Novell's SLES9 vs. Microsoft's Win2K3
A Windows Domain Control & File Server Comparison
With Novell's recent release of their SLES9 server (Suse Linux Enterprise Server), I decided to compare their new offering against Microsoft's Windows 2003 Server (Enterprise Edition) in a Windows based network environment. Can SLES9 be a viable server solution as an answer to using a Windows 2003 Server?
This article will compare these two server products in a small to medium sized Windows network environment. I will be using the following categories: reconfigurability, basic administration tasks, server tasks, file system performance, overall cost and user/computer management. These are basic functionalities that every network server needs to provide.
Microsoft's Windows 2003 Server
Microsoft's Windows 2003 Server (Win2k3) was released on 24 April 2003, and is the fourth major Server Operating System released by Microsoft in the 10+ year history of their NT product line. Win2k3 also continues on the development of Microsoft's Active Directory management database. Active Directory was first introduced with Windows 2000 Server, and has gone through some minor changes, especially in the field of maintainability and usability.
For more information on the history of Microsoft's Windows NT products visit this wikipedia page.
Novell's Suse Linux Enterprise Server 9
Over the past 8 years Novell has had a steady drop of sales of their Netware product line, mostly losing customers to Microsoft's NT Server line. In light of this fact, Novell decided to make drastic changes to their business model. Late last year (2003) Novell purchased two businesses that specialized in products based around the GNU/Linux Operating System. One of these companies, Suse, maintained a very popular "Linux distribution".
Suse Linux Enterprise Server 9 (SLES9) is the third "Enterprise Server" released from Suse, which in turn is based on Suse Linux. Although SLES9 is the second Linux Operating System released since Novell purchased Suse, it is the first to actually contain any Novell branding.
Novell is planning to port most of their networking products to SLES, and their first major release of these products, Novell Open Enterprise Server, should be available in the first part of next year (2005). Novell's OES should include most of their popular addons, such as Zenworks and the Nterprise services, as well as introduce some new products such as iFolder.
Most Servers will evolve over time, usually adding services, changing settings or simply fixing minor problems and annoyances. A server operating system should contain easy to use tools and utilities to help the administrator handle these issues. Both Windows 2003 Server and Novell's SLES9 Server utilize a central location for all server administration tasks that need to be done. Windows 2003 uses the control panel, the MMC and the Manage Your Server wizard, while SLES9 uses Suse's Yast program.
Win2K3 - Control Panel and Wizards
What really sells Windows 2003 Server to businesses is the fact that it looks and is configured in pretty much the same way that Windows XP is. Managers continue to believe, rightly or wrongly, that if the server is configured in pretty much the same way as what most people use at home, then it should be easy for their Administrators to maintain the server. I believe this can be true to an extent, but what usually happens is more and more "Administrators", qualified or not, try to maintain the server as they do their workstations. The result is that the server soon becomes unorganized and possibly less secure, especially when more than one person "configures" the server.
Any administrator familiar with Windows XP and has any Windows Networking experience could get Windows 2003 Server up and running quickly. This is due in large part to the inclusion of "server wizards" that are accessed through the Manage Your Server program.
Microsoft includes wizards for nearly every server task that Windows 2003 Server can accomplish. These wizards also utilize somewhat sensible default values when services first get installed. This is very important because with most installs on small networks, the Administrator will in fact keep the defaults as-is. "Why change something that works" is usually the mantra. Although the down side of this, of course, is the fact everyone else knows how W2k3 Server sets up all the services by default. So, it can be relatively easy for a "cracker" to break into a system once a security issue is discovered with a service that is enabled on the server.
Most of the other server configuration tasks can be handled through the "Control Panel", which is very similar to Windows XP.
SLES9 - YaST
Novell's answer to server administration is to include the ability to adjust nearly every aspect of the server through a single program - YAST. The YaST (Yet Another Setup Tool) application has been in active development for nearly as long as SuSE's been in business (early 1993). YaST has been recently licensed under the GNU GPL (General Public License) so other companies can take advantage of the development, as long as they contribute back their accomplishments.
