Enterprise Unix Roundup: On the Web -- Debian Grows as Red Hat Realigns

By Michael Hall (Send Email)
Posted Jan 30, 2004


As Red Hat shifts from its old shrinkwrap business model to a more high-end image, it should be no surprise that some indicators of the company's penetration are in flux. After all, Red Hat's rather abrupt end-of-life announcements, which close out the last of its old "Red Hat Linux" product in just two months, sparked a flurry of dismay from longtime users, and much consideration of the alternatives. A recent Netcraft study reveals Red Hat's loss may be Debian's gain. In the security realm, SGI released a collection of patches for the optimized Red Hat distribution driving its servers. We overview Webmin, a Web-based configuration console tool for those seeking a break from the command line world.

What did surprise us this week, though, is a less than completely reliable indicator that the Linux variant most benefitting from Red Hat Linux's drop in popularity (or growth, at any rate) happens to not be one of the other commercial Linux distributions like the ever-popular SUSE or even Mandrake (which we find fussy and overdone in its catering to the desktop set), but Debian, which is produced entirely by volunteers and has no associated company or business interest behind it.

The indicator in question comes from the Netcraft server survey, which tracks the growth and popularity of Web server software. According to a Netcraft report released this week, Debian edged SUSE out as the fastest growing Linux distribution for Apache servers on the Web. The report notes that while Red Hat still has the lion's share of Apache-running Linux servers out there, it claims less sites than last month, and its growth rate is about 7 percent slower than the other two distributions.

There are a few problems with putting much credence in this number. For one, Netcraft gets its figures by counting the Apache servers that respond to its survey and happen to mention the Linux distribution on which they're running. By Netcraft's own admission, that's only about 25 percent of the total count. Considering the aversion most admins have to leaking any information about their systems, configuring Apache to stop divulging that information is a common step when bringing a new Web server on line.

Two, the nature of those sites is also hard to discern. As a reader pointed out to us long ago, Netcraft doesn't include reports on SSL-protected Web servers in its publicly available reports (you have to pay $1,800 a year for that information), so it's hard to tell what's being run on sites where SSL encryption is important (which covers just about every e-commerce site, for example).

At the same time, reading the report got our wheels turning. We've noted Debian's overall quality in the past but usually when thinking of the distribution in terms of its uses as an internal file or print server.

That thinking is the result of several factors.

For one, because Debian is a community volunteer effort, it doesn't come with any formal support. The developers working on the project maintain a multitude of mailing lists, and while they do a good job of documenting the distribution, at the end of the day these support operations are as voluntary as the project itself.

Second, because of Debian's non-business foundations, "partnerships" are few and far between with players in enterprise computing like, Oracle or IBM. This tends to curtail its potential for many applications outside the sort of infrastructural roles at which Linux in general excels.

With these things in mind, were we selling Debian short as an enterprise option?

We recently spoke with a system administrator involved in Unix administration in a large-scale environment (a university system) who told us we probably were, while acknowledging that Debian faces hurdles in some contexts.

"Our job is to support our applications team by maintaining the OS and hardware that their applications require," he explained. "That's made choosing Debian a difficult choice, because, in the end, we're all about supporting specific applications. Since Red Hat is a company and can more easily make deals with software vendors than [can] a 'volunteer effort' like Debian, these vendors will choose Red Hat over Debian every time."

On the other hand, he explained, he sticks with Debian when he can, "With Debian, new versions improve on the old in lots of ways, not the least of which is ease of administration ... Debian also backports fixes instead of forcing their customers to upgrade to newer versions of software that may not be acceptable in a change-limited environment."

In terms of suitability for enterprise deployment, though, commercial support inevitably comes into the picture, but our sys admin echoes familiar themes we've heard from other enterprise Linux users when he says he isn't convinced of its efficacy in many situations:

"When we were deciding what distribution to use for our 'internal production' (think DNS, DHCP, etc.) one of the big arguments against Debian was the lack of 'commercial support.' Questions were raised about who we'd call if there was a problem that we couldn't fix. It took a bit of bickering before a coworker of mine piped up and said something to the effect of 'We don't have any support for ISC's bind or dhcpd, and we use those -- in fact our own builds of those -- all the time.'"

