|Home » Learning Curve » Red Hat Diaries
Innocents in the Enterprise
Or why a university startup decided to not go with Apple server hardware.
Apple can be the media darling when it comes to user computers and gadgets but they're not winning points in the enterprise. This is no news flash exactly - but looking closer at how one university startup recently decided against Apple is instructive.
From the beginning Apple had but a single product targeted for enterprise computing: Xserve and the associated RAID systems. After the transition to Intel their RAID systems were left to die with the other PowerPC based products.
Perhaps you've already invested in Apple RAID systems? Oh goodness! What do you do for replacement parts? What happens if they drop other products in the future? What happens to your investment then?
Apple servers were still good hardware with a good OS that ran out of the box. They had good tools to get you up and running as soon as you plugged in.
Redundancy and scaleability are everything in cloud computing; Apple's Xgrid becomes attractive in this context because it simplifies management and the steps needed to integrate clusters. And as it's based on BSD you're pretty secure.
But that's the upside - the downside is much more formidable.
So Why Not?
Once you commit to Xserve you're locked in - you rely on Apple for all bug fixes, for all your software. Open source projects such as fink and macports don't even attempt to integrate their trees with /sbin and /usr/bin - and why not? Because they can get blown away by Apple at any time.
You can have the latest [and most secure] open source versions of everything - but you'll also have Apple's notoriously insecure 'behind the times' versions; how are you going manage that on a daily basis?
So why worry about Apple versions at all - why not just cut out them outs?
- Apple have but one server product. That's all you get. It has a premium price tag and you'd better be happy with how you get to configure it.
- One Vendor to Rule Them All. Other companies like Canonical and Red Hat can offer reliable support because they've been around and established a reputation - something Apple have demonstrably and consistently failed at.
- Security - what there is of it. Apple have a security profile that - to put it bluntly - simply won't work. And there's no room for discussion. Apple servers have widen open bleating gaping root escalation design flaws that people have been reporting for years. How about the Opener hole? How about the ARDAgent hole? MOAB 15? The system login items hole? The DNS hole? The input managers holes? The 'Finder' web applications hole? The protocol hole?
- No seamless whole disk encryption. FileVault is not only dangerous - it's also directly inapplicable in the enterprise where clients enter through network connections. Things just get more and more unwieldy as they try to scale upwards.
- Software integration. It's not straightforward integrating software from outside Apple. fink and macports don't even try. What do other vendors have to go through to integrate into Apple systems? Are you supposed to keep track of that too?
- Customisation. Apple's single prefab enterprise 'solution' is totally WYSIWYG on both the hardware and software sides. You don't like the OS kernel? Too bad. You don't like the hardware? Too bad.
- No exit strategy. Go with Canonical or Red Hat and you can still choose your own hardware. If your hardware supplier goes tits up you can choose another - the software will run on it. Canonical and Red Hat are true open source solutions: your code is good both today and tomorrow. In addition to having a better development process they can offer you code that's going to work no matter what happens to them.
Perhaps the ultimate deal breaker in the above bullet list is 'security': there's simply no excuse for leaving wide open design flaws in enterprise systems year after year. Selling services to other people means you're taking care of their data. How can you promise to take care of people's data when Apple systems are eminently exploitable out of the box?
But at the end of the day all the items in that bullet list are deal breakers. Given this context it's not surprising Apple have thrown in the towel and declare openly they're not soliciting clients in the enterprise: they're innocents the market can't take seriously.