1 |
On Sat, Jun 16, 2012 at 7:40 PM, Matthew Finkel |
2 |
<matthew.finkel@×××××.com> wrote: |
3 |
> On Sat, Jun 16, 2012 at 6:59 PM, Michael Mol <mikemol@×××××.com> wrote: |
4 |
>> |
5 |
>> On Sat, Jun 16, 2012 at 6:42 PM, Matthew Finkel |
6 |
>> <matthew.finkel@×××××.com> wrote: |
7 |
>> > On Sat, Jun 16, 2012 at 5:30 PM, Michael Mol <mikemol@×××××.com> wrote: |
8 |
|
9 |
[snip] |
10 |
|
11 |
>> >> |
12 |
>> > True, and they've been working "hard" to get it to the state it is in |
13 |
>> > now. |
14 |
>> > In many cases, sys admins have had to unlearn relying on their mouse |
15 |
>> > for complete power. The CLI provides options that are, obviously, very |
16 |
>> > difficult |
17 |
>> > to express in a simple GUI (I know I'm preaching to the choir). |
18 |
>> > Powershell |
19 |
>> > has |
20 |
>> > made huge progress in this respect, but it still has a long way to go in |
21 |
>> > order to |
22 |
>> > compete with what we have. And I doubt the server environment would ever |
23 |
>> > become stripped down to the state we're talking about. |
24 |
>> |
25 |
>> Actually, they're there as of Windows Server 2008. It's called |
26 |
>> "Windows Server 2008 Core". According to "Windows Server 2008: The |
27 |
>> Definitive Guide", you log into one of these systems and all you get |
28 |
>> (by default) is a terminal window with an instance of cmd.exe. It goes |
29 |
>> on to list seven server roles this configuration supports: |
30 |
>> |
31 |
>> * Active Directory and Active Directory Lightweight Domain Services (LDS) |
32 |
>> * DHCP Server |
33 |
>> * DNS Server |
34 |
>> * File Services (including DFSR and NFS) |
35 |
>> * Print Services |
36 |
>> * Streaming Media Services |
37 |
>> * Windows Server Virtualization |
38 |
>> |
39 |
>> (Curiously, one of the things you _can't_ do is run Managed Code.) |
40 |
> |
41 |
> |
42 |
> Huh, I didn't know about this. It's still too limited, though. At least |
43 |
> they've |
44 |
> duplicated a lot of the core gui elements on cli. |
45 |
|
46 |
I dunno. That's everything I might possibly want a Windows system for. |
47 |
DNS comes with AD. Their DHCP server is probably the best on the |
48 |
market right now; it's the only common one[1] which handles DDNS |
49 |
updates for IPv4 and IPv6 hosts in the same domain. Everything else, I |
50 |
can easily do as-well-or-better on a Linux box. |
51 |
|
52 |
Being able to be an AD controller on a stripped-down version of the |
53 |
platform is also a plus, if you need to run in an AD environment. That |
54 |
makes adding redundancy and load distribution cheaper.[2] |
55 |
|
56 |
[1] That I know of; if anyone knows of a DHCP client for Linux which |
57 |
handles DDNS updates for IPv4 and IPv6 in the same domain, I'd love to |
58 |
hear about it. ISC's doesn't. |
59 |
[2] Samba 4 can do this too, and I'm looking forward to seeing someone |
60 |
sell Shiva Plugs with Samba 4 preinstalled. And, yeah, Samba 4 has had |
61 |
some big news events this year. |
62 |
|
63 |
>> >> Not that they won't be able to bolt one in easily enough; CSRSS means |
64 |
>> >> they should be able to provide, e.g. an SSH daemon, give the |
65 |
>> >> connecting user a PowerShell login session[1], and give it equal |
66 |
>> >> privileges and security controls as they have for any other login |
67 |
>> >> session. |
68 |
>> > |
69 |
>> > How many years have they had? I'd given up on this years ago. |
70 |
>> |
71 |
>> SFU is available in the "Server Core" configuration. I imagine you |
72 |
>> could run OpenSSH under there. Or some commercial entity could come |
73 |
>> along and provide an SSH+screen(ish) component to snap into the CSRSS |
74 |
>> framework. |
75 |
> |
76 |
> |
77 |
> I'd actually forgotten about that, I would never trust their implement |
78 |
> though. |
79 |
> Apparently there's a binary available of OpenSSH that runs on SFU (so says |
80 |
> wiki [1]). |
81 |
> I've been out of the Windows Server environment for a few years now, so I |
82 |
> guess |
83 |
> I've missed out on some of the progress MS has made in this area. It's good |
84 |
> they |
85 |
> are pushing the CLI now. Perhaps in a few releases they'll implement their |
86 |
> own |
87 |
> of encrypting telnet sessions with a screen/tmux lookalike. Microsoft never |
88 |
> ceases to amaze me - with the good and the bad. |
89 |
|
90 |
Where security concerns are relevant, I'd favor the implementation |
91 |
which comes with security updates pushed through the platform vendor's |
92 |
channel. With Debian, that means I avoid building my own packages. On |
93 |
Gentoo, that means I keep up with Portage. On Windows, that means |
94 |
using things which come through Microsoft Update. (Anything which |
95 |
doesn't, I could probably replace with something running on a Linux |
96 |
box. Again, this is a server context we're talking about.) |
97 |
|
98 |
Also, did you know Windows domain environments support dynamic |
99 |
application of IPSec-based security policies to enforce host patching |
100 |
policies? Some awesome stuff. Got me wanting to learn enough to be |
101 |
able to do the same thing using, e.g. Chef.[3] |
102 |
|
103 |
|
104 |
[3] http://www.opscode.com/chef/ |
105 |
|
106 |
[snip] |
107 |
|
108 |
-- |
109 |
:wq |