registered systems come directly to your inbox in a timely manner. System management: Monitor your system update status from a central control panel on RHN.

How

[shitzu]

How can you justify Centos with its lagging release schedule when Scientific Linux exists?

Because no user support organization

has the ability to debug and patch in all areas of the software like RH? Because a single incident of downtime can cost more that the support costs? Because the CIO will have to explain to the CEO why the system isn't working right? Because CentOS isn't tested and CM'ed at quite the same level as RHEL? Because this is a really big project and delay in getting a fix will delay development, cost developer costs in unproductive time? Or maybe none of those is true in your case... It all depends...

I made a living for about 36 years in OS support of customers so my bias is that I've seen it matter. I've also seen it cost a lot. But I never saw a CIO worry about how much support cost while his system was down. He or she just wanted the problem fixed right and his system humming again.

no support CIO

I would make sure I communicate my issues to the CIO and my manager. CYA....... Depending on your business you might make the case from a regulatory issue, Any governing bodies for your business that have best practices? What about legal obligations? Does your company have SLA with others? How will you meet those?
Depending on the business model, your servers functions and acceptable downtime no support may be acceptable. On the other hand lack of vendor based patches, amount of time the admins will have to search for bugs and issues and the classic "What would the CEO say if our business appears on the front page of the paper as being hacked" All because we didnt have the support and the advanced patches?

Consider paying in other ways... and a caveat.

[HTMLSpinnr]

Maybe instead of a monetary donation to CentOS, consider providing a server mirror to help the cause. May be cheaper than "paying" for Red Hat, and it goes to further the cause.

When it comes to support - consultants are great for implementation. However, if you've got a really large installation and start running into obscure kernel bugs or other software problems unique to your installation, you'll need kernel engineers or other higher caliber software developers or systems engineers to really deep-dive the problem. Red Hat can provide that with support subscriptions (or one-time incidents). Can't say the same for CentOS - you're at the mercy of the community.

Same goes for rapid-paced updates to zero-day problems. Chances are, you're going to get a fix a lot sooner from Red Hat than you would from CentOS.

Do I leverage CentOS for small projects - absolutely. But I understand that while it's 99% Red Hat code, it's not Red Hat in every respect.

Red Hat VS CentOS

[Corwyn_123]

OK, here's the bottom line:

1) Red Hat includes support, and guaranteed updates, and you can be sure it will be continually updated in a timely manner.
2) You can call Red Hat for assistance
3) You also get content that is not included in any free distro, the Red Hat Value Added content

1) CentOS gives you a remastered version of Red Hat EL which is potentially 2 to 3 versions behind Red Hat.
2) You get the support you pay for, ie: Being told to RTFM before you're entitled to any assistance from the community. Help that's limited to what users of CentOS can give, because the developers won't waste their time helping you, even though it's Community ENTerprise OS, they really only put the distro together for themselves and don't really care about the community.
3) You can't be sure that the updates are up to date. In most cases, the updates you get are lagged significantly behind the Red Hat release, that it could leave a known security hole in your network, in a business environment this is dangerous.

Don't get me wrong, I love FOSS, and I infact use CentOS on my home server, but I also know that I have to rely on myself and those I personally know, when I need to fix something that I'm struggling with.

In a business environment, I would insist on only using a distro that has the backing and support of a company/organization that is capable and willing to support it, like Red Hat is, without saying RTFM before I'll help you. With Red Hat, you are paying for that support, and they step up to the plate to give you what you're paying for, regardless of how elementary or advanced your knowledge level is regarding the product, or the complexity level of the issue you're calling in about.

In other words, you get what you pay for, but in a business environment, you should consider if it's worth it to pay for support or get little to none.

If you need RH's services....

[rayvd]

A RHEL subscription provides:

• Guaranteed timely updates

• The ability to file bugs via a paid SR and receive supported hotfixes

• Technical support

CentOS does a good job of releasing updates fairly quickly, though not necessarily between point releases. Especially if point releases occur when a point release for multiple versions of RHEL is released simultaneously. You can be stuck in a lurch for quite a while while CentOS's small team works hard to get things going.

As to getting bug fixes... this has primarily been helpful at my company as we write software that runs on RHEL and occasionally need to ensure bugs in RHEL provided software are fixed in a timely manner. It's nice to be able to escalate a BZ entry via an SR and a TAM or account rep.

Tech support you may or may not need. Perhaps if you're the only Linux "expert" or if you want that extra assurance or a vendor to "blame" if something goes south.

Ray

Third party software

If you are paying or support for third party software, best check the vendor will support it on centos because many isv's do not. Like if you are running sap on centos, you are not in a supportable configuration and sap can ask you to reproduce the problem on RHEL.

Sort of Worthless

[dark+grep]

I would agree that paid support is for the vast majority of the time, quite worthless. It is just like insurance. When everything is fine, it is a waste of money. Even then, over a period of time, the insurance companies don't stay in business by paying out over the odds.

Paid support is like a bad insurance contract - when you go to claim, you are never sure just what value you are going to get. My experience is; about half the time I have had to call on a paid support contract for help I have nutted it out myself before the support service has. Never the less, when all else fails, any help you can get is better than none.

Charley and the Guys Fix the Red Hat Issue

Some random ideas I was jotting down the other day when we were having the same argument:

Now that we are hitting bad economic times, I'm seeing several entities taking the risks of non-supported systems such as CentOS and Scientific Linux in place of RHEL. This got me thinking about the whole thing, and in my unimportant opinion I think they are going about support the wrong way.

I have never liked the RHEL licensing scheme, because it has always seemed to me to be no different from microsoft software licensing. You can call them whatever the hell you want(entitlements), but from the customers point of view it is nothing but overcomplicated software licensing that ends up being a pain in the ass for the admins to keep up with.

Git rid of software licensing and create an actual support model and offer incentives.

When I think of support I think of documentation, tech support, bug fixes and consulting. I do not think of a per OS/software suite licensing scheme. What I would like to see is some sort of general support model. With that model certain incentives can be put in place to create a better linux workforce and increase open source contributions.

1. Make the software free to download and use and focus on providing actual quality support.

Make the software free to download and get rid of the licensing model.

Benifits:

- Bring everyone back home to RHEL and away from CentOS, Scientific Linux... and so on. The reason most companies uses these is very simple. Cost. Why would I use CentOS if I could get the exact same upstream for free.

Create a general low level support offering that covers basic tech support and documentation(wiki) access. This should just large enough to contribute to Red Hat overhead for software errata and packaging, security certifications... and so on. (stress that this is what it will go towards as everyone understands)

Benifits:

- Same cost for everyone and the cost for basic overhead is spread out amount various support contracts. This should be small enough to make it inviting for small companies, but large enough to not hurt Red Hats ability to do what it does well.

In addition to the general support cost charge a monthly "admin" support cost. This seems more fair and makes more common sense then a software licensing support model. At the end of the day, its the admins that need the support.

Benifits:

- It just makes since and would keep the customer happy.

- Simplify the registration software. Throw all of the licensing BS from Satellite or Katello the programmers would have less to deal with.

Offer support add ons for specific software on a per-admin basis. This can include satellite, clustering, virtualization.. and so on with the ability to tie each support offering to specific admins.

Benifits:

- Companies can save money and buy support for the software that specific admin are responsible for.
- Red Hat can use these to provide money directly to the software projects being paid for via support.

Offer a support structure for consulting, architect work and redhat provided in-house installs/conf

Red Hat's support contracts are ridiculous

[Myria]

Give Red Hat a call. Seriously, if their sales department can't justify it for you, it's not justified.

My company has something like 20,000 diskless servers running Linux. Red Hat wanted us to pay for that level of support, which is ridiculous. Groups of several hundreds or thousands machines all netboot from the same image. Because of this, our needs for support is far lower than the number 20,000 suggests.

In the end, it was far cheaper for us to use CentOS and hire people to maintain the machines and their OS image than to pay what Red Hat demanded for 20,000 machines. Red Hat's business model just didn't fit, even though we wanted to have their support.

Re:Red Hat's support contracts are ridiculous

[Frosty+Piss]

My unique 1-in-10000 setup didn't need XYZ, therefore no one needs XYZ.

Yes of course, I am so stupid.

CentOS support from Oracle

[gridengine]

BTW, it was discussed on the Oracle Linux forum that Oracle does support existing CentOS installations.

Rhel for production servers

Dev machines CentOS.

Support is sometimes worse than worthless

[pcjunky]

I have at least a couple of times had trouble with equipment and had theories as to what the problem was only to be told by the vendors support team I was wrong. Long story short and lost customers later, turns out I was right. There support was actually harmful.

I have been running Linux for 15 years in our ISP where downtime was a big no no. Research on online forums provides quicker cheaper solutions that just about any support I have experienced.

Correct him

[mysidia]

Our CIO is convinced that technical support for any product is worthless. He's will to spend money on "one-time" software purchases, but nothing that is an annual subscription.

Well, the important thing here is that CentOS is not just free RHEL, and the choice between them has engineering implications.

A RHEL subscription is not merely technical support. It's also software updates. CentOS has been notoriously slow about software updates, and the last thing you want to do is wait 6 months for a bugfix for an issue important to your business. Your CIO is going to look pretty bad if you have systems crashing due to an issue, with an available bugfix that you don't have access to, because CentOS hasn't carried it yet.

You can't report "bugs" in CentOS that exist in RHEL, and Redhat won't really listen to you unless you have the subscription.

Also, the RHEL subscription provides update, monitoring, and patch management features through the RHN website that are not available with CentOS.

CentOS strives for binary compatibility with RHEL, but this is not guaranteed -- there are and can be issues and bugs you will encounter.

A good number of third party software products are supported on RHEL but unsupported on CentOS.

you didn't think that through at all

[rubycodez]

Red Hat is the free rider, most of what you get in their distro didn't come from them. Debian gives more than Red Hat. Red Hat could die, and GNU/LInux will go on.

Re:you didn't think that through at all

Bullshit, RH pay for a lot of upstream development that Debian takes full advantage of. As a Debian developer I am well aware of that.

Re:you didn't think that through at all

[JasterBobaMereel]

Red Hat sell support, the do not Sell Software .... they help develop that software so they are the experts on it, so you can have some confidence they actually know what they are talking about

This is an old, tried and tested business model, and it works and has worked for years, IBM did it?

Re:you didn't think that through at all

[rubycodez]

And Redhat uses some Debian things. And RedHat includes and takes advantage of thousands of open source projects not their own.

Re:you didn't think that through at all

[rubycodez]

I doubt they developed even 5% of the software in their distribution, including kernel contributions. Whether they're really an "expert" when most of it isn't theirs is debatable. I've never needed RedHat support for anything, and I've spent the last ten years deploying it in places like major city datacenters, projects in the millions of dollars.

Re:you didn't think that through at all

[Rich0]

I'm not convinced of that. And, RedHat employs a lot of people that likely contribute to FOSS in their spare time. Their contributions are also likely slanted towards the sorts of boring things that kids in college don't like to work on, like stability, bugfixes, and hardware support for things that don't involve accelerometers.

Not many companies promote FOSS and I don't know that it is all that great for the community when one of them fails...

shut the fuck up and do what you're told

you stupid IT clown

Sounds like a wise CIO

It sounds like the CIO is wise. Do what he says.

we started with centos

my company started with centos 4 .. as we grew and need more support and did not want to expand our internal systems. we slowly made the switch to redhat now we only have 2 servers left with centos on them . and we literally just put plans in place to have them switched out by the end of the year. RedHat has been awesome and never once treated us a 'inferior' because we started with Centos. In fact is was just the opposite, they were like 'Oh good you are already using Centos' this will be so much easier.

as for the upper management... I agree with a lot of the above complaints. .. make sure it's documented in meeting minutes that you said you feel we should go with redhat.

but I also agree that it depends on your companies size, and more importantly the knowledge of your staff. We would not have been able to implement centos without the the staff we have. We already knew linux and wanted to get all our systems on the same platform. if you are coming from a completely windows it staff, it will be very difficult.

Re:Learn to use English

[Jeremiah+Cornelius]

"They don't think it be like it is, but it do
-- Oscar Gamble

I tried CentOS 6, but it was a disappointment

[tibit]

CentOS 6 currently seriously lags in updates. I gave it a try, but then over a couple of weeks there wasn't a single new package available. Over the same time RHEL pushed out a dozen updates easy. It'd be pretty irresponsible to rely on CentOS, and anyone not understanding this is unfit for a CIO job. Two socket RHEL is a couple hundred bucks. It's money well spent. If you want to be cheap, you better compiled all RHEL released SRPMs as soon as they are available and kept your CentOS up to date that way.