The YaST program is very straight forward and is very thorough on what aspect of the server you can adjust. YaST allows you to change everything from network settings to how the apache web server functions. Although YaST also utilizes wizards, if you know how the service should be setup it is easy to get the service up and running to your specifications. This is quite a bit different than the "cookie cutter" wizard approach that Microsoft's Win2k3 Server uses.
An advantage that Suse Linux Enterprise Server has over the Windows counterpart is the fact that you do not need to use a graphical display to adjust server settings. SLES9 is built on top of Suse Linux, and all of the servers can be adjusted either through the command line, or by simply modifying a text file. If the Administrator is knowledgeable in Unix/Linux administration, SLES9 can become very, very customized to your network environment. Microsoft is gradually adding more and more command line administration utilities to their server solutions, but currently they are no match for the power of a Unix/Linux shell.
Overall, it "feels" as if you have more control over your server when using SLES9 compared to Windows 2003. When you use the wizards in Windows 2003, it seems as if you are relying on the software to configure everything about a service, which is fine until something goes wrong. SLES9 seems to be much easier to troubleshoot and fix than Windows 2003.
Both Windows 2003 Server and Suse Linux Enterprise Server offer the ability to remotely administer the server. Win2k3 server allows the Administrator to either remote control the server, or to log in remotely using Windows Terminal Services. However, both of these solutions do require you to have a somewhat fast connection in order to get anything done. Windows 2k3 Server also allows certain administration programs to access the server's resources over the network. Programs such as Microsoft Management Console (MMC), the registry editor and the Event Viewer allow remote connections in this way
SLES9 offers a few ways to remotely administer the system. SLES9 includes a VNC server that will allow you to remote control the server from either a VNC client or a java enabled web browser. You could also setup a remote X11 connections to allow you to remotely login from another computer (not recommended for security reasons). You can also utilize the Secure Shell that is included with SLES9. The secure shell approach is by far the most secure and most popular way to remotely administrate the server. Not only does it give you an encrypted shell connection, but you can also forward any port, including the X11 display through the SSH connection. So, for instance you can remotely log in using SSH with X11 forwarding enabled and either run YaST from the command line or forward the graphical YaST program to your local workstation using "gnomesu yast2".
Overall, if the Administrator is knowledgeable, SLES9 is by far the better solution when it comes to actually managing the server and all its services. Not only because Suse's YaST tool has more features and is easier to use, but also since you have the option of controlling just about everything from the shell.
Server Administration Leader: SLES9
User and Computer Administration
One of the most important and most used tasks in a network is the addition and management of users and computers. It is essential that all Administrators(and sometimes Power Users) have the ability to create, modify or delete user accounts, the easier it is the better.
This is where Windows 2003 Server really shines using it's Active Directory. Active Directory is simply an LDAP (Lightweight Directory and Access Protocol) server (plus other components) that contains the user and computer accounts. What really sets Active Directory apart however is the addition of a very easy to use, powerful client application that controls the user/computer database.
Using Active Directory it is very easy to add/remove users, sort computers, create containers for various users, etc. The power of this quickly becomes apparent when you need to quickly adjust the settings for a group of users or computers. Say, for instance you want to set the home page of all the sales people to the company's stock page, you simply need to create a custom policy that will do this for you and simply apply it to the sales container.
Suse Linux Enterprise Server also, by default, stores all of the user account information into an LDAP server, but unfortunately the included Samba server does not utilize the LDAP back-end by default, you have to manually configure Samba to use the LDAP server for authentication, which is easy.
Since both Active Directory and Samba uses LDAP, Does this mean that the Samba server on SLES9 can be a used as an Active Directory Server? No, Samba is not meant to be a drop in replacement for an Active Directory Server, although it can be added to an existing Active Directory tree. In order to add users to SLES9, you simply need to add them utilizing the YaST program, the shell useradd command, or any other program that will allow you to add users to the system. Computers can be added "on the fly" from the workstation when you add the machine to the domain.
