Why would you use Windows?

| 1 Comment
This is a question from ServerFault that was there and then was no longer there because it's rampant flame-bait and got mod-hammered. But sometimes flame bait can make for good blog-posts, so here it is. Unattributed since the source no longer exists and I don't want to embarrass the asker.

As someone who has a good amount of experience with basic server setup exclusively on Linux, I'm wondering why anybody would want to use Windows.

I'm not asking this to make it into some snide comment, I just don't see any advantages.

The big things I think I would miss are:

  • SSH access. As far as I know, the only real way to remotely access a Windows service is via RDP or VNC or something similar, which is a lot more work if all I want to do is restart a service.
  • Open source software. From my experience, almost all open source server software is made for Linux. While some, like Apache, can also be run on Windows, a lot of the times it feels like it was added as an afterthought.
  • Easy configuration. I've never used Windows tools, but I love being able to apt-get install libapache2-mod-whatever. While package systems aren't technically part of Linux, most popular distributions use yum or aptitude or some packaging system which makes it a lot easier to handle updates.

Again, I've not used Windows extensively as a server, so please forgive me if some of these points are inaccurate.

A valid question. We had a thread much like this one on the LOPSA mailing list a while ago. And really, to a Linux admin, Windows looks like an expensive, opaque, and above all annoying way of doing what Linux can do in its sleep. This view is very couched in the observer's biases.

The consensus of the web this year is that if you want to do large scale web-application infrastructures, Linux is where it is at in spades. During my job hunt there were exceedingly few job-postings for Linux admins that mentioned something other than Web or DB duties. Web, DB, load-balancing, routing, orchestration, caching layers, it's all there and very well documented.

So why WOULD you use use Windows?

The number one reason I know of...

Because the application you're using requires it.

At WWU we had quite a number of off-the-shelf products require a Windows server because they were .NET applications. FLOSS versions may exist, but that's not what our users wanted. They wanted this piece of software that they picked out and is kinda standard in their industry, not some half baked open source project out of some other University.

Or for my current employer, a number of the key processing tasks we need to do are most accurately accomplished on Windows. The open source versions of these software packages get close enough, but part of what distinguishes us from our competitors is that we get closer then that.

The number two reason...

Because that's what you know.

This was why WWU was running Blackboard on Windows servers, even though it's a Tomcat application at the core. I'm pretty sure the reason for this is because what came before Blackboard was also running on Windows and our Windows admin inherited the new environment, not that the Linux admin said "Not it!" faster than the Windows admin. I know that admin found Linux confusingly opaque and convoluted.

The number three reason...

Because you don't have time/skill to maintain it yourself, and/or you're willing to pay someone else to do it for you.

If that application comes in a box, wrapped in an installation wizard, and comes complete with phone-home abilities to pull updates, notify the vendor (and later you) of problems, a lot of the effort in keeping that application going has now been outsourced to the vendor. Few FLOSS-stack products can do that, they need some skilled time to keep 'em up. To an organization looking to fire-and-forget, this kind of software is really attractive.



Now on to some of the asker's specific concerns regarding remote access, scalability, and software installs. Below the fold.

Remote Access

"As far as I know, the only real way to remotely access a Windows service is via RDP or VNC or something similar, which is a lot more work if all I want to do is restart a service."

Not so much any more. When operating in an Active Directory environment like Windows should operate in, and if you've set up your permissions right, restarting a service can be done from any Windows machine in the domain through use of the SC command. Entirely scriptable, able to restart the IIS services of a thousand servers from a single workstation.

Microsoft is making big strides in making their stuff scriptable. Most of the things you need to do to a Windows systems can now be done remotely without having console access, at least for the Microsoft software stack. Remote PowerShell is powerful stuff, as are the WinRM hooks. The NEED for that remote console goes down with each new update MS brings out.

But if you need that console, RDP is the way to go according to Microsoft. But you shouldn't need it.

Open-Source Software

There is a point here, but you only run OSS on Windows if you don't know Linux well enough to do it right on that platform. Or it comes bundled with your closed-source product for some reason (pretty common!). But then Windows applications are .NET applications more often than not, and for that you do need IIS.

Easy Configuration (I) Actual config

Complicating 'easy configuration' is that Windows config is housed in registry-entries and not flat text like on Linux. This is why there is no Puppet-for-Windows yet (they're working on that). However, to someone who is quite happy clicking through a GUI for config, a 23KB flat text file is quite intimidating. As those admins over at StackOverflow have pointed out, registry and text-file changes can be pushed out via group-policy fairly simply and uniformly. Like puppet.

