There are two general items to consider when picking an operating system for a server.
Operating System Performance
The first item is operating system performance. A fast networking stack and fast storage i/o can help prevent slow downs. To generalize the field, there are two choices available in the field. The first is Microsoft Windows. The other is something Unix based.
Microsoft Windows vs *nix
We avidly avoid hosting “traditionally Unix services” like DNS, web, LDAP, etc on Windows. It’s not because of a deep hatred of Microsoft. We have a deep respect for the company and the advances they have made and continue to make in the operating system field. They have some very strong products. But Microsoft Windows still has some drawbacks when compared to some of the modern *nix based systems.
Windows servers tend to be large. They tend to take up large amounts of space. They tend to chew up more memory. In our case, they tend to be monolithic because, licensing Microsoft based servers costs quite a bit. We are forced to cram all of our Microsoft Services into smaller numbers of servers to afford licensing. Most of the Unix and Linux systems we looked at did not have this trouble with licensing.
At the last time our engineers checked, a fresh and bare install of Windows Server 2012 was larger than 10GB on disk. Our current Linux distribution is using 8.7GB of disk space. That Linux system includes all updates, an entire web server and application server, a MySQL based database and a backend LDAP server to manage clients. There are a couple WordPress installs jammed in there too. The large storage difference is likely related to the Graphical User Interface. We haven’t had a chance to play with Windows Server Core which may be more in line with our Linux servers that provide only command line access.
Over the years our engineers have had to try to squeeze Microsoft’s operating systems. Memory is important. Windows tends to be heavier that your baseline Linux Server Operating systems. Our Linux server is running Nginx, PHP-fpm 5.6 and PHP-fpm 7.0, SLPAD, and an ftp server on 388MB of memory. We’re not sure we can get Windows to boot with 512MB of memory. When it does boot, we don’t want to try to host any production level websites on it.
We have been waiting for someone to point us to some benchmarking that shows that Microsoft Windows has caught Linux in network performance. We’re not sure why there tends to be such a big difference in performance when comparing Windows to Linux but we suspect it is largely do to the memory usage differences and the ability to fine tune kernel level settings in Linux.
Operating System Security
With Windows out of the way for (at least perceived) performance issues, we are left to a choice of something in *nix family. We are looking at FreeBSD, Apple, and the various Linux Kernels here. Apple hasn’t seemed to take servers seriously in years so we’ll move on to the real discussion: FreeBSD vs Linux. The performance differences between the two have been debated and argued on both sides to a point of futility. FreeBSD and the Linux Kernel are both stellar performers in all of our categories.
From a security stand point, both operating systems follow the same underlying philosophies. Stuff like “keep it simple” and “least privilege granted”. We could compare security advisories and patch times and come out with negligible differences.
The only discussion we want to cover in security between these two is one of patch licensing. FreeBSD comes with a very liberal license. It basically says, “Do what ever you want.” Linux is slightly more restricted. The Linux license boils down to, “Do what you want, but you have to let others do what they want too.” The two licenses sound almost identical.
A “Derivative” work under a FreeBSD license can be licensed in anyway the author sees fit.
A “Derivative” work under a Linux license must be licensed under the Linux license.
The issue that happens is that the FreeBSD community implements some cool feature. The Linux community then comes along and takes that feature and adds it to Linux. Any patches or improvements made to the Linux variant can’t be ported back to FreeBSD because the Linux License applied tot he patch is not compatible with the FreeBSD license.
It’s perhaps a weak argument, but the potential to be “licensed out of a patch” is what shifted us into the Linux realm.
Still 1000 choices
The Linux “distribution” scene is a mess. There are 1000s of different variants of the Linux operating system. To save ourselves from describing ALL of them, we will focus on the big few.
- Red Hat Enterprise Linux
Debian is huge right now. It’s got a legacy as a “super stable” distribution. It was the base for the mega popular Ubuntu distribution. It’s a solid operating system and was the de-facto choice years ago for servers.
Red Hat Enterprise Linux was Linux built for the enterprise. It’s the Windows of the Linux Business world. CentOS is a de-branded clone of RHEL and has made strides in competing with Debian/Ubuntu in the server market.
SUSE Linux has been the long time competitor of RHEL in the enterprise world. Our engineers don’t have much experience with the operating system. We hear great things from a lot of the senior folks, but we get the idea that Red Hat stopped taking them seriously awhile ago…
Gentoo Linux is the perfect distribution for the person that wants to spend more time playing with Linux than dealing with customers. Properly configured and setup, these systems are amazing. Our engineers just don’t have the experience with the quirks to make it feasible.
Debian vs Red Hat
This is where I feel the need to introduce the winner: Oracle Linux. Oracle Linux is RHEL binary compatible distribution. Basically, Oracle Linux is Red Hat Linux with Oracle enhancements. That is two massive enterprise companies full of experts and master researchers ultimately working on the same project.
At this point we are picking hairs between Debian/RHEL/any derivative. The differences, are virtually cosmetic. To that end, we went with our gut and chose Oracle Linux.
Choosing Oracle Linux puts us in a position such that we can use a “Free as in beer” operating system and should we encounter a point where we need enterprise support, we have the option to pay for it. That ability to get professional enterprise support helps us sleep at night.
The Missing Peices
Many people on the web spend hours debating the merits of the various packaging and package manager philosophies. We love them, and we love binary package distributions. But with that said, our important software: Nginx, PHP, etc. are compiled by hand from source. We like having the latest versions. We live on the bleeding edge. Sometimes we pay for early adoption, but most times we are just the first to benefit from new features and improvements… It’s hard to find any distribution running the latest PHP7Beta version in there package manager right now… And for good reason. But that’s risk we are willing to take to get the performance gains.
With performance and security as key considerations, we chose enterprise class software with enterprise support available.