Go ahead
This must be some new definition of "Secure boot" that I was previously unaware of - it's time to upgrade to Linux anyway.
Lenovo server admins should disable Windows Update and apply a UEFI fix to avoid Microsoft’s November security patches freezing their systems. The world’s third-largest server-maker advised the step after revealing that 19 configurations of its x M5 and M6 rack, as well as its x6 systems are susceptible. Lenovo’s machines are …
Sure, what's the Windows equivalent to systemd?
Sound stupid? That's because it is.
Horses for courses, and I've not worked in a workplace that uses Lync and I've been doing IT and network management for 20 years.
In fact, even Exchange is rare in some industries, even in Windows-only environments.
Hedging your bets on a product that only works on Windows is a dumb business decision, even if "everyone else does it". We found that out in the 90's but some of us never learn.
And with virtualisation, it really doesn't matter what OS the server runs any more, so long as the individual VM's (which is where the Lync Server would sit) have the right OS.
In this case, what we're questioning is why you'd run a Windows hypervisor, not a Windows server serving a Windows-only application that you've decided to standardise on. Plenty of places survive just fine without ever having had, used, or afforded Lync.
Not that that makes Linux any better or worse, to be honest. But at least it's not Mac.
(P.S. 30+ virtual servers, about 60% Windows, 30% Linux).
With cloud services, virtualisation and modern systems, you're an idiot to put all your eggs in one basket. For instance, here, if you had all Lenovo servers with all Windows Server and had - as recommended - auto-update turned on, you would have taken all EVERYTHING in one fell swoop. That's just stupid.
And how long, honestly, before Lync / Skype is "just another cloud-service"? Not long, it's already here:
https://technet.microsoft.com/en-us/cloud/gg671923.aspx
Without turning this into a contest, 30+ servers aren't really much to write home about.
The game changes when running enterprise IT systems when you are dealing with hundreds of servers and thousands of users. For all it's faults, Microsoft has a decent directory system that links very well with a lot of it's other products.
Now perhaps if a software house wanted to run purely Linux and had the expertise to deploy full Chef/Puppet orchestration then the argument may hold a bit of weight.
PS. I am not a fan of Hyper-V and much prefer VMWare.
>Now perhaps if a software house wanted to run purely Linux and had the expertise to deploy full Chef/Puppet orchestration then the argument may hold a bit of weight.
You should in any case deploy that, it has many advantages over AD, even for windows-only/windows-mostly shops, and can comfortably be implemented alongside AD.
UNIX supported LDAP natively a decade before Microsoft, what are you mumbling ? LDAP is quite a widespread protocol. Kerberos is another example, again, was available on UNIX ~20 years before Windows ... just saying.
AD/GPO suck when it comes to managing non-Windows systems or even non-registry-centric programs on Windows, on the other hand, Samba+OpenLDAP+Chef/puppet kicks ass, for those who cannot leave Windows 100%.
That is all very true but the real issue is always the bottom line.
Let's face it, it's cheaper to hire Windows professionals over Linux AND Windows professionals.
If I wanted to deploy Chef/Puppet within an enterprise environment then I would want to make sure that it was done correctly and supported by competent engineers. Windows does a lot of this stuff already for a lower TCO.
I love a bit of UNIX but sometimes you need to be pragmatic when working with limited budgets.
You mean "hire dozens of Windows professionals over" two or three "Linux AND Windows professionals".
One Linux professional can handle many more systems than one Windows professional. The ratios reported are around 50 linux servers to 1 Windows server... But it does vary. Facebook is reported to use 1 engineer for some 1,000,000 users... or 1 engineer per 130 servers (I believe that was for the same engineer).
But the number varies a lot depending on the environment. For a while I was the Kerberos maintenance (and support) for about 15,000 users scattered across the world using several dozen different computer centers, so I tended to get the admins calling about any problems. If I added up all the servers supported that would be several thousand (between 30 and 100 per center, depending on the center).
Anywhere security was mandatory ... left windows out. You can't secure that.
My point, is saying "upgrade to Linux" is the usual dumb blinkered answer that some people give out as a stock answer, it's a little sad and pathetic.
As you said horses for courses.
(About 4000 servers about 64% Windows, 34% Linux and a smattering of custom black boxes running all kinds of random stuff)
"My point, is saying "upgrade to Linux" is the usual dumb blinkered answer that some people give out as a stock answer, it's a little sad and pathetic"
...and in response, the usual dumb blinkered answer is "Linux is useless because I can randomly think of one application I use that doesn't have a Linux version, even though numerous alternatives exist". The only thing more pathetic than the "Linux does everything" answer is the "Linux doesn't run every Windows application and I don't want to think or put in any effort to migrate" answer
>Horses for courses, and I've not worked in a workplace that uses Lync and I've been doing IT and network management for 20 years.
While I agree with all of the arguments you make, I have to point out that doing something for a long time != doing it well. For example, the Bush family was in the oval office for how long? I'm sure you can think of other examples--nearly everyone works with at least one.
Can you let everyone know the Linux equivalent of Lync.
That would have been fine if lync actually worked. Ever since it was renamed Skype for Business its "success rate" is about 30%. That drops to sub<10% if there are people on Mac, VPNs, etc.
You can get the Skype For Business functionality on Linux using google talk and google apps (if you surrender to the idea of google knowing each and every step you make). It also works properly on a mobile (something Lync stopped doing once it became Skype for Business). IM works. Video works significantly better than Lync, Presence works, whiteboarding and other conference facilities also work and so does calendaring. It has only one massive downside - it pretty much requires VOIP and you need decent data connectivity. Not usable out in the sticks. The upside is that it is significantly more reliable than Skype For Business.
Alternatively - you get that easily using webex + a decent xmpp server of your choice. It is a bit more hassle and you need to cobble it together for a team. It has the advantage that it works pretty much anywhere and the bandwidth requirements are ~ NIL unless you have an idiot PHB in the team which insists on his mug always being displayed to his subordinates.
In both cases you also can integrate into that 3rd party systems and apps. Something which you can forget about as far as lync is concerned.
I have to use all 3 of these on a weekly basis and I would overall rate them: Webex, Hangouts and Skype for Business as a very remote unreliable third.
"No problem. Can you let everyone know the Linux equivalent of Lync. Linux is good, but it can't do everything."
I don't know about Lync, but can you let me know how to stop Windows Servers from needing a reboot every month or from being the biggest target of malware?
It's hardly surprising that vender's propriety software package inter-operates with vender's other propriety software.
Also, if other devices are compromised somehow, intruders will look for vulnerable machines to expand and gather more information and privileges....
Pure "uptime" is really a "my dick is bigger than yours" thing - for teenagers sysadmins (and lazy ones). The only thing that is important is you have to match your services needs - including keeping the systems and their data secure. I really don't care if I reboot every n days (including Linux for kernel updates, and some services could need to be restarted anyway to load fixed code...), only I care to perform them when they don't impact services, or impact is minimal and anyway well planned.
> I don't know about Lync, but can you let me know how to stop Windows Servers from needing a reboot every month or from being the biggest target of malware?
How can we stop Linux from needing a reboot every two weeks due to kernel issues?
USN-3147-1: Linux kernel vulnerabilities - 30th November 2016
USN-3126-1: Linux kernel vulnerabilities - 11th November 2016
USN-3107-1: Linux kernel vulnerability - 19th October 2016
USN-3099-1: Linux kernel vulnerabilities - 11th October 2016
USN-3084-1: Linux kernel vulnerabilities - 19th September 2016
USN-3072-1: Linux kernel vulnerabilities - 29th August 2016
USN-3055-1: Linux kernel vulnerabilities - 10th August 2016
USN-3035-1: Linux kernel vulnerability - 14th July 2016
Every OS needs patches. You can elect not to patch any system, but standing up Linux as not needing patches and Windows does is pretty absurd.
Depends on your distribution... Ksplice allows for replacing the kernel without a reboot...
There are also other methods of patching a kernel without rebooting...
You also are not required to reboot - just apply the patches. When you next do a PM/other reason to reboot, then the kernel will be the patched one.
It is up to the administrator and management do decide when to do a reboot.
Unless you are on Windows when it is at the will of Microsoft.