Easy Configuration (II) Software installs and updates

This is a major difference. You can get linux-repo like behavior with a well set up SCCM server, but the down side is that you have to set up the SCCM server. For stuff that comes with Windows, the far easier to set up WSUS server is all that you need. But if you need third party tools like Java, you'll be stuck rolling your own updates into SCCM and then pushing the Deploy button to get it batched out to everything that needs it.

That said, dependency-hell is a lot less common on Windows. The need to keep going to the well for more software happens very seldom. When it does happen, generally with Open Source Software where that sort of thing is fairly common, the Windows admins get very cranky.


The asker clearly wasn't as familiar with Windows as they were with Linux. Not surprising, since some of these things are pretty new to the Windows world and violate the conventional wisdom in the Linux world regarding Windows. Yes, Microsoft is now making everything scriptable, which is forcing long-time Windows admins to start scripting. They've improved remote access and orchestration so that you can now actually manage scalable infrastructures without a lot of manual fiddling about.

The question was honestly asked, if somewhat explosively framed.

1 Comment

A correction: puppet does not push configs, it pulls them, like its
daddy cfengine. You are much better off running cfengine anyway :-)
instead of that puppet pig (tongue in cheek). By the way, cfengine
works (and has worked for a long time) in Windows (you can buy the
software or build it yourself and use it from cygwin). Either way,
it works nicely.

A few comments: yes, Windows is scriptable, it has been since the NT days
with Perl and the wonderful Win32 module which still works surprisingly
well on the latest windows versions. Now they are using their own
dog food (powershell) and killing their ugly duck (vbs). Still, the
standard shell remains cmd.exe (alas).

However:

Yes, a 23KB text file loaded *in* notepad.exe is quite
intimidating. Why can we not have a decent text editor with syntax
highlighting standard in the OS? All of a sudden, that same file is
not so intimidating. O, what a difference some color makes.

why can I still not log in from my linux workstation through ssh to
a windows server and fire up the sc command? I can log in from telnet
(the service is still there) ...

How do I manage a bunch of servers/workstations *not* members of an
AD domain *without* expensive (third party) tools or tools apparently
too 'difficult' to use for Windows admins like the excellent wpkg from
wpkg.org?

Why are the most useful sysadmin tools for Windows (sysinternals stuff)
still not included in the OS?

Why do I need to reserve at least 32GB (!!!!) for a system drive in a vm
environment for their newest server OS? WTF! I want my expensive SAN
filled with important data, not with system files.

Why do I need to buy a 3rd party backup solution to perform a 'brick
level' (stupid name, it is just a normal backup imnsho) backup/restore
from MS Exchange? WTF! I buy a product, I expect to have that stuff
out of the box (this may not longer be true in later Exchange Servers,
my experience stops at version 2003). And no, exmerge is not a 'brick
level' backup tool.

(Well, I googled it and it remains an 'all of nothing' backup with the MS
tools (http://technet.microsoft.com/en-us/library/dd876851.aspx). God.)

Why is the first user of a system still administrator? Why? I really
hoped that with Windows 7 this was going to be a thing of the past,
but alas. They very much prefer to annoy all domain admins with
useless UAC prompts (I am logged on as an admin user, do not bugger
me with useless warnings about how dangerous this could be, I need
to do it). The obvious workaround is to turn the damned thing off,
but that is not 'best practices', is it?

Why can't I send the Windows event log messages to a good old syslog
server (without 3rd party tools). Network printers do it, routers
and switches do it, why can't Windows do it? Please, this has been
working for 40 years, syslog really works, make it available. And to
those who will tell me 'syslog is dangerous', I have news for you,
syslog can be secured and does not have to do udp.

Why can't I perform an unattended installation and have the latest
security patches installed out of the box? Anyone having used FAI from
debian knows you can do it, if a bunch of hippies can, why can't MS?

Why use the abomination that is called
'the registry'? Why dear lord why?
http://rwmj.wordpress.com/2010/02/18/why-the-windows-registry-sucks-technically/

Do not get me started about drive letters ..., or why can't I just
mount a network drive and have it *always* available to everybody
for a system even when no on is logged in to the system.

Why do people think that buying a support contract suddenly solves all
their problems with software? In my experience, only the most expensive
support packages grant excellent support. For the rest, good luck
calling India (symantec, I am looking at you). And happy googling. Why
do you think serverfault is so popular among sysadmins? Maybe because
it's free?

....

I'll stop now, do not want to bother you any longer.

All big enough organizations need skilled operation teams. Skilled
operation teams should be knowledgeable in at least two of the 3 main
stream systems (Win/Mac/Lin). Skilled admins speak protocols (dns, smtp,
ldap, kerberos, etc), not vendor solutions.

So yes, Windows is here to stay, but it is not as important as it used
to be (and that is a Good Thing).