Topic
  • 4 replies
  • Latest Post - ‏2007-05-13T06:36:33Z by igorM
igorM
igorM
266 Posts

Pinned topic Why are differences between DB2 for Windows and DB2 for Linux/Unix?

‏2007-05-10T12:12:19Z |
Hi,
why is there a need to have different install procedures on Windows and Linux/Unix?

On DB2 for Windows I can choose to have one user to have all DB2 tasks (das, instance owner, fentced) but on Linux is this not possible. Why?

Thanks,
IgorM
Updated on 2007-05-13T06:36:33Z at 2007-05-13T06:36:33Z by igorM
  • ocgstyles
    ocgstyles
    472 Posts

    Re: Why are differences between DB2 for Windows and DB2 for Linux/Unix?

    ‏2007-05-10T13:47:50Z  
    Hi,

    I thought the GUI based installs for Win & *nix were pretty similar and they both (can) create the necessary userids needed for the instance. On *nix, you also have the script-based install option, which I find easier to use anyway...

    As far as the user accounts go, on *nix, you the fenced user and instance owner can share the same userid, Its fine for test environments, but not recommended in a production environment for "security" reasons. If you aren't using any non-fenced procedures or UDFs, I wonder if if the account is needed in a production envrionment...

    You DO NEED a different userid to use for the DAS though. I would attribute the platform differences to the security models used on the particular OS. On *nix environments, we don't just hand out administrative rights to anyone, which is what's commonly done on Windows (The DAS owner needs to be a local admin - but why should he be able to control the whole box?!?), but rather with *nix we only give what's needed and nothing more.

    That's just my perspective...

    • Keith
  • igorM
    igorM
    266 Posts

    Re: Why are differences between DB2 for Windows and DB2 for Linux/Unix?

    ‏2007-05-11T09:42:23Z  
    • ocgstyles
    • ‏2007-05-10T13:47:50Z
    Hi,

    I thought the GUI based installs for Win & *nix were pretty similar and they both (can) create the necessary userids needed for the instance. On *nix, you also have the script-based install option, which I find easier to use anyway...

    As far as the user accounts go, on *nix, you the fenced user and instance owner can share the same userid, Its fine for test environments, but not recommended in a production environment for "security" reasons. If you aren't using any non-fenced procedures or UDFs, I wonder if if the account is needed in a production envrionment...

    You DO NEED a different userid to use for the DAS though. I would attribute the platform differences to the security models used on the particular OS. On *nix environments, we don't just hand out administrative rights to anyone, which is what's commonly done on Windows (The DAS owner needs to be a local admin - but why should he be able to control the whole box?!?), but rather with *nix we only give what's needed and nothing more.

    That's just my perspective...

    • Keith
    Keith,
    "thought the GUI based installs for Win & *nix were pretty similar" -> I know there are pretty similar, but why aren't they the same? Where is the need of two different installation.

    "*nix, you also have the script-based install option, which I find easier to use anyway..." -> I have installed by script also. But I just can't see any benefit. OK, you have more control with script - but why is no script on Windows? Windows admin don't need more control?

    "ts fine for test environments, but not recommended in a production environment for "security" reasons" -> I agree, but security is not important on Windows? Why difference - if security is important can we say IBM makes less secured DB2 on Windows than *nix?

    "On *nix environments, we don't just hand out administrative rights to anyone, which is what's commonly done on Windows" -> I never assign admin rights on Windows as well. I don't agree security is more important on *nix vs. Windows. "Data" is the think it counts - not OS that stores data.

    "The DAS owner needs to be a local admin - but why should he be able to control the whole box?!?" -> OK, and what is the difference between Windows and *nix? Why should you let local admin to have control over whole box?

    I just don't see any good argument to have differences between DB2 on Windows vs *nix. Why should someone have less options if using different OS? Security should be independent of OS.
  • ocgstyles
    ocgstyles
    472 Posts

    Re: Why are differences between DB2 for Windows and DB2 for Linux/Unix?

    ‏2007-05-11T13:39:25Z  
    • igorM
    • ‏2007-05-11T09:42:23Z
    Keith,
    "thought the GUI based installs for Win & *nix were pretty similar" -> I know there are pretty similar, but why aren't they the same? Where is the need of two different installation.

    "*nix, you also have the script-based install option, which I find easier to use anyway..." -> I have installed by script also. But I just can't see any benefit. OK, you have more control with script - but why is no script on Windows? Windows admin don't need more control?

    "ts fine for test environments, but not recommended in a production environment for "security" reasons" -> I agree, but security is not important on Windows? Why difference - if security is important can we say IBM makes less secured DB2 on Windows than *nix?

    "On *nix environments, we don't just hand out administrative rights to anyone, which is what's commonly done on Windows" -> I never assign admin rights on Windows as well. I don't agree security is more important on *nix vs. Windows. "Data" is the think it counts - not OS that stores data.

    "The DAS owner needs to be a local admin - but why should he be able to control the whole box?!?" -> OK, and what is the difference between Windows and *nix? Why should you let local admin to have control over whole box?