Overall, it is much easier to maintain Users and Computers with Windows 2003 Server than it is with SLES9. Although it is still not that difficult to do using SLES9. The weird part of this functionality is the fact that Microsoft's Active Directory feature is simply a re-implementation of Novell's Directory Services. However, once Novell's Open Enterprise Server is released, this may be a moot point.
User and Computer Administration Leader: Win2k3
"Out of the Box" File Serving Performance
One of the main issues you want to look at when purchasing Server software and hardware is how well it will perform as a file server, especially on a Windows based network where you have to deal with "user profiles".
Windows User Accounts Overview
On a Windows NT/2k/XP based network, every user will have a domain user profile. The profile stores all of the user's settings, Internet bookmarks, etc. and how you implement profiles is dependent on how the users work on the network and how much control you want over the users. There are 3 basic profile types you can use. Local, Roaming and Mandatory profiles.
(In a nutshell) Local profiles are simply stored on the local machine that the user is on and if they adjust a setting on the machine, it will not be changed on any other machine. Roaming profiles are stored on a central server and will be downloaded to the local machine every time the user is logged on and will also be copied back to the server when the user logs off. The good thing about roaming profiles is that if you adjust something on one machine, the other machines will also use that change. Finally, Mandatory profiles are basically roaming profiles that the user cannot change, they will be copied to the local machine on log on, but will be deleted on logout.
In theory, roaming profiles are the way to go for most networks, not only because the users do not have to use the same computer to retain their settings, but because it also inadvertantly gives you a backup of every user's profile and the profiles are stored in a central location. Unfortunately, when roaming profiles are implemented they can be a huge performance hit on your servers, especially if the users login or logout at the same time.
Now that you somewhat understand why file sharing performance can be very important for logins as well as for sharing files, lets get on to the the benchmarks.
The computer hardware used in benchmarking both Operating Systems consisted of :
AMD Athlon XP 3000+ (400mhz FSB)
1 GB DDR Memory
Gigabyte 7N400 Pro2 Motherboard (nforce 2)
Adaptec 29160 SCSI Controller
40 GB Seagate Cheetah Hard Drive - 15,000rpm - latest version
Gigbit Network Controller (on motherboard)
NVidia Geforce FX 5600 (as if this matters)
To keep the number of variables to a minimum, I specifically chose hardware that has mature drivers on both Windows and Linux. I also stayed away from implementing any type of RAID in this test setup. Most servers should use a RAID implementation, but for this comparison I decided to only test the software on a solid hardware foundation for both Operating Systems.
For the clients I utilized a computer lab which consists of 20 NT4 Workstation computers ranging from Intel Pentium 3 - 733mhz computers to AMD Athlon XP 2600+ computers. Most workstations are directly connected to the same HP Managed switch as the Server, although 5 were connected to a small Dlink switch, which in turn was connected to the HP switch (Surprisingly, I did not notice any performance hit on those 5 computers).
For both Server Operating Systems, I simply used the default installs, loaded updated hardware drivers, updated each OS utilizing Windows Update and YaST Online Update, then set up a simple share that the Windows Clients could access. These results are what you will get "out of the box" for both products. I am sure that both products could be "tweaked" to improve the benchmarking scores, but in my experience, most network deployments will mostly stick to the default install, which is then customized to their network and domains.
legal stuff - The benchmarking suite I used was NetBench from Zonelabs. NetBench(R) is a registered trademark of Ziff Davis Media Inc. or its affiliates in the U.S. and other coutnries. PC Magazine's NetBench(R) version with the standard system Test Suite DM.TST, with the following adjustments - The number of clients were changed from the defaults to the following - 5 clients (using 5 computers) - 10 clients (using 10 computers) - 15clients (using 5 computers) - 20 clients (using 20 computers) - 25 clients (using 5 computers) - 30 clients (using 10 computers) - 40 clients (using 20 computers) - 50 clients (using 10 computers) - 60 clients (using 20 computers) - 80 clients (using 20 computers) - 100 clients (using 20 computers). The test was performed without independent verification by VeriTest testing division of Lionbridge Technologies, Inc. ("VeriTest") or Ziff Davis Media Inc. and that neither Ziff Davis Media Inc. nor VeriTest make any representations or warranties as to the result of the test.