Re: Charley and the Gang Solve the Red Hat Issue

Redhat Licensing
Now that we are hitting bad economic times, I'm seeing several entities taking the risks of non-supported systems such as CentOS and Scientific Linux in place of RHEL. This got me thinking about the whole thing, and in my unimportant opinion I think they are going about support the wrong way.

I have never liked the RHEL licensing scheme, because it has always seemed to me to be no different from microsoft software licensing. You can call them whatever the hell you want(entitlements), but from the customers point of view it is nothing but overcomplicated software licensing that ends up being a pain in the ass for the admins to keep up with.

Git rid of software licensing and create an actual support model and offer incentives.

When I think of support I think of documentation, tech support, bug fixes and consulting. I do not think of a per OS/software suite licensing scheme. What I would like to see is some sort of general support model. With that model certain incentives can be put in place to create a better linux workforce and increase open source contributions.

1. Make the software free to download and use and focus on providing actual quality support.

Make the software free to download and get rid of the licensing model.

Benifits:

- Bring everyone back home to RHEL and away from CentOS, Scientific Linux... and so on. The reason most companies uses these is very simple. Cost. Why would I use CentOS if I could get the exact same upstream for free.

Create a general low level support offering that covers basic tech support and documentation(wiki) access. This should just large enough to contribute to Red Hat overhead for software errata and packaging, security certifications... and so on. (stress that this is what it will go towards as everyone understands)

Benifits:

- Same cost for everyone and the cost for basic overhead is spread out amount various support contracts. This should be small enough to make it inviting for small companies, but large enough to not hurt Red Hats ability to do what it does well.

In addition to the general support cost charge a monthly "admin" support cost. This seems more fair and makes more common sense then a software licensing support model. At the end of the day, its the admins that need the support.

Benifits:

- It just makes since and would keep the customer happy.

- Simplify the registration software. Throw all of the licensing BS from Satellite or Katello the programmers would have less to deal with.

Offer support add ons for specific software on a per-admin basis. This can include satellite, clustering, virtualization.. and so on with the ability to tie each support offering to specific admins.

Benifits:

- Companies can save money and buy support for the software that specific admin are responsible for.
- Red Hat can use these to provide money directly to the software projects being paid for via support.

Offer a support structure for consulting, architect work and redhat provided in-house installs/configurations. This is where Red Hat can beef up costs for large business and

Re:Learn to use English

[DavidRawling]

By some chance do you write documents which are intended to pass for manuals, for electronic products sourced from China?

It's the CIO's decision....

[rdean400]

You've spoken your peace. Unless you know of a specific technical reason why using CentOS will not work, just do what you're told. It's your job to make sure the project succeeds.

Support...

The answer to your CIO as to why you should use RHEL and NOT CentOS (speaking as a CentOS and Scientific Linux user) in the corporate environment is support, support, support. When the RH experts in the enterprise are on vacation, or away for whatever reason, and there is a problem, "who are you going to call"? Ghostbusters don't do Linux support... :-)

HOW CAN YOUR CIO JUSTIFY KEEPING HIS JOB

[Jeremiah+Cornelius]

When he's unable to to transfer his liability and diligence vis a reasonable commitment of support for business critical functions?

For god sake! Nothing against CentOS - but it's three guys with Rsync and a listserv. One of them went missing at a key moment, a couple years back!

Re:HOW CAN YOUR CIO JUSTIFY KEEPING HIS JOB

[ghjm]

Was this intended as a reply to someone else?

The CIO can justify keeping his job if he has appropriately informed his superiors of his strategy. It is not necessarily wrong to maintain only in-house support. Transfer of liability is only an issue in organizations providing service to external parties.

CentOS is what it is, and has never claimed otherwise. If you want enterprise level support, you buy Red Hat. But if you have made an informed choice, as a strategic policy, not to buy enterprise support, then it makes perfect sense to use CentOS.

Re:HOW CAN YOUR CIO JUSTIFY KEEPING HIS JOB

[Jeremiah+Cornelius]

What you say makes sense if you aren't publicly traded, I guess.

Business is the land of Arse Coverage. Unless you are Google, or a startup, you buy the support.

Otherwise? You are the accountable party - were you responsible for a perceived incident, or not.

It's up to the CIO

[roc97007]

That's why he's the CIO.

My personal experience is that Red Hat support doesn't buy one much except the warm feeling of having it. I've never known a corporation to go for CentOS on Production machines, but I've seen it all the time in Development environments.

As someone else suggested, you'd be wise not to try to be spending someone else's money. In your place, I'd make a case that outward facing system should have support, because we lose (whatever it is -- sometimes thousands of dollars a minute) when they're down, and under those circumstances, you don't want to be asking on Linux forums for a solution. Everything else, development, test, sandbox, can be CentOS if it's a comparable build to Prod.

But if he turns that down, well, he's the CIO. He gets paid to make those decisions, and to live or die by them.

Think of it as insurance.

[renegadesx]

Get it in writing that he doesn't want 3rd party support for the Operating System despite your insistance.

That way if something goes wrong, you have it in writing the CIO took a risk by cutting corners and he is responsible for a fix taking some time.

lol

Really, unless you're emotionally invested in Red Hat, there's little justification to go with RHEL.

CentOS is free and offers no support, and Oracle Linux costs less than RHEL upfront and costs less on support (OUL licensing is slightly less per system as RHEL is per socket), so really, RH doesn't have the "if you want support" angle covered anymore, they're priced themselves out of that market segment, and frankly the only thing that keeps them afloat, with their ever-shrinking net revenue is the diehards who stick with it because of the emotional attachement to it being Red Hat.

It's not a question of how you can justify RHEL when CentOS exists, that's easy to do. It's how you justify RHEL in a world where both CentOS and OUL exist. There's just no good reason to go with RHEL anymore. Even the old argument of going with CentOS hurts Red Hat, and without Red Hat, there'd be no CentOS no longer applies. Oracle is fully capable of taking on the development of a second OS if it makes business sense to do so.

CentOS is F5 Networks

[IBitOBear]

CentOS's release schedule and priorities are centered around F5 Networks need to rev their Big IP product. It's not "seat of their pants" it's "do enough to keep our product happy, and then, well, whatever."

Or at least that's how it was when I worked at F5.

And Red Hat then, more recently, started making things hard for CentOS because they know the above is true. They stopped shpping "stock source plus patch files" and started shipping patched sources.

Use the CentOS

[symbolset]

CentOS doesn't cost RedHat anything other than the work they put into making it so that folks like CentOS can do their thing, which is minimal. What they get in return is that each year some of the folks who use the derivative distributions choose to level up to RHEL. It's like advertising - a numbers game. It's designed that way on purpose. I don't doubt RedHat would be tickled pink if the entire Fortune 1000 migrated to CentOS for everything they're not already paying RHEL for. So, carry on! Build up those line-of-business apps on CentOS, get good and committed. Sooner or later you'll buy some support for something and RedHat will get their money eventually.

A good CIO ...

[marcial.lapp]

reads Slashdot. Wait until you go into work tomorrow and see if he brings up the conversation. Cheers.

Do the Job, not ask what the job is.

[Dun+Kick+The+Noob]

Think the original poster has managed to stir up a religious debate.

The job is to manage/execute/spec the project.

Like it or not linux is an OS, its not going to earn your company money. Its support.

So put in in terms of money:
1. What are the switching costs and reduced:
          a. what are the scripts you need to rewrite - in terms of man hours, anticipated outsourcing costs
          b. What standard tools used in the organization will break, great if it is none but any experienced migrator will tell you otherwise
          c. What is the cash saved in the life cycle of the project and what costs are saved in the extended life
          d. What additional sales expected?
2. What is the value of your stream of updates( you have data, quantify it in terms of $$$)
        a. In Engineering terms what is the cost of remedy and what is the cost of defect prevention (Past data where a patch is not present and how much activity the repair cost the organization, how much does it cost the organizaiton)
3. Disaster recovery
        a. What happens if the OS becomes a blocker (e.g. some obscure library file provided by the latest RHEL on the dev pc and not on CentOS)
        b. What happens if the applications behave differently(not likely but Ive seen it happen)
        c. No offense, but what if you as key frontman(assuming here) are not able to solve a CentOS issue and you need help
        d. You are proven right in the end you need a stream of updates, so how much will it cost to setup one
4. Suppliers
        a. Do your organizations or partners have the capability and experience to implement rapid/ acceptable deployment for OS (provided you need multiple farms)
        b. What will they charge and feed it back to 1
5. Customers
        a. Do you marketing people go around promoting quality and talk about your RHEL, imagine the liability if it your customer faces an issue and get pissy
        b. Will they accept CentOS, redhat has a lot of pull in the enterprise linux world. Like it or not, people will not like it when you switch away(like you!)
        c. Will your customers choose another supplier if you switch, customers can be fickle, if they can switch on color of a GUI they can swith on an OS
6. HR needs (not really your call from the sound of your post , but still its in your domain and you are holding the bucket, so better to voice out)
      a. Do your anticipated maintenance staff have the proper staff and certifcation needs(some organizations require a certain % of staff to be certified)
      b. Do you need to hire more staff(project/contract/temps) to enable this project

This is a very short summary of what you can do(ill write more if you pay me =) ).All feeds back to 1. And ultimately its the CIO's call as some posters have made the point.
Ive seen organizations dragged down by such issues, where one engineering group goes off pushing their own distro and another group pushes their own. Lots of wasted resources and time. If your CIO makes the call, he makes the call. If you as SME know the difference, present in a way so that he can make the call. Supporting redhat will not help your organization or you. Put it in neutral terms and show what RH has to offer and if you got time pull in other companies. If he is open to CentOS why not suggest the full spectrum and let him make the decisions. pad it with costs from trade magazines(alright bad source but still better than nothing) , studies and most importantly your company's history. His call, his decision , his responsibility. In any case, if it hits the fan, you are covered and your organization has a plan from day 1. Good luck

Re:Do the Job, not ask what the job is.

[Dun+Kick+The+Noob]

Also forgot the most important thing, ask the CIO, why now?

Maybe he is interested in reducing costs and see this as a quick grab at low lying fruit. You could then discuss limtied implementations, part of the project rather than whole of the project

It's not your job to "justify"

You don't know what the requirements are for the project for which the server is being built. Install CentOS, patch it up, then turn it over to the team that will be using it.

This kind of evangelism is the kind of crap that gives professional unix sysadmins a rep for being whiny linux basement nerds wearing a 10-year-old t-shirt with a penguin on it.

There's always a reason for whatever the decision is, and you are not always going to know, or be entitled to know what that reason is. I don't have to, nor do I have the time to, justify every decision I make to you personally. If you're going to be a problem tech, you're going to end up pulled off server admin and assigned to helpdesk.

CIO assumes liability

If you've accurately presented the risks to running CentOS over RedHat, then your job is done. The CIO will be held responsible in the end. In the old days, system administrators (aka system programmers) knew C and fixed bugs themselves. They are part of the reason we have open source.

In the end, you have access to the source code. What are you worried about?

Tech Support Use

Only thing I've ever used Red Hat support services for were licensing issues. No lie.

Some only hear the "free" part

[msobkow]

If your CIO or CEO is one of the people that only hears the "free" part, there's nothing that will convince them to contribute to the community, whether through cash, donations, or sharing their own source code.

The torrent community calls them "leeches."

You won't

[gearloos]

You won't, Your too ignorant to read even the most basic of agreements. You did manage to waste 1 minute of 300,000 peoples time on a Sunday afternoon.

Sorry I was asleep so I couldn't answer sooner.

[Narcocide]

The solution to the problem is simple: Use Debian instead. Debian doesn't come with support either, but unlike CentOS the package selection and average quality levels are sufficient for production systems.

Software Support CenOS

The best solution is to take all the above suggestions and neatly present them with assigned probability weight (%) (go through the industrial journals on CIO failings etc)., and send the copy to CIO via email with copy to others on the team. The tone should not be accusatory in nature, rather pose these as questions and asking the views of every one. Once this is documented, all future problems will fall at the lap of the CIO and if he refuses to change his mind, you need to find another job. Most CIO have insecurity and are not very bright, or rather have street smartness but lack creative and academic smartness. Thus placing all the facts on the email as a polite enquiry you safe guard your position. Never discuss any new ideas without an email (with a copy to your home computer) and higher ups always steal ideas from the best and use them as their own. Be careful.

Patches.

[petard]

By definition, Centos lags behind Red Hat on patches. They work very hard to make that window as small as they can, but sometimes it drags out longer than you'd like it to for a critical system. Some researchers will wait for Red Hat to release a patch before posting about a vulnerability. Not so many will wait for Centos. So the window where there's an announced flaw without a patch is, necessarily, larger with Centos than Red Hat.

