U5 Documents


BSD - the most secure and stable system
Reliability, Stability and Security - these important fundamental for a server. So how do Windows, MacOS, Linux and BSD compare? Among strong contenders BSD comes out as winner.

By: Soren "Frank" Munch, CEO, U5com Co Ltd.

Choosing a Server Operative System for the Office server
The server is a central component in the office environment. Everybody is using it and relying on it. If a server is down, well, all work is usually halted until it is back again. So reliability is an absolutely fundamental issue. At the same time the functions it performs must of course be the ones required by the office.
  • - Server Software performs an infinite number of complex and different functions
  • - the contexts in which these functions are performed are ever-changing
The human race has hardly produced anything as complex and complicated as server software!

The contenders
We all come from a background with some experience, which determines our choices.

Windows based systems (Windows 2002, 2003).
Advantages:
- Highest number of different and well-documented functions are supported.
- Much easier for the in-house IT guru to learn to operate.
- Formal education available.
- Possibility of running Windows-based Client/Server applications.
Disadvantages:
- Real risk for downtime, data loss and data theft due to hacks, worms and viruses.
- Grave history of unstability, though matters are improving.
- no integrated strong-encryption, leaving the server vulnerable to data access after being stolen.
- On top of maintenance cost the software is expensive.
Conclusion: Excellent system for companies with need of special server functions and with the resources for educating and trusting in-house staff that can manage the server. High price and maintenance costs.
Windows based systems (Windows 2002, 2003).
Advantages:
- Highest number of different functions are supported.
- Best documentation, so much easier for the in-house IT guru to learn to operate.
- Formally educated service available.
- Possibility of running Windows-based Client/Server applications.
Disadvantages:
- Real risk for downtime, data loss and data theft due to hacks, worms and viruses.
- Grave history of unstability, though matters are improving.
- no integrated strong-encryption, leaving the server vulnerable to data access after being stolen.
- On top of high maintenance cost the software is expensive.
Conclusion: Excellent system for companies with need of special server functions and with the resources for running it, which means educating and trusting in-house staff that can manage the server.
Linux/BSD.
Advantages:
- .
- Much easier for the in-house IT guru to learn to operate.
- Formal education available.
- Possibility of running Windows-based Client/Server applications.
Disadvantages:
- Real risk for downtime, data loss and data theft due to hacks, worms and viruses.
- Grave history of unstability, though matters are improving.
- no integrated strong-encryption, leaving the server vulnerable to data access after being stolen.
- On top of maintenance cost the software is expensive.
Conclusion: Excellent system for companies with need of special server functions and with the resources for educating and trusting in-house staff that can manage the server. High price and maintenance costs.
Windows based systems (Windows 2002, 2003).
Advantages:
- Highest number of different functions are supported.
- Best documentation, so much easier for the in-house IT guru to learn to operate.
- Formally educated service available.
- Possibility of running Windows-based Client/Server applications.
Disadvantages:
- Real risk for downtime, data loss and data theft due to hacks, worms and viruses.
- Grave history of unstability, though matters are improving.
- no integrated strong-encryption, leaving the server vulnerable to data access after being stolen.
- On top of high maintenance cost the software is expensive.
Conclusion: Excellent system for companies with need of special server functions and with the resources for running it, which means educating and trusting in-house staff that can manage the server.
For this reason a Server Operative System ("Server OS")
  1. should deliver all the functions needed for the office
  2. must be totally stable, practically never failing.
Several excellent systems compete. I will briefly go through a couple of them and mention why I, after a life-time with servers, has chosen bsd BSD systems.





Over time I have worked with quite a couple of Server Operative Systems ("S-OS").

Novell was first, an absolutely terrific system. Real professional, very stable and with lots of backup and support. I took the Novell System Manager exam and delivered and serviced many systems in Denmark.

Windows NT came right after. Nice user-interface, but with stability problems. The "Blue Screen of Death" came up much to often. On Hiway, our web-space provider, I signed up in 1999 for an NT account to host our web sites. After a month Hiway closed all NT-accounts again, as they crashed on users all the time. This was very frustrating, at that time I never dreamt of using anything else than Windows. But I needed a stable provider.

The best provider at the time was (and maybe still is) Pair networks, Pittsburgh. At least according to user statisfaction reviews.

I also liked Pair's honesty. Hiway would always deny that they had any problem at all, despite overwhelming evidence of the opposite. While Pair ran a list over the server crashes they had, what had happened, when, and how long time they had used to fix it. Very helpful, you saved yourself the time of looking for problems elsewhere.