Unless you are on Windows when it is at the will of Microsoft.
Only if you're daft enough to configure the server to reboot automatically if required. If you're a bit sensible, it will just sit there saying "Patches installed, please reboot", and if you're really sensible, it will sit there saying "Patches downloaded - ready to install".
The idea that Windows forces reboots is totally incorrect.
Is Ksplice the default? No, it isn't. It *can* be used, and you have to test carefully it won't create more problems than it solves.
Sure, you're not required to reboot - but until you do, the old kernel is active and any vulnerability in it also. It's a matter of managing risks.
Nor Windows Server reboots on its own unless you configure it to do so.
How can we stop Linux from needing a reboot every two weeks due to kernel issues?
there is a reason why firewalls and other security related devices run older vetted kernels... if you are going to run bleeding edge stuff on your servers (and even workstations) you will be cut and have some blood loss at some point...
but then again, the v4 of the linux kernel has introduced inline patching (or something like that) where the kernel gets the fixes but the machine doesn't have to be rebooted...
so -1
Every OS needs patches. You can elect not to patch any system, but standing up Linux as not needing patches and Windows does is pretty absurd.
but i tend to agree with this statement in general so +1
that's a balance so your points remain the same ;)
>Linux equivalent of Lync.
>You know the one that does IM, Video,Ppresence, whiteboarding, all with office suite and calendaring?
BS, Lync is so bad that they replaced it with Teams, which also suffers some of the same issues ... like, messages no appearing ... you get the notification pop up "New message from x", then you go to the conversation with "x", and of course, the message is not there ... yes, a reboot temporarily fixes it, but that does not count, right ?
Anyway, POL is your friend, if you insist on that crap ....
I find pidgin(with sipe) works just fine for me. The whiteboarding crap in lync just plain does not work in a properly secured environment. Desktop sharing in lync works, but it really doesn't suit my requirements.
Other than the fact that having Lync and Outlook365 running on a windows system eventually chews up every last scrap of ram and then some, eventually hanging windows, I don't see an advantage to S4B.
No problem. Can you let everyone know the Linux equivalent of Lync.
You know the one that does IM, Video,Ppresence, whiteboarding, all with office suite and calendaring?
And that s just one example.
Linux is good, but it can't do everything.
But wouldn't NOT running Lync be a feature rather than a shortcoming???
I only have experience of using a single Lenovo product - the Thinkpad W541. And I think it's a bag of washing. For it's spec it's slow, expensive and it refuses to boot Ubuntu. Under both Windows and Mint the screen flickers when watching video's and despite an outstanding support case that I registered with the thing over a year ago, no answer. The support for projectors is dire (one or the other, not the two at the same time).
I guess the same "get it out the door fast" approach to firmware applies to servers as well as their laptops.
> time to upgrade to Linux anyway
Good luck with trying to dual boot Windows 10 and Linux. I tried for a day to get round UEFI problems (on an HP junker, not a LeNovo) and concluded that whatever Win10 had done to the UEFI meant that none of the recipes and tricks for dual boot installation worked: all I could ever boot was bloody Win10, event though Linux Mint had installed perfectly.
Solution: blew away Windows completely on that machine. Worked like a charm.
Wouldn't be surprised.
Another well-known Lenovo "feature" is on their Desktop / Laptop range. If you install a new, standalone, licensed MS Office without wiping the machine and reinstalling the OS[1], it fucks the licensing up. Apparently Lenovo have done something naughty to the OEM version of "Get Office". Uninstalling the "Get Office" app doesn't help as they haven't tweaked the uninstall routine to recognise and remove the registry keys they've cocked up...
So, proven form for playing fast and loose with the MS standards...and not getting away with it(!)
[1] Ok you can manually edit the registry but, given Lenovo's record, it's safer to nuke the site from orbit.
As an end user I don't see this problem. And, kindly, Microsoft automatically install my Win10 updates that will work 100% on the time and will never brick my system, alter its configuration or impact my workflow at all.
Thankfully, Microsoft have explained that they are infallible, always correct and there'll never be an occasion when they get it wrong and cost me time and money so I'm happy for them to continue.