We need software diversity in the enterprise.
Posted on Saturday, July 14, 2007 at 2:48 PM.At far too many companies I have witnessed the effects of homogenized enterprise-grade networks. While many claim that it's easier to support such networks, I often find that difficult to believe. The benefit brought on by the widespread similarity is often overshadowed by the severe negative consequences when things go wrong.
In the past, I have seen failed automatic updates take down entire offices for a day or more, leaving several hundred people idle. That is a complete disaster for most businesses! Such a scenario can happen when the administrators test on one system that is fairly similar to what the other users are using, but some slight difference in the configuration causes the problem to go undetected. Soon enough, the update is rolled out to everyone else, and the major problems begin.
Another major problem with such a setup is that of the security. A security flaw can simultaneously affect hundreds of systems. Depending on which software is affected, and the spread of its deployment, things can get pretty hectic. ZDNet has an article about a flaw in Java that may be extremely widespread. It will be very interesting to see how this situation develops, considering how Java is used at both the enterprise extreme of computing, as well as on mobile devices.
Now, we must remember that enterprise-grade computing consists of effectively making a number of tradeoffs. It's a matter of balancing usability, cost, security, maintainability and a whole host of other factors. But we must never allow ourselves to fall into the fallacy of thinking that uniformity will solve many of those problems.
So in my experience, I have noticed that companies with a fairly wide range of computing platforms tend to be the best off. They have just enough variety to segregate their network in a way that limits problems affecting one piece of software or hardware. But likewise, they don't have so much variety that it becomes difficult to manage.
One company in particular had what I'd consider a very sensible setup. Their backend database, mail, web, etc., servers ran Solaris and HP-UX. They used PCs running a variety of Linux distributions throughout the rest of their office, as a frontend to the Sun and HP hardware. The similarity in concept between HP-UX, Solaris and Linux, but the difference in implementation, proved very helpful. The administrators of the Linux systems were quite easily able to comprehend what the HP-UX and Solaris admins were dealing with, and vice versa. But a security problem affecting Solaris usually wouldn't hinder the other systems.
They kept the variability reasonable. They were able to effectively track security advisories for the different software they were using. Their use of high-quality, high-reliability systems further made their lives easier, and also more productive. In short, it was a setup that did a very good job of maximizing the benefits of similarity with the benefits of diversity. And we tend to only find this with UNIX-style systems, which tend to share similar concepts, but differ enough in implementation.
