Re: OpenBSd or HP-UX?
On 8/31/07, frantisek holop <[EMAIL PROTECTED]> wrote: > hmm, on Fri, Aug 31, 2007 at 10:50:46AM +0200, Toni Mueller said that > > Although JCR calls it "FUD", my personal opinion is that HP-UX is quite > > dead, with today's commercial Unices being AIX or Solaris. The latter > > imho has the best prospects of surviving, now that IBM is also shipping > > it. > > it's not as dead as some of us wished it to be... > but at the moment it is definitely a dying breed... > but it's not something netcraft could confirm :) > we are talking about machines deep inside data center > bowels... > > -f > -- > he has a train of thought. you have a tricycle... > > Yeah there are installing a lot of Clearcase on HP-UX at work since HP is the one administrating it. So it's not dead but it probobly should be =) dunceor
Re: OpenBSd or HP-UX?
hmm, on Fri, Aug 31, 2007 at 10:50:46AM +0200, Toni Mueller said that > Although JCR calls it "FUD", my personal opinion is that HP-UX is quite > dead, with today's commercial Unices being AIX or Solaris. The latter > imho has the best prospects of surviving, now that IBM is also shipping > it. it's not as dead as some of us wished it to be... but at the moment it is definitely a dying breed... but it's not something netcraft could confirm :) we are talking about machines deep inside data center bowels... -f -- he has a train of thought. you have a tricycle...
Re: OpenBSd or HP-UX?
Hi, On Wed, 22.08.2007 at 00:58:09 -0600, Alvaro Mantilla Gimenez <[EMAIL PROTECTED]> wrote: >I need to install an LDAP server in my job. I am, obviously, an > OpenBSD guy but my boss wants to install the server with HP-UX. I need > to probe him that OpenBSD is a better solution than HP-UX but google you still didn't say exactly what LDAP should do in your company, or I have overlooked it. I have only (fading!) experience with older HP-UX on PA-RISC, plus a bunch of other commercial *nix stuff, but can see only corner cases (ok, for me, running SAP could be such a corner case) where using these systems instead of something in the Free Software world might be of advantage. You'd imho be mostly fighting very old software on very old and slow hardware instead of getting any real work done. So, if you want to make an informed decision, you'll have to spec out your usage scenario in much greater detail, and also conduct some experiments, as has already been suggested. > "poor" information about the HP-UX skills doing this role. The price for > the "solution" (HP-UX or OpenBSD) does not matter this time, so the > argument "OpenBSD is OpenSource and the other is a propietary Unix $$" > is not an acceptable argument. Although JCR calls it "FUD", my personal opinion is that HP-UX is quite dead, with today's commercial Unices being AIX or Solaris. The latter imho has the best prospects of surviving, now that IBM is also shipping it. You say that money does not matter at this point, the difference between a "solution" in the six-digit range may be still less preferable to one in the four- or five-digit range (just shooting into the dark here). Best, --Toni++
Re: OpenBSd or HP-UX?
* Darren Spruell <[EMAIL PROTECTED]> [2007-08-29 23:48]: > On 8/29/07, Jussi Peltola <[EMAIL PROTECTED]> wrote: > > On Tue, Aug 28, 2007 at 09:17:11PM +0200, Joachim Schipper wrote: > > > P.S. One more issue: you *do* realize that getting OpenBSD to > > > authenticate against LDAP is not entirely trivial, right? This might be > > > a serious problem if the LDAP system is to handle network-wide logins... > > This doesn't stop you from using OpenBSD as the server other machines > > authenticate against, or does it? I think it's only good that users > > can't login to the LDAP server itself. > > No, he's just pointing out that if you're using this to provide > centralized authentication for all the servers in your environment as > well, OpenBSD won't take advantage of it well. you do get centralized authorization against ldap. what you don't get is name service from ldap. you do need to script sth that gets the accounts from ldap and creates them locally - yes, that sucks. but still password chekcing etc is done against the ldap directory. With a script like mentioned above this should be fine for most setups. (which doesn't mean the having ldap as name service in openbsd would be bad. i hope we'll see that sometime soon) -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
Re: OpenBSd or HP-UX?
On 8/29/07, Jussi Peltola <[EMAIL PROTECTED]> wrote: > On Tue, Aug 28, 2007 at 09:17:11PM +0200, Joachim Schipper wrote: > > P.S. One more issue: you *do* realize that getting OpenBSD to > > authenticate against LDAP is not entirely trivial, right? This might be > > a serious problem if the LDAP system is to handle network-wide logins... > This doesn't stop you from using OpenBSD as the server other machines > authenticate against, or does it? I think it's only good that users > can't login to the LDAP server itself. No, he's just pointing out that if you're using this to provide centralized authentication for all the servers in your environment as well, OpenBSD won't take advantage of it well. > I'm only checking to be sure, since I'll need to set up a new LDAP server > for the unofficial *nix users group we have at school, and since we have > nobody except a bunch of busy and lazy students to administer the boxes > OpenBSD would be a painless choice... LDAP is a fantastic choice. OpenBSD can do what you need. Why in the world are you even tossing HP-UX around for this purpose? ;) DS
Re: OpenBSd or HP-UX?