As you can see I only used a total of 20 computers, which in turned emulated up to 100 computers. This may have had a impact on the results, but when I tested 5 computers emulating 20 computers against 20 computers, the numbers were pretty much the same, so I assume this did not matter much.
The throughput graph displays how much data the server can "dish out" with the number of clients requesting data. The response time shows how quick the server is able to provide the data to the clients depending on the number of clients requesting data at the same time.
As you can see from the graphs, Novell's SLES9 pretty much more than doubles the performance of Microsoft's Windows 2003 Server on the exact same hardware in both categories. This is very, very impressive, and shows the strengths of both Samba and the Linux kernel, as well as the attention to detail Novell/Suse employees had when implementing the default settings.
With this hardware Windows 2003 Server seems to max out on performance at approximately 30 Clients with a throughput of about 135Mbps, where SLES seems to max out on performance at approximately 60 Clients with a throughput of about 255Mbps. The response time is also about twice as fast on SLES9 than on Win2k3 on the same hardware. So, in theory, you can handle twice as many clients on the same hardware using SLES9 compared to using Windows 2003 Server. For the actual numbers you can view the OpenOffice.org calc sheet here.
For this article I tried different ways to improve the scores for Windows 2003 Server without touching the default install (which is what I am testing). This is why I only used Windows NT 4 Workstations since they provided better performace than 2000/XP did. I also ran the benchmark 5 times for Windows 2003 and took the best times from each benchmark (i.e. I took the best 5 computer results, the best 10 computer results, etc.), whereas with SLES9 I ran the benchmark 3 times and randomly chose one of the results (and it wasn't the best one).
After running the benchmarks for the article, I also tried to search the Internet for tweaks to the default install to improve Windows 2003's performance, and after applying all the tweaks I found, all I could get was maybe a 10-20% increase in performance. If anyone knows how to really increase the performance of Windows 2003, let me know and I will create an addendum to this. Apparently there has to be some magic voodoo you can do to gain performance on Windows 2003 Server since Microsoft continually states that Windows 2003 outperforms Samba.
Performance Leader: SLES9
While implementing this benchmark, I found a few interesting facts about our network. First, if you run Norton Antivirus on your workstations, you are definitely taking a massive hit. On the NT 4 machines, the usual throughput until the server gets maxed out should be around 6Mbs, with Norton Antivirus enabled it dropped to just over 1Mbps. On the 2000/XP machines I was going to use, the hit was not as dramatic, but it still dropped from 5-6Mbs to just over 3Mbps.
Another issue I found interesting with the NT Workstations was the fact that the 3com 3c905 adapters performed horribly with the MS drivers included with Service Pack 6a, but an install of the latest drivers from 3Com fixed the performance issue.
In today's software world, one of the issues you need to consider when implementing a network system is the softwares compatibility with other software. This not only means, does the software work with the given solution, but in many cases, is the software supported on the given solution.
Unfortunately software companies do not like to take the blame for any malfunctioning software, even if they are responsible they like to "pass the buck". I don't know how many times I had to deal with software support personnel telling me that the cause of the error has to do with the server software not being supported, then still having the problem after transferring everything to a "test network".
At the current time, this usually means that if you are not running a Microsoft Server, many software companies will not support the installation. So, when deciding upon the server platform, it is a good idea to find out what software the users are running to find out if the companies have a "servers supported requirement". Most software companies will usually support both Microsoft and Novell Servers, and I am assuming that they will also support Novell's SLES9 servers.
On the flip side, Microsoft Servers do not interact very well with other vendor's servers. An example: If you are going to use Active Directory, Exchange Server, or most of the other servers Microsoft provides, do not even think about using anything but a Microsoft DNS server. This is why I really got a kick out of Novell's Ad - "Random Access: Freedom to choose SUSE Linux or any other software you damn well please." - It kind of hits the nail on the head.
