Re: Enterprise and Debian Pure Blends
Hi, Russ:
On Wednesday 04 August 2010 23:05:22 Russ Allbery wrote:
> At the enterprise level, it's even more
> likely than it is normally that any given OS is going to be hosting a
> single application at best, which means that there tend to be fewer
> applications installed on enterprise servers than the average Debian
> system. Also, generally server best practices say to install the minimum
> software required to do whatever task the server is supposed to perform.
> All of these work somewhat actively against metapackages.
I agree that, specially after the coming of virtualization in x86 systems,
people tend to use the "one system, one application" paradigm but I can't
agree that's a "best practice": it just avoids a short term management
problem (related to responsibility delegation and promotion management) but
adding a long term management problem (lots of systems -if even virtualized,
to manage which tends to end up with systems *not* managed).
I agree, however, with the "one system, one service" which is similar but not
exactly the same beast, and that's a point where "best practices"
documentation can be of great help.
In example:
It's a good thing having all you need to recover your site in a single box;
that means you need a backup server (i.e.: Amanda or Bacula), plus DHCP,
TFTP, DNS and some installation media (i.e.: D-I, FAI or the like),
configuration server (say, Puppet) and your site documentation (say, a Trac
environment).
Another server can be your "identity management" one, which could service LDAP
and Kerberos KDC for instance.
Then another could be your "border server" which can be your local network
firewall, advanced router and VPN server, etc.
> Making things work well together is important, but mostly not on the same
> system. The integration is usually at a level broader than on a single
> system.
Yes and that's a problem hardly managed (today) at the distribution level and
one that, say, Microsoft has focused on from the begining. Debian, for
instance, is a very good system for "at-the-box" level management and as
such, very "system administrator friendly" but lacks almost completly at
the "site" level (at install time: is this going to be a "stand alone"
server, an identity management server, an integrated in a "domain"
workstation...? and for day-to-day administration: group the boxes per
service family, group-manage debconf params and packages installed,
cross-system integration, cluster configuration...)
I know that going this path is not exactly a trivial task, to say the less,
and that each "site level" decision comes at the price of reduced flexibility
(I said it before, but Debian Edu offers quite a nice example) but that's why
I defend that going the "Best Practices" howtos and documentation is the
proper point to start with (offers guidance for those that care or need
without reducing flexibility when you know you need to go out the paved
road).
For an example I find quite revealing I'd point out to the "Samba By Example"
tutorial at http://www.samba.org/samba/docs/man/Samba-Guide in that it offers
quite detailed implementation details for a series of more or
less "standardized" scenarios (basic, the 500-user office and the distributed
2000-user network).
Cheers
Reply to: