NOS showdown: NT vs. Linux
While Microsoft has the edge over Linux as a server operating system for the enterprise, don't count the little guy out.
Linux has made a name for itself as a formidable Internet application platform. But does Linux have what it takes to play against the big boys as an enterprise server operating system?In a head-to-head comparison of Microsoft's Windows NT Server 4.0 and Caldera's OpenLinux 2.2, which is based on the most recent release of the Linux kernel, we sized up what each had to offer in the areas of performance, manageability, connectivity, scalability and security. We concluded that for small and mid-size networks, it's a close race because performance and administration features for the most part are equivalent. Both operating systems offer good extensibility and high availability, but need improvements regarding their ease of installation. Both can run a host of native applications. NT's applications tend to be better integrated, but Linux's are free. However, NT's ability to host Microsoft's electronic commerce wares and transaction integrity products, such as Transaction Server and Message Queue Server, (which to date have no counterparts in the Linux world), make NT the clear choice for enterprise use. What about Novell's NetWare? We're big NetWare fans, but because NT and Linux are better positioned as application servers, we looked at them head-to-head.
The basics: File and print performanceWe tested each platform as a file server and as a File Transfer Protocol (FTP) server by running test scripts on a dozen clients that imposed heavy loads on the servers (see "How we did it," page 54). We ran the tests twice for each operating system - once using a Mylex RAID storage array and once without it. The matchup between NT and Linux for serving up files resulted in a split decision. OpenLinux had faster disk support overall, but faltered when we tested it with a Mylex ExtremeRaid SCSI controller. The NT drivers for the controller seemed to have an edge over those for Linux. The Ethernet connection, through a Compaq Netelligent Ethernet 10/100M bit/sec switch set to run at 100M bit/sec with no other traffic, was consistently saturated during the batch/script test. The connection was less saturated during the FTP put test. Ethernet collisions and retries seemed to have an insignificant bearing on test results. To test how each platform handled the second basic network operating system (NOS) function - printing - we used a Lexmark Optra 1865 color laser printer, set up as a TCP/IP print server over Fast Ethernet, and a Hewlett-Packard LaserJet 5M as a locally connected parallel printer. NT Server offers print services for locally attached printers, and spooling or queuing a job is easily controlled from any Windows desktop. NT Server supports printer shares for locally attached printers and network printers that have their own built-in print server controllers. Linux allows users to share networked printers in one of two ways. Printers can be hooked up to the Linux net as either a Server Message Block (SMB) shared device, represented to users as a Windows Printer Share, or (using a Lexmark printer driver) as a Unix-style lpr device. In either case, the Linux server spools print jobs through an lpr command. A significant downside to this configuration is that an end user can't easily control an lpr device from a Windows client machine. Administrators must give users who need to manipulate spooled print jobs extra security privileges.
Administration is keyIn addition to good file and print performance, network administrators need a NOS that makes it easy to manage users and groups quickly and efficiently. Microsoft provides three different administration models with NT. There are older Windows-based applications such as User Manager for adding or deleting users. There are newer task-based wizards that walk an administrator through common management tasks such as changing which users belong to a specific network grouping. And then there is the Microsoft Management Console (MMC), a highly extensible user interface for a wider variety of systems and network management tasks. Using Microsoft's Distributed Component Object Model, you can customize MMC for flexible network management and administration. For example, you can create a customized view of all your network servers based on how you have defined group file permissions. The OpenLinux administration tools lack this flexibility. While MMC provides more management flexibility, it doesn't pay off handsomely until the number of servers increases. This fact once again tilts the advantage toward NT in networks with a large number of servers or where rapid expansion is planned. The administrative tools that arrive in the box with Linux generally contain five essential groups of tools: user management, system file management, system backup support, basic system availability support and communications/networking support. The control of user-side resources tips in the favor of Microsoft in Windows desktop environments. Even though NT policies for Windows desktop users of NT servers are granular and difficult to deploy (often requiring extensive function control knowledge on the part of an administrator), they still beat Linux. In terms of the ability to control clients through server-based desktop policy enforcement, Linux has paid virtually no attention to this total-cost-of-ownership concern. (Caldera OpenLinux 2.2.5 is a general release; Caldera plans a server-specific release of OpenLinux sometime this summer.) OpenLinux provides all network administration information via a graphical application with predefined nonextensible functionality. Caldera also offers OpenLinux Administration System, an additional graphical utility for executing common administrative tasks such as creating new users or defining quotas or file permissions. The administration applications are easy to understand and join like groupings of tasks. While not as flashy as MMC, the OpenLinux administration applications are as functional as MMC's administration wizards. Linux administrators can also use standard Unix command lines to perform basic administrative tasks such as adding and maintaining users and changing file permissions. Literally hundreds of Linux applications and utilities come in the box and on CD-ROM from Caldera. Some of the applications run under an X/KDE user interface, but many do not and most aren't integrated with each other. Most of the supplied applications are ports of programs from Unix, but some are specific to Linux (or Linux distributions), including improvements for multimedia such as CD-ROM players.