Before you implement any server solution, be sure to ensure all applications will at least run properly (be supported if needed) on the chosen architecture. Also keep in mind that if you do choose a Microsoft solution, be sure to calculate the expense of replacing any servers that might interfere with the functioning of Windows Server 2003.
Compatibility Leader: Win2k3
Cost wise, these products go in a different direction. Novell prices SLES9 on a per server basis, where as Microsoft prices Win2k3 not only on a per server basis, but also on the number of clients that actually connect to the server.
Novell's price for SLES9 (x86 and AMD 64 architecture up to 2 processors) is $349 per server per year. This includes however many clients you may connect to it.
Microsoft's pricing is a little more complicated.
First off there are different versions of Win2k3 Server available, once you figure out which version will suit your needs, then you must calculate how many clients will actually connect to your server, then finally (apparently) you must then decide if you have to purchase a "connector" license (not sure exactly what that is). So, the following chart compares the different prices for each server, depending on the number of users and architecture. All prices were computed using each companies web site, and Windows 2003 Enterprise Version is required if you want to use a 64bit processor.
|Software Pricing||SLES9||Win2k3 Standard||Win2k3 Enterprise|
As you can see, using Windows 2003 Server, as the network grows, so does the cost of the server software. This is one of the drawbacks of using any software that requires you to have a seperate "Client Access License" (CALs) for each computer accessing it's resources. Fortunately Novell did not take the CAL route when pricing their SLES9 Server. Let's hope Novell takes the same route when they price their Open Enterprise Server (I highly doubt it though).
Pricing Leader: SLES9
As you can see, Novell's SLES9 is a very worthy contender to Microsoft's Win2k3 Server in a Windows environment. Not only does SLES9 perform better on the same hardware, but it costs less - possibly more than 1/10th the cost of a Microsoft solution. So most of the "Lower Cost of Ownership" talk coming out of Redmond is either just plain false, or they think people cannot comprehend anything relating to computers that is not a Microsoft Solution.
Is SLES9 a perfect solution for every network? No, you still must factor in all issues before deciding upon the server software. Especially find out if you may have issues relating to software support from other vendors. Until Linux Servers become more popular in the Small-Medium network environment this will always be an issue.
For ease of Administration, Microsoft's Active Directory is a nice utility to manage the network.....but is it all that Microsoft says it is ? Most network installations that I have come across that utilize Microsoft Windows 2000 and 2003 server do not take full advantage of Active Directory. Mainly because they either don't know how to properly implement it, or they utilize login scripts to accomplish basically the same thing. As a matter of fact, a lot of the Administrators I know that handle larger Windows Installations (500+ computers) just use the basic features of Active Directory and use either ScriptLogic, Kixtart, or another scripting language to manage everything else. A few that I know even went to the extent of getting away from roaming profiles by having the login script create the user profile "on the fly" and just blow it away after the user logs off.
There are many other issues to consider when choosing a server platform that were not covered here. The first step you should take is figure out exactly what you want the server to do, then go from there. Other issues could involve disaster recovery, security monitoring / Intrusion Detection, "other than Windows" client access, clustering, other servers (such as Web Server,Database Server), etc.
Currently, unless you are going to take full advantage of Active Directory, or you have a vendor that refuses to support their product on anything but a Microsoft product, I cannot find a legitimate reason for anyone to choose Windows 2003 Server over Suse Linux Enterprise Server 9, especially for the price that Novell is selling it for. Novell has a golden opportunity here - First they need to start pushing SLES9 more. Second, once all the components of their "Open Enterprise Server" are finished, do not utilize outrageous pricing or licensing. It is much better to have 1,000,000 customers pay you $1,000 - $5,000+, than have 10,000 customers pay you $10,000 - $50,000+.
With SLES9, it's not "Where do you want to go today?", but Where do you want to be at for tomorrow's technology?