What I liked much less was that Pair was running on something called FreeBSD, a flavour of "UNIX". From university I knew UNIX. Back then any serious network installation was running UNIX. The banks, the airports, the government. But it was for big guys with big money and I never dreamt of using it. But if I wanted to go with Pair I needed to learn this. So I got hold of FreeBSD version 3.1 and installed it.

It was not easy the first time. Everything was different. But in the weeks that followed I experienced one of the biggest surprises I have had. First, it came with everything a server needed. An enormous amount of applications for networking, maintenance, file transfer, automated procedures, languages. The second surprise was that it just never crashed. Not one single time in many years.

Yahoo had the same experience. David Filo, a co-founder of Yahoo wrote "FreeBSD has been extremely stable for us. We've seen over 180 days of uptime on a machine serving over 4 million HTTP requests per day."

OK, so the system was the most stable thing available - but we still used Windows computers and needed a server for this. Was there any way to mix the advantages of Windows PCs with the stability of BSD UNIX?

At that time "Samba" was for me only a dance. But ***********************************************************************888 The office team uses several computers, and they need to share their work and data.

Office managers that works without a server face a multitude of issues. Usually they bought just the PCs, had software installed the on them and maybe had the PC-shop connecting the computers together. For several years they live with the high cost of such a network, just assuming that this is how it has to be. These costs are outlined below.

Along the way they realize that too many things are not as it should be and that improvements are needed. But naturally there are concerns:
  1. "Computers are troublesome enough already. We don't need one more device to give me even more headache!"
  2. "Though not perfect we have something usable already. I worry about breaking it up."
  3. "We don't have time right now."
  4. "We are too small."
  5. "We don't have the time to educate the staff to use it as a part of their work."
  6. "Who should maintain it? We don't want to employ an IT-expert."
  7. "A server costs money."
  8. "I feel uncertain about what it is all about."
All arguments that are very easy to understand. Here is my answer
  1. Computers running without a server are much more troublesome in every way. See below!
  2. There is not much 'breaking up' to do.
  3. OK, but will you ever? Your and your teams time is a primary reason for getting a proper solution.
  4. Are you two or more full-time working people? Then you are not too small.
  5. There is no education needed. All office work goes on just as usual.
  6. Our servers need very little maintenance. And it can usually be done over the net.
  7. Yes, it does cost money, but working without it is much more expensive in every way. See below!
  8. This is why I have written this document.

One more computer in your office ...
A server is "simply a computer", specialized to take care of serving other computers (like the office workers) which are connected via cables, wireless or over the internet. Actually, a server usually looks like a normal PC, and the hardware components in it are of the same kind.

... but the function is different
The server is radically different from the computers we use for our normal work:
  • Nobody "works" at the server. Its job is to serve users on other computers.
  • You don't turn it off. At night it works for you too, e.g. by doing backup, checking for viruses, downloading mail etc.
  • It is designed for extreme stability, running special server-software and using high-quality hardware.

So what exactly does the server do?
It usually has several roles, one of them is to be the company's file server, i.e. being a central source for all office files.
A file server...
  1. allows the users to have access to the files they need and makes them sharable in a safe and practical way.
  2. allows the files to only be accessible by the users the management decide should have access
  3. allows the management to have central access to all files in the office
  4. allows some users to read and copy some files, but not to change these files...
  5. ... thereby automatically protecting these files against loss - by user errors, disk crashes, virus.
  6. prevents files from being accessible if the server or its disks falls into wrong hands (*)
  7. always has at least two harddisks to protected against loss if a disk should break
  8. allows secure access to company files from outside the office (if the company want such access, of course)
(*) Only the U5 Confidence server offer this facility.

Obviously the above functions are absolutely crucial for the company. Without a server you are bound to get problems on several of them. The server has actually many more functions, but let us stay with the file server role for a while.

Networks without servers - the peer-to-peer network...
Almost any operative system - like e.g. Windows XP - comes with built-in facilities for networking computers. That is, we can connect Fred, John and Alice to each other, and they can access files, printers and internet, in a "Workgroup". As "everybody computer is equal" (=no computer dedicated to only serve) this is called a "peer-to-peer" ("P2P") network.

Isn't that good enough? Can't we save the money for a server? Well, the following table shows the problems. Invariably, the "saved" money goes out on cost of solving problems and a poorer working environment.

One problem is that the PCs are not static. They change all the time and often not in a planned way. There are user-errors, disk-breaks and other hardware-issue, virus, new software with side-effects. If you start talking about any security, well, you can leave out the P2P network.

The list of costs for the P2P network is quite enormous, but these are the facts that office managers lives with. I have brought it below.