Re:Lacks more than that...how about: QA, certs, RH

[dAzED1]

Yes. That's actually a sortof dumb question. If Lockheed Martin subcontracts a part, it's ok if it comes from a known terrorist group because LM is bigger? Think about what you're saying. Yes, code repository auditing is important. Yes, QA is important. I don't care if your employer is bigger than RedHat, it doesn't matter a hill of beans.

The reverse is more likely

[dbIII]

With a very small group where everyone knows everyone else it would be difficult to infliltrate it and infect it with malware. There are not very many CentOS developers and packagers.

Re:The reverse is more likely

[syousef]

With a very small group where everyone knows everyone else it would be difficult to infliltrate it and infect it with malware. There are not very many CentOS developers and packagers.

If you managed to hack into the repository, and did so cleverly covering your tracks, would they actually notice the changes? How long did it take for that Kernel hack earlier this year to be found? How much longer with less eyes.

That's a double edged sword you're wielding.

I agree with your CIO

[mandelbr0t]

Sounds like you can't do your job without someone holding your hand. I've used CentOS, and the Internet works just fine for doing research into problems. I'd do as you're told and make sure you document any time spent researching problems. After all, he might decide that you're not capable of doing your job if you keep insisting on the paid support. I have yet to find an industry problem that can't be solved on your own.

Businesses look at Total Cost of Ownership

[Travoltus]

If we are talking about end users or hobbyists, your point would be fairly unassailable.

However, "Linux is free if your time is worthless".is aimed at business situations. It based on the fact that time is money. So it is not a useless quote when talking about Linux and businesses.

The quote refers to the concept known as "Total Cost of Ownership" (TCO). This is a 3-Dimensional concept that includes the cost of downtime, system maintenance, and future costs for adapting to software upgrades and industry changes; in the universe of TCO, the price to purchase and install an OS is practically meaningless. And I mean meaningless: numerically speaking, when you have a company where downtime costs $10,000 an hour, exactly how significant is the cost of actually purchasing and installing the OS? Absolutely zip.

TCO dictates that such a business would be better off paying $100,000 to install and support an OS that will provide you 10 seconds per year of downtime, rather than paying $0 for an operating system that results in one day of downtime (which would set you back at least $240,000). *

The point is not that Windows is not free, everyone knows that; nor is the quote you're contesting denying the fact that Linux has zero cost to purchase. Linux may have zero cost to purchase but when you are paying someone to install it and you are sacrificing hours of productivity to switch to it, it is not free.

The fact that your servers and systems will not get built and magically deployed by Linux elves, says it is not free. From a TCO perspective.

Please don't get hung up over the 1-Dimensional concept of "purchase price" when talking about whether Linux is Free[tm], at least not when talking to a competent business. Businesses look at this issue from a 3-Dimensional perspective - as in, TCO. Of course, you can ignore TCO and stick with judging an OS by a 1-Dimensional concept like "purchase price"; but if depending on your mission imperatives, this may bite you on the rear.

Your argument only shows that the masses do not yet understand that competent businesses barely even look at the purchase price of an operating system. They look at TCO.

All of this basically means that you may think the quote is useless, but in fact it is the basis of any competent business's IT strategy.

* It just so happens that Linux's installation price IS free, and studies suggest that its down time less than Windows. Plus, now Linux applications have largely caught up with Windows. Linux is definitely more secure-able. But from a TCO perspective, Linux is not free.

Now I'd like to wrap two responses in one - this part going to the OP. The question of "can independent Cent OS support guarantee us downtime equal or less than going with Enterprise Linux?" is absolutely critical to the credibility of their decision to go with Cent OS. Allow me to distill that into an equation:

E= (I1+S1+D1 * C) - (I2+S2+D2 * C). The magnitude of folly in choosing CentOS over RHEL is represented by E. It is folly if E is greater than zero. It is epic fail if E is really really greater than zero. Do note, from my arguments above, that C is by far the biggest number in this equation.

I1 = cost of deploying CentOS (including labor)
I2 = cost of deploying RHEL (including labor)
D1 = downtime in hours (CentOS)
D2 = downtime in hours (RHEL)
C = cost of downtime per hour (applies to both scenarios)
S1 = cost per hour of CentOS independent support (this includes maintenance, upgrades, deploying software)
S2 = cost per hour of RHEL official support

Re:Businesses look at Total Cost of Ownership

[Kjella]

S1 = cost per hour of CentOS independent support (this includes maintenance, upgrades, deploying software)
S2 = cost per hour of RHEL official support

Those should absolutely be multiplied by productivity and quality. Many people would rather pay $50/hour for 4 hours than $150/hour for one hour, even though it makes no sense. Though I guess it's the lemon problem, you don't know when you're paying $150/hour for crap so the less you pay the less you can get screwed I guess.

Oh, crap. My post got moved?

[Travoltus]

My post above was meant for you, not the Anonymous Coward.

Argh...

Wow, be thankful

[leamanc]

If this situation came up 100 times with 100 different CIOs, I'd venture to say that 99 times the CIO would make you choose Red Hat. (Actually, they'd probably steer your toward Windows Server, but let's assume we're dealing with Linux-friendly CIOs here.)

Most CIOs won't let a big software project go through without paid support from all the software vendors in question. But your CIO is a smart man. I wouldn't say all software support contracts are worthless, but if you've got strong Linux knowledge in-house, CentOS is a perfectly acceptable alternative to Red Hat.

As the director of IS at my company (we don't have a CIO title, so my position is as close as it gets), I have spent years building up Linux gurus who know their way Red Hat- and Debian-based distros. I trust their knowledge, and their ability to research and solve problems on their own, to go with CentOS when a Red Hat-based distro is needed for a certain project.

Some projects we have done have absolutely required RHEL (to the point where they won't run on Red Hat-based distros, even Fedora), so we went with them because we had to. The only difference we found was that we couldn't get updates without our RHEL license keys. We were able to solve all problems with our own staff; we only contacted RHEL support when there were problems with the update servers.

Maybe you don't feel confident enough with your in-house knowledge. That's too bad. I'd spend money on training and developing gurus rather than forking over cash just to get updates. But mostly I say enjoy your situation here, as it is very unique. 99% of CIOs are going to force you to go down the paid route.

Re:Wow, be thankful

[Antique+Geekmeister]

You've missd some other causes. More than a dozen of those 99 times, the CIO's will be commiting fiscal fraud and charging the other departments for RHEL licenses and installing CentOS instead. I've repeatedly run into this with corporations ignoring the number of licenses they've bought versus the number they've installed, and had a very difficult time negotiating with some of them to prevent any of my personnnel getting involved in such fiscal and legal abuses.

This kind of fiscal abuse is far, far, far too common.

Don't

Red Hat and Centos suck donkey bollocks. I have to use both here at work because RH has "Enterprise support agreement". It's crap- the only times we have tried to get support out of them they have been slow and completely off track. Don't waste your money on RHN. You would be far, FAR better served using something with a decent package manager- which is the source of roughly 70% of the problems I have managing RH. Debian FTW.

EULA

[rjbrown99]

OK start with the Red Hat License agreement. Have any of you read it? In a nutshell, it says that anywhere you run Red Hat on a server it requires purchase of a subscription. And you can't buy a workstation subscription for a server, it has to be a server subscription. Subscriptions are based on 'sockets', which means CPU in real terms.

A 2 socket RHEL license costs $349/year on the 'self-support' model, and a 4 socket license costs $1,598 per year for standard subscription. Compare that to Windows Server 2008. The cost is $722.99 on CDW right now for W2K8R2 Standard. BUT, that's a one-time cost. And you get patches for free, regardless if you have a support contract or not. Figure that a Windows Server version may be supported for 10 years or more (2003 will run through 2015.)

Red Hat: $350 per year for 12 years = $4,200
Windows Server: $722 total, for 12 years = $722

That ends up costing you six times as much in license and support to run RHEL. Extrapolate that across hundreds of servers, and it becomes a monstrous expense. 500 servers = $174,500 per year. And yes, I assume you are going to re-buy a license for the new Windows Server one or two revs into the future.

THIS is exactly why we are not using RHEL in a highly compliance-oriented industry, and why we elected to go with CentOS. In the end we're going to be doing the support ourselves anyway, and Red Hat's cost structure is outrageous for what you get.

Re:EULA

[olau]

Not that I necessarily disagree with the conclusion (running Debian here :), but I don't think you can compare Red Hat and Windows Server licensing in that manner. It's not the same offerings. Red Hat has batteries included.

Re:EULA

[cos(0)]

What about Microsoft CALs? For each machine or user connecting to your server, Windows Server requires a CAL, whereas RH does not. I believe CALs, not the server license, is the largest chunk of the expense.

Your CIO has his priorities straight

He is not responsible about RedHat being paid, he also does not have to adopt YOUR views about open source community. He thinks that RedHat is a rip-off (or so I gather between your lines) and in the end of the day, given his C*O title he probably reports to someone who usually cares most (if not only) about stockholder value and has every right to do so.

Besides, having no option to fall back to "sunken cost" -vendor support, you should get a warm fuzzy feeling of job security about the CentOS choice :)

Starting with the wrong question. Is RH for you?

Like the person who asks "how can I use NFS to serve web pages?", you're starting with the wrong question.
Before asking "How Can I Justify Using Red Hat When CentOS Exists?", first ask "should I use Red Hat rather than CentOS?"
It sounds quite likely that you shouldn't, and your boss is telling you so. Ask "might the boss be right?" before asking
"how do I change his mind?".

If you come up with a really solid answer as to IF Red Hat is better for your business, you'll know why and tell the CIO why.
You will have no need for a sales pitch generated by Slashdot users who don't know your business at all. After many years I''ve
just started to do this with politics - rather than asking how I can convince people of my point of view, I'm now starting to
consider whether perhaps they have a good point, whether my old point of view is necessarily best or not. It has been opening
my horizons and making things more interesting.

Justify CentOS with Scientific Linux around?

There is no point to *CentOS* with *Scientific Linux* in play. CentOS is buttt slow to release, has repeatedly left key security and feature updates dangling for up to six months behind their unpredictable "releases", is too busy infighting to put their work under source control or publish their build structures, and is losing both users and core developers (such as Dag Weiers) to Scientific Linux. There *is no CentOS 6.1 yet", and there is no published or expected release date. Let's face it, CentOS is coming apart for exactly the reasons their core team used to make fun of White Box linux for.

So the question as stated is, in fact, a stupid question. Now, if you want to compare Scientific Linux to RHEL, I've used all of them. If you need the upstream vendor to actually modify the packages for your needs, as I have when needing better virtualization support or new drivers for new hardware, or need patches to gcc and glibc to support new architectures, or needed Apache and OpenSSH updates backported to my production environment within 72 hours, then you need a commercial support license.

If your tech suport is in house and your staff is actually writing the patches and sending them to Red Hat, then maybe you can rely on your in house support. I've been in that position as well, and my salary has been justified supporting clusters on White Box, CentOS and Scientific Linux, and Red Hat's costs more than paid for for the kernel and core component support for production sites that would have taken me weeks to resolve the issues, if ever. And if you want to invest in *guiding* the next release, or package updates, to fill your company's needs, there's nothing like being a paying customer to get Red Hat to actually include something you want as a supported package, even if you don't have the staff or skills to get it into Fedora for possible inclusion.

vice presidents?

Your company does $240K a day, and vice presidents? Plural? Sounds like too many chiefs in your company.

Pointless argument that doesn't differentiate

[dbIII]

You can say that about nearly any organisation on earth, but once again smaller groups without much to change are more likely to notice it than a large group.
Why don't you try a different argument that does not rely on the stupidity and inexperience of the reader? Why are you pushing such a line which I very much doubt you believe yourself? Is it some silly game to see if you can get a large number of replies about how silly your suggestion is?

Re:Pointless argument that doesn't differentiate

[syousef]

Why don't you try a different argument that does not rely on the stupidity and inexperience of the reader? Why are you pushing such a line which I very much doubt you believe yourself? Is it some silly game to see if you can get a large number of replies about how silly your suggestion is?

Instead of being so insulting and abbrasive, and making assumptions about what I do or don't believe, why don't you educate yourself.

I don't know what checking is done regarding repositories. I imagine not a heck of a lot since they mainly change branding. But it would be easy enough to mess with a source RPM if you had access to the repository. Replacing one important package would be enough to introduce a root backdoor. Again this has been demonstrated with the kernel sources. Such an attack has been attempted. So why do you insist that i'm relying on the reader's inexperience and stupidity or that I don't believe what I'm saying? (Think what you want. I don't come here to talk rubbish I don't believe).