On Tue, Aug 28, 2007 at 09:17:11PM +0200, Joachim Schipper wrote: > P.S. One more issue: you *do* realize that getting OpenBSD to > authenticate against LDAP is not entirely trivial, right? This might be > a serious problem if the LDAP system is to handle network-wide logins... This doesn't stop you from using OpenBSD as the server other machines authenticate against, or does it? I think it's only good that users can't login to the LDAP server itself. I'm only checking to be sure, since I'll need to set up a new LDAP server for the unofficial *nix users group we have at school, and since we have nobody except a bunch of busy and lazy students to administer the boxes OpenBSD would be a painless choice... Thanks, Jussi Peltola
Re: OpenBSd or HP-UX?
Gerardo Santana Gsmez Garrido wrote: 2007/8/29, Joachim Schipper <[EMAIL PROTECTED]>: On Tue, Aug 28, 2007 at 09:45:01PM +0200, Marc Balmer wrote: Joachim Schipper wrote: P.S. One more issue: you *do* realize that getting OpenBSD to authenticate against LDAP is not entirely trivial, right? This might be a serious problem if the LDAP system is to handle network-wide logins... OpenBSD can not authenticat against an LDAP server. Well, stricly speaking it can, but you have duplicate all accounts on OpenBSD. So realistically it can't. Yes, that's what I meant. Sorry for being so oblique, but I presumed the original poster was aware of this issue. Mind you, duplicating all accounts on OpenBSD isn't actually impossible in almost all sane circumstances - it's just that you lose most of the benefits of LDAP. Joachim I haven't setup an LDAP server on OpenBSD yet but I'm thinking of it. I was surprised with your message. Isn't using sysutils/login_ldap and configuring it in /etc/login.conf enough for authenticating OpenBSD users against an LDAP server? Why do you have to duplicate accounts? Unfortunately, you have to duplicate the accounts on OpenBSD. This has to do with the way user- and group-ids are accessed. If you want to help a bit that we eventually can change that, contact me privately offlist. - mb
Re: OpenBSd or HP-UX?
2007/8/29, Joachim Schipper <[EMAIL PROTECTED]>: > On Tue, Aug 28, 2007 at 09:45:01PM +0200, Marc Balmer wrote: > > Joachim Schipper wrote: > >> P.S. One more issue: you *do* realize that getting OpenBSD to > >> authenticate against LDAP is not entirely trivial, right? This might be > >> a serious problem if the LDAP system is to handle network-wide logins... > > > > OpenBSD can not authenticat against an LDAP server. Well, stricly speaking > > it can, but you have duplicate all accounts on OpenBSD. So realistically > > it can't. > > Yes, that's what I meant. Sorry for being so oblique, but I presumed the > original poster was aware of this issue. > > Mind you, duplicating all accounts on OpenBSD isn't actually impossible > in almost all sane circumstances - it's just that you lose most of the > benefits of LDAP. > > Joachim I haven't setup an LDAP server on OpenBSD yet but I'm thinking of it. I was surprised with your message. Isn't using sysutils/login_ldap and configuring it in /etc/login.conf enough for authenticating OpenBSD users against an LDAP server? Why do you have to duplicate accounts? Thanks -- Gerardo Santana
Re: OpenBSd or HP-UX?
On Tue, Aug 28, 2007 at 09:45:01PM +0200, Marc Balmer wrote: > Joachim Schipper wrote: >> P.S. One more issue: you *do* realize that getting OpenBSD to >> authenticate against LDAP is not entirely trivial, right? This might be >> a serious problem if the LDAP system is to handle network-wide logins... > > OpenBSD can not authenticat against an LDAP server. Well, stricly speaking > it can, but you have duplicate all accounts on OpenBSD. So realistically > it can't. Yes, that's what I meant. Sorry for being so oblique, but I presumed the original poster was aware of this issue. Mind you, duplicating all accounts on OpenBSD isn't actually impossible in almost all sane circumstances - it's just that you lose most of the benefits of LDAP. Joachim -- TFMotD: cal (1) - displays a calendar
Re: OpenBSd or HP-UX?
