Today I attended the fall MSDN/Technet brief in the Hague, Netherlands, which is a free event. It was, therefore, nice to see Steve Balmer make an appearance. The theme was ‘Security eXPeriance’ and the sessions centred around ISA 2004 and MOM 2005 mostly.
I attended the hands-on lab for ISA and was quite impressed, even given my limited experience with ISA 2000. I like the fact that MS is now basicly moving towards a single interface that is a lot more intuitive than MMC.. everything now looks like Outlook 2003 😉
Took the lab manual with me, I am sure I can get my hands on the virtual lab to continue playing.
(ISA Server 2004 interface example)
I also attended a very interesting session that basicly squared off firewalling on a Linux platform, agains ISA Server 2004.
Now I know jack about Linux and the software you can get for it, but it was much as I suspected. Now I dont know specificly what firewall tool the Linux guy was using, he was using a web-based admin tool for everything on that machine, including the firewall bit, but even though it was point and click, it was considderably more work to configure anything, as even the most simplest rule had to be built from the ground up.
Now this is probably not a fair test, as I can easily imagine somewhere out there making rule-scripts available for whatever Linux firewall app. But apart from all that, you simply cant get around the interface ease and richness of ISA as a firewall product. Linux requires you to download (and compile) every element of functionality you need seperatly. And when it comes to interface, the only only thing that can compare.. and thus can directly compete.. is checkpoint, and even then ISA just looks plain better, but that should not be a point to take into considderation.
(Checkpoint Smartcentre interface example)
I can predict exactly what the average manager must think, and you should know I considder the average manager rather shallow; “Hey.. that ISA costs no trouble at all to administer.. I’ll just hire an junior admin, with no infrastructure experiance or knowledge at all, for that, and get rid of the Linux specialist who costs 4 times more per hour!”
The most important reminder I got out of the session, is that nothing beats in-depth knowledge of what you are doing. To use Linux effectively, you really need to understand what you are doing. With the average Microsoft product, this is often not the case.
This leeds to masses of lazy administrators. the ones I have often refered to in my previous posts. So I can tell you right now, if something broke down with the infrastructure, then I would far rather have a Linux sysadmin working on the problem, that your average Windows sysadmin, as with the Linux sysadmin, I can probably assume that he has more in-depth knowledge, simply because Linux requires that to get anything done.
As for Windows.. you have masses and masses of admins that know just enough to keep everything working, but not enough to effectivly troubleshoot issues, or help build better solututions to suite business needs. Who cares that you have a really easy to use firewall tool, if the firewall admin cant troubleshoot a routing issue effectively!