Re:Pointless argument that doesn't differentiate

[dbIII]

So, you do believe this nameless fear and paranoia you are attempting to stir up? If I had suggested that it would have been very insulting. I prefer to think of you as a liar trying to stir up trouble for fun instead of making fun of the mentally ill.
Remove the faux technical stuff that I doubt you understand and which is irrelevant anyway, and it comes down to the suggestion that small groups are inherantly less trusworthy than large ones (eg. they know who did what so a malicious outsider gets caught quickly if they can get in at all). That is why I'm screaming BULLSHIT and asking you about why you are motivated to lie in such a way that makes you look very stupid is the reader isn't immediately taken in by the confidence trick? Is it some pathetic little jab at open source software and you just do not understand that it also applies to small teams in closed source software? It's obvious that you are playing some sort of game - so out with it - which team are you mindlessly cheering for while we are trying to discuss other issues here?

Worth it where downtime is death

A few years ago I was working on a real time system control system managing a reversable (tidal) lane in the middle of on of the busiest streets in my state capital. We were on RH enterprise ed, running a 2 node cluster that communicated via a shared SCSI array. Every now and then the cluster would go crazy with each ndoe "killing" the other over and over.

Long story short: we had an _enormous_ amount of help from RH, and a lot of days and nites with their engineers in our offices or production site. They went way above and beyond. In the end it turned out to be the nasty, dodgey rubbish Dell MB and let me tell you, Dell was the the other send of the support scale: Who us! Fuck off!

Did I tell you I hate Dell servers!

What me worry ?

The question is: Why do you want to use RedHat in the first place ?

If you need the support AND this is a mission critical setup you need RedHat if not you can run on CantOS.
You can always upgade to RedHat later, it is not like moving from RedHat to Debian so it is quite easy.

CentOS == ancient applications

[diekhans]

CentOS is completely frustrating for their inability to distribute current software. After years of compiling more and more of my own applications on CentOS 5.*, I finally got upgraded to CentOS 6.0. Already have to compile my own python and xfce. Something is wrong when the kernel revs more frequently than the applications. I belive RHEL has the same approach. What's the point in running an OS for outdated applications??

CentOS?

How can you justify using CentOS when Scientific Linux exists?

We never called RedHat support

In years of using RedHat, we or our clients never called RedHat support, the clients call us, and at the end it is me who fix the thing. Even if called RedHat they wouldn't know how or application expects the system to be configured, so still needing someone from our company (me) + someone from RedHat.

For this reason, I always recommend Centos (with the donation thing, but they don't want to pay that either). Our systems are in a separate private city-level network, the weakest security problem is not our servers.

For similar reasons we are also dumping Oracle in favor of Postgre, which is much more easy to admin, and we compile it when we use it.

No one-time issue

[dutchwhizzman]

There is no such thing as a "one-time issue" with RHEL. You have to pay for a yearly minimum support contract, for the right to use software that has their trade marked brand name and logo's embedded. Once that runs out, you should either renew, or remove the offending binaries, documentation and logos off your systems. You do get update binaries in this minimal contract, which is what you really want anyway. Waiting for CentOS to come up with those may be the difference in having your systems compromised or not. There's nothing wrong with CentOS, but it's always behind RHEL, because of the mere concept of it.

OP: make sure you make the CIO sign for the fact that he's running software that's not supported on enterprise level, or certified to run on the hardware infrastructure, or approved as a supported platform by any of the applications running on the OS. Any and all extra expenses and damages resulting from that, are a risk he has to willingly take, and just to cover your own behind, I would recommend you have him sign for that.

Re:No one-time issue

[Stax]

There is no such thing as a "one-time issue" with RHEL.

True.

You have to pay for a yearly minimum support contract, for the right to use software that has their trade marked brand name and logo's embedded.

False.
You are paying for support and updates, access to the KB, the Certifications (Common Criteria, FIPS, etc, etc), reference architectures, etc. NOT for the use of the trademarked brand name / logo's

 

Once that runs out, you should either renew, or remove the offending binaries, documentation and logos off your systems.

False.
Once your subscription runs out, your RHN account will be locked, and you will not be able to get updates, access the KB or enter support tickets.

You do get update binaries in this minimal contract, which is what you really want anyway. Waiting for CentOS to come up with those may be the difference in having your systems compromised or not. There's nothing wrong with CentOS, but it's always behind RHEL, because of the mere concept of it.

True

Re:No one-time issue

[bill_mcgonigle]

There is no such thing as a "one-time issue" with RHEL.

No, but rumor has it that Redhat will be happy to take your money and help you install redhat-release on your about-to-be-former CentOS system.

On one hand, they don't benefit from people waiting to buy support until they need it. On the other hand, if you're in that position, they've likely acquired a new customer who would likely not have been a potential customer if they had to pay up front, and will likely renew.

I use Fedora, RHEL and CentOS, and think they're all great for their own purposes. Redhat is the model of what open source companies should strive to be.

Econ 101

[Ex-MislTech]

When the economy is booming and money is flowing go RHEL.

When the economy looks like it is driving off a cliff pinch pennies.

Welcome to Econ 101.

Your CIO has some gonads

[X86Daddy]

It is rare in large and medium-large companies to find any executive, or even high-level manager willing to say "I'm going to bet on my people's capabilities, rather than spend a lot of company money on the 'safe' (for my job) solution." Your CIO has the same two choices that countless IT managers, directors and CIOs are faced with: spend a significant amount of company money on an outside vendor, who can be blamed when all hell breaks loose, or rely on his or her team to do the job as well if not better and possibly take the flack when bad things happen. A nasty old phrase in IT was "nobody ever got fired for buying IBM." It worked until I knew the guy who did get fired for stubbornly going IBM when there were obvious better alternatives. Today, that "don't get fired" vendor is Microsoft. One day the axiom will fail them too.

Relying on internal staff requires a few things beyond thrift: keep your staff well trained, compensate them well enough that they don't quit too frequently, treat them well enough that their morale keeps them eager to do their jobs well, etc... All of those things benefit YOU. A thrifty-minded manager/director/executive who doesn't make sure to build good teams is a waiting scapegoat and will be out of your way soon enough.

In the bigger picture though, what trend do you want to see: safe-bet management that relies on treating internal staff in a mediocre fashion, massive outsourcing to "support companies" who can and will ship jobs out of your country, IT seen more and more as a cost center to minimize rather than the people who get vital company work done, and companies getting less and less effective with their IT solutions because every new project and every exploration of an idea requires going through the protocols and expense of consulting with another company? Why have highly-trained, highly-paid internal IT people while having pricey outside-vendor support subscriptions? The trend I've seen is reducing staff to an "account-manager" or two and getting rid of IT people by attrition if not outright layoffs.

Now, all that said, if your company is small, and the choice here is finding and hiring and relying upon one good support person (who might get hit by a bus or move across the country for love, etc...), or paying for a pool of proven support staff fully available on a defined protocol, well, you may have the better idea than your CIO. But the issues at hand are much greater than "CentOS is cheap" versus "RedHat is supported well," and worth discussing at those additional levels.

Certificates

Things like FIPS, if that matters.

http://www.redhat.com/solutions/government/certifications/egotist

Re:Certificates

The captcha got appended to the link. The right link is: http://www.redhat.com/solutions/government/certifications/

Wrong OS all together

Sounds that you want an other OS, maybe Windows.

Pay for it, even tho there is better alternatives.
Let someone else do the support for you, without understanding that the system will be down during the time they or you fix the problem.
Lose knowledge that lets you bring up the system yourself, in case support priorities down your system against others when the problem occur.

Good luck with your project.

Two Words

Risk Mitigation

What support?

[SuperDre]

I always wondered what kind of support really is given? Mostly it really is just giving answers to question which are compiled into FAQs or Forums, so everything is already available..

My half a million reasons why not to use Redhat

We are a SAAS house running roughly 1000 Linux servers. We are SAAS, so I have software
developers and server administrators on my staff. Last year the person who maintains our
internal CentOS repository got transferred to another project and I no longer had a full time support
person on my staff.

So I ask Redhat a quote on repository servers and support in case we run into problems. We end
up getting a price of around $500 per server per year. That is half a million dollars per year for some
repository software and a support number. I had to stop the negotiations with Redhat explaining that
I don't see us getting a 90% permanent reduction on their pricing.

I ended up hiring a new person and now we are attempting to reach a situation where the underlying
flavor of Linux is irrelevant. I'm finding it easier to get people with Debian knowledge. For CentOS based
stuff Scientific Linux seems to be more up to date.

We've been in business 10 years and so far every problem we have encountered could be solved
with patching the kernel (two incidents, last one 5+ years ago) or by Googling (too numerous to count).

But Red Hat make Big Money

[nukenerd]

Hairy Feet's argument would be plausible except for the fact that Red Hat are spectacularly successful.

http://www.selftrade.co.uk/quote-red-hat-inc---RHT

Thier share price has increased about 1000% in the last 10 years and nearly 25% in the last year. That is similar to Apple, but without much advertising or notice from the media.

This year they are on course to have $1 billion in revenue, with $200 million profit. Doesn't everyone know that Linus Torvalds became a millionaire because he had shares in Red Hat?

Anthony Mouse (elsewhere in this topic) has described a scenario where Red Hat will be taking money to the bank because of recession. In fact they already are.

Bugfixes and exposure

My company has a simple rule : RHEL on anything facing the web, CentOS on anything internal

Especially where a zero-day exploit might impact us, we want the fix as fast as possible -- even if only a few hours.

Redhat!=Charity

[bWareiWare.co.uk]

http://finance.yahoo.com/q?s=RHT
I would certainly recommend their support offerings as both best in class and exceptional value, but you don't need them in every situation.
It is also interesting to turn the question around. Do you think that Redhat would prefer you to use a different distribution?

centos = redhat - support. Not other way around

[georgesdev]

centos is a clone of redhat getting all the work done by redhat for free. If you work in a for profit organization and will use the servers in production, i.e. making money, then it would be fair to pay redhat support if your company like so much redhat that they chose a clone of it. Otherwise, they could go for Ubuntu or other free Linux, and participate in debugging and developing it, that would be fair too. If your company is willing to save a few hundred dollars per year to get redhat's work for free, then you should question if you should stay. I mean I bet you do some kind of internal support on Linux machines for them, and they clearly don't value that much ...

Misplaced sentiment

While I applaud your desire to support RedHat, I think it's misplaced. If you need RedHat's support then pay for it. If you don't, don't. This is the business proposition on which RedHat is based (and is doing quite nicely, thank-you).

On the other hand, supporting open-source and linux specifically, whether using CentOS or RedHat, by contributing to forums and irc, by reporting bugs and by publishing any trouble-shooting or specific set up (without giving away too much about your infrastructure :-) documents, etc you have is something that should be pushed and encouraged. In my experience these things are over looked and rarely get management buy in (more in the "meh" sense than the "don't publish our competition advantage" sense).

Just learn it yourself

Given the fact you guys are running more than one Linux based system, your CIO must think very highly of you if he's willing to go with the system that offers no support. To be honest, we've been running Linux systems in our corporation for years, we've never once had to pay for support. Most problems we've been able to fix with 10 mins of research, and some hw/sw reconfiguring. I know for a fact that's saved our company thousands upon thousands of dollars. Just fyi, they're not simple LAMP systems either. We've got vmware esxi, nfs/drbd/snapshot storage/backup setup, centos asterisk servers, endian firewall, among others all setup and configured by internal IT. Given all of this takes a ton of research, but whatever you can learn yourself just makes you a better tech in the end

Forget CentOS, use Scientific Linux

After the huge troubles of CentOS bringing out version 6 and other turbulence, I would completely forget about CentOS and go for Scientific Linux. Scientific Linux has proved to keep up much better with RHEL than CentOS in recent times.

CentOS project itself a potential concern?

[Just+Brew+It!]

I haven't been following the situation too closely for the past few months, but not long ago there was a lot of turmoil at the top of the CentOS project, and some people were starting to question its future viability. Have those issues all been resolved?

Check out Scientific Linux

http://www.scientificlinux.org/

CentOS but with faster releases.

But I've got a ticket...

How are you going to feel when you've purchased support and they cannot help you... If you can get CentOS installed on a lab installation and up and working there are no gremlins that are going to eat you. I cannot tell you how many system admins try and play the "we have a ticket open with XYZ vendor" as a pass on something they should have been able to diagnose and fix. I think the CIO should speed the money to get a better in house resource to support linux installs who won't cry about not having support after all GOOGLE is an excellent free support resource if you know what your doing.

Chief Informations Officer is Chief

There are a lot of reasons why the CIO got his CIO position. Relationship to the CEO might be one of them. Technical background might be another. Yet a third reason might be that he understands how to make the CFO look good (i.e. saving a bundle on technical costs).

He knows that Linux-based solutions are a good bet when it comes to looking for stable platforms upon which to run software. He knows that the chances of something Bad happening (RAID configuration going awry, server being affected by mal-intent, hardware failure) are slim. But he also knows that, given the technical staff (i.e. YOU), even IF the system goes down, it can be handled by throwing late hours and overtime (i.e. YOUR time) at it.

Re:Learn to use English

"..than his"

You suck too.

He should be removed

[Anarke_Incarnate]

The CIO is not capable of doing his job if he doesn't understand that mitigation of risks involving purchases as well as projects in IT is his job. If he believes that assigning risks to the future is the best way to handle that job then he should be removed. There are many things that require additional support. The issue is not one of Red Hat vs CentOS (and CentOS does not have all the latest fixes as well as there being additional issues revolved around Red Hat's change in patch structure).

There are too many things critical to operation that cannot be contained without support. That support buys you bug fixes, as well as the ability to escalate towards people who do things like actually write the kernel or device drivers.

Then build it with CentOS

If you CIO does not see the value, then the only solution is to show him the value. Unfortunately, you cannot show him the value of kbase and such, if you can't access it. However, you can keep track of time spent on fixing problems and such, and how much time might have been saved with a subscription. If downtime does not cost your company a significant amount of money, and you already have a large technical staff that can afford to have there time pulled away from other work, then you probably do want to be using CentOS. However, for most companies even the reduce in risk by getting the security fixes on day 0 is a sufficient justification. Lets face it, chances are the subscription cost is probably negligible to the rest of the budget.

CIO's problem

Just set out the facts in an email. Keep the email.
The CIO is I assume an executive. If so, his job is to balance risk and reward.
Just set out the risks and rewards in a professional and dispassionate way and let him make his choice.
Once he makes it you will have to live with it Im afraid.
If he's a good guy he'll do the right thing and if he's not then he'll probably attack you anyway so dont put a crosshair on your own ass.

Having said all that Ive worked a lot with CentOS in a production environment and its OK. Its not Debian right enough, but its OK.

Socialism in a capitalist world

[concealment]

This is why I have been saying for ages "free as in beer" needs to die and be replaced by "free as in freedom" only.

I thought this was profound. Every single aspect of our society is for-profit. In order to succeed in that, an operating system needs to generate money and re-invest it in development.

How many times have you used some FOSS product and inquired about a feature, only to hear that the programmers don't consider it important and aren't interested in it, even though there's 2,000 people in the support forum asking about it?

With Linux, we got a great operating system but also a community of freeloaders.There's a reason people buy windows and OS X, which is that because you pay money, you have an expectation that they'll eventually fix stuff and put in the features you need. It ain't perfect but it's the best we got.

Your building is on fire.

"Our CIO is convinced that technical support for any product is worthless. He's willing to spend money on 'one-time' software purchases, but nothing that is an annual subscription."

We hit a huge issue with device drivers for a particular vendor's RAID card. They insisted the problem was in the kernel, not their drivers. Having RedHat support meant that instead of us arguing with the vendor, RedHat engineers argued. The result was that we got a fix, plus we got back some of our hardware investment as credit because the vendor was so embarrassed.

If my CIO told me that technical support for a software product was worthless, my reply to him would be, "I quit."

Sounds like a smart CIO.

As long as you've got someone in-house that knows a thing or two about Linux, you should be good-to-go.

Put the CIO on the Pager...

[bodland]

He can try and support a OS with no professional support at 3 a.m.

Doesn't sound like the CIO is competent

Sounds like he's doing all the financials of his job "seat of the pants" rather than rigorously. Do a cash flow analysis of the support costs between Red Hat and ad hoc support using CentOS. Presumably the Net Present Value for RH is lower (thus the only correct financial decision). At least you can CYA with presenting such an analysis if you get overruled. I'd talk to Red Hat about this also: they probably have such an analysis already "in their pocket" as a white paper.

Support Worthless?

[doomicon]

"Our CIO is convinced that technical support for any product is worthless"

Has your CIO ever supported an application environment that included: Oracle RAC, DB2, Weblogic, OSB(aka ALSB), Websphere, Websphere Commerce, or heck a computer?

I would advise in creating a Risk Assessment (aka CYA Signoff) that outlines the risk HE is assuming by not purchasing support. Get his signoff on the Risk Assessment. You'll be surprised how quickly higher ups change their tune, when they realize their decisions are actually documented, and they can't just toss some lowly admin under the bus when it takes hours to recover from a production outage. When you do a Risk Assessment, schedule a meeting with the parties involved, DB Team, Networking, etc. If you can invite a Business side guy, even better.

I know it sucks! I like fast moving companies, that make solid decisions... but sometimes you have to play the game, to avoid catastrophe.

Normally, I would say this will help, in this case, whereas your CIO is against all support, it will only CYA when you have an outage during production hours, and the CIO tries to lay the blame on you.

I'm not familiar with your environment, so unless this project is a smallish LAMP wiki for internal use, I would be concerned.

Simple

[SuiteSisterMary]

Ask your CIO which response he'd rather have when requiring support. a: "Of course, lets open a ticket." b: "lol n00b RTFM." c: "Bug report? Fuck you. Fix it yourself and submit the patch."

What about management

While CentOS is a great product, managing many servers (updates, patch management, etc..) can be a nightmare. RedHat's Satellite patch management makes the job much easier.

There is a "free" alternative to Satellite (Spacewalk) but you've got to balance the management/configuration of Spacewalk over the ease of management of Satellite.

Sounds remarkably intelligent

This sounds remarkably intelligent for C-level management. You should have been the one that thought of it not him. STFU!

Red Hat = Unparalleled Enterprise Support

[kaziah]

In my last job I was a Linux/Unix Systems Administrator for a Fortune 100 logistics services company where we used RHEL and Solaris mostly. Our team had a large variety of preferences as far as our desktops and home server setups go. A lot of them favored Debian based distros, and we even had a diehard SuSe zealot (for both desktop and server), but one thing I can definitely say is not a one of us ever argued the value of Red Hat's Enterprise Support Services. With literally hundreds of thousands of dollars of business on the line every day, a near 100% up time was critical. We had some pretty talented SysAdmins, but there were several instances where RH support paid for itself many times over on each occasion. They continue to thrive even in this recession because of that rock solid support. I love the Open Source Community and love using totally free alternatives at home and even at work where I can. When it comes to mission critical IT infrastructure though, where every second of downtime counts, that level of support is a life line and in my humble opinion... priceless. That IS the reason for using Red Hat Enterprise Linux, and why years ago they split the distro branches like they did. If you don't need that level of support though, feel free to use whatever works best for you. It all boils down to what level of support do you need?

More than just support

[chipster]

Try getting Emulex HBA drivers, Mellanox InfiniBand drivers, and many other "enterprise" hardware drivers, etc. to work with CentOS. The manufacturers won't support those using CentOS over RHEL (which they're made for usually with RH's cooperation). Oracle will also laugh at CentOS users. But then yes, there is support, and my experience with RHEL support engineers has been impeccable.

Re:More than just support

[pak9rabid]

Have you even tried? I think you'd find most of these install just fine on a CentOS box.

Re:More than just support

[chipster]

Have you even tried? I think you'd find most of these install just fine on a CentOS box.

More than I care for. And much of the time, they didn't work, "even." Sure is nice to have a support engineer get it to work while I focus on making revenue instead of farting around with an arguably shitty re-spin.

Software is a one-time installation, not a process

[marcolof]

This is _the_ classic mistake by management: "Software is a one-time installation, not a process".

I'm betting that the same CIO also repeatedly does not budget enough money for maintenance and doesn't understand the concept (and consequences) of bit-rot.

Re:Two words: RISK MANAGEMENT

[JonJ]

http://www.youtube.com/watch?v=sTSA_sWGM44

My Experience: *BSD

[Bertrand+Wilmot]

Non-self-researched support isn't really an issue for me, as I typically am running FreeBSD or OpenBSD as network and website servers. Most BSD licenses are great for, well, not even having to worry about the license, really. They've both held up amazingly well and I haven't had any problems with the operating systems. Then again, FBSD is my desktop OS, so I am quite used to it. I note that our environments probably differ; the network I administrate, which has an OpenBSD network server and a FreeBSD website server, is a school. It's been painless and reliable. I also plan on changing my hosting server (I host a bunch of my client's sites) operating system from OpenBSD to FreeBSD sometime soon, as performance is a growing concern, as traffic grows for each client. Also, irc://irc.freenode.net/freebsd, irc://irc.freenode.net/openbsd, irc://irc.freenode.net/netbsd are all great support channels.

Large Project?

1. If it really so large then you will have a new dedicated server with hardware support and redundant everything onsite right? If you are not willing to pay for that then you and your boss aren't serious about uptime and it's not that big of a project. CentOS will be fine.

2. Is this just a matter of installing some software/set up a database and you will have very few changes to it? Then maybe CentOS is fine. Depending on size of you software/server do you even need CentOS? A different distro might be a better solution. In fact if you need other applications Fedora will probably be a better fit. I know CentOS requires you to use other repositories to get things working a lot of times and packages are many times outdated. And no you don't need to keep upgrading to the latest version of Fedora every time it comes out.

3. Really if you are considering CentOS this software isn't really exposed to the outside world and doesn't matter if you are getting timely updates, see #2.

4. Why not just get the RedHat software, pay for support for 1 year so you can get your software up and running with that initial support, then drop it if you don't need it. See #3.

5. It really comes done to how often you are changing/updating your software/client software/hardware. If it's just every 5 years, well you probably don't need 24/7 support. In that case just hardware support is fine.

Personally I would opt for #4 to make sure the project is a success if it's a big project. If it's just a smaller server I would use Fedora. I've used it many times with no problems. Later on, a few years down the road when the project needs a big revamp/upgrade, get support again/upgrade so you make that a success as well.

had a similar discussion

We moved away from RedHat in favor of CentOS a few years ago, on price lines and RedHat's unwillingness to negotiate (and frankly unprofessional sales folk who blew off scheduled meetings), and an extremely irritating experience wherein their licensing team tried to hit us up for 1300 servers worth of licenses because we licensed ONE machine, simply so we could get per-incident support (which they do not sell).

I believe in supporting RedHat, as I know the contributions they have made and continue to make to the community and to many packages. RedHat Satellite was extremely useful. When working in the US public sector, RedHat has the added advantage of being an approved distro.

However - in the past few years, they've adopted detestable per-CPU and per-guest licensing requirements that remove much of the reason Linux is as popular as it is (free beer). This is simply ridiculous for large server installations - and then they have the balls to try and incrementally charge for HA and load-balancing, again, on a per-CPU basis.

Per their support - we are generally a very self-sufficient shop, but we did run into stuttering and intermittent performance problems that we needed some help isolating (hence purchasing premium support on one server). After a week of back-and-forth nonsense, I finally gave up when the Tier 2 support person asked me what I meant by "system time".

Answer a question then... apk

How come Linux 2.6's KERNEL ALONE has more unpatched security issues than Windows Server 2008 does & heck - MORE THAN NEARLY ALL OF WHAT MS GIVES FOLKS FOR BUSINESS & DEVELOPMENT TOO?

(Toss the rest of what goes into a FULL LINUX DISTRO in there, mind you, that # of unpatched security holes goes UP for Linux yet again too)

Now... &, as my other posts show as well?

Program-for-program/Apples-to-Apples types:

Database-wise, Webserver-wise, development tools-wise, & yes, OS-wise, the "Open Sores" camp has more unpatched security vulnerabilities than does Microsoft's toolsets for the same.

* All those years of hearing "Linux is more secure than Windows" & "down with MS" etc./et al around here? A truckload of bullshit is more like it... ANDROID especially proves that (& it is a Linux variant) even MORESO, because it's a Linux that's being widely used in the mobile world, & it's being SHREDDED ON THE SECURITY FRONT, massively!

(Security-by-Obscurity, due to being the least used OS out there almost, is what you had going for you all penguins... that's having ANDROID show that much, easily, alone!)

APK

P.S.=> Explain that please... lol, especially since all those "Open SORES eyes" are allegedly fixing bugs for that Open SORES stuff, how come it has more unpatched security vulnerabilities then, vs. MS' stuff?

... apk

Re:Answer a question then... apk

Windows Server 2008:
http://secunia.com/advisories/product/18255/
"The most severe unpatched Secunia advisory affecting Microsoft Windows Server 2008, with all vendor patches applied, is rated Highly critical"

RedHat Enterprise Linux 6:
http://secunia.com/advisories/product/32988/
"There are no unpatched Secunia advisories affecting this product, when all vendor patches are applied"

Ha ha ha ha ha ha ha ha. Yet another complete and total failure from APK. What a joke.