> In general the only truly fair test data you'll find is in the various > presentations made by Theo and other developers over the years which > compares OpenBSD to itself, with and without specific security features > enabled. It can give you a rough idea of the performance cost of the > various security features, but you need to realize different archs, > systems, and even processors can yield slightly different results for > such tests. This sounds interesting. Are there slides or a linky to this sort of thing? --Bryan
Re: OpenBSd or HP-UX?
Joachim Schipper wrote: P.S. One more issue: you *do* realize that getting OpenBSD to authenticate against LDAP is not entirely trivial, right? This might be a serious problem if the LDAP system is to handle network-wide logins... OpenBSD can not authenticat against an LDAP server. Well, stricly speaking it can, but you have duplicate all accounts on OpenBSD. So realistically it can't.
Re: OpenBSd or HP-UX?
On Mon, Aug 27, 2007 at 07:07:58PM -0600, Alvaro Mantilla Gimenez wrote: > Jacob Yocom-Piatt wrote: >> tried to take a bit of a side adventure and get HP-UX going on a PA-RISC >> machine and it's no walk in the park. for cost, support, compatibility and >> simplicity reasons i've abandoned the project and decided to use other >> OSes instead. > > How was your adventure?? Can you be more specific?? I know the cost > part...obviously it is more cheaper run OpenBSD that HP-UX. But i need > more...something really heavy like "I tried to install an OpenLDAP with > HP-UX and the system load with 2000 users rise to the sky...but the same > number of users with OpenBSD had an incredible performance and never pass > from 10% of load"or whatever... I wrote a huge mail, but essentially: `what Jacob said'. I think that if you manage to convince the right people that a network of smaller nodes has advantages (higher availability, better scalability, lower `TCO' - whatever), OpenBSD - with low cost, good and cheap support, and very competitive performance - becomes a very attractive option. On the other hand, if you really need a 16-core machine with 32 GB of memory, installing OpenBSD gets you cool dmesg pr0n but not a really useful configuration - OpenBSD doesn't perform too well on such beasts. (Although I see Jacob's point in that you can still use OSS even if it's not OpenBSD.) I'd focus my research on this issue. In the end, though, the goal should not be to use what you like best; the goal should be to pick what is best for the business. (And OpenBSD can be a very good fit, and picking something that is not too offensive to the person maintaining it *is* good for the business; but still.) Joachim P.S. One more issue: you *do* realize that getting OpenBSD to authenticate against LDAP is not entirely trivial, right? This might be a serious problem if the LDAP system is to handle network-wide logins... -- TFMotD: dbmmanage (1) - create and update user authentication files in DBM format
Re: OpenBSd or HP-UX?
Alvaro Mantilla Gimenez wrote: > Travers Buda wrote: > >> *snip* >> >> Just tell him that OpenBSD in the stead of HP-UX will be >> cheaper, faster to setup, and easier to maintain (because >> of your experience with Open.) Both OpenBSD and HP-UX can >> do LDAP, yes, but it's yourself that makes the difference here. >> >> Oh, and you have much more freedom in picking out your hardware >> (back to the cheap tangent.) >> >> -- >> Travers Buda > > It would be wonderful convince my boss with that argumentbut the > next question he will ask is: "What ifyou die tomorrow?? Who can > maintain the system??... What if you go with HP/UX (or ANYTHING else) and you die tomorrow? Answer is always the same: you have to have more than one capable person on staff who knows the product. It's not just about your death, of course...you DO want to be able to take some time off without having the phone stuck to your ear, right? Cross training people on OpenBSD is much easier -- I bet you have more OpenBSD-capable HW laying around than you do HP/UX capable HW. People can practice at home..and even put systems to use at home. Your resulting system will have to be documented. People will have to look at that documentation and verify its completeness. It doesn't matter what OS and apps you run, you will have to document HOW you implemented your systems. Contrary to many boss's expectation, they can't just pick up the phone and have your replacement magically walk through the door and pick up where you left off. Using a commercial OS doesn't change this, your IMPLEMENTATION must be documented. Your real question is not the OS, but rather the applications that you are running (LDAP in your case). Your hypothetical replacement will spend a lot more time learning your LDAP application and implementation than they will the OS it is running on. Nick.
Re: OpenBSd or HP-UX?
Alvaro Mantilla Gimenez wrote: We run an OpenLDAP installation on OpenBSD that is fully synchronized on two servers (one master, one slave) for the public schools here. ~15'000 accounts and all important systems (email, fileserver, even the ~80 firewalls, login, etc.) pull their data from it. Can you send me a dmesg of this computers? I think it is a good start to know how big is the hardware that i need to support something like that with OpenBSD... No dmesg at hand, but there are regular 19" servers (Fujitsu Siemens and Dell in this case) with Xeon CPU, 2 GB RAM, U320 SCSI or SAS Raid with fast (15K) disks. It is in operation for several years now, not a single problem with it. Which version of OpenLDAP are you running in this moment?? The one that is in ports. - mb
Re: OpenBSd or HP-UX?
