Linked by Thom Holwerda on Thu 14th Sep 2017 22:11 UTC
Windows

Today, we are thrilled to unveil the next step in our journey for Windows Server graphical management experiences. In less than two weeks at Microsoft Ignite, we will launch the Technical Preview release of Project "Honolulu", a flexible, locally-deployed, browser-based management platform and tools.

Project "Honolulu" is the culmination of significant customer feedback, which has directly shaped product direction and investments. With support for both hybrid and traditional disconnected server environments, Project "Honolulu" provides a quick and easy solution for common IT admin tasks with a lightweight deployment.

I've never managed any servers, so it's difficult for me to gauge how useful of popular tools like these are. What is the usual way people manage their servers?

Thread beginning with comment 648917
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[4]: Great question
by Alfman on Fri 15th Sep 2017 14:39 UTC in reply to "RE[3]: Great question"
Alfman
Member since:
2011-01-28

Rokas,

Well yes, of course a company with 20 computers is a very, very different case :-)


Ok, but then this was exactly the OP's point, to which you responded "Why would you ever do that?.. That's horrible practice.". It depends on size, so it seems we're all in agreement here ;)

Nope. Role segregation is not just about load distribution. It's mostly about security, interoperability issues and ease of upgrades. You see, when you have only one role on the server, it's much, much, MUCH easier to reboot it, upgrade it, do maintenance on it than on the server where there are dozens of very different critical services running, each of which might have it's own needs/requirements...When you do maintenance on such a monolithic server, you're basically taking down entire infra and there's much higher risk that one or another role/service will fail after maintenance.


What are you talking about, don't your servers stay up for months at a time, haha ;)

Seriously though, in linux virtually all userspace daemons can be upgraded independently of one another without taking anything else offline. I honestly don't know if this is still a problem for windows servers, but in taking your post into account it sounds like it is.

It's not that I object to having more servers, but smaller companies don't typically have a need for them in terms of cost/benefit ratios.


Also, if any single service/role gets compromised on such a monolithic server, you are totally screwed, since it means complete takeover of all your infra.


Yes, there's a valid point, this is the reason why it's useful to run daemons under user isolation so that compromising one doesn't compromise others. Unfortunately though even if services are logically & physically separated, it doesn't necessarily mean we've stopped privilege escalation. For example, compromised websites often lead to compromised databases regardless of whether they're running on a different server. Many of the ways to mitigate the risks apply equally to daemons running locally and remotely.

Small companies don't often have the resources to hire specialized team, so for a lone overworked IT worker, it can be both easier and faster to restore a single server than to try and investigate exploits across many servers. Ultimately, I'm not necessarily disagreeing with you, but I am asking you to consider the small business perspective you may not have as much experience with.

Reply Parent Score: 2

RE[5]: Great question
by Rokas on Fri 15th Sep 2017 14:44 in reply to "RE[4]: Great question"
Rokas Member since:
2017-09-12

Seriously though, in linux virtually all userspace daemons can be upgraded independently of one another without taking anything else offline. I honestly don't know if this is still a problem for windows servers, but in taking your post into account it sounds like it is.

I am talking OS patching. And I think both Windows and Linux still need a reboot after installing most OS/Kernel level patches.
Also, maintenance can include more activities than just updating... Even if you're not expecting any downtime for a given maintenance activity, you must consider that possibility and act accordingly...
About the rest, yes, I agree. Many things are different in small companies with very small IT budgets.

Reply Parent Score: 3

RE[6]: Great question
by Alfman on Fri 15th Sep 2017 15:36 in reply to "RE[5]: Great question"
Alfman Member since:
2011-01-28

Rokas,

I am talking OS patching. And I think both Windows and Linux still need a reboot after installing most OS/Kernel level patches.
Also, maintenance can include more activities than just updating... Even if you're not expecting any downtime for a given maintenance activity, you must consider that possibility and act accordingly...


True, but the majority of kernel updates are for new features that can often be postponed to a convenient time or even indefinitely if you didn't need those features. Only the security updates have any real urgency. I tend to handle it on a case by case basis.


About the rest, yes, I agree. Many things are different in small companies with very small IT budgets.


I find this to be one of the biggest challenges with small companies. They want everything running smoothly 24/7 on a shoestring budget, alas those are often mutually exclusive, but you do the best you can, haha.

Reply Parent Score: 2