February 15, 2002

Seven reasons to consider moving from Solaris to Linux

Author: JT Smith

- by Robin "Roblimo" Miller -
What you'll see when you hit the "Read more" link is the full text of an internal memo written by a local government employee (name withheld at his request) whose bosses are considering switching some or all of their servers from Solaris to Linux. Interestingly -- and coincidentally -- this memo was drafted the day before Sun publicly embraced Linux. Will Sun's change of heart help keep this government agency as a customer? Or will the lure of Linux on low-cost generic hardware prove too strong? It'll be months before we know. Meanwhile, what do you think? Should this county government in the southeast United States switch entirely from Solaris to Linux over the next few years? Make a partial switch? Or should they stick with Sun, especially now that Sun is moving more toward Linux? Solaris to Red Hat Linux comparison

1: Lower hardware costs: Higher grade hardware can be purchased at lower cost with an Intel server than with Sparc, i.e. hardware Raid; multiple processors; more hard drive space; video encoding cards; more memory.

Support for x86 Solaris is being phased out, so this is not a viable option.

In order to stay within budget, software Raid is used on our Sun systems. This is complex to setup and is a performance penalty to system resources. While the same applies to software Raid on Linux, we avoid these issues because Intel hardware Raid is within our budget.

2: While many third party software packages available for Solaris are not available for Linux, the following are needed that are not available for Solaris but are available for Linux:

Mkcdrec * Recovery software; Ncpmount (allows connections to Netware); Wine/Windows emulation. (Wine is available on x86 Solaris but not on Sparc, and Sun announced the end of life for the WABI products on July 15, 1997. (Increased Sun activity in porting software like this to either Sparc linux or Sparc Solaris would help.)

3: Software packages like Bash, Openssh, Perl, Gcc, Apache are available for Solaris in an easy-to-install pkgadd format but Sun doesn't offer support for these packages as part of their normal OS support. Also, a number of packages on sunfreeware are considerably behind. For example, Apache is currently at 1.3.23, but the latest version on sunfreeware is 1.3.12, and the latest Red Hat Linux Apache rpm is version 1.3.22. Frequently updated packages reduces the complexity of maintaining a system by elimintating the need to compile every piece of software from the latest source. (Increased Sun activity in maintaining and supporting software on sunfreeware would help.)

4: Lowered software costs: Commercial software products like Cold Fusion, Pkzip, and ChiliASP cost more for Solaris than for Linux. This is typical across the industry for most software on Solaris. As a counter argument, a large number of packages available on Solaris are not available for Linux. But that is quickly changing. Arcims, for example, will not currently work on Linux, but Linux will be supported in the next release.

5: Simpler server recovery: A Linux server can be recovered quickly using CD recovery software (mkcdrec from sourceforge). This eliminates the need to do a complete reinstall of Linux and reconfigure any special software. Recovery time will vary from 30 to 60 minutes, and cd images are created nightly. Mkcdrec allows for you to build an iso image of your server that can be burned to a CD. Then you boot the server off the CD and it will rebuild all the partitions and make the system bootable. This allows a less-experienced administrator to quickly recover a server if I'm out sick or on vacation.

Ghost cannot be used on Sun hardware. A fully-supported Sparc Linux distribution by Sun would make it easier to port Mkcdrec and give some of our critical Sun systems better means for low cost easy recovery.

6: Reduced downtime with updating Linux: Linux only requires downtime for kernel patches. All other patches can be installed without bringing the server down. Security-related patches can be applied automatically. While the same applies to Solaris, Sun recommends bringing down Solaris when applying cluster patches.

Sun needs to make there cluster patches less complicated, perhaps by separating cluster patches into two groups; one cluster patch that requires downtime, and another cluster patch that doesn't require downtime.

7: Additional drawbacks to Solaris: You're forced to install a resource-hungry graphical user interface. X can be disabled, but that eliminates the ability to use multiple shell sessions and a decent text editor. (The default vi on Solaris is a pain to use unless you get vim from sunfreeware.)

Insecure telnet is installed by default. While an effective administrator should not install what is not needed, not everyone is an effective administrator. As a standard, telnet should be going away in favor of Secure Shell.

On Solaris 7 and below, insecure root access to ftp was allowed. This was finally fixed in Solaris 8 but only under pressure from customers. The reason why I included this is as another example of how Sun is slow to react to changes. This relates to the telnet example above.

Login passwords are limited to eight characters. Even if you set the password to "thispasswordislong" Solaris will only allow you to login with "thispass." This allows for reduced time on brute force password cracks. This applies to telnet, ftp, Secure Shell, and anything else that relies on the Solaris login facility. I tested a brute force crack on my shadow password file some time ago and was able to crack my password within 20 minutes. The password was nine characters long and had two numbers in it, but the last number was at the end of the password. All our new passwords have more random numbers. This helps alleviate this problem, but in practice a powerful PC(s) could crack a Solaris shadow password file quickly.

New Sun servers come with non-standard keyboard and mouse connectors. The 280Rs we have need a special USB adapter, the E250s need a special vga adapter, and the remaining E450 uses a proprietary Sun connector. All of our Intel Compaq servers rely on standard PS2 keyboard and mouse connections controlled through a KVM switch. We do have a KVM switch geared for Sun servers but we still need the special adapters for everything except the E450.


  • Linux
Click Here!