On 8/27/07, Alvaro Mantilla Gimenez <[EMAIL PROTECTED]> wrote: > Travers Buda wrote: > > > *snip* > > > > Just tell him that OpenBSD in the stead of HP-UX will be cheaper, faster to > > setup, and easier to maintain (because of your experience with Open.) Both > > OpenBSD and HP-UX can do LDAP, yes, but it's yourself that makes the > > difference here. > > > > Oh, and you have much more freedom in picking out your hardware (back to > > the cheap tangent.) > > > > -- > > Travers Buda > > It would be wonderful convince my boss with that argumentbut the > next question he will ask is: "What ifyou die tomorrow?? Who can > maintain the system??... Easy. Let him know that any person who has a grasp of the written language can easily pick a system up and administer it by reading the available documentation. I'm not kidding - this is an easy win. Docs are a strong point and an unappreciated one. How hard is it to find good for commercial Unix variants? It works out for me that even if you find the docs, it's incredibly hard to find the specifics you're looking for in all the fluff. Between the excellent manual pages and online docs (e.g. http://www.openbsd.org/faq/), coupled with the amassed years of other users' experience and developer input found in the misc@ archives, it is not difficult for anyone with some Unix familiarity to pick OpenBSD up and run with it. DS
Re: OpenBSd or HP-UX?
On Monday 27 August 2007, Alvaro Mantilla Gimenez wrote: > J.C. Roberts wrote: > > The reasoning for HP-UX is brand name recognition, vendor support, > > and of course job security -when something goes wrong, your boss > > can blame the brand name vendor in hopes of saving his own ass. > > And this is, i think, the main point for my boss and his "not > understanding" about the advantages of OpenBSD over HP-UX. But...i > have hope yet...he does not "close the door" to the OpenBSD > possibility. He wants probes...only i need to find a heavy argument. > For example...the developers that port OpenBSD to HPPA and HP300 > platformsmaybe they have benchmarks between this machines running > HP-UX and/or OpenBSD. It works better?? > The hppa port is for 32bit. The hppa64 port will run more modern 64bit parisc systems. With the correct hardware both hppa and hppa64 are usable but you need to realize two things: (1) the ports are still under development and (2) benchmarks lie. The *ONLY* "benchmarks" that are applicable to your decisions are from the tests that *YOU* run in *YOUR* environment. Your boss should read up on LDAP and realize it was designed to scale by supporting clustering, fail-over and fault tolerance... -In other words it was built to run effectively on a bunch of lower cost commodity machines, as well as on huge expensive beasts. Unless you do a full case study with adequate testing in your environment, there is absolutely no valid justification for spending a ridiculous sum of money on huge massively multi-processor systems. > > LDPA has similarities to both database servers and file servers, so > > even though it's not an exact match, performance metrics for > > database/flle servers may be relevant to LDAP. As always, *YOUR* > > environment and requirements must be tested to get any truly > > meaningful performance metrics. If you have truly insane load and > > storage requirements, and an unlimited budget, spending a quarter > > of a million dollars on a very high end, 16+ CPU, Itanium box > > running HP-UX may be a better choice than OpenBSD. Then again, if > > that's really the case, I would prefer to go with big Sun hardware > > and Solaris under those circumstances. > > This is a good point too. Is it the performance of OpenBSD running on > Sun computers equal to Solaris?? Personally...i think Solaris...sucks > !! But there is no a technical opinion here...it is only i like the > OpenBSD way to do the things. For me, Solaris is a like a big > dinosaur. > In some of the BS comparisons you'll find, OpenBSD is often just slightly slower due to it's memory/stack security and other security measures which other operating systems lack. Since other operating systems do not have these advanced security features, you can't really call the comparisons fair. In general the only truly fair test data you'll find is in the various presentations made by Theo and other developers over the years which compares OpenBSD to itself, with and without specific security features enabled. It can give you a rough idea of the performance cost of the various security features, but you need to realize different archs, systems, and even processors can yield slightly different results for such tests. > > By comparison, the multiple processor support in OpenBSD is for > > i386 and amd64, and how well it will scale in *YOUR* situation can > > only be found through testing. Personally, I've never seen a 16+ > > CPU dmesg, but I'm not a project developer, and someone may very > > well be using OpenBSD on such hardware. > > Anyone that wants share his experience with this type of hardware? > > > There are people from this list who deal with fairly large > > LDAP/SASL installations on OpenBSD. Chris Paul (sentinare.com) and > > Jason Dixon (dixongroup.net) come to mind but I'm sure there are > > others. > > Do you have their emails?? Please, give my email to them if they > decide to share some information with me. (I look the emails too, > maybe are public...i don't want to bother anyone with unwanted > email). > I already gave you their web sites and Jason has replied in this thread suggesting you look at http://www.OpenBSD.org/support.html for people/companies who specialize in OpenBSD LDAP installations. > > The best business decision is the solution that gives you the > > greatest reliability and security for your requirements with the > > least amount of investment. OpenBSD has a very good chance of > > coming out on top in the majority of fairly tested comparisons. The > > corner case of insane loads and storage requirements is the one > > *possible* exception but even then, it may be sufficient. > > Do you have urls of this fairly tests? > You missed the main point. You will never find urls to test results that are truly applicable to your decision. Any "benchmarks" or "testing" you might find on the web should be considered irrelevant since they could easily be fake, or wrong, but
Re: OpenBSd or HP-UX?
On Aug 27, 2007, at 8:57 PM, Jacob Yocom-Piatt wrote: Alvaro Mantilla Gimenez wrote: Travers Buda wrote: *snip* Just tell him that OpenBSD in the stead of HP-UX will be cheaper, faster to setup, and easier to maintain (because of your experience with Open.) Both OpenBSD and HP-UX can do LDAP, yes, but it's yourself that makes the difference here. Oh, and you have much more freedom in picking out your hardware (back to the cheap tangent.) -- Travers Buda It would be wonderful convince my boss with that argumentbut the next question he will ask is: "What ifyou die tomorrow?? Who can maintain the system??... not sure, but i do think jason dixon is still offering support contracts this is WA cheaper than anything you'll get through HP on the support contract tip You really don't want me for LDAP support contracts. I'm sure there are plenty of other qualified consultants on the support.html page. Know your strengths, know your weaknesses. ;) --- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
Re: OpenBSd or HP-UX?
Jacob Yocom-Piatt wrote: tried to take a bit of a side adventure and get HP-UX going on a PA-RISC machine and it's no walk in the park. for cost, support, compatibility and simplicity reasons i've abandoned the project and decided to use other OSes instead. How was your adventure?? Can you be more specific?? I know the cost part...obviously it is more cheaper run OpenBSD that HP-UX. But i need more...something really heavy like "I tried to install an OpenLDAP with HP-UX and the system load with 2000 users rise to the sky...but the same number of users with OpenBSD had an incredible performance and never pass from 10% of load"or whatever... you CANNOT discount the value of having essentially direct access to the devs on these lists. the karma and assistance you receive as a result of making even small donations is considerable and, in my experience, better than any phone or tech support i've received from companies that support "enterprise" software. for a fraction of the cost of a support contract you can get direct access to the programmers and cut out the nimwits on the phone you have to wade through. I agree with you... as jc said, the only situation i can imagine where you'd want to run something "enterprise" is in the case that you need a monolithic server. unless the hardware is wacky, i'd still be inclined to run an opensource OS on it for the support reasons cited above. not very familiar with LDAP configs here but i imagine there is a way to spread load between machines, making the monolithic solution pointless. thanks for the reminder to investigate LDAP more closely... =) Thanks to you... Alvaro
Re: OpenBSd or HP-UX?
J.C. Roberts wrote: The reasoning for HP-UX is brand name recognition, vendor support, and of course job security -when something goes wrong, your boss can blame the brand name vendor in hopes of saving his own ass. And this is, i think, the main point for my boss and his "not understanding" about the advantages of OpenBSD over HP-UX. But...i have hope yet...he does not "close the door" to the OpenBSD possibility. He wants probes...only i need to find a heavy argument. For example...the developers that port OpenBSD to HPPA and HP300 platformsmaybe they have benchmarks between this machines running HP-UX and/or OpenBSD. It works better?? LDPA has similarities to both database servers and file servers, so even though it's not an exact match, performance metrics for database/flle servers may be relevant to LDAP. As always, *YOUR* environment and requirements must be tested to get any truly meaningful performance metrics. If you have truly insane load and storage requirements, and an unlimited budget, spending a quarter of a million dollars on a very high end, 16+ CPU, Itanium box running HP-UX may be a better choice than OpenBSD. Then again, if that's really the case, I would prefer to go with big Sun hardware and Solaris under those circumstances. This is a good point too. Is it the performance of OpenBSD running on Sun computers equal to Solaris?? Personally...i think Solaris...sucks !! But there is no a technical opinion here...it is only i like the OpenBSD way to do the things. For me, Solaris is a like a big dinosaur. By comparison, the multiple processor support in OpenBSD is for i386 and amd64, and how well it will scale in *YOUR* situation can only be found through testing. Personally, I've never seen a 16+ CPU dmesg, but I'm not a project developer, and someone may very well be using OpenBSD on such hardware. Anyone that wants share his experience with this type of hardware? There are people from this list who deal with fairly large LDAP/SASL installations on OpenBSD. Chris Paul (sentinare.com) and Jason Dixon (dixongroup.net) come to mind but I'm sure there are others. Do you have their emails?? Please, give my email to them if they decide to share some information with me. (I look the emails too, maybe are public...i don't want to bother anyone with unwanted email). The best business decision is the solution that gives you the greatest reliability and security for your requirements with the least amount of investment. OpenBSD has a very good chance of coming out on top in the majority of fairly tested comparisons. The corner case of insane loads and storage requirements is the one *possible* exception but even then, it may be sufficient. Do you have urls of this fairly tests? jcr Thank you so much Alvaro
Re: OpenBSd or HP-UX?
Alvaro Mantilla Gimenez wrote: Travers Buda wrote: *snip* Just tell him that OpenBSD in the stead of HP-UX will be cheaper, faster to setup, and easier to maintain (because of your experience with Open.) Both OpenBSD and HP-UX can do LDAP, yes, but it's yourself that makes the difference here. Oh, and you have much more freedom in picking out your hardware (back to the cheap tangent.) -- Travers Buda It would be wonderful convince my boss with that argumentbut the next question he will ask is: "What ifyou die tomorrow?? Who can maintain the system??... not sure, but i do think jason dixon is still offering support contracts this is WA cheaper than anything you'll get through HP on the support contract tip Thanks anywayit is a good point to mention on the conversation with my boss. Alvaro
Re: OpenBSd or HP-UX?
Travers Buda wrote: *snip* Just tell him that OpenBSD in the stead of HP-UX will be cheaper, faster to setup, and easier to maintain (because of your experience with Open.) Both OpenBSD and HP-UX can do LDAP, yes, but it's yourself that makes the difference here. Oh, and you have much more freedom in picking out your hardware (back to the cheap tangent.) -- Travers Buda It would be wonderful convince my boss with that argumentbut the next question he will ask is: "What ifyou die tomorrow?? Who can maintain the system??... Thanks anywayit is a good point to mention on the conversation with my boss. Alvaro
Re: OpenBSd or HP-UX?
Marc Balmer wrote: We run an OpenLDAP installation on OpenBSD that is fully synchronized on two servers (one master, one slave) for the public schools here. ~15'000 accounts and all important systems (email, fileserver, even the ~80 firewalls, login, etc.) pull their data from it. Can you send me a dmesg of this computers? I think it is a good start to know how big is the hardware that i need to support something like that with OpenBSD... It is in operation for several years now, not a single problem with it. Which version of OpenLDAP are you running in this moment?? I can say nothing about HP-UX, but OpenBSD surely is a stable foundation for an OpenLDAP server. - Marc Balmer, micro systems Thanks in advance, alvaro
Re: OpenBSd or HP-UX?
On Wednesday 22 August 2007, Jacob Yocom-Piatt wrote: > tried to take a bit of a side adventure and get HP-UX going on a > PA-RISC machine and it's no walk in the park. for cost, support, > compatibility and simplicity reasons i've abandoned the project and > decided to use other OSes instead. > bummer. Was my previous guess was correct that HPUX patches/updates are only available with a HP support contract? If you still have the itch to tinker... > not very > familiar with LDAP configs here but i imagine there is a way to > spread load between machines, making the monolithic solution > pointless. > > thanks for the reminder to investigate LDAP more closely... =) > LDAP can do some *VERY* cool stuff including load balancing, fail over and similar. Whether you "need" a huge monolithic system actually depends on how you define "need" -See Marc Balmers' post regarding supporting multiple services for 15K accounts with only two servers. Chris Paul over at Sentinare (http://www.sentinare.com) provides SEC/NASD/SOX compliant message archiving with LDAP for publicly traded corporations and as far as I know, it's being done with racks of fast boxes rather than using super behemoth 16/32/64/128 CPU systems. To justify using behemoth systems you must have: 1.) money to burn 2.) insane load and storage requirements 3.) proper cost/benefit analysis and testing Even if you can justify using behemoths, would you rather have a full rack of 32, quad processor opteron systems which you can easily repurpose individually as business needs change, or would you rather spend the more money on a a pair of 64 processor beasts and fight the system partitioning battle? -The answer is usually defined by which flavor of marketing koolaid you drank and/or what kind of "incentives" the vendor is offering to you personally... there are few things better than an all expense paid eight week "training" course on some exotic island and there are few things worse than your boss going to the training. :-) jcr
Re: OpenBSd or HP-UX?