Do you need PCI? Ever built an RPM?...

[bitsofbytes]

CentOS is fine if you just need an office file-server or print-server.
If you are running an e-commerce website, then you need to be PCI compliant and up-to-date with the latest security patches *QUICKLY*.
CentOS updates can be unpredictable as to when they will be released. Look at Wikipedia's "Delay" column for CentOS releases.
https://en.wikipedia.org/wiki/CentOS
Due to extremely slow 2011 updates and releases, I switched to an alternative OS out of fear a CentOS update might never arrive. It did release eventually.

Does your IT staff have the time and knowledge to create their own RPM files for updating CentOS, when the closed group of CentOS volunteers fail to deliver?
If not, I would suggest either pay for RHEL updates or use current free releases of Fedora, OpenSuse, Ubuntu LTS, or Debian instead.

Linux has more unpatched security issues

3/18 REMOTELY EXPLOITABLE too unpatched, why's that?

MS' Windows Server 2008 has 4, & the ones it has can be worked around largely via cutting off services you don't need, or other configurations in security tools.

APK

P.S.=> Lastly/By the by: We're counting UNPATCHED SECURITY ISSUES HERE, they're what matters, fool... not ones already patched & secured (of which Windows Server 2008 does have less, & LINUX has 4x++ as many, plus, 3 remotely exploitable ones (worst kind))...

... apk

Re:Linux has more unpatched security issues

Hush now child. The adults are having a conversation about real Operating Systems.

Re:Linux has more unpatched security issues

They must be talking about Windows Server 2008 here then.

Re:Linux has more unpatched security issues

You must have misread. I said real Operating Systems. You know, proper ones. Operating Systems that smart people use to do big important things.

So, not Windows.

Re:Linux has more unpatched security issues

NASDAQ says otherwise, since 2005, with Windows Server + SQLServer failover clusters running their "official trade data dissemination system" http://blog.sqlauthority.com/2007/09/17/sqlauthority-news-nasdaq-uses-sql-server-2005-reducing-costs-through-better-data-management/ . There's also many others doing "real things" with Windows, & you can see them at MS' "get the facts" pages studies if you wish.

Re:Linux has more unpatched security issues

Ha ha ha ha. Trade dissemination system? Sounds real important! A whole 5000 transactions a second? Oh my! 10,000 queries a day? Well! Yeah, sounds like a job for Windows. The MySQL DB that backs our monitoring system's busier than that, and it's running on a 5 year old Solaris box. 100% uptime too!

Hmmm, I wonder what NASDAQ use for the really important parts of their operation, something like maybe the trading platform. Hey, I wonder what the New York and London stock exchanges use to run their trading platforms as well.
I just Googled it - turns out all of those stock exchanges use Linux for the critical parts of their operations. Oh dear, look at that - LSE used to have a Windows based trading platform, but it sucked. It sucked so badly that they abandoned the whole thing.

Seriously APK, bringing stock exchanges up in a pro-Windows rant is the worst idea that it's possible to have - LSE dumping Windows for Linux was a monumental embarrassment for Microsoft. I seem to remember the LSE trading platform was all over the Get The Facts site. Until LSE found out how badly it was and ripped the whole thing out in favour of Linux.

I think this might be your worst fail yet, APK. Pretty sad.

Comment removed

[account_deleted]

Comment removed based on user account deletion

IDC's 2011 TCO Study: Non-paid Linux v. Red Hat

This is exactly what you're looking for!
IDC April 2011: "Understanding Linux Deployment Strategies: The Business Case for Standardizing on Red Hat Enterprise Linux"

It is at the link at the bottom of this Red Hat page:
"Research Highlights Significant TCO Value of Red Hat Enterprise Linux Subscriptions"
http://www.redhat.com/about/news/blog/Research-Highlights-Significant-TCO-Value-of-Red-Hat-Enterprise-Linux-Subscriptions

This is the Red Hat sponsored, IDC 2011 study of non-paid Linux v. Red Hat, including "mixed environments" of some Red Hat and non-paid Linux. To quote from the Executive Summary ...

"This IDC White Paper compares organizations using a commercial Linux subscription from Red Hat to support their Linux servers with organizations that are using a mixed environment of both commercially supported and nonpaid Linux distributions and organizations that are primarily using nonpaid Linux distributions aboard their servers."

Not only are the TCO results interesting, but the make-up of the companies as staffs. E.g., Average Experience:
- 5.3 years (Red Hat standard)
- 6.4 years (mixed)
- 10.1 years (primarily non-paid)

Basically 10.1 years is longer than Red Hat Enterprise Linux has been around (2002+, excluding RHL6.2EE, of course). So we're talking non-paid environments typically have 2x the experience than those with Red Hat as a standard. But what does that result in?

"Red Hat Enterprise Linux customers experience about one-fifth the amount of downtime as compared to organizations using primarily non-paid Linux distributions. With costs of downtime considered, Red Hat Enterprise Linux users spend less."

There you go! There's the value right there. As someone who is >>10 in corporate, Linux deployments, it might make sense to skip on support. But in reality, those who develop the software, those who can modify the software directly, are the ones that will keep you up'n running. Red Hat has proven this over and over, not only against unpaid options, but even other, paid vendors who don't have the sheer development in-house and know the software far better.

Why not get a $99 RHN Developer Subscription?

Instead of seeing them wait days (or weeks) for CentOS updates, why not advise them to get a $99 RHN Developer Subscription instead?

The full platform (Enterprise Linux) and middleware (JBoss) is included, Red Hat Customer Portal Access (e.g., Knowledgebase, etc...) and support for development purposes. It's what I use at home, and use when I'm on a customer site and they don't provide me with a RHN account (although I require them to if I'm going to be on-site more than a week). Red Hat has maintained a developer subscription for years, and converted RHL subscriptions to RHEL ones back in 2003 as well.

- https://www.redhat.com/apps/store/developers/

The great thing about having a RHN Developer subscription is that instead of just targeting and testing on CentOS, you can develop and test on RHEL, offering SLAs and support options yourself.

This is why CentOS is a viable option

[pak9rabid]

Support from enterprise-level hardware and software vendors. A lot of these vendors only certify that their product(s) work with RHEL (some vendors will only provide drivers in a RHEL-compatible RPM package). For those that need the support of these vendors but do not necessarily need the support from Red Hat, CentOS (which aims to be 100% binary compatible with RHEL), is a viable option. I'm all for supporting Red Hat with my wallet, but I'd much rather do it in the form of a donation if I don't really need their support.

Open debate on Open source finance engineerng

[h00manist]

It would be healthy to find more formats and models for open source project financing. Perhaps there would be more software and coding then. And more open souce forums. And more open source developer support. Google made a big contribution with summer of code, a new format. Kickstarter made another. I'm sure there must be many, many others which are not widely known.

I'm no alternative financing expert, bit thought of using complementary currencies, and transitioning closed-source to open-source upon reaching a sales target.

Software Engineering 101: 85% is Sustainment

I don't know about others, but my Software Engineering 101 taught me that 85% of costs are sustainment. That's not new releases, that's not new features, that's sustainment of the software, over its lifecycle.

Yes, Linux is free. But backports for ABI/API compatibility cost money. Red Hat has engineers and developers to sustain its platform (Enterprise Linux) solutions for their 10 year lifecycle (7 years without ELS). That costs money. That's what you're also paying for. That's what "EL rebuilds" like CentOS benefit from.

If you don't believe in it, then run another distro. Let them change things on you. Yes, it happens. Red Hat left the "Single Release" model after Red Hat Linux 6.2 Enterprise, as it doesn't serve the interest of home consumer desktops and enterprises well. The result was the Enterprise Linux (originally Advanced Server) line. Consumers want things to change and ABI/API-focused enterprises and ISVs do not.

That's what you're also paying for. And if no one funds it, it will go away. Red Hat's still the only, major Linux vendor to have a sustainment model that is profitable and self-perpetuating. And as an added bonus, the community gets free, leading-edge development on not just Fedora, but upstream, as the duality of doing trailing edge sustainment. The proof is in the sheer number of commits not just to the kernel and core libraries, but GNOME and other, clearly desktop-centric code.

Yes, those who care about trailing-edge, sustaining engineering pay for the leading-edge, consumer developments. It's quite a model, 180 degrees from traditional software development! Instead of paying for new releases and features, you "the new stuff for free," because others are playing for the sustainment of the "old stuff." Why not pay if you deploy the "old stuff" too and need that sustainment done?

Reality

[mbrod]

CentOS on all your test beds, RedHat in production. (Like the rest of the business world who has a flippin clue).

Break out the Checkbook

[neurovish]

Support is only one reason to go RHEL over CentOS, and only a minor one IMO. Sometimes it makes sense to go CentOS, sometimes it makes sense to go RHEL, and sometimes it makes sense to run both. CentOS is really good and may be all that you need. I wouldn't hesitate to run it over RHEL in smaller shops.

So, here is why you would want to pay for RedHat instead of CentOS
- You really need the support. If you don't have deep linux knowledge, this might be for you. I have contacted Red Hat support about 5 or 6 times in the past 5 years. It was only really necessary once or twice and the other times were more like "I'm trying to get X to do Y. Am I wasting my time because it just doens't work that way?" kinds of questions.

- You need the big company on a sheet of paper. If you're running software like Oracle or Websphere and their support offerings are dependent on an "approved platform".

- Your customers. Are your customers and the customers you would like to have swayed by your infrastructure running on Red Hat? If they can turn around and bleed you, then do you want to be the one wholly responsible? CentOS has very little responsibility to you as a customer, however Red Hat does.

- Who do you trust? Last I knew, the CentOS project is actually really small. There are a few key players who hold the keys to the kingdom, and the project is dependent on them. If the CentOS project decided to turn around and evaporate tomorrow, or start throwing backdoors into everything, then they will lose credibility and respect from the community. Red Hat has $millions and future $billions on the line. Their continued success is more than just a personal matter to their CEO and board.

- ...which leads to, who is going to be around tomorrow. See above, CentOS isn't a huge team (which may have changed by now).

- Testing. Red Hat has the resources to test extensively. CentOS does not, but they also don't really need to test to the same extent since Red Hat has already done it.

- You own a lot of Red Hat stock. This mostly only applies if you're the CIO or a VP.

Version availability

[mysidia]

Your product requires or will benefit from an improvement in RHEL 6.1 or even better 6.2.

CentOS 6.1 isn't out yet and probably won't be out for quite a while.

Oracle ?

[freshlimesoda]

Why not download and use Oracle Linux. Its enterprise Linux free to download and use. Subscribe for support if and when you need it - and its 24*7 / Global / Enterprise level - Even cheaper than Red Hat when it comes down to support cost.

Re:Oracle ?

[mindflux]

Because you cannot get ULN updates without a support 'subscription', so you're advising people to simply go unpatched until they find it necessary to pony up money to do so?

Re:Oracle ?

[silviumc]

Oracle is worse than CentOS as far as I'm concerned. Oracle leeches Red Hat and charges for it! You do know that Oracle Linux is Red Hat with another label, just like CentOS is Red Hat with no label.

This is your CIO.

[Tuan121]

Stop complaining on Slashdot and get back to work!

The CIO pays the bills?

[lems1]

If he/she does pay the bills, then let them take the responsibility for this decision. Simple. If you know Redhat, you already know CentOS so no big deal. Go with their choice and move on.

CentOS Security is a Massive Problem

It's a common misconception to say the a Red Hat subscription is just support. Red Hat is more than support. A Red Hat subscription includes several things that are valuable to an enterprise company, the most important of which is security. Just remember that Sony was running CentOS.:

- Application Certification
                  - Everyone can compile Apache and PHP, but if you are running any enterprise application, your vendor will require a certified OS to support you.
- Legal Indemnification
                  - This one is often overlooked. In our litigious society, people can get sued for having open source code that causes issues. RH indemnifies the client against that and will rewrite the code.
- Security Fixes in a TIMELY manner
                - The fact is most people are not aware just how big of a lag CentOS has when it comes to updates. And it is not just security updates. Performance issues and the like also make a big difference. An unofficial audit of the CentOS 5.6 and RHEL 5.6 repos found the following:

- Average time to release a patch: 13 + days
- Longest time to release a patch: 100 + days
- Missing packages: 300 + plus while people wait for 5.7

The delta between dot releases is also massive. It averages more than a month.

If you are under PCI compliance, you just can not pass it with those kind of lags. PCI requires updates in one month. No auditor would be ably to pass you with a straight face.

But I compile my own software you say? Great and how often does that get updated? Even worse, I bet you are not compiling the libraries that those services are dependent on, like libtiff, libpng, libjpeg, etc, etc, etc. So guess what? You are still vulnerable.

