The primary server operating systems at Stanford are Linux (with a preference for Debian) and Windows Server. Central IT applications all run on those two platforms. Mac OS is supported through CRC (Computer Resource Consulting) for departmental servers. IT Services' ability to be an effective supplier of server hosting services depends on being able to support the platforms required by the customers; providing excellent reliability at an affordable cost.
- Debian Lenny is the preferred operating system for Linux systems, with some Debian Etch. Red Hat 5 is only used as needed per vendor specifications, with some remaining Red Hat 4.
- Ubuntu Hardy is used for servers running the Timeshare service.
- Centralized build systems that are more flexible and capable than any other on campus, and are used by other departments.
- IT Services provides leadership in Puppet configuration management best practices. This work has inspired the community and driven product improvement, and Stanford's expertise has been sought by many other institutions.
- Windows 2000 Server, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 are supported. Most hosting providers have moved to Windows Server 2008 or Windows Server 2008 R2 to take advantage of improvements in server management and scalability.
- The base operating system installation is fully automated, but applications are usually installed manually.
- Firewalls and other critical system settings are controlled by Group Policy.
For Mac OS X Server:
- Servers run OS 10.4 to 10.6.
- A minimum of 10.5 is recommended, and upgrades are planned for all current servers to meet this minimum recommendation.
- Some managed servers are part of a central directory system, while some servers are not.
All server operating systems are configured to follow the standards and best practices for that specific operating system. Standards applied include the Filesystem Hierarchy Standard for file locations on *nix systems, Debian Policy for software and scripts packaged for Debian systems, Red Hat's packaging guidelines for the same on Red Hat systems, Linux Standards Base requirements where applicable and supported by the Linux distribution, and Microsoft Operations Framework for Windows. This approach supports conformity, ease of management, and predictability of file location and behavior, which improves the ability to automate tasks and maintain systems over their lifespan.
As a measure of automation and auditability, IT Services will continue to move towards using packages for the deployment of binaries on systems. Linux native packages and signed Windows MSI packages are preferred over locally created packages. Configurations of servers will be managed using Puppet for the deployment of Linux configuration, and Microsoft System Center and Group Policy for the deployment of Windows Configuration.
Keeping efforts community-driven, IT Services will continue to be very active in the communities involved with the directions of OS platforms. Members of the Linux team will maintain Stanford-specific packages in the Debian distribution and steer the Debian distribution to better suit IT Services' needs. IT Services will actively participate in beta-testing programs for future Windows and Macintosh server operating systems. Feedback will be provided to Microsoft and Apple, both individually and through higher education peer groups, to continuously improve the operating systems that support by IT Services. When a new version of one of the above operating systems is released, IT Services should be ready to support it.
Conversely, because the Red Hat distribution is commercial, and therefore less community-driven, and because IT Services' experience with Red Hat has proven it to be less standards-based and less scalable. IT Services will continue to limit Red Hat deployment to applications where the vendor has specifically required Red Hat. Similarly, IT Services will continue to phase out the use of Solaris.
Technology trends that IT Services is considering as it develops its strategy in this area:
- The use of native packages for deploying binary files in Linux
- Increased importance of regular patch and update cycles for both security patches and new OS versions.
- Full disk encryption is now a standard feature in Windows Server operating systems.
- WS-management, a web services implementation of the Distributed Management Task Force standards, is becoming more universally available. IT Services is already targeting this on Windows, but it may be useful cross-platform.
- IPSec is becoming more broadly used as a network access control method.
- IPv6 is now commonly available, but has not yet been widely deployed.
- Mac OS X Server continues to be better suited for departmental needs, not enterprise-level solutions.
- Virtualized environments are now an option for the Mac OS X Server platform.
- Focus on true 64-bit architecture for Mac OS X Servers.
For Linux systems:
- Revise patching cycles, using the out-of-date reports to ensure quarterly patches are applied as scheduled.
- Continue server lifecycle processes with the configuration management database (CMDB).
- Move all configuration files with passwords into wallet.
- Decommission all RHEL3 and RHEL4 systems and/or migrate them to RHEL5.
- Decommission all Debian Sarge and Etch systems and/or migrate them to Debian Lenny.
For Windows systems:
- Integrate server lifecycle processes with CMDB.
- Complete deployment of System Center Configuration Manager for Windows Servers.
- Prepare for the next version of Windows Server in 2012.
- Deploy new servers using Windows Server 2008 R2.
- Sunset instances of Windows Server 2003 and prior versions of Windows Server. Production servers should be running Windows Server 2003 R2 or later versions.
For Mac OS X systems:
- Join to a central directory system for improved management.
- Sunset instances of Mac OS X Server that are not the most current or previous release.
- Move all servers to a centralized systems management system for access controls, patching, etc.
- Investigate and prepare for OS X virtual instances.
- Decommission or rebuild RHEL4 systems as RHEL5 systems
- Decommission or rebuild Debian Etch systems as Debian Lenny
- Train Windows staff on Windows Server 2008 R2 platform.
- Validate and update current services for ability to deploy Windows Server 2008 R2.
- Evaluate and update current server OS build methodology to support deployment of Windows High Performance Computing Edition clusters.
Mac OS X Server:
- Evaluate best approach for directory services. If campus offering is not available, migrate servers to CRC's (Computer Resource Consulting) Open Directory server.
- Work with clients to plan for and migrate to the most current server OS.
- Include Mac OS X Servers in existing IT Services-maintained monitoring and management tools.
- Evaluate and prepare for virtualization on the Macintosh platform.
Measures of success
- Decommissioning of all Solaris servers completed.
- All Windows Servers are running Windows Server 2008 or Windows Server 2008 R2, versus earlier operating systems.
- Decommissioning or upgrading RHEL4 or older systems, and Debian Etch or older systems, completed.
- All Mac OS X Servers are running 10.5 or higher.
- All Mac OS X Servers are joined to a central directory service.
- All Mac OS X Servers are moved to a centralized management system.