Re: Enterprise and Debian Pure Blends

To: debian-enterprise@lists.debian.org
Subject: Re: Enterprise and Debian Pure Blends
From: "Jesús M. Navarro" <jesus.navarro@undominio.net>
Date: Wed, 1 Sep 2010 15:37:16 +0200
Message-id: <[🔎] 201009011537.16329.jesus.navarro@undominio.net>
In-reply-to: <8762zq84x9.fsf@windlord.stanford.edu>
References: <20100804170722.GA14145@an3as.eu> <20100804202008.GA18841@an3as.eu> <8762zq84x9.fsf@windlord.stanford.edu>

Hi, Russ:

On Wednesday 04 August 2010 23:05:22 Russ Allbery wrote:
> At the enterprise level, it's even more
> likely than it is normally that any given OS is going to be hosting a
> single application at best, which means that there tend to be fewer
> applications installed on enterprise servers than the average Debian
> system.  Also, generally server best practices say to install the minimum
> software required to do whatever task the server is supposed to perform.
> All of these work somewhat actively against metapackages.

I agree that, specially after the coming of virtualization in x86 systems, 
people tend to use the "one system, one application" paradigm but I can't 
agree that's a "best practice": it just avoids a short term management 
problem (related to responsibility delegation and promotion management) but 
adding a long term management problem (lots of systems -if even virtualized, 
to manage which tends to end up with systems *not* managed).

I agree, however, with the "one system, one service" which is similar but not 
exactly the same beast, and that's a point where "best practices" 
documentation can be of great help.

In example:

It's a good thing having all you need to recover your site in a single box; 
that means you need a backup server (i.e.: Amanda or Bacula), plus DHCP, 
TFTP, DNS and some installation media (i.e.: D-I, FAI or the like), 
configuration server (say, Puppet) and your site documentation (say, a Trac 
environment).

Another server can be your "identity management" one, which could service LDAP 
and Kerberos KDC for instance.

Then another could be your "border server" which can be your local network 
firewall, advanced router and VPN server, etc.

> Making things work well together is important, but mostly not on the same
> system.  The integration is usually at a level broader than on a single
> system.

Yes and that's a problem hardly managed (today) at the distribution level and 
one that, say, Microsoft has focused on from the begining.  Debian, for 
instance, is a very good system for "at-the-box" level management and as 
such, very "system administrator friendly" but lacks almost completly at 
the "site" level (at install time: is this going to be a "stand alone" 
server, an identity management server, an integrated in a "domain" 
workstation...? and for day-to-day administration: group the boxes per 
service family, group-manage debconf params and  packages installed, 
cross-system integration, cluster configuration...)

I know that going this path is not exactly a trivial task, to say the less, 
and that each "site level" decision comes at the price of reduced flexibility 
(I said it before, but Debian Edu offers quite a nice example) but that's why 
I defend that going the "Best Practices" howtos and documentation is the 
proper point to start with (offers guidance for those that care or need 
without reducing flexibility when you know you need to go out the paved 
road).

For an example I find quite revealing I'd point out to the "Samba By Example" 
tutorial at http://www.samba.org/samba/docs/man/Samba-Guide in that it offers 
quite detailed implementation details for a series of more or 
less "standardized" scenarios (basic, the 500-user office and the distributed 
2000-user network).

Cheers

Reply to:

Follow-Ups:
- Re: Enterprise and Debian Pure Blends
  - From: Russ Allbery <rra@debian.org>

Next by Date: Re: speculations to characterize issues for Debian Enterprise
Next by thread: Re: Enterprise and Debian Pure Blends
Index(es):
- Date
- Thread