Geeks With Blogs
Robert's Sysadmin Blog Unraveling the datacenter one fibre at a time

Today I attended the fall MSDN/Technet brief in the Hague, Netherlands, which is a free event. It was, therefore, nice to see Steve Balmer make an appearance. The theme was 'Security eXPeriance' and the sessions centred around ISA 2004 and MOM 2005 mostly.

I attended the hands-on lab for ISA and was quite impressed, even given my limited experience with ISA 2000. I like the fact that MS is now basicly moving towards a single interface that is a lot more intuitive than MMC.. everything now looks like Outlook 2003 ;)
Took the lab manual with me, I am sure I can get my hands on the virtual lab to continue playing.

(ISA Server 2004 interface example)

I also attended a very interesting session that basicly squared off firewalling on a Linux platform, agains ISA Server 2004.
Now I know jack about Linux and the software you can get for it, but it was much as I suspected. Now I dont know specificly what firewall tool the Linux guy was using, he was using a web-based admin tool for everything on that machine, including the firewall bit, but even though it was point and click, it was considderably more work to configure anything, as even the most simplest rule had to be built from the ground up.

Now this is probably not a fair test, as I can easily imagine somewhere out there making rule-scripts available for whatever Linux firewall app. But apart from all that, you simply cant get around the interface ease and richness of ISA as a firewall product. Linux requires you to download (and compile) every element of functionality you need seperatly. And when it comes to interface, the only only thing that can compare.. and thus can directly compete.. is checkpoint, and even then ISA just looks plain better, but that should not be a point to take into considderation.

(Checkpoint Smartcentre interface example)

I can predict exactly what the average manager must think, and you should know I considder the average manager rather shallow; "Hey.. that ISA costs no trouble at all to administer.. I'll just hire an junior admin, with no infrastructure experiance or knowledge at all, for that, and get rid of the Linux specialist who costs 4 times more per hour!"

The most important reminder I got out of the session, is that nothing beats in-depth knowledge of what you are doing. To use Linux effectively, you really need to understand what you are doing. With the average Microsoft product, this is often not the case.

This leeds to masses of lazy administrators. the ones I have often refered to in my previous posts. So I can tell you right now, if something broke down with the infrastructure, then I would far rather have a Linux sysadmin working on the problem, that your average Windows sysadmin, as with the Linux sysadmin, I can probably assume that he has more in-depth knowledge, simply because Linux requires that to get anything done.

As for Windows.. you have masses and masses of admins that know just enough to keep everything working, but not enough to effectivly troubleshoot issues, or help build better solututions to suite business needs. Who cares that you have a really easy to use firewall tool, if the firewall admin cant troubleshoot a routing issue effectively!



Posted on Tuesday, October 5, 2004 9:53 PM | Back to top

Comments on this post: MSDN Technet brief in The Hague

# re: MSDN Technet brief in The Hague
Requesting Gravatar...
With iptables, there's no real recompilation of anything firewall related in Linux.

The rules you create can be complex, or very simple depending on how you want to make it. Most likely the person used webmin, which is a web based administration tool for everything on the box and I do mean everything. Modules extend it's functionality to where it's almost got every package covered.

I know Linux as I have to so I can support our firewalls (very old computer running slackware 10, 2.6.7 kernel and iptables). I know enough about Windows to be dangerous, but honestly some of Windows can be vastly more complex and leave me stumped. With Linux it pretty much works or it doesn't, there's no real grey area.

Windows will put more junior admins to work initially setting up something like this. Setup is one thing, troubleshooting and maintenance are a whole seperate issue. While they'll be able to work with it as long as it works, the second something breaks they'll need to hire a consultant. Troubleshooting this stuff in Linux isn't easy so it's not going to be easy in Windows either since it's pretty much the same technology. Most likely what ISA does is creates the same basic rules you would have in Linux, but does so "under the hood" so that you don't have to really understand every intricate detail. I don't think of this as a problem until something goes wrong, then you might have some issues but it's the same for any firewalling technology really. With Linux you're more forced to know everything because it wouldn't work without the knowledge. Windows lets you skate by a little bit at first, but will bite you in the butt if you don't know your stuff.
Left by Jeremy Brayton on Oct 05, 2004 10:24 PM

# re: MSDN Technet brief in The Hague
Requesting Gravatar...
Here is a listing of the specific software Linux used in the demo:

Distributie Slackware 10.0
Kernel 2.4.26
Apache 1.3.31
Sendmail 8.13.1
ProFTP 1.29
PoPToP daemon 1.1.4-b4 (PPTPD)
Samba 3.04
Webmin 1.160

Left by Jemimus on Oct 09, 2004 2:29 PM

Your comment:
 (will show your gravatar)

Copyright © Robert Kloosterhuis | Powered by: