DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 9th May 2014
gkbsd's Avatar
gkbsd gkbsd is offline
Port Guard
 
Join Date: Jun 2013
Posts: 23
Default OpenBSD in business environnement : a challenge ?

Hello,

Where I work we are using Linux Ubuntu servers, with their associated Landscape service. This service enables us to be notified of security updates (kernel, packages), and to apply them in bulk or per server basis (we just do a snapshot of the servers first). Lastly, a Ubuntu LTS (Long Term Support) can stay for five years, while still receving security updates.

I really prefer OpenBSD for many reasons, above all security, randomness, encryption, and also the great pf. The whole OS sounds more structured and solid. However I would have a really hard time pushing OpenBSD where I work, because of the need to upgrade every year (at best) or every six months. The third party packages provider M:Tier provides system and packages security updates as packages, that can be applied from command line. It brings a lot of fresh air compared to the way we had to apply packages security updates (building applications from ports-stable). It costs per server the same than Landscape, but it still seems like you have to log in into each server (no centralised web interface), and their LTS is one year (because obviously OpenBSD does not support older versions). At the end, every year the servers would have either to be rebuilt from scratch, or to follow an upgrade procedure that seems inconvenient (I read the FAQ about the sysmerge and all, it does not sound easy/error free/quick).

Please note that it is just my uninformed opinion, I knew OpenBSD at version 3.x (don't remember which one), then give up at version 4.3 at work because of the ammount of work to do (Linux was more automated and required less maintenance once set up), and just jumped back on the BSD wagon lately at home with the 5.5-current. I am by no mean saying I am right, rather I'm trying to explain why I find difficult to push OpenBSD in a business environnement. I would be more than happy to be wrong

Any opinions, input, and arguments will be welcome !

Regards,
Guillaume.
Reply With Quote
  #2   (View Single Post)  
Old 9th May 2014
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

  1. Long term support is not available from the Project. Patches are provided only for the most recent two releases; the release cadence means there is only one year of support.
    • Support for older releases would require either self-support or a commercial contract with a company willing to backport fixes.
    • Backporting fixes for older releases is time consuming and requires technical skills equivalent to that of an OS developer: significantly more advanced skills than those required for OS administration, including upgrades.
  2. Upgrading is easy *. Much easier than backporting fixes. The level of skill required is less than that required for installation, since provisioning of storage is eliminated.
    • The upgrade script copies new kernels into the root directory and overlays userland libraries (/usr/lib) and utilities (/bin, /sbin, /usr/bin, /usr/sbin, ..., ..., ...)
    • The /etc and /var structures are not touched by the upgrade script as the *etc*.tgz filesets are excluded.
    • The sysmerge(8) tool automates replacement of unmodified /etc and /var configuration files, and revision of locally customized files.
    • Third party packages can be updated by issuing a single command **: # pkg_add -u
* You must review the applicable Upgrade Guide. Some systems may require manual changes for certain applications, or as with 5.4 -> 5.5, there may have been a significant change to the system requiring the admin to take extra steps.

** The $PKG_PATH environment variable must be modified to match the new release.

Last edited by jggimi; 9th May 2014 at 01:57 PM. Reason: second footnote added
Reply With Quote
  #3   (View Single Post)  
Old 9th May 2014
gkbsd's Avatar
gkbsd gkbsd is offline
Port Guard
 
Join Date: Jun 2013
Posts: 23
Default

Thanks for your input That would mean that every six month an upgrade could be done, without the need to rebuilt from scratch. Eventually, we could still rebuild a server from scratch every X years if needed. Combined with third party patch providers like M:Tier to makes the whole proces of security patching quicker, that sounds like something more doable than what I first though

I may try to suggest that on my work place, who knows...

Regards,
Guillaume.
Reply With Quote
  #4   (View Single Post)  
Old 9th May 2014
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Consider the possibility of using the OS for specific, point solutions. That would certainly be an easier sell then replacing an entire infrastructure without clear economic incentive.
Reply With Quote
  #5   (View Single Post)  
Old 9th May 2014
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Although the following thread from the official misc@ mailing list does not specifically address "business usage" directly, it does discusses the upgrade process in regards to all OpenBSD flavors (see Section 5.1 of the FAQ for more on flavors...).

How OpenBSD can be used (& updated) in the business environment workflow is critical knowledge, & this thread gives the views of a number of project developers:

http://marc.info/?t=139947804000003&r=1&w=2
Reply With Quote
  #6   (View Single Post)  
Old 9th May 2014
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

And, there is also A Puffy in the corporate aquarium, M:Tier's story.
Reply With Quote
  #7   (View Single Post)  
Old 9th May 2014
gkbsd's Avatar
gkbsd gkbsd is offline
Port Guard
 
Join Date: Jun 2013
Posts: 23
Default

Very interesting links, thank you both :-)
Reply With Quote
  #8   (View Single Post)  
Old 11th May 2014
Oko's Avatar
Oko Oko is offline
Rc.conf Instructor
 
Join Date: May 2008
Location: Kosovo, Serbia
Posts: 1,102
Default

Quote:
Originally Posted by gkbsd View Post
Where I work we are using Linux Ubuntu servers, with their associated Landscape service.

Quote:
Originally Posted by gkbsd View Post
Please note that it is just my uninformed opinion,.
That pretty much summarized yout post. I feel sorry for you my friend
Reply With Quote
  #9   (View Single Post)  
Old 11th May 2014
gkbsd's Avatar
gkbsd gkbsd is offline
Port Guard
 
Join Date: Jun 2013
Posts: 23
Default

One day it will be an informed and experienced opinion
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenSSL challenge Ooonak OpenBSD Security 1 9th July 2012 02:47 PM
Business is booming in the world of hacking Beastie News 8 3rd August 2011 04:27 PM
EFF encourage Tor relays with the Tor Challenge J65nko News 0 1st June 2011 05:28 PM
Hardware Dell criples its latest business laptops with 'casual' keyboard layout vermaden News 12 27th April 2011 06:22 AM
Challenge: What computer is this? TerryP Off-Topic 3 9th January 2009 01:03 AM


All times are GMT. The time now is 08:44 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick