|Comparing Server OSes: Why SCO UNIX Is A Bad Idea|
|by Jem Matzan|
It's a rather difficult mission to shop for an operating system for a server. When most people think of server OSes they think of Unix, and when they think of Unix they think of SCO, the company that owns the Unix source code. But there are so many more choices out there, the least of which offers a dearth of advantages over SCO's Unix products. Having said that, let's explore the Unix world and take a look at what it has to offer the server and workstation market.
There are many different kinds of Unix out there, but very few of them are actually related to the original Unix code that is copyrighted by the Santa Cruz Operation (SCO). Development on the original Unix (UNIX System V) has been dead for a long time, but its codebase is kept alive through SCO's OpenServer and UnixWare operating systems as well as licenses which extend to other operating systems like IBM's AIX. The advantages of using a derivative of the original Unix source code are nil, but there are still some advantages to using a trademarked UNIX. Previously the primary advantages were that a trademarked UNIX could generally support more high-end server and workstation hardware, could support more of a workload, and could utilize the power of computers and clusters that contained multiple CPUs. But all of that is changing with the new generation of non-trademarked Unix systems like GNU/Linux and *BSD.
First of all, let's separate the trademarked UNIXes from the non-trademarked Unixes. The following is a complete listing of all operating systems that can legally and rightfully call themselves UNIX according to the UNIX98 standard. There is a newer standard, but at the time of this writing there were no operating systems that met the UNIX Specification Version 3 requirements. There are other UNIXes which conform to older, less strict standards, but UNIX98 covers modern hardware and accounts for such expected enhancements like year 2000 compliance (a comprehensive listing is below the OS list). Here is the listing of UNIX98 compliant operating systems, according to The Open Group's website:
As you can see, the Single UNIX Specification for UNIX98 applies not only to an operating system, but also the hardware it will run on. If we were to break the list down to reflect only compliant software, we would end up with a handful of operating systems that pass muster: IBM's AIX version 4 and later, Sun's Solaris version 7 and later, and Compaq's Tru64 UNIX version 5.1A and later.
According to The Open Group, here are the exact enhancements that UNIX98 has in addition to the standards carried over from the previous UNIX95 standard:
You may be wondering why there are no SCO operating systems in the UNIX98 list. The reason is that there are no compliant SCO Unix operating systems. UnixWare conforms to the older UNIX95 standard and OpenServer conforms to the even older UNIX93 standard, neither of which include any of the additions and enhancements listed above. So while UnixWare is genetically related to the original UNIX System V and is trademarked via the UNIX95 standard, it does not pass the qualification testing for the two most recent UNIX specifications. It's important to note that the UNIX trademark can be awarded to an OS regardless of whether it uses the UNIX System V source code or not. An OS can contain no UNIX System V source code and still be a trademarked UNIX.
So that's where Unix stands as far as standards and compliance are concerned. But what are the other details? What distinguishes each Unix? The following three tables list the relevent features of each server OS that we're comparing. While there may be some details left out, such as specific security protocols and programs, these are the details that each software distributor makes publicly available to potential customers. If there are omissions it is not from my lack of searching for the details.
Some examples of non-genetic Unix operating systems are GNU/Linux and *BSD, both of which enjoy the liberated licensing and readily available source code associated with their Free Software status. You can change them in any way that you want to, and you can even distribute them and sell them for a profit as long as you meet the terms of the GNU General Public License or the BSD License depending on which software you're using. None of these are trademarked UNIXes, but they support more platforms and software packages and are considerably cheaper in price.
The *BSDs have been in development for more than twenty years and as a result they're fast, efficient and secure. *BSD OSes operate on a wider variety of platforms than any other OS, making *BSD the most scalable and portable OS in the world. There are three main distributions under the BSD Licence, as shown below, and one major proprietary distribution by Wind River, formerly known as BSDi.
GNU/Linux is less mature than *BSD but it grows at a much faster rate. GNU/Linux has an amazing amount of native software packages and supports a modest number of CPU architectures. It can easily do symmetrical multiprocessing (SMP) with up to 16 CPUs (the 2.6 kernel can do up to 32) unlike Free/Open/NetBSD which is still struggling with proper SMP implementation. BSD/OS can do SMP but it is unclear how many CPUs it can handle, as that was not included with the information I had access to. Unlike the commercial trademarked UNIXes from SCO and Sun, there is no special license necessary to use the SMP capabilities of GNU/Linux. There are over one hundred separate distributions of GNU/Linux, so for this article I'm only going to list two of the more popular distributions that are designed specifically for servers.
Feasibility and Use
In looking over these tables, one can't help but wonder why SCO's UnixWare and OpenServer are even mentioned. They offer nothing over GNU/Linux, *BSD, BSD/OS, and Solaris, yet UnixWare is astonishingly more expensive than its competitors. There are other UnixWare offerings with reduced functionality, but they make even less sense -- if your server is only a single-CPU system you're far better off going with one of the *BSDs. OpenBSD is more secure, supports more architectures and hardware, has more server tools included and available for it, and it costs less.
Obviously if you're looking to buy high-end mission-critical mainframe, server, or workstation hardware and software, your best option is something from IBM, Sun, or HP/Compaq with their recommended OS installed on it. The high-end offerings from IBM offer the most tools, the most security, the most certifications, the most quality, and the most power of anything I researched for this article. AIX is the only choice you have for their high-end systems, but it's a good choice nonetheless. So if you're buying a high-end proprietary system, it's best (and more or less required) to use the Unix that they give you with it.
But what about smaller servers that don't need as much power? A good Itanium2, AMD Opteron, Sun SPARC (or UltraSPARC) or dual Xeon solution can meet the needs of most corporations for their business network, mail server, or file server at a fraction of the cost of a high-powered IBM or HP machine. If you don't need a mainframe, you don't need (and couldn't use) any of the high-end Unixes. Your options should be Solaris, BSD/OS and GNU/Linux for multi-CPU systems. You could choose UnixWare but you'd be limited to the IA32 architecture, so the most robust processor you could use would be the Pentium4 Xeon -- a good choice for many applications, but nowhere near the power of the 64-bit options mentioned previously. You could choose one of the *BSDs, but then you'd be limited to a single-CPU.
For a web server based on the IA32 architecture, your first choice should be one of the *BSDs. A recent Netcraft survey lists FreeBSD as the operating system of choice for the top five web hosting providers for May-June 2003. The *BSDs offer outstanding security, software and hardware support, and their uptimes are consistently higher than other OSes in its class. GNU/Linux is also an excellent option (as many service providers are discovering every day) and for that, SuSE would be a good choice due to its security features and server enhancements.
There seems to be a use for just about every Unix we've listed here, except of course for SCO UnixWare and OpenServer. As previously mentioned, these trademarked UNIXes don't meet the UNIX98 standard like the heavy hitters do. They're also severely limited in the hardware that they can use, and the licensing structure for both of them is draconian. UnixWare and OpenServer are the only Unixes that I have listed in this article that, like Microsoft, require you to pay for per-seat user licenses. The only conceivable reason for purchasing UnixWare is to run Unix binary packages, but even then we've already established that both FreeBSD and NetBSD can just as easily run the same Unix programs while at the same time supporting more hardware. And let's not forget that FreeBSD and OpenBSD are without the highway robbery of the SCO licensing program.
Everyone talks about scalability, but there is no IT lexicon to consult to learn the true definition of this word. Dictionaries don't yet list "scalability" in regards to the IT industry and there is no current definition close enough to draw a parallel to the implied definition given by software companies. From the context of software propaganda we can assume with a reasonable degree of certainty that "scalability" is the measure of an operating system's ability to adjust to newer, faster hardware without requiring a new or upgraded version. Frustratingly, every Unix on the market claims to be the most scalable, but few of them are correct.
AIX is scalable within the confines of the proprietary IBM architecture. So if you're upgrading your hardware on your uber-expensive IBM mainframe, server, or workstation, IBM guarantees that AIX can handle it as long as you stick to the compatibility list. Same with HP/Compaq and Tru64. These are proprietary OSes designed for proprietary hardware, and if you need to jump up to a new architecture you're likely to need a newer version of the OS. The top-end Unixes are not really all that scalable.
Solaris is a bit more scalable because it supports more architectures. You could upgrade an IA32 system to a brand new top of the line UltraSPARC and still keep the same OS (although it would have to be reinstalled/recompiled for the new system). It also supports a wider range of peripheral hardware. Solaris is sufficiently scalable for most users in most business environments.
SCO OpenServer supports only the IA32 architecture, meaning that it requires at least a Pentium-class system to operate properly and the most robust CPU it can handle is the P4 Xeon. The hardware compatibility list doesn't include very many devices made within the past year, further limiting the ability of the software to cope with new peripheral hardware. It's entirely possible that you may have to downgrade a newer server to older technology just to use OpenServer. UnixWare supports more hardware, but it's still limited to IA32. SCO's Unixes are hardly scalable despite their claims to the contrary, as quoted here from their website: "SCO OpenServer delivers tried and true performance, affordability, and unmatched reliability, scalability, and flexibility." I suppose if you didn't need a fast system and were totally ignorant of other Unixes, had an unlimited budget and were looking to upgrade a Pentium 60 with onboard video to a Pentium4 with a PCI video card, this statement might be true. I attempted to contact an SCO representative to comment on how SCO arrived at the above quote and another on the UnixWare site that makes even more bloated claims, but SCO refused to offer an explanation.
BSD/OS is similarly limited in its scalability, being confined by the IA32 architecture and a very thin hardware compatibility list. Unlike SCO, Wind River might actually make an effort to write or port a driver for the hardware you want to use if you contact them.
The open-source *BSDs we can lump into one category because they are all similarly scalable. They support a far greater range of architectures, platforms, and peripherals even up to some of the very latest hardware in a few instances. There is a larger team of more experienced developers working on the *BSD projects and therefore you can expect support for new hardware at an earlier date than you could from the proprietary UnixWare or BSD/OS. And again, the *BSDs are open-source Free Software, which means that you can take the money you were going to spend on buying an operating system and use it to pay a developer or a team of developers to make one of the *BSDs support the hardware that you need it to support. That's one of the great advantages of Free Software, and it increases the scalability and value of the operating system significantly.
GNU/Linux is not quite as scalable as the *BSDs are, but it's close. GNU/Linux doesn't support as many architectures or platforms as the *BSDs, but it does support far more peripheral devices. It also has a much larger developer base, so you can expect much faster driver support from the GNU/Linux community than you can from the *BSD community. As with *BSD, you can pay GNU/Linux developers to write drivers or software for your needs. SuSE offers much more scalability than Red Hat does, and at a lower price. Desktop GNU/Linux distributions are fairly diverse and you'll have to evaluate them on an individual basis if you're looking for a good desktop or low-end workstation operating system.
Security on a corporate server is a major concern. Obviously you don't want anyone breaking into your server and stealing important customer information, product prototype details, personal records, etc. Security, as the author of Applied Cryptography put it, is not a product, but a process. It is constant vigilance, thorough auditing and relevant expertise combined with the proper software tools.
In researching Unixes I've found that the software distributions worth buying are the ones who dedicate a significant portion of their resources to maintaining the security and integrity of their products. The unexpected loser here, unfortunately, is Red Hat. Not only did they fail to list their security measures, but they also did not list a security policy on their product website. If they don't list it, there are two possibilities: either security is not important to them or they don't know what their own security policies and precautions are. We can assume that there are some significant security measures built into Red Hat Enterprise AS, but we can only guess as to what they might be. If your network is isolated from the Internet then security is not as much of a concern, although it should never be completely ignored. In that instance, Red Hat is still a viable choice for a server or workstation OS. GNU/Linux can always be made into a fortress in terms of security, but that relies on installing the right programs. What we're looking at in this article is Unix operating systems sold as they are -- some come with a lot of security features built in, some come with security features available to install, and some come with none in the bundle and you have to find and install them on your own.
SCO insists that their products are secure, yet they make no effort to prove it beyond naming a small number of standard open security protocols. If their level of security is anything like their overhyped level of scalability, UnixWare and OpenServer are a security disaster waiting to happen. Searching the SCO website for "security" turns up no relevant information on the subject -- only security advisories for problems that have already been reported. An email asking for clarification of their security measures was not answered. Again, if they don't list their security measures then they're ignorant of security concerns. Once again, skip SCO if you want to run a secure server.
Solaris 9 has a plethora of security measures built in, and Trusted Solaris 8 boasts military-grade security. If everyone in the Unix family is listing all they know about security in their products, Solaris is one of the most secure choices you can make. Sun seems to have a very good security policy -- they're concerned with producing secure operating systems. Solaris is an excellent choice for servers and workstations exposed to the Internet.
AIX is right up there with Trusted Solaris in terms of security precautions. I'd say that a good IT security officer or system administrator plus AIX or Trusted Solaris equals the best high-end server and mainframe security you can buy.
Tru64 doesn't list much in the way of security. That's unfortunate for businesses that need secure machines -- they'll have to shop at IBM or Sun instead.
Again SuSE wins in the GNU/Linux department, offering a decent range of security features. There are no extraordinary security measures in SuSE -- not like Trusted Solaris -- but a good sysadmin should be able to keep a SuSE server safe from intrusion.
OpenBSD is rumored to be the most secure OS on the market. I'm not sure what standards were used to determine that title so I can't comment on its accuracy. What I can say is that OpenBSD has integrated data encryption and takes a cryptographic approach to security. It has a vigilant security team that actively searches for security flaws, and a long track record of success in keeping OpenBSD secure. If Solaris is too much money or if you need a wider range of hardware and software support, OpenBSD should be your choice for systems that need to be secure.
Both NetBSD and FreeBSD offer security teams just as capable as the OpenBSD team, but the primary focus of the other two projects is not security. That's not to say that security is not important to the other *BSDs, but it is not their primary concern as it is with OpenBSD. All three *BSDs are excellent, secure choices for whatever you can make them do.
BSD/OS seems to offer better than average security features, but much like SuSE there are no extraordinary security measures in place like in Trusted Solaris. Again, a good sysadmin or security officer can keep a BSD/OS server safe from intrusion.
Looking over the OSes we've been talking about in this article, there are a few things that stand out. The first is that SCO's UnixWare and OpenServer are underpowered, overpriced, and lacking in scalability and security. Furthermore the company is highly unstable, having gone through a long period of financial loss before deciding to blackmail corporate GNU/Linux users with legal threats backed by invisible and baseless claims. To add to it all, SCO refused to respond to any of my queries about product features, leading me to believe that most of their information is mindless propaganda. In short, the company stinks, their products stink, and you'd be insane to buy one of their operating systems for any environment, let alone a corporation with sensitive and important data. SCO may be the "true" Unix, but it's also the weakest.
Red Hat also seems a bit overhyped. For all the money you'd pay for Red Hat Enterprise AS, you sure don't get any advantages over the cheaper and more powerful SuSE. Speaking of SuSE, it's an excellent solution for your entire infrastructure. From the secretary's PC to the mail and file servers, you won't be disappointed with the products that SuSE has. If you're interested in GNU/Linux, SuSE should be a prime consideration.
There isn't much more I can say about AIX and Tru64. If you need them, you're stuck with them, but that isn't necessarily a bad thing. AIX is unmatched in the Unix world for power and security. I consider AIX one of the prime selling points of the IBM server family -- not only do you get super powerful hardware, but you also get a top-notch OS to go with it. You can't ask for more than that.
Tru64 is currently in a transitional phase. HP and Compaq have merged into one company, and so shall their Unixes follow suit: Tru64 is being discontinued in favor of HP-UX, which we haven't really discussed here because it wasn't on the list with the other UNIX98 operating systems. In the future I'm sure you can expect great things from HP/Compaq and the next version of HP-UX, but for now it might be best to leave them alone. If you need high-powered hardware, go with IBM or Sun.
Speaking of Sun, they have some great OSes on the market. They also have some mainframes and high-end servers out there as well, but from looking at the stats I'd say that IBM still has the edge in processing power (at a higher cost, of course). You won't go wrong with Sun, but more research may lead you to other solutions instead. If you need top of the line hardware, as I've been saying, IBM is the way to go at the moment. If you need something better than an IA64 architecture but don't need an IBM, Sun may have the perfect solution for you especially if you're looking for a mission-critical secure server. Even if you're not buying Sun hardware, Solaris 9 and Trusted Solaris 8 are excellent Unixes that won't fail you.
BSD/OS is in an SCO-like position. Why would you pay over $1100 for this Unix when you can get one of the *BSDs for free or at minimal cost? If you were considering UnixWare or OpenServer, I can guarantee you'll be happier with BSD/OS. It supports multiple CPUs, the source code comes with the binaries so you can make modifications if necessary, and the company is both responsive and diverse.
The *BSDs are all excellent operating systems. They're fast, well-coded, secure, they support more architectures than any of the other Unixes, they're ported to more platforms and devices than any other Unix, and they have a wide variety of software packages available. Best of all, the *BSDs are Free Software, meaning that you aren't subject to corporate software audits, per-seat licensing fees and paid upgrades.
In the end it comes down to what you need, how much money you have to spend and how willing you are to learn and adapt to new software. All of the OSes in this article look very similar on the surface, but what lies below is far more important. One thing is for certain: in making a decision about a server OS you can't allow yourself to be bullied into making a decision. Don't be a coward in the face of SCO's litigious attitude -- their products, as you can see, are substandard despite their heritage as the "true" Unix. The original Unix is no longer the powerhouse it once was -- now the big Unix players are independently developed in the open source community and in big corporations that design and sell hardware and software. If you need a powerful server, don't be afraid of Sun or IBM, or even HP if that's what you prefer. If GNU/Linux is right for you -- as I am sure it can be -- then choose GNU/Linux. If Solaris is right for you, go for Solaris. If it's *BSD or BSD/OS that you prefer, you've made the right decision by choosing one of them.
If you have any questions about this article, or about servers or operating systems, we welcome you to join our moderated message forums.
Copyright 2003 Jem Matzan. Verbatim copying and redistribution of this entire article are permitted without royalty in any medium provided this notice is preserved.
If there are no top or left frames, click here to restore them.