Alvaro Mantilla Gimenez wrote: Hi folks, I need to install an LDAP server in my job. I am, obviously, an OpenBSD guy but my boss wants to install the server with HP-UX. I need to probe him that OpenBSD is a better solution than HP-UX but google doesn't show a truly comparative between this two OS and there is a "poor" information about the HP-UX skills doing this role. The price for the "solution" (HP-UX or OpenBSD) does not matter this time, so the argument "OpenBSD is OpenSource and the other is a propietary Unix $$" is not an acceptable argument. Anyone have experience with this two OS?? Is there any heavy reason (argument) to choose one over the other? Remember: it is an LDAP server...not a database servernot a webserver.not a file server. tried to take a bit of a side adventure and get HP-UX going on a PA-RISC machine and it's no walk in the park. for cost, support, compatibility and simplicity reasons i've abandoned the project and decided to use other OSes instead. you CANNOT discount the value of having essentially direct access to the devs on these lists. the karma and assistance you receive as a result of making even small donations is considerable and, in my experience, better than any phone or tech support i've received from companies that support "enterprise" software. for a fraction of the cost of a support contract you can get direct access to the programmers and cut out the nimwits on the phone you have to wade through. as jc said, the only situation i can imagine where you'd want to run something "enterprise" is in the case that you need a monolithic server. unless the hardware is wacky, i'd still be inclined to run an opensource OS on it for the support reasons cited above. not very familiar with LDAP configs here but i imagine there is a way to spread load between machines, making the monolithic solution pointless. thanks for the reminder to investigate LDAP more closely... =) Thanks in advanced,
Re: OpenBSd or HP-UX?
hmm, on Wed, Aug 22, 2007 at 12:58:09AM -0600, Alvaro Mantilla Gimenez said that >I need to install an LDAP server in my job. I am, obviously, an > OpenBSD guy but my boss wants to install the server with HP-UX. I need > to probe him that OpenBSD is a better solution than HP-UX but google > doesn't show a truly comparative between this two OS and there is a > "poor" information about the HP-UX skills doing this role. The price for > the "solution" (HP-UX or OpenBSD) does not matter this time, so the > argument "OpenBSD is OpenSource and the other is a propietary Unix $$" > is not an acceptable argument. hard to believe there are still companies who are willing to waste money this way... let's look at a cursory TCO comparison: 1. which hp-ux? the last mohican PA-RISC or the no-one wants me Itanium? do you already have the hw or are you going to buy it? how expensive will it be to replace something that leaks it's smoke (i.e. stops working)? will you be able to replace it without a hp technician? 2. support are you going to buy a support contract? (because we have one, i don't know if patches and updates are freely available without this contract...) where can you go for help besides official support? ever tried to solve an obscure hp-ux problem? except the hp forums you are pretty much on your own... if you are primarily an bsd/linux person as opposed to a sysv4 hp-ux person, how much will you have to learn to move comfortably inside the system and do your work? will you start your job with a 3 week hp training course (hp-ux for advanced unix admins, hp-ux networking 1,2,3 and so on, and so on)? 3. software availability hp-ux is a quite typical commercial unix, userland is ancient, gnu stuff in semi-official packages and miles behind openbsd's port system, prepare to compile stuff and look for help compiling stuff... having said that we have a couple of netscape ldap servers here, mostly because of inertia: thery are too old to touch. but the main ldap servers are already linux boxen... -f -- support your local police force - steal!
Re: OpenBSd or HP-UX?