And don't even get me started on CentOS Continous Release. They have no transparency of consistency here. They only seem to release patches for things that get news time.

This article, called CentOS 5.6 Finally Arrives, Is It Suitable for Business, says it all: http://www.linux-mag.com/id/8608/ From the article:

"Imagine your boss coming into the office and after reading about a major vulnerability in the Linux kernel that affects RHEL. Now, imagine explaining to your boss that even though Red Hat patched the vulnerability three weeks ago, you haven’t updated the company’s servers — and you don’t have any idea when you’ll be able to. When will the CentOS team release an update? No idea, and asking on the list just draws flames from the CentOS developers. Can we help? No, go away. Don’t like it, go elsewhere."

Depends on how you use it

[Larry_Dillon]

I used to work for a company that used official Redhat for the production end (web server, mail server, samba servers) and CentOS for for DNS servers, testing, network monitoring, etc.

It was a nice compromise. Support on the production side and only having to know one distribution on the other servers.

This reminds me of how MSDN works. You pay for production servers but can use the OS for testing/development/learning.

And after 4 hours ...

And after 4 hours it is proven why this isn't the best place to get what you're looking for modded up. ;)

We use both

[k12linux]

We use CentOS AND RHEL. On a few mission critical servers running non-FOSS apps certified to run on RHEL, we use RHEL. We want to know that in event of a major problem (especially if I was gone for some reason) we can call the app vendor or RH and be reasonably confident the problem will get fixed. We've never needed to do that, but over the past decade it has remained far cheaper to pay RH than run the same app on Windows servers. We aren't talking about talking about tens of thousands of dollars to be able to run RH and get updates. If you want the ability to call Red Hat for support on a case-by-case bases, you can get an annual RHEL license for as low as $349 (academic pricing is more like $60/yr!). $799/year gets a 1-hour response for critical issues. But it is up to your boss to decide what level of support, if any, he wants to go with. For many of our other servers we use CentOS. Some can be down with little affect on the organization. Others are just running basic LAMP and FOSS apps where certification isn't an option or isn't required for support. Frankly there is no benefit to us to use RHEL on these servers as we are able to fully support the OS and recover from even severe problems. If you don't have any need for Red Hat's services, software/hardware certifications, or anything else that adds value to RHEL, then by all means stick to CentOS. If you are worried RHEL (and therefore CentOS) will go away if you don't support RHEL, insist that your boss buy a contract (and don't complain when you are looking for your new job.) It is all insurance. As others have said, the real question is how much will downtime cost you? Will RHEL reduce the chance of downtime? Will it shorten the amount of time until recovery? Will it show enough "due diligence" to your boss's bosses to keep both of you employed after a disaster? If you are really worried, fire off a memo to your boss with your concerns and then accept whatever he decides. (But keep a copy as CYA for yourself in case you turn out to be correct.)

Linux latest kernel shows QUITE otherwise

Vulnerability Report: Linux Kernel 2.6.x (10/31/2011)

http://secunia.com/advisories/product/2719/?task=advisories

Unpatched 6% (18 of 281 Secunia advisories)

---

AND YES, there are 3 remotely vulnerable unpatched security problem outstanding in Linux there too, unpatched (despite all the "Open 'SORES' eyes" out there to fix it (yea, "right", not!))

---

COMPARE & CONTRAST A COMPLETE OS DISTRO IN WINDOWS SERVER 2008 NOW:

---

Vulnerability Report: Microsoft Windows Server 2008: (10/31/2011)

http://secunia.com/advisories/product/18255/?task=advisories

Unpatched 3% (4 of 153 Secunia advisories)

* Nicest part here is, that the few unpatched vulns ALL have valid easy work arounds, or don't apply to workstations, or can be secured for (by turning off services you don't need, especially on desktops/workstations or by securing them down rights-wise)...

---

So, that "all said & aside"?

* Additionally/again - so it "sinks in":

That's also more than the ENTIRE GAMUT of what MS gives folks to do business & build tools for it as well has & Linux, @ ITS CURRENT LATEST CORE/KERNEL ALONE, has more unpatched security vulnerabilities than does nearly ALL OF WHAT MS GIVES FOLKS FOR BUSINESS & DEVELOPMENT... period (read 'em & weep above).

APK

P.S.=> So, doesn't your redhat example use the "latest/greatest" kernel too? YOU LOSE badly!

... apk

Re:Linux latest kernel shows QUITE otherwise

Sorry, no. I don't run the vanilla mainline Linux kernel - I run the stable RedHat kernel with SELinux switched on.

No vulnerabilities in RHEL 6. 4 vulnerabilities (one or more of which is 'highly critical') in Windows 2008. Them's the facts. Suck it.

Scientific Linux

[luxifr]

First: I agree with those who question your motivation to try convince your CIO to use RHEL instead of CentOS... Still I want to suggest using Scientific Linux instead of CentOS. Why? Because SL is also a "free RHEL" like CentOS but it's backed by major research institutes around the world. The majority of development is done at CERN by paid developers. But what's more: CentOS had serious issues with their project lead in the past... SL didn't have those issues... Also the people from SL seem to be significantly faster in following upstream (ie. releasing new versions) than CentOS

Move on man.

[ananthap]

recently spec'd out a large project for our company that included software from Red Hat

... IO is convinced that technical support for any product is worthless. He's willing to spend money on 'one-time' software purchases, but nothing that is an annual .. This CIO is clear enough in his views. If he doesn't really need technical support for this installation which is part of a larger project, then just go with it. OK

i like the sound of your cio

not so sure about you

Speaking as a former Red Hat support employee...

[Chris+Snook]

Most support, even enterprise support, really is crap. Red Hat support is (usually) far above the rest. When I worked for Red Hat, I regularly interfaced with support staff at partner companies, and they were usually a long way below anyone who was out of training. (Before anyone chimes in with their horror story, yes, some people manage to make it through training and bungle a lot of stuff before getting fired/reassigned; some tickets get triaged by a n00b who doesn't know what they're doing; and sometimes even the experts mess up. That's when you should be requesting escalation, no matter who you're talking to.)

That said, a lot of people don't need the kind of support that Red Hat provides. Red Hat's business model focuses far more on the large enterprise than SMBs. When SMBs use RHEL, it's often through a VAR who's also helping them with whatever they're deploying on RHEL. Red Hat gets a smaller cut, for less work. CentOS is just fine for many people, at least until they grow to the point where they need a support subscription with SLAs. Red Hat gets a ton of business from people who use CentOS until they grow enough to justify fixed-price subscriptions with SLAs. The sales team doesn't lose any sleep over it. Most people who choose CentOS over Red Hat are either completely rational in that they don't need that kind of service, or they customize too much of the distribution for Red Hat support to be economical, or they're just really cheap and would inundate support with trivial questions rather than shell out to send their admin to a (very good) training course.

If you think CentOS is better for you than RHEL, odds are you're right. You don't need to guilt trip yourself about being a freeloader. Report bugs, frequent mailing lists and chat rooms, and do whatever else helps the CentOS community, because it's ultimately good for Red Hat and the community at large. Red Hat is running a profitable business, and doesn't need charity.

Why enterprise should choose Red Hat over $CloneOS

Unless I'm mistaken, I believe the OP elaborated on his motivations behind choosing Red Hat over CentOS.

If one shelves their technical cap for a moment, and dons their enterprise business cap instead, the following two validations for choosing Red Hat over CentOS become clear:

- ISVs and OEM hardware vendors certify their products to work with Red Hat. Not CentOS. Not Scientific Linux.
- Red Hat indemnifies your enterprise business against legal action (a la: SCO vs Linux) and will carry the costs of such future legal actions. CentOS does not. Scientific Linux does not.

If you do not perceive value in the support offerings from Red Hat, you can always opt for a self-support entitlement, which still entitles you to updates, vendor certification and indemnification but at a reduced annual cost.

On a personal note, I harbour no ill will toward CentOS/Scientific Linux distributions. They definitely have their roles to play, however pinning the infrastructure of your enterprise business on the tail of a community project, which lives or dies based on the whim of it's creators (http://linux.slashdot.org/story/09/07/30/130249/centos-project-administrator-goes-awol) would be ill advised.

Do you like VanHalen?

"Ain't talkin' bout LINUX: Linux's rotten to the core" http://secunia.com/advisories/product/2719/?task=advisories

Re:Do you like VanHalen?

Poor APK. Stockholm syndrome from a career being abused by the Microsoft ecosystem, don't you know.

No vulnerabilities in RedHat 6. 'Highly critical' vulnerabilities in Windows 2008, one of which has been open for OVER A YEAR!

Linux has remote vulnerabilities unpatched

http://secunia.com/advisories/product/2719/?task=advisories

Re:Linux has remote vulnerabilities unpatched

http://secunia.com/advisories/41874/

3 remote unpatched vulnerabilities in Linux 2.6

http://secunia.com/advisories/44754/

http://secunia.com/advisories/19402/

http://secunia.com/advisories/14295/

NOW, as to the one unpatched you note in Windows isn't a "Critical File", so disabling/unregistering any affected libs (colorui.dll) would stop it easily, especially for a server (& much of the time they run "headless" too, no need for gui, pure remote admin work).

APK

P.S.=> However, those 3 remotely exploitable unpatched security vulnerabilities in the Linux 2.6x current kernel don't look too good... can you produce an easy workaround for them, as I did for Windows, above? apk

You obviously don't know powershell

See the VB example here to marshall namespace commands in powershell http://msdn.microsoft.com/en-us/library/microsoft.powershell.commands.filesystemcmdletproviderencoding.aspx

APK

P.S.=> Now "That's what I'm talking about" @ least, & what was said is correct on PowerShell being able to use VB like syntax... apk

You obviously haven't tried powershell then.

Try it, you'll take that back. It's got a hell of a lot more power in its namespaces than legacy DOS batch commands do.

APK

P.S.=> You're correct on batchfiles though vs. *NIX shellscripting power, but that was never the comparison here... it was about powershell. Batch was just noted as another scripting tool in Windows (since DOS). Powershell more than makes up for that, bigtime... I put some examples in my other replies you can check out to verify what I am saying here in fact!

... apk

Re:You obviously haven't tried powershell then.

[ryanov]

This was always a Windows vs. UNIX thread though. Saying that DOS sucks is simply redundant. Powershell is not good compared to UNIX, though I'll admit I could learn more to be able to better articulate why.

On DOS, sec. vulns, & Batch vs. Powershell etc

I can't wait until ALL sec. vulns are patched! That is, IF that EVER happens (lol).

See - around 2006, I figured long ago on a forums (techpowerup) that by 2012, they'd be patched finally (for Windows, not sure about *NIX variants).

Yes - I do think it can be done, eventually... optimist here is why. Nice part about computing is, MOST times, anything can be fixed (then again, the hacker-cracker explosion since 2004 is showing the reverse as well... I look @ it ALL as the road to progress/growing pains, is all!)

On DOS: Personally? Hey - I like it. For me it was my 1st programming of a sort on personal computers (did BASIC/COBOL before that albeit on timesharing terminals).

Anyhow/anyways - Batching got a LOT more powerful via %errorlevels%, & the FOR command imo as it matured... & it's surprising what CAN be done using them!

See - batches are a lot more powerful now than they were, in say, DOS 3.3 & below (that's certain). I know you're not "into it", but there's power in batchfiles too.

Still - PowerShell (native to Windows) is TONS more powerful, & just for the hell of it, take a peek here:

http://linux.slashdot.org/comments.pl?sid=2500906&cid=37909886

Once you go to the MS link that, you'll see how much more powerful (tons moreso) powershell is than DOS Batch - I'd wager it's stronger & more capable than std. *NIX shells are in their scripting (but, they work on diff. things many times too, so, it may not be an "always 'apples-to-apples' comparison either).

APK

P.S.=> As to learning more? Hey - we ALL can do that. I figure it's a wasted day if I don't learn at least 1 new thing (I usually do - forums are great in this regard, perhaps in all my time online since 1994 & before that in academia? This MAY be the best spot (/.) I've learned a heck of a LOT in... mainly due to debates like this one - yes, there IS a good side to "arguments" @ times, & that's one of them!)...

... apk

Linux didn't do so well 1st day on the job

Linux fell FLAT ON ITS FACE 1st day on the job @ LSE:

http://linux.slashdot.org/story/11/02/19/0147232/London-Stock-Exchange-Price-Errors-Emerged-At-Linux-Launch

and was also serving up malware there too later:

http://slashdot.org/submission/1484548/London-Stock-Exchange-Web-Site-Serving-Malware

* You're going to have to do BETTER THAN THAT, to try to "get the best of me"... lol, U FAIL!