Scaling the enterpriseLike administration tools, scalability is a key concern for environments with dozens of servers. NT Server aggregates servers into groups called domains. Domains are generally used to divide geographic branches into localized resource managed areas. Inside every domain there is a single server, called a primary domain controller (PDC), that acts as the authentication nexus. There are also several optional backup domain controllers that give users access to the appropriate network services should the primary controller go down. Domains can be linked in a complex lattice of trusted relationships. In the Linux world, there are no direct counterparts to NT's domains for central control over user authentication. It is possible to connect Linux servers using Lightweight Directory Access Protocol servers to construct off-server authentication authorities. Or you can configure Samba, an open-source application that provides file and print services to Server Message Block clients, on top of a Linux box so users can authenticate against an NT PDC on the same network. But in spite of these add-on authentication options for Linux, NT still gets the nod for scaling to fit the enterprise space.
The matter of securitySecurity is another major concern. Operating system security issues include controlling file access, providing proxy or firewall protection, and encrypting data before it hits the network wire. If you use the NT File System (NTFS), the operating system automatically secures and encrypts important system files and all network passwords. Linux doesn't do this by default, but it's easy to do as an added step during configuration. File permissions for NT are easy to set through group and individual permissions. However, one potential problem with NT is that a secure ID (SID) is set for users at the time they're created. Deleting a user removes the SID. If you create another user with the same name, NT generates a new SID. Because the two SIDs don't compare, applications that use SIDs to identify end users - such as Microsoft Exchange Server - won't recognize the first SID username as the second SID username. Administrators must therefore manage user names and SIDs carefully. This problem doesn't exist in Linux, which is a plus on the administration side. But the downside is that spoofing user names in a Linux environment is possible under certain circumstances. Proxy services are available for both platforms. But thanks to the graphical front end of NT's Routing and Remote Access Services, we found it was easier to set up proxy servers and port blockages on NT. OpenLinux's process for setting up proxy services and port blockages requires many more steps involving several character-based applications. We used Internet Security Systems' (ISS) SecureScanner 5.6 to test the servers for security holes. We ran the test with default installation and again with security fixes suggested by each vendor. NT passed the ISS SecurityScanner test with flying colors, but OpenLinux hit some snags. Caldera starts many services when booted, and these services were seen by ISS SecurityScanner as potential system weaknesses. We were able to pass the SecurityScanner test by making several modifications to configuration files to halt the unused daemons that could have opened the system to denial-of-service attacks or posed a breach of data security. It's arguable that the NTFS is more inherently secure than Linux Filing System, but Linux offers cross-platform file system support that NT lacks. OpenLinux can be booted to run on IBM's OS/2 High Performance File System. It can also recognize and mount Macintosh diskettes and CD-ROM filing systems. NT has another security advantage in that the Option Pack includes a certificate server, also known as a certificate authority (CA). CAs can be used by e-mail applications for authentication using public-key infrastructure.In the future, many vendors are planning to use CAs for user logon authentication, as well as encryption and decryption. OpenLinux lacks a certificate server.