On Tuesday 21 August 2007, Alvaro Mantilla Gimenez wrote: > Hi folks, > > > I need to install an LDAP server in my job. I am, obviously, an > OpenBSD guy but my boss wants to install the server with HP-UX. I > need to probe him that OpenBSD is a better solution than HP-UX but > google doesn't show a truly comparative between this two OS and there > is a "poor" information about the HP-UX skills doing this role. The > price for the "solution" (HP-UX or OpenBSD) does not matter this > time, so the argument "OpenBSD is OpenSource and the other is a > propietary Unix $$" is not an acceptable argument. > > Anyone have experience with this two OS?? Is there any heavy > reason (argument) to choose one over the other? Remember: it is an > LDAP server...not a database servernot a webserver.not a file > server. > > > Thanks in advanced, There are two ways you can approach this question; logic and rhetoric. Or better said, reasoning and FUD. The FUD against OpenBSD starts with the fact that it is open source, has limitations on supported hardware (true of all operating systems), and often includes the (mistaken) fact that you cannot get support (-If necessary, you can purchase professional support for OpenBSD from many third-party companies.) In comparison to linux and freebsd, OpenBSD *supposedly* has a smaller installation base, and is therefore a niche product (-no one truly knows for sure how many installations exist of any open source OS). The FUD against HP-UX is that it's a "Dead Operating System" since PARISC has been discontinued, and Itaniaum support may not continue due to lacking sales. HP-UX also has a history of security problems. Of the commercial UNIX operating systems, HP-UX is a smaller player by comparison, and therefore a niche product. The reasoning for OpenBSD is very active continuous development, very impressive reliability and of course, the buzzword "security" which tends to overly impress any neophyte (even great security can be void in the hands of a incompetent administrator). The reasoning for HP-UX is brand name recognition, vendor support, and of course job security -when something goes wrong, your boss can blame the brand name vendor in hopes of saving his own ass. LDPA has similarities to both database servers and file servers, so even though it's not an exact match, performance metrics for database/flle servers may be relevant to LDAP. As always, *YOUR* environment and requirements must be tested to get any truly meaningful performance metrics. If you have truly insane load and storage requirements, and an unlimited budget, spending a quarter of a million dollars on a very high end, 16+ CPU, Itanium box running HP-UX may be a better choice than OpenBSD. Then again, if that's really the case, I would prefer to go with big Sun hardware and Solaris under those circumstances. By comparison, the multiple processor support in OpenBSD is for i386 and amd64, and how well it will scale in *YOUR* situation can only be found through testing. Personally, I've never seen a 16+ CPU dmesg, but I'm not a project developer, and someone may very well be using OpenBSD on such hardware. The questions you need to answer are how much load do you expect (and plan for) and how much storage do you require? There are people from this list who deal with fairly large LDAP/SASL installations on OpenBSD. Chris Paul (sentinare.com) and Jason Dixon (dixongroup.net) come to mind but I'm sure there are others. If you honestly expect to have *MASSIVE* loads and storage requirements (i.e. comparable a fortune 1000 company), you should talk to the folks who have done such things, get your own in-house testing done, and then make a decision based on your results. -Anything less is just blind guessing. The best business decision is the solution that gives you the greatest reliability and security for your requirements with the least amount of investment. OpenBSD has a very good chance of coming out on top in the majority of fairly tested comparisons. The corner case of insane loads and storage requirements is the one *possible* exception but even then, it may be sufficient. jcr
Re: OpenBSd or HP-UX?
* Alvaro Mantilla Gimenez <[EMAIL PROTECTED]> [2007-08-22 00:58:09]: > Hi folks, > > >I need to install an LDAP server in my job. I am, obviously, an OpenBSD > guy but my boss wants to install the server with HP-UX. I need to probe him > that OpenBSD is a better solution than HP-UX but google doesn't show a > truly comparative between this two OS and there is a "poor" information *snip* Just tell him that OpenBSD in the stead of HP-UX will be cheaper, faster to setup, and easier to maintain (because of your experience with Open.) Both OpenBSD and HP-UX can do LDAP, yes, but it's yourself that makes the difference here. Oh, and you have much more freedom in picking out your hardware (back to the cheap tangent.) -- Travers Buda
Re: OpenBSd or HP-UX?
Alvaro Mantilla Gimenez wrote: Hi folks, I need to install an LDAP server in my job. I am, obviously, an OpenBSD guy but my boss wants to install the server with HP-UX. I need to probe him that OpenBSD is a better solution than HP-UX but google doesn't show a truly comparative between this two OS and there is a "poor" information about the HP-UX skills doing this role. The price for the "solution" (HP-UX or OpenBSD) does not matter this time, so the argument "OpenBSD is OpenSource and the other is a propietary Unix $$" is not an acceptable argument. Anyone have experience with this two OS?? Is there any heavy reason (argument) to choose one over the other? Remember: it is an LDAP server...not a database servernot a webserver.not a file server. We run an OpenLDAP installation on OpenBSD that is fully synchronized on two servers (one master, one slave) for the public schools here. ~15'000 accounts and all important systems (email, fileserver, even the ~80 firewalls, login, etc.) pull their data from it. It is in operation for several years now, not a single problem with it. I can say nothing about HP-UX, but OpenBSD surely is a stable foundation for an OpenLDAP server. - Marc Balmer, micro systems
OpenBSd or HP-UX?
Hi folks, I need to install an LDAP server in my job. I am, obviously, an OpenBSD guy but my boss wants to install the server with HP-UX. I need to probe him that OpenBSD is a better solution than HP-UX but google doesn't show a truly comparative between this two OS and there is a "poor" information about the HP-UX skills doing this role. The price for the "solution" (HP-UX or OpenBSD) does not matter this time, so the argument "OpenBSD is OpenSource and the other is a propietary Unix $$" is not an acceptable argument. Anyone have experience with this two OS?? Is there any heavy reason (argument) to choose one over the other? Remember: it is an LDAP server...not a database servernot a webserver.not a file server. Thanks in advanced,
