A closer look at OpenSUSE 10.1

OpenSUSE 10.1, Novell's attempt to keep a general-purpose version of its Linux freely available to the open source community, is both aided by and suffers from the lack of attention from Novell.

Archive of Network World tests

Subscribe to the Network Product Test Results newsletter

OpenSUSE in most ways is to Novell as Fedora Core is to RedHat. Both are community versions of their commercial cousins. Ostensibly, these versions receive contributions as hand-me-downs from the commercial releases and aren't supported by the shipping vendor except via community IRCs and forums. So far, these community versions are similar to the commercial versions, though Novell says there are commercial version-specific improvements to the kernel, device drivers and other components. We did find that the kernel for the SUSE Linux Enterprise Server (SLES) performed slightly better in our performance tests.

We can also verify that the commercial update services provided by Novell are quite good and nearly manic in their constant issuance of updates. See test of SLES 10. Additionally, Novell has taken pains to make sure that all of the applications shipped with the commercial version work well together and has harmonized a patch/update schedule that takes into account the interdependence of the applications.

Novell does offer OpenSUSE in CD/DVD form (for a $60 fee) with documentation and 90 days of free installation support. The support is scant but better than none at all.

Overall, our tests showed that OS10 is a solidly built generic version of Linux that can be used for a wide variety of purposes, including LAMP, file/print services, DNS/NFS/SAMBA-related exercises. The open source applications providing the underlying services are quite up-to-date, we found, but there are some minor security issues that will warrant user attention (for example, weak passwords, too many initial services turned on and light encryption).

The primary administration tool for OpenSUSE is the open source YaST (Yet another System Tool), and it does a good job of aiding administrators in both setup and use of OpenSUSE. YaST combines features of Windows-like functionality as represented by Windows Control Panel and the Microsoft Management Console, though there are no add-in widgets available for YaST.

Our one complaint is that there are a number of repetitive controls where applications are listed under two categories. Often YaST is used to feed user selections to command-line tools, which then execute a change that's been chosen. This sometimes produces strange delays in the responsiveness of the tool, as it depend on the actions of other programs rather than directly manipulating functions. As an example, changing a screen resolution can have lots of odd latency.

We attempted to use the highly touted Xen server session-building software that uses a paravirtulization scheme to host SUSE (or other Xen-compatible/modifiable operating systems) into mostly autonomous sessions. This process requires building a hypervisor, an application that's tuned to the host hardware and serves as the microkernel there. It is subsequently used to launch a modified SUSE operating system on the host computer. This modified operating system has been compiled with Xen changes and is termed "Xen-ified."

There were script errors, which Novell knows about and have likely been fixed since our testing, that prevented us from installing Xen sessions on OpenSUSE. We fixed the scripts and still had difficulty getting more than two instances of Xen-hosted sessions moving, either on the 32- or 64-bit OpenSUSE kernels. Xen promises to run even Windows kernels eventually, but it may take a while for this to arrive, as indicated by our lack of success with the OpenSUSE implementation. We found that most (but not all) of the scripting difficulties with Xen have been fixed in SLES10. OpenSUSE has a number of community-offered fixes for the scripting problems, but there is no official methodology as of yet. We advise users to turn to XenSource.com and study OpenSUSE's Web site resources for ongoing resource fulfillment should they choose to use Xen.

AppArmor is designed to provide security at the application level. AppArmor uses policies to control how the application can be accessed, how it relates to other components recorded in the operating system's permissions profiles and not only prevents applications from purposeful damage but can limit damage that these applicatons can do to a host operating system.

Novell provides quite a few profiles with the OpenSUSE bundle. We tested several, and both used built-in policy profiles and built custom policies. A moderately high level of expertise is needed to make applications protected with AppArmor both safe and usable.

Overall, we feel that AppArmor in OpenSuSE is an experimental tool, which we found does quite well if one is intricately familiar with Linux or Unix derivatives. Otherwise, it's easy to unwittingly do harm to an application's ability to function at the most basic levels, even preventing it from communicating with users or such services as printing or data file access.

Security, as a whole, after initial installation is a bit dicey. Like SLES10, OpenSUSE can have weak root passwords, and it uses the Blowfish algorithm for encryption when MD5 is available and would have made a better default. However, such individual applications as SSH and Apache of OpenSUSE were up to snuff in terms of configuration defaults and versions.

Performance

As the kernels are very similar, and our benchmark, LMBench3 tests kernel and device/driver functionality, we did not expect to see to see any large performance improvements in OpenSUSE over prior versions. OpenSUSE performed similarly to SUSE 9.3, though we saw dramatic improvements in interprocess communications in the new version - especially in the 64-bit kernel rendition.

Speed between OpenSUSE 10 and SLES 10 were almost identical, as the kernels between the two are similar, and the device drivers we used in our benchmark were identical.

Overall Conclusions

Community-supported Linux distributions, while often released and then neglected by vendor sponsors, fulfill a vendor's obligation to release source code and otherwise contribute to the free nature of open source software. Novell's OpenSUSE 10.1 has many advantages and apps going for it, but when it gets sophisticated, it falls down and begs for more mature application development. That said, it is solid at its core.

Henderson is principal researcher and Szenes is a researcher at ExtremeLabs. They can be reached at thenderson@extremelabs.com and lszenes@extremelabs.com. Thayer is an independent security consultant. He can be reached rodney@canola-jones.com.

Henderson, Szenes and Thayer are also members of the Network World Lab Alliance, a cooperative of the premier reviewers in the network industry, each bringing to bear years of practical experience on every review. For more Lab Alliance information, including what it takes to become a member, go to www.networkworld.com/alliance.