    I just don't see any good argument to have differences between DB2 on Windows vs *nix. Why should someone have less options if using different OS? Security should be independent of OS.
    Hi Igor,

    Out of curiosity, since I work with DB2 on Windows, practically never, what are the differences you notice during install, aside from using script based install?

    Natively speaking, DOS scripting is really inferior to what you can do on *nix with shell scripting. Actually, it would be nice to see MS develop a more advanced native shell for their OS, not only for DB2's sake. The MS way is way more GUI based than command line based, so I think the install just follows this practice.

    I'm not saying security is more important on one OS than the other. I'm just saying the models are different, and so are the "best practices". In my experiences, I do notice Unix admins definitley harden security more than the Windows admins. It makes me think about how the NT admins where I work actually have me as a local admin on my laptop rather than enforce me to use a separate username for administrative functions. They tell me to use my admin account for when I work on Windows servers, but completely disregard my laptop. Yea, I know I can change it myself... ;-)

    But you definitely have some interesting questions and observations. Hopefully some of the IBM moderators here can give us some more info...

    • Keith
  • igorM
    igorM
    266 Posts

    Re: Why are differences between DB2 for Windows and DB2 for Linux/Unix?

    ‏2007-05-13T06:36:33Z  
    Hi Keith,
    [i]"Out of curiosity, since I work with DB2 on Windows, practically never, what are the differences you notice during install, aside from using script based install?"[/i] -> I am not comparing script vs. GUI install. There are some differences. I am comparing Linux GUI (db2setup file) vs. Windows GUI. I was just wondering why do I need tree different users on *nix and why I can have only one on Windows. This is not the question about security and importance of one OS vs. another. I also use DB2 on Windows where data are way more important that for example data that we have on one DB2 for Linux on zSeries (IBM mainframe). So IBM states there is one platform Linux, Unix and Windows - if this is true why are there differences.

    Btw, installation is just one maybe less important factor, because it is only done ones. Why I can't make a DB2 backup on Linux and restore DB2 on Windows - I would need this option at least ones a week. According to my knowledge backups can be moved only inside Unix (AIX, HP, Solaris) and not to Linux and Windows. Why? I can have a OpenOffice document and move it from Windows to Linux or I can move whole virtual machine from one VirtualBox operating system to another: for example from Windows to Linux and vise versa.

    And another example is backup images (I haven't test this on v9 if something is changed there). On Windows they are stored in folders for example C:\mydbbackupdir\SAMPLE.0\DB2\NODE0000\CATN0000\20070101 and then there is backup image, but on *nix there is just file without directory structures. I am using [url=http://www.cygwin.com/]Cygwin[/url] (Unix scripting for Windows) to make one code for Linux and Windows, but as I see almost all the code is duplicated because of DB2 differences between Linux/Windows. BTW, there are also "Microsoft Windows Services for UNIX" which are Unix commands on Windows - I have tried this too, but I prefer using Cygwin, because it is open source and it is already installed on all ours Windows computers.
    [i]Natively speaking, DOS scripting is really inferior to what you can do on nix with shell scripting. Actually, it would be nice to see MS develop a more advanced native shell for their OS, not only for DB2's sake.[/i]I agree, but bear in mind dos scripting was written for DOS and was recommended method for using it inside Windows NT 4.0. After that Windows 2000 and up there is visual basic script language (.vbs files) which is default scripting language on Windows not dos scripting. No matter, I don't like visual basic because I can't use one code on Windows and Linux, so I use Cygwin. Although I know visual basic language which is very powerful probably more then *nix scripts. There is just not cross-platform.
    [i]"I'm just saying the models are different, and so are the "best practices". In my experiences, I do notice Unix admins definitley harden security more than the Windows admins. It makes me think about how the NT admins where I work actually have me as a local admin on my laptop rather than enforce me to use a separate username for administrative functions.[/i]I totaly agree, but this is administrators problem. Unix force security, Windows recommends - there is completly different philosophy Unix: nothing allowed if you need something then grant; Windows: all allowed if you need protection then protect. But I do agree people your point but because people are lazy. NT admins doesn't follows the No. 1 suggestion from Microsoft - don't access network/internet by admin user! So there is more lack of knowledge on Windows not impossible of doing. I have two accounts on Windows: admin and user. I use user account for 99% of my job and it is working well. Only for upgrading OS and installing software I use admin user. So back to DB2 topic: I have made my computer let say equal secure, but why DB2 on Windows lets only one user to have DAS/instance to control and not on *nix? Don't understand; the IBM philosoph...
    "They tell me to use my admin account for when I work on Windows servers, but completely disregard my laptop. Yea, I know I can change it myself... ;-)" -> ... and you probably won't. Windows security problem No. 1 is not forcing a good practice of users, although this has changed on Windows Vista. Microsoft recognized No. 1 problem: security.

    "But you definitely have some interesting questions and observations. Hopefully some of the IBM moderators here can give us some more info..." -> That would be very interesting in did. I would like to hear an argument - although if the differences would be eliminated, DB2 would have be less costly to develop.