APK

P.S.=> Need I say more? I think not (lol, rather I KNOW not)... apk

Re:Linux didn't do so well 1st day on the job

Ha ha ha. Pathetic comeback. Utterly pathetic.

LSE's Linux trading platform has run flawlessly since it was switched on. The problems that 3rd parties had early on were because the APIs used to talk to the exchange were altered during the switchover. The only people who had problems hadn't implemented the changes properly. None of these problems were related to Linux or the trading platform itself.

If you'd bothered to read the link about the malware, you would see that the malware on the LSE site was served up by advertising networks, not the LSE site. You can read, can't you?

So, in summary, the LSE Windows platform sucked so badly that it had to be ripped out and the Linux replacement has performed flawlessly and with record-breaking low latency ever since it was switched on. You fail. I can't believe how hard you fail. You're embarrassing yourself.

Even MORE Linux security "FAILS" inside, lol

Period -> http://linux.slashdot.org/story/11/02/19/0147232/London-Stock-Exchange-Price-Errors-Emerged-At-Linux-Launch

So you can try to put your "spinmaster b.s." onto it, but facts, are facts: Linux fell on its face right outta the gate!

* That's kind of funny actually, since you said it was bulletproof on uptime... well, apparently not, when 20 seconds into the job it blew up!

Want more "recent Linux successes" on the security front too? Ok:

3/4 of the of the CA's breached recently ran Linux, see here:

http://uptime.netcraft.com/up/graph?site=StartCom.com

http://uptime.netcraft.com/up/graph?site=GlobalSign.com

http://uptime.netcraft.com/up/graph?site=Comodo.com

Each was compromised, per this article's proof thereof -> http://itproafrica.com/technology/security/cas-hacked/

However, since you in the business of "ribbing on Windows", well, then it's my "civic duty" to show even MORE CURRENT INFORMATION about Linux being "so secure" (not) as you seem to insinuate:

---

KERNEL.ORG COMPROMISED:

http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised

---

Linux.com pwned in fresh round of cyber break-ins:

http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/

---

Breaching Fort Apache.org - What went wrong?

http://www.theregister.co.uk/2009/09/03/apache_website_breach_postmortem/

---

Mysql.com Hacked, Made To Serve Malware:

http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware

---

* That's ALL pretty current information... very recent too - how much more abuse can you heap upon yourself, lol?

APK

P.S.=> You are embarassing yourself trying to "justify" Linux falling FLAT ON ITS FACE 20 seconds into the job @ the London Stock Exchange though...hilarious that!

... apk

Re:Even MORE Linux security "FAILS" inside, lol

Do you even bother to read the links you post? Can you read? Can you comprehend the words and the sentences that make up the pages that you have linked to? Are you, as we all suspect, delusional? Mentally unstable?

"Linux falling FLAT ON ITS FACE 20 seconds into the job @ the London Stock Exchange though...hilarious that!"
Yeah, that would be hilarious. If there was any truth in it. If you'd bothered to find out anything about anything, you'd know that...
"Concerns are being raised that there could be mistakenly setup connections or incorrect software interfaces at some of the large data vendors." ...which is exactly what happened. The article goes on to say...
"Monday's launch of the Millennium Exchange matching engine, written in C++ language and running on Novell SUSE Linux-based datacentres, was largely a success in pure stability and latency terms for order messages, with a notable 125 microsecond latency, and without outages."
Without outages. So, no failure on the trading platform. Unlike the Windows setup it replaced.

Let's have a look at what Windows has been up to in the last few days, shall we?
http://it.slashdot.org/story/11/11/02/1428225/duqu-installer-exploits-windows-kernel-zero-day
Oh dear. That's hilarious. Another Windows 0-day exploited in-the-wild.

Re:On DOS, sec. vulns, & Batch vs. Powershell

[ryanov]

The think about UNIX also is that you have all of the little utilities for text manipulation, including generally having Perl available. Yes, you can install all of that shit on Windows, but... I dunno. Anyhow, I'll read up.

Perl's ok: I use PyThon lately

Any of those text utils in *NIX (which IS what Bell Labs initially designed UNIX for mind you: Text processing) is doable via Python, PowerShell, & other programming languages (like perl), easily enough for the most part (they've pretty much all got Regular Expressions built in, or have toolkit libs for them too) - there's even "ported" versions of *NIX commands for Win32 as well, if you really LIKE *NIX tools (lol, vi).

I just happen to "favor" PyThon (and JAVA) right now, because it is "write once/run anywhere" (or pretty much so) is all.

I also think You'd also be QUITE surprised @ what the FOR command & loops can do on text in DOS batch as well I think.

In any event - Whatever toolsets you use, if they can get the job done (& they're secure/no outstanding unpatched bugs), doesn't matter. It's about getting things done & done right.

APK

Seems you're outnumbered recently

How many MORE breaches happened on Linux the past few months -> http://linux.slashdot.org/comments.pl?sid=2500906&cid=37914568 LOL, face it: LINUX FELL FLAT ON ITS FACE @ LSE 20 SECONDS INTO THE JOB!

Whereas Windows Server 2003 + SQLServer 2008 (not even the "latest/greatest" from MS mind you) have kept up & running 24x7 (the "fabled "5-9's" of reliability) in failover clusters for NASDAQ acting as the "trade data dissemination system", since 2005... that's coming up on a DECADE now of solid reliability!

* All you here around here is "how secure Linux is", & ANDROID (a Linux variant) does an even BETTER JOB of showing what a farce that line of b.s. is... lol! No wonder this site's losing readers... too many "FUD" spreaders from the losing team have been caught after years of lies, & with their pants down.

APK

P.S.=> Now, how many HUNDREDS of security bugs are popping up in ANDROID (a Linux variant)? LMAO... once Linux gets a wee bit of marketshare on any given platform? You see the results of the utter LIES being spread around /. (of "Linux = secure, Windows is not" etc./et al).

U FAIL, as usual! Why? You lack the intellect to "get the better of" myself is why... & this?? Ah, I just GOTTA SAY IT, as-per-my-usual vs. Penguins:

This was just "too, Too, TOO EASY - just '2EZ'"

... apk

Re:Seems you're outnumbered recently

"LOL, face it: LINUX FELL FLAT ON ITS FACE @ LSE 20 SECONDS INTO THE JOB!"
I'm staring to think you actually can't read. I think you've got someone reading the headlines to you. I'll reiterate, in a nice bold font:
"Monday's launch of the Millennium Exchange matching engine, written in C++ language and running on Novell SUSE Linux-based datacentres, was largely a success in pure stability and latency terms for order messages, with a notable 125 microsecond latency, and without outages."
Can you comprehend that sentence? Are the words too long for you? "Without outages" It couldn't be any clearer.
I know that you don't understand what a 'software interface' is APK, or why changing those interfaces could cause problems for 3rd party exchange users, but that's OK. You're not very good at this computing stuff, so you're not expected to know how these things work. That's why you use Windows in the first place. All these difficult terms, complicated interactions, and advanced technology are just too much for you.

"Windows Server 2003 + SQLServer 2008 ... have kept up & running 24x7 ... since 2005" What? They've been running SQL Server 2008 since 2005? Can you count, APK? Are you aware that 2005 is before 2008? Did you know that a decade is 10 whole years? As opposed to 3?

And Android isn't Linux. It's not even a Linux kernel any more - the changes made by Google were so numerous that the kernel devs wouldn't accept the changes into mainline. None of the apps that run on Android are Linux apps. So, why are you talking about Android? Reduced to misdirection - pretty low, APK. Even for you.

ANDROID uses a Linux kernel, period

And, as to screwups by Linux @ the London Stock Exchange (& other places)? Ok, again:

http://linux.slashdot.org/story/11/02/19/0147232/London-Stock-Exchange-Price-Errors-Emerged-At-Linux-Launch

Want more, very recently too? Ok:

3/4 of the of the CA's breached recently ran Linux, see here:

http://uptime.netcraft.com/up/graph?site=StartCom.com
http://uptime.netcraft.com/up/graph?site=GlobalSign.com
http://uptime.netcraft.com/up/graph?site=Comodo.com

Each was compromised, & each uses Linux, per this article's proof thereof -> http://itproafrica.com/technology/security/cas-hacked/

Some more? Ok:

---

KERNEL.ORG COMPROMISED:

http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised

---

Linux.com pwned in fresh round of cyber break-ins:

http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/

---

Mysql.com Hacked, Made To Serve Malware:

http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware

---

* That's ALL pretty current information... very recent too - how much more abuse can you heap upon yourself, lol?

Linux has 3 remotely exploitable unpatched security vulnerabilities as well in its current mainstream kernel also:

http://secunia.com/advisories/44754/

http://secunia.com/advisories/19402/

http://secunia.com/advisories/14295/

(This is why readership on /. has declined, after years of "FUD" lies spread by Penguins of "Linux is secure" b.s. - people got sick of the bullshit, & took off... period!)

APK

P.S.=> You are embarassing yourself trying to "justify" Linux falling FLAT ON ITS FACE 20 seconds into the job @ the London Stock Exchange though...hilarious that!

Worse still, is what's in my subject-line, & you trying to say ANDROID doesn't use Linux @ the core/kernel level, lol... & its security being shown as lousy (yes, even @ the kernel level) isn't helping you, because there's 100's of such occurrences by now...

... apk

Does his car squeak too?

[niftymitch]

" The only thing it lacks is support, which the CIO doesn't want. Help?"

He does not want updates and bug fixes or does not want to pay for it?

A CIO that wants unsupported software is goofy and should not
have the title UNLESS he is in the business of supporting software
in contrast to developing and selling software.

Tell him that Gentoo is a much better choice. It gives him lots
more options.

I have noted that for some companies Redhat was a bit constrained
and pricey. If your CIO has five servers he can decide if he wants
one, two, three.... or five copies of RH should he feel that a price
of 1/5 or 2/5... or 5/5 is right.

Of interest in some lab and development environments
Centos is easier to work with.

Please get this study to the original asker!

Since no one has modded this up, I beg for someone to please get this TCO study to the original poster!

This is EXACTLY what he wanted! It was a TCO of unpaid Linux v. Red Hat.

Support vs No Support

Ok.. there's the whole big picture thing but you also need to look at what is best for your company..
Technically, CentOS is the same as RHEL but you get no support. From the companies viewpoint, you have to ask yourself the question.. Have I ever call Redhat support? or more importantly.. am I likely to call Redhat Support for an issue? If you are then you have a case for paying for RHEL. Linux tends to be very reliable (ie. compared to Windows) so it's much harder to justify support costs if you're not using the service.
The company I work for is government owned and we only buy supported products, whether it's the best thing to do or not. Is this a waste of money if we never need the support? I would say yes. Will this change my management's view on getting support for absolutely everything? No.

Possible solution

[silviumc]

Tell the CIO that if you use CentOS, you cannot be fully responsible for the security and eventual problems on the systems. Ask him to sign a piece of paper where he assumes responsibility in case support is needed. Tell him also that any major application (like Oracle) is not certified on CentOS. Again, ask him to assume responsibility for running applications on an OS that is not certified. Say that you'll be happy do it and let him collect the laurels _if all goes well_ but if not, you just can't be hold accountable because your professional opinion is that you need support.

Explain these recent Linux security breaches

KERNEL.ORG COMPROMISED:

http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised

---

Linux.com pwned in fresh round of cyber break-ins:

http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/

---

Mysql.com Hacked, Made To Serve Malware:

http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware

---

Linux's showing in CA's breached recently too? Ok:

http://uptime.netcraft.com/up/graph?site=StartCom.com

http://uptime.netcraft.com/up/graph?site=GlobalSign.com

http://uptime.netcraft.com/up/graph?site=Comodo.com

http://uptime.netcraft.com/up/graph?site=DigiCert.com

Per these articles verifying that much (since they're shown to run Linux above):

http://itproafrica.com/technology/security/cas-hacked/

and

http://it.slashdot.org/story/11/10/28/1954201/four-cas-have-been-compromised-since-june

APK

P.S.=> Yup - All those YEARS to DECADES of "Linux 'FUD'" spread around here of "Linux = Secure, Windows != Secure" is turning up complete BULLSHIT, & ANDROID (A linux because it uses a Linux kernel) especially shows everyone what a crock of complete crap that campaign all was & that once Linux DID get a decent share of market on a platform, it's security 'swiss cheese', period...

Yea... 'security-by-obscurity', which is NOT REAL SECURITY, was what you were trading on to mislead others (to no avail, because your marketshare on the desktop shows your failure on that account also, even WHEN LINUX IS A FREEBIE, it can't win, due to inferior design in comparison to Windows in the eyes of others out there -> http://www.netmarketshare.com/operating-system-market-share.aspx?qprid=8&qpcustomd=0 )...

... apk