In other words, sometimes organizations strike out on their own for mission-critical systems and the support equation shifts radically as a result. In other conversations with other admins, we've come across this theme several times: No distributor, even famously tightly integrated outfits like Sun, provide everything every customer needs.

If the support issue is too important, though, there's hope for Debian from a commercial corner, after all:

"HP has flip-flopped around on their supported-distribution-of-choice too many times to count, but sometimes it's Debian. If they do end up supporting Debian, it would mitigate these issues at least somewhat."

So after a bit of thinking about the matter and getting a little perspective from a contented Debian user who deals with large-scale computing, we concede. We probably were wrong to relegate Debian to the "departmental file server" niche. The question we should have been asking wasn't so much "Is Debian suited for the enterprise," but rather, "Where in the enterprise is Debian a good fit?"

In Other News

  • Sun released updates to Solaris that improve Sun's Dynamic Resource Pools (DRPs) and the Solaris Volume Manager. Both changes enable Solaris admins to make changes to the allocation of assorted resources without rebooting.
  • SCO has offered a $250,000 reward for the arrest and conviction of the author of "MyDoom," a worm plaguing the Windows world (and, we suppose, anybody running a mail server). While MyDoom is currently making life miserable for Windows users by constituting up to one in 12 e-mails, it will turn its attention to SCO on Feb. 1 when it launches a DDoS attack on the company.
  • IBM announced improvements to its AIX-based p655 server, boosting its maximum configuration from an 8-way system with 1.5GHz Power4 chips to 1.7GHz chips.
  • IBM offered a glimpse of its TotalStorage NAS Gateway 500, which also runs on Power4 processors and AIX, and which will support at least 224 TB of storage.
  • Too late for last week's column, Novell's entry into the Linux world was blessed about as much as a change in direction can be when its exteNd 5 product, a services-oriented application development suite, won the LinuxWorld Product Excellence Award for Best Server Application.

Security Roundup

  • SGI announced the release of SGI Advanced Linux Environment security update #9, which represents a collection of patches already released for the underlying Red Hat distribution that drives SGI's offering. Some of the patches include the elm mailer, the ethereal network traffic analyzer, tcpdump, and CVS.
  • As reported here last week, updates to slocate continue to show up.
  • gaim, an instant messaging client for X Window, has a vulnerability that could lead to a remote compromise of the client. Many vendors are patching this one.

Tips of the Trade

We're plenty fond of firing up our favorite text editor to get deep into system configuration, but sometimes we also like the quick overview a GUI tool offers. A useful compromise, especially when dealing with services that just don't have a GUI configuration tool, is Webmin.

Webmin runs as a small Web server that listens on port 10000 of the machine it's servicing and provides Web-based configuration options for a variety of Unix services on many platforms, including the BSD family, AIX, Irix, Solaris, a number of Linux distributions, and HP/UX.

Once installed, Webmin offers access to the configuration of a wide array of services -- everything from such mainstays as Apache and several common FTP daemons to some cluster control tools. It also allows administrators to manage users, authentication schemes, cron jobs, and SysV init configuration.

By default, Webmin is fairly secure: It will not accept connections from other hosts and offers SSL-encrypted connections, so if you do choose to run it over the network (to maintain a headless or remote server, for instance) your password won't be flying around the network in the clear. It also allows administrators to assign configuration tasks to other users, thus providing a way to share maintenance chores without delving into the Unix permissions system (and complications from services with cantankerous ideas about which user should own what file.)

Webmin also serves a useful teaching function: It isn't terribly hand-holding in its approach, the prevailing assumption being that the user knows what a service does and what some of the terminology involved in running or maintaining that service might be. But it does offer well-organized access to a wide variety of configuration options the user may have forgotten or been ignorant of.

At the end of the day, we still prefer our trusty text editor. But when we need to make a quick change or want to add functionality to a service and aren't sure of the syntax, we're happy to press Webmin into service.

Page 1 of 1


Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.