Saturday, January 30, 2010

CentOS Server Evaluation

Evaluating the CentOS Enterprise Server
There are a number of popular choices for Linux enterprise level servers including CentOS, Ubuntu, Debian, Slackware and others including Red Hat Enterprise.

This series of articles on a choice for a Linux Server will compare several of these Linux distributions to examine the advantages and disadvantages of each distribution.

What is important to recognize in this evaluation is that how you view advantages and disadvantages are dependent upon the expertise of your Linux administrators and the level of support you need to maintain your servers.


How to Evaluate Enterprise Servers
There must be criteria for evaluating enterprise level servers to make the comparison. In this comparison, each distribution has a focus or philosophy which drives them in a specific direction and influences package choice, package versions and hardware support. The first evaluation examines CentOS as an enterprise level server.



Focus: rating 9
The primary focus for CentOS is to provide a stable and secure community version of Red Hat Enterprise by building the distro from the source code of RHEL.

The emphasis on stability comes from longer testing of packages, conservative choices on versions and avoidance of cutting edge versions.

The emphasis on security comes from the years of hard work that have gone into the development and application of SELinux.

Though the focus on stability and security is a top priority for this distro this rating is not a 10 because of an increased interest in adding Desktop options to the packages which are in contrast to the primary goals.

Source: rating 8
CentOS is built from the source code of Red Hat Enterprise. For the most part these distributions are very similar.

However, one of the criticisms of CentOS has been the delay of release versions based on the fact that Red Hat releases their source and then packages need to be modified to create the version for CentOS.

The time delay has been a contested issue. The delay can be as much as 2-3 months which makes many people nervous about the future of the project.

You need to recognize that the developers need time to make the transition to the new version and must do testing to verify the integrity of the version change.

If you are looking for a Red Hat type distribution and need updates to versions immediately, you need think about purchasing from Red Hat.


Stability: rating 9
Stability is directly related to user base, choice of applications that are included and rigorous testing. The larger the user base the more likely you will discover issues so they can be resolved.

CentOS has a huge user base, the exact numbers are very difficult to estimate. I would venture to say that CentOS has the largest user base outside of RHEL.

The stability of CentOS is legend as it basically follows the path of RHEL in terms of package selection and testing.

If you can live with the limited packages that are available in the repository, you will find that the stability is indeed rock solid.

If you find yourself adding repositories that were not tested with the base system, then you will certainly see a loss in stability.


Security: rating 10
Security of course is directly related to stability. If your system in unstable it will certainly lead to security issues.

CentOS contains a number of important security features. The most powerful feature that it employs is that of SELinux or Security Enhanced Linux.

This powerful features provides realtime protection and limited liability if there is a compromise. That said, the majority of administrators turn SELinux off as it is difficult to manage, in their opinion.

If you turn off SELinux, you are downgrading your system security, especially as SELinux is the future for RHEL and will continue to be a focus.

Other important security aspects are Access Control Lists (ACLs) that are standard in CentOS. ACLs will help minimize the need for applications that have write permissions for others and provide the administrator with granularity for file permissions.

Encrypted Block devices which were made available in version 5.3 also provide a standard option. You can now encrypt a block device, a hard drive or partition, so that when the block device is not mounted it is encrypted, a very nice standard option.

CentOs comes standard with an iptables firewall frontend called lokkit which is easy to use but not really an enterprise level firewall.


Cost: rating 10
Cost is not only measured in the amount you pay for the code, which in this case it is free, but it is also a measure in available documentation, bugs that must be fixed and ease of management.

CentOS rates high in all of these aspects as there is sufficient documentation, it has limited bug issues and management is reasonable if the administrator is trained.

The level of CentOS Training of your Linux administrators is critical in understanding the cost. Just because you can install a Linux distribution for free does not mean in the end it will be cheaper that paying for licenses if your administrators do not have the skills needed to manage the server.


Features: 9
CentOS contains all of the necessary features for an enterprise level server like; apache, MySQL, PHP, vsftpd, sendmail, etc.

These applications work well together and are stable. However, you will see a frustration among users based on the version of MySQL or PHP, etc. because these versions are somewhat behind the cutting edge.

This is a result of the focus on stability and security. What this means for your organization is that if your software runs only on a specific version of software that is not standard to CentOS, you should evaluate this issue closely. The features are there if you can live with the versions.

SELinux – Though SELinux is often turned off by administrators, it is a major feature of CentOS. In order to use SELinux basically the entire operating system needs to be modified to add these file extensions.

SELinux is the focus in terms of security for this distro. If you want to use SELinux Centos or RHEL are the only real options as the other distros only use this as an add on feature which means it will have limited usability on those distros.

Creating better tools and making management of SELinux easier are under development.


Software RAID – Software RAID is a useful option and is to the point of being faster than some cheap hardware RAID, so this is solid feature supporting the major RAID levels.


Logical Volume Management – LVM will certainly be a necessary component of any Enterprise level server and CentOS has standard support for LVM2.


Access Control Lists – ACLs provide an important tool to manage file permissions based on user access. This is a default aspect with CentOS.


Block Encryption – Since version 5.3 you can use block encryption to secure partitions and drives.


Ease of Management: rating 10
CentOS uses the yum package manager and is an excellent tool for updates and installing applications. The advantage of yum is that it not only connects with the repository for the application you want to install but it also discovers and installs needed dependencies. The daily management of the system is straightforward.


Support: rating 7
Support for CentOs is based upon forums, documentation, and Google searches. The CentOS site link for commercial support is empty.

The important point here is that you need trained administrators to manage these systems as you cannot call CentOS for a solution although CentOs support is available for a fee from a number of sites. Because of the huge user base there is quite a number of blogs, posts, etc. that help you solve problems.


Summary:
If your focus is on stability and security for an enterprise level server CentOS is a great choice. If you need cutting edge hardware drivers and the latest versions of software, you may have to look at another Linux distribution like Ubuntu. Primary to any choice is having skilled administrators in charge of your enterprise server.

No comments:

Post a Comment