On Sat, Jun 16, 2012 at 7:40 PM, Matthew Finkel <matthew.fin...@gmail.com> wrote: > On Sat, Jun 16, 2012 at 6:59 PM, Michael Mol <mike...@gmail.com> wrote: >> >> On Sat, Jun 16, 2012 at 6:42 PM, Matthew Finkel >> <matthew.fin...@gmail.com> wrote: >> > On Sat, Jun 16, 2012 at 5:30 PM, Michael Mol <mike...@gmail.com> wrote:
[snip] >> >> >> > True, and they've been working "hard" to get it to the state it is in >> > now. >> > In many cases, sys admins have had to unlearn relying on their mouse >> > for complete power. The CLI provides options that are, obviously, very >> > difficult >> > to express in a simple GUI (I know I'm preaching to the choir). >> > Powershell >> > has >> > made huge progress in this respect, but it still has a long way to go in >> > order to >> > compete with what we have. And I doubt the server environment would ever >> > become stripped down to the state we're talking about. >> >> Actually, they're there as of Windows Server 2008. It's called >> "Windows Server 2008 Core". According to "Windows Server 2008: The >> Definitive Guide", you log into one of these systems and all you get >> (by default) is a terminal window with an instance of cmd.exe. It goes >> on to list seven server roles this configuration supports: >> >> * Active Directory and Active Directory Lightweight Domain Services (LDS) >> * DHCP Server >> * DNS Server >> * File Services (including DFSR and NFS) >> * Print Services >> * Streaming Media Services >> * Windows Server Virtualization >> >> (Curiously, one of the things you _can't_ do is run Managed Code.) > > > Huh, I didn't know about this. It's still too limited, though. At least > they've > duplicated a lot of the core gui elements on cli. I dunno. That's everything I might possibly want a Windows system for. DNS comes with AD. Their DHCP server is probably the best on the market right now; it's the only common one[1] which handles DDNS updates for IPv4 and IPv6 hosts in the same domain. Everything else, I can easily do as-well-or-better on a Linux box. Being able to be an AD controller on a stripped-down version of the platform is also a plus, if you need to run in an AD environment. That makes adding redundancy and load distribution cheaper.[2] [1] That I know of; if anyone knows of a DHCP client for Linux which handles DDNS updates for IPv4 and IPv6 in the same domain, I'd love to hear about it. ISC's doesn't. [2] Samba 4 can do this too, and I'm looking forward to seeing someone sell Shiva Plugs with Samba 4 preinstalled. And, yeah, Samba 4 has had some big news events this year. >> >> Not that they won't be able to bolt one in easily enough; CSRSS means >> >> they should be able to provide, e.g. an SSH daemon, give the >> >> connecting user a PowerShell login session[1], and give it equal >> >> privileges and security controls as they have for any other login >> >> session. >> > >> > How many years have they had? I'd given up on this years ago. >> >> SFU is available in the "Server Core" configuration. I imagine you >> could run OpenSSH under there. Or some commercial entity could come >> along and provide an SSH+screen(ish) component to snap into the CSRSS >> framework. > > > I'd actually forgotten about that, I would never trust their implement > though. > Apparently there's a binary available of OpenSSH that runs on SFU (so says > wiki [1]). > I've been out of the Windows Server environment for a few years now, so I > guess > I've missed out on some of the progress MS has made in this area. It's good > they > are pushing the CLI now. Perhaps in a few releases they'll implement their > own > of encrypting telnet sessions with a screen/tmux lookalike. Microsoft never > ceases to amaze me - with the good and the bad. Where security concerns are relevant, I'd favor the implementation which comes with security updates pushed through the platform vendor's channel. With Debian, that means I avoid building my own packages. On Gentoo, that means I keep up with Portage. On Windows, that means using things which come through Microsoft Update. (Anything which doesn't, I could probably replace with something running on a Linux box. Again, this is a server context we're talking about.) Also, did you know Windows domain environments support dynamic application of IPSec-based security policies to enforce host patching policies? Some awesome stuff. Got me wanting to learn enough to be able to do the same thing using, e.g. Chef.[3] [3] http://www.opscode.com/chef/ [snip] -- :wq
