| 1 |
On Sat, Jun 16, 2012 at 7:40 PM, Matthew Finkel |
| 2 |
<matthew.finkel@×××××.com> wrote: |
| 3 |
> On Sat, Jun 16, 2012 at 6:59 PM, Michael Mol <mikemol@×××××.com> wrote: |
| 4 |
>> |
| 5 |
>> On Sat, Jun 16, 2012 at 6:42 PM, Matthew Finkel |
| 6 |
>> <matthew.finkel@×××××.com> wrote: |
| 7 |
>> > On Sat, Jun 16, 2012 at 5:30 PM, Michael Mol <mikemol@×××××.com> wrote: |
| 8 |
|
| 9 |
[snip] |
| 10 |
|
| 11 |
>> >> |
| 12 |
>> > True, and they've been working "hard" to get it to the state it is in |
| 13 |
>> > now. |
| 14 |
>> > In many cases, sys admins have had to unlearn relying on their mouse |
| 15 |
>> > for complete power. The CLI provides options that are, obviously, very |
| 16 |
>> > difficult |
| 17 |
>> > to express in a simple GUI (I know I'm preaching to the choir). |
| 18 |
>> > Powershell |
| 19 |
>> > has |
| 20 |
>> > made huge progress in this respect, but it still has a long way to go in |
| 21 |
>> > order to |
| 22 |
>> > compete with what we have. And I doubt the server environment would ever |
| 23 |
>> > become stripped down to the state we're talking about. |
| 24 |
>> |
| 25 |
>> Actually, they're there as of Windows Server 2008. It's called |
| 26 |
>> "Windows Server 2008 Core". According to "Windows Server 2008: The |
| 27 |
>> Definitive Guide", you log into one of these systems and all you get |
| 28 |
>> (by default) is a terminal window with an instance of cmd.exe. It goes |
| 29 |
>> on to list seven server roles this configuration supports: |
| 30 |
>> |
| 31 |
>> * Active Directory and Active Directory Lightweight Domain Services (LDS) |
| 32 |
>> * DHCP Server |
| 33 |
>> * DNS Server |
| 34 |
>> * File Services (including DFSR and NFS) |
| 35 |
>> * Print Services |
| 36 |
>> * Streaming Media Services |
| 37 |
>> * Windows Server Virtualization |
| 38 |
>> |
| 39 |
>> (Curiously, one of the things you _can't_ do is run Managed Code.) |
| 40 |
> |
| 41 |
> |
| 42 |
> Huh, I didn't know about this. It's still too limited, though. At least |
| 43 |
> they've |
| 44 |
> duplicated a lot of the core gui elements on cli. |
| 45 |
|
| 46 |
I dunno. That's everything I might possibly want a Windows system for. |
| 47 |
DNS comes with AD. Their DHCP server is probably the best on the |
| 48 |
market right now; it's the only common one[1] which handles DDNS |
| 49 |
updates for IPv4 and IPv6 hosts in the same domain. Everything else, I |
| 50 |
can easily do as-well-or-better on a Linux box. |
| 51 |
|
| 52 |
Being able to be an AD controller on a stripped-down version of the |
| 53 |
platform is also a plus, if you need to run in an AD environment. That |
| 54 |
makes adding redundancy and load distribution cheaper.[2] |
| 55 |
|
| 56 |
[1] That I know of; if anyone knows of a DHCP client for Linux which |
| 57 |
handles DDNS updates for IPv4 and IPv6 in the same domain, I'd love to |
| 58 |
hear about it. ISC's doesn't. |
| 59 |
[2] Samba 4 can do this too, and I'm looking forward to seeing someone |
| 60 |
sell Shiva Plugs with Samba 4 preinstalled. And, yeah, Samba 4 has had |
| 61 |
some big news events this year. |
| 62 |
|
| 63 |
>> >> Not that they won't be able to bolt one in easily enough; CSRSS means |
| 64 |
>> >> they should be able to provide, e.g. an SSH daemon, give the |
| 65 |
>> >> connecting user a PowerShell login session[1], and give it equal |
| 66 |
>> >> privileges and security controls as they have for any other login |
| 67 |
>> >> session. |
| 68 |
>> > |
| 69 |
>> > How many years have they had? I'd given up on this years ago. |
| 70 |
>> |
| 71 |
>> SFU is available in the "Server Core" configuration. I imagine you |
| 72 |
>> could run OpenSSH under there. Or some commercial entity could come |
| 73 |
>> along and provide an SSH+screen(ish) component to snap into the CSRSS |
| 74 |
>> framework. |
| 75 |
> |
| 76 |
> |
| 77 |
> I'd actually forgotten about that, I would never trust their implement |
| 78 |
> though. |
| 79 |
> Apparently there's a binary available of OpenSSH that runs on SFU (so says |
| 80 |
> wiki [1]). |
| 81 |
> I've been out of the Windows Server environment for a few years now, so I |
| 82 |
> guess |
| 83 |
> I've missed out on some of the progress MS has made in this area. It's good |
| 84 |
> they |
| 85 |
> are pushing the CLI now. Perhaps in a few releases they'll implement their |
| 86 |
> own |
| 87 |
> of encrypting telnet sessions with a screen/tmux lookalike. Microsoft never |
| 88 |
> ceases to amaze me - with the good and the bad. |
| 89 |
|
| 90 |
Where security concerns are relevant, I'd favor the implementation |
| 91 |
which comes with security updates pushed through the platform vendor's |
| 92 |
channel. With Debian, that means I avoid building my own packages. On |
| 93 |
Gentoo, that means I keep up with Portage. On Windows, that means |
| 94 |
using things which come through Microsoft Update. (Anything which |
| 95 |
doesn't, I could probably replace with something running on a Linux |
| 96 |
box. Again, this is a server context we're talking about.) |
| 97 |
|
| 98 |
Also, did you know Windows domain environments support dynamic |
| 99 |
application of IPSec-based security policies to enforce host patching |
| 100 |
policies? Some awesome stuff. Got me wanting to learn enough to be |
| 101 |
able to do the same thing using, e.g. Chef.[3] |
| 102 |
|
| 103 |
|
| 104 |
[3] http://www.opscode.com/chef/ |
| 105 |
|
| 106 |
[snip] |
| 107 |
|
| 108 |
-- |
| 109 |
:wq |
Archives