[Sussex] LINUX takes on Xserve

Neil Ford neil at smudgypixels.net
Fri Jan 10 09:06:00 UTC 2003


On Friday, January 10, 2003, at 07:05 AM, Atro Tossavainen wrote:

> On Wed Oct 30 18:24:06 2002, Tony Dart wrote:
>
>> Must admit I can't see any reason why anyone would buy an Apple X
>> server over a Linux box, unless in a specialist field. Anymore than
>> anyone earning their living in the graphics world using Linux rather
>> than a Mac - horses for courses.
>
> You mean "over an x86 Linux box", presumably, since Linux runs on just
> about everything...
>
> I wanted a computer for handling all external SSH traffic to our
> Institute.  We used to allow SSH traffic to individual workstations,
> Suns, SGIs, Alphas.  The encryption and compression tasks involved
> are mostly CPU intensive, of course.
>
> I was figuring my options were Intel-based rack servers for ¤~1500,
> Sun/Fujitsu SPARC-based servers for ¤~3000, or the Xserve for ¤~3000.
> SPARC based solutions aren't known for blazing CPU performance, so
> it's either x86, or an Xserve for double the price.  Hmm...
>
> This is supposed to be a machine for improving security (concentrating
> all ssh connections in one box), first and foremost.  I figured using
> an x86 for the purpose would have been a daft move since whenever a
> software fault is found and made public, the exploits usually arrive
> for x86 first, other platforms later if at all, the reason for which
> is probably simply the overwhelming popularity of x86 based computers.
>
> The reason I picked "anything else but x86" despite the price
> difference was that I expect to gain an extra couple of days from
> the discovery and publication of software faults to patch things
> up.  It had nothing to do with our specialist field.
>
Unfortunately your logic is flawed (much as I am a Mac advocate and 
glad someone has deployed an Xserve). You could quite easily achieved 
what you required on x86 using any number of OSes. For a box who's main 
function was to be security I would have probably gone for OpenBSD, but 
any well configured Linux or BSD box would have done the job quite 
admirably.

Due to Apple's insistence of sticking so much in the Netinfo database, 
close configuration of a Mac OS X box is not as easy as on other 
comparable operating systems. In conjunction with Apple's relative 
tardiness in getting updated versions of things like OpenSSH make it a 
less than suitable platform for a secure application. Too much on the 
box is still proprietary for it to compete against a truly open source 
system.

The Xserve's strengths are it's familiarity for existing Mac shops and 
integration with Mac OS clients.

Neil.
-- 
Neil Ford
neil at smudgypixels.net
http://www.smudgypixels.net




More information about the Sussex mailing list