Internet and LAN accessBoth server operating systems support Web, Network News Transfer Protocol and FTP services for giving end users access to the Internet. While the Internet Information Server that comes bundled with NT Server supports Microsoft Active Server Pages and additional scripting methods such as Perl, it's much more of a resource hog than its Linux counterpart. Linux supports numerous TCP/IP applications, including terminal services (an option for NT as a separate version of the operating system), and common Unix commands, such as finger and whois. OpenLinux and NT Server support access via HTTP, FTP and Network File System links. For LAN access by Windows clients, both server operating systems support TCP/IP and IPX/SPX. Linux requires some additional steps to make resources available to Windows clients because Windows clients natively look for SMB resources on a network. The TCP/IP protocol can "publish" resources through the Windows Internet Naming Service service. Servers can also use NetBEUI, a non-routable protocol, to publish their resources through the use of advertising protocols. Windows clients can get to files sitting on a Linux box in a way that they readily understand via Samba. However, making Samba work correctly requires a familiarity with the Linux server's configuration and resource sharing. Therefore, setting up user access this way is somewhat more difficult than configuring file shares under NT. With Samba, file locking is primitive, and file permissions are a subset of (and depend on) permissions set by Linux administrative applications. The alternative to Samba is Sun's Unix-based Network Filing System (NFS). NFS is installed by default by Caldera. Manual configuration of NFS can be daunting for Unix neophytes, and users on Windows workstations must purchase third-party NFS client software to make Linux accessible via NFS.
Installation, documentation and supportNT had no problem autobooting to the HP or Compaq platform. The NOS recognized all components inside both machines. However, the Compaq Smart Array/DH combination threw the NT installation program for a loop during the initial partitioning stage. It was unable to format the 26G-byte space on the array. After several attempts, we realized that an 8G-byte space was the maximum size supported. Installing the rest of the software took several reboots and four CD-ROM swaps. By comparison, OpenLinux started after a single reboot. Installation of OpenLinux was surprisingly simple even though the product includes no support for the Compaq Smart Array controller. We were, however, able to get the Mylex/Andataco/Compaq combination working after configuring the controller under Windows, via software supplied by Mylex. Microsoft's bundled NT documentation is a bit skimpy, and online help screens can be disjointed and aren't a substitute for training. Caldera had a better mixture of supplied documentation. On top of the bundled manuals, a tremendous amount of online Web-based documentation for Linux features is available. Various product features, such as Samba, have Web sites of their own. Microsoft offers support to customers for the first 30 days. Calls made to Microsoft proved to be competently and completely answered. Microsoft publishes a TechNet CD-ROM of patches and fixes, as well as a database of support information. By contrast, Linux support can be obtained by any of the commercial Linux vendors, such as Caldera, for an extra fee. Linux support on the Internet is legendary, and we were able to get questions answered through Linux news groups rapidly. Linux supporters also seem to go to extra lengths to try to tolerate newbies. Microsoft also offers a host of newsgroups, but we find that sophisticated questions about NT problems often go unanswered. However, Microsoft's Web server-based Knowledge Base is a good source for fixes to common problems. We found the lack of vendor hardware support for Linux to be an impediment. While major vendors such as Compaq, IBM, Dell and others have pledged support, we found that the announcements haven't yet caught up with reality. We recommend checking for platform certification prior to deployment. NT runs on all Intel platforms and it is difficult to beat the staggering number of hardware items supported by NT. But you'll never find NT on a Sun SPARC machine, whereas you'll find version of Linux readily available just a few clicks away. Reaction: Here's what some Fusion users are saying about this article: What do you think? Add your comments to the thread
Henderson is principal researcher for ExtremeLabs of Indianapolis. He can be reached at thenderson @compuserve.com.
Scorecard and NetResults
Key findings and vendor contact info.
How we did it
A look at our testing methodology.
Reaction: Here's what some Fusion users are saying about this article: What do you think? Add your comments to the thread
Linux vs. NT in the enterprise
Our forum on the topic.
Review: Web servers
NT Web servers dominate the Linux competition in our test of eight Web servers. Network World, 2/15/99.
Windows NT Sources
Links to additional NT info.
Windows Tech Edge
Online publication devoted to NT.
Links to all things Linux.
Online publication devoted to Linux.