Linked by Thom Holwerda on Thu 14th Sep 2017 22:11 UTC
Windows

Today, we are thrilled to unveil the next step in our journey for Windows Server graphical management experiences. In less than two weeks at Microsoft Ignite, we will launch the Technical Preview release of Project "Honolulu", a flexible, locally-deployed, browser-based management platform and tools.

Project "Honolulu" is the culmination of significant customer feedback, which has directly shaped product direction and investments. With support for both hybrid and traditional disconnected server environments, Project "Honolulu" provides a quick and easy solution for common IT admin tasks with a lightweight deployment.

I've never managed any servers, so it's difficult for me to gauge how useful of popular tools like these are. What is the usual way people manage their servers?

Thread beginning with comment 648909
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[3]: Great question
by Rokas on Fri 15th Sep 2017 08:08 UTC in reply to "RE[2]: Great question"
Rokas
Member since:
2017-09-12

Rokas,

Sure, if you have significant load. But not all enterprises warrant dedicated servers for each function. It increases operational and licensing costs for not much benefit. This was the case at one of the places I worked at with about 20 desktop computers.

Well yes, of course a company with 20 computers is a very, very different case :-)

Sure if you have load issues, then dividing the high usage processes makes sense, but otherwise I'd recommend just keeping it simple ;)

Nope. Role segregation is not just about load distribution. It's mostly about security, interoperability issues and ease of upgrades. You see, when you have only one role on the server, it's much, much, MUCH easier to reboot it, upgrade it, do maintenance on it than on the server where there are dozens of very different critical services running, each of which might have it's own needs/requirements... When you do maintenance on such a monolithic server, you're basically taking down entire infra and there's much higher risk that one or another role/service will fail after maintenance.
Also, if any single service/role gets compromised on such a monolithic server, you are totally screwed, since it means complete takeover of all your infra.

Edited 2017-09-15 08:09 UTC

Reply Parent Score: 2

RE[4]: Great question
by Alfman on Fri 15th Sep 2017 14:39 in reply to "RE[3]: Great question"
Alfman Member since:
2011-01-28

Rokas,

Well yes, of course a company with 20 computers is a very, very different case :-)


Ok, but then this was exactly the OP's point, to which you responded "Why would you ever do that?.. That's horrible practice.". It depends on size, so it seems we're all in agreement here ;)

Nope. Role segregation is not just about load distribution. It's mostly about security, interoperability issues and ease of upgrades. You see, when you have only one role on the server, it's much, much, MUCH easier to reboot it, upgrade it, do maintenance on it than on the server where there are dozens of very different critical services running, each of which might have it's own needs/requirements...When you do maintenance on such a monolithic server, you're basically taking down entire infra and there's much higher risk that one or another role/service will fail after maintenance.


What are you talking about, don't your servers stay up for months at a time, haha ;)

Seriously though, in linux virtually all userspace daemons can be upgraded independently of one another without taking anything else offline. I honestly don't know if this is still a problem for windows servers, but in taking your post into account it sounds like it is.

It's not that I object to having more servers, but smaller companies don't typically have a need for them in terms of cost/benefit ratios.


Also, if any single service/role gets compromised on such a monolithic server, you are totally screwed, since it means complete takeover of all your infra.


Yes, there's a valid point, this is the reason why it's useful to run daemons under user isolation so that compromising one doesn't compromise others. Unfortunately though even if services are logically & physically separated, it doesn't necessarily mean we've stopped privilege escalation. For example, compromised websites often lead to compromised databases regardless of whether they're running on a different server. Many of the ways to mitigate the risks apply equally to daemons running locally and remotely.

Small companies don't often have the resources to hire specialized team, so for a lone overworked IT worker, it can be both easier and faster to restore a single server than to try and investigate exploits across many servers. Ultimately, I'm not necessarily disagreeing with you, but I am asking you to consider the small business perspective you may not have as much experience with.

Reply Parent Score: 2

RE[5]: Great question
by Rokas on Fri 15th Sep 2017 14:44 in reply to "RE[4]: Great question"
Rokas Member since:
2017-09-12

Seriously though, in linux virtually all userspace daemons can be upgraded independently of one another without taking anything else offline. I honestly don't know if this is still a problem for windows servers, but in taking your post into account it sounds like it is.

I am talking OS patching. And I think both Windows and Linux still need a reboot after installing most OS/Kernel level patches.
Also, maintenance can include more activities than just updating... Even if you're not expecting any downtime for a given maintenance activity, you must consider that possibility and act accordingly...
About the rest, yes, I agree. Many things are different in small companies with very small IT budgets.

Reply Parent Score: 3

RE[4]: Great question
by abraxas on Mon 18th Sep 2017 15:27 in reply to "RE[3]: Great question"
abraxas Member since:
2005-07-07


Also, if any single service/role gets compromised on such a monolithic server, you are totally screwed, since it means complete takeover of all your infra.


Most admins don't properly segregate. Even if you have single roles running on different servers, just one getting compromised can still lead to a takeover of your infrastructure.

Reply Parent Score: 2