Conclusion
Not basing the office network on a quality server is a mistake, hurting office work with downtime, extra expenses, bad security and data loss.

   P2P networks compared with server-based networks
  Peer-to-Peer network (no server)   Server-based network
Safety of users private data
The users save their own e-mail, documents etc. on their harddisk. So the company must safeguard the data on all computers. In praxis this is very hard to do properly so any disk crash or virus attack will mean loss. All users store all data on the server. The server is equipped with built-in automated routines to ensure back-up of data. Losses are rare.
Safety and availability of shared data
If files need to be shared they are put in a shared folder on a users computer. If this computer goes down no users have access to the file. Shared files are on the server and independent of any PCs fate.
Management's Availability of PCs "Shared Folders"
The management only has access to shared data and only if the users PC is turned on. The management has access to all data, anytime.
Management's Availability of non-shared Data
The only access to such data is by going to the computer and turning it on and operate the PC. The management has access to all data, anytime.
Stability of Shared Data
A Windows PC is not a stable environment to host shared data. User errors, virus and harddisk-failures are common, and immediately result in lost data. The server is an extremely robust and stable environment. A U5 Confidence server does not get attacked by virus. Harddisk-failures are not something "hoped never to happen", it is a practical (though very rare) reality against which elaborate measures are taken.
Upgrading/Repairing a PC
When a PC needs repair or upgrade it has to be serviced while it contains files. Any accident during this process will result in lost data. In addition there is an obvious security problem. The PC does not hold important files company files as they are on the server. It can be serviced with no risk for loss or theft.
Deleted files
Deleted files are still accessible using special tools, unless the deleting user takes precautions. Often this results in confidential information being accessed when a disk is replaced. Deleted files on the server is truly gone for good. Of course, the server back-up system protects against loss.
Connecting a new PC
The new PC will have to be set up specifically for the user that is supposed to use it and the role it has in the network. Shares and pheriperals need to be installed. This strongly complicates the installation. Acquiring a new PC is a matter of installing software on it and connecting it. No special network-functions for the PC need to be added.
User out-of-work when PC breaks down
The users files are on the PC with problems. This user can not access any files while repair is going on. The user can use another PC. All work done from the other PC is on the server.
User slowed down/halted when his PC performs double roles
The user with shared resources will experience slow operation when other access these resources on his PC. If several users request services at the same time the PC can malfunction due to overload. To ensure that this does not happen, each resource-sharing PC needs to be purchased with overcapacity. No user uses any other users PC. The server is delivered and optimized for taking care of many users at the same time.
Peripherals are down when the serving PC is down
If e.g. a printer is connected to the PC of another user no users can print if this PC is down. All peripherals are connected to the server. Downtime of a PC only affect the unlucky user.
Privacy and security of data
Company data are spread on different PCs, where it is hard to control what happens to it. In praxis true privacy of files are non-exsistent. Company data are on a server specifically designed for security.
If PCs or harddisks are stolen
A stolen harddisk will give full access to all data on it. Stealing a U5 Confidence server or its disk gives no access to data, which are stored with military-grade strong encryption.
Encrypted Backups
The difficulty of performing any sufficient back-up routines at all at users' PCs are discussed above. But if and when data is backed up it the backup is a security risk by itself. Only trusted individuals can handle the backup. U5 Confidence server delivers encrypted backups. Any person can be involved in the process.
Attacks from the internet
Each PC connected directly to the internet is open to attack, anytime, regardless of the users action. The cost and difficulty of keeping up firewalls on each PC is high and in praxis it is not done. In addition, the Windows XP firewalls are not industrial strenght. The server has an industrial strenght firewall, IPFW. Attacks against users' PC (without 'help' from the user) is for a large part impossible, for the rest very difficult.
Multi-dependencies increases the risk of problems
When several PCs (serving shared peripherals) are needed to work correctly to have the network fully functioning the chance of network failure are proportionally increased. In addition users' PCs are not too stable. All functions are up as long as the server is up. The server is specifically designed for extreme stability.

 U5com Co Ltd
Head Office     85/7 Soi Akkira Nithi, Payathai Rd, Payathai, Ratchatevee, 10400 Bangkok, Thailand
Showroom   Harmonium, 103 Soi Supapong 1, Srinakarin Road (near Seacon square), Nongbon, Praves, 10250 Bangkok, Thailand
Tel   +66-2-255-2506    +66-2-656-6129    +66-2-366-0700(-3)
Fax   +66-2-366-0700    +66-2-255-2506
Email             Web www.u5.com