Using CentOS In Large Enterprise

A 5 star hangout for overworked and underpaid system admins.
Post Reply
fresh-pie
Posts: 1
Joined: 2019/11/22 23:49:51

Using CentOS In Large Enterprise

Post by fresh-pie » 2019/11/23 00:16:39

Hello,

I'm very new to the CentOS community and what brings me here is an interest of utilizing CentOS as the Linux distribution of choice for our Linux end-points at my job. I am a systems engineer at a Fortune 500 company and my small team is responsible for around 7000 (very cookie cutter) Linux end-points. These systems are mixtures of branch servers and kiosk-like clients.

These machines are all running a mixture SUSE Linux Enterprise and OpenSUSE systems. My company is trying (like all companies) to cut costs where it can and we have been in the discussion of what it would mean to switch completely to an "unsupported" distribution, such as CentOS. As you can see, we aren't complete strangers to unsupported operating systems, as we are running OpenSUSE systems. However, we hesitate to go all in..

Also I know the ent in "CentOS" stands for "Enterprise", but please do hear me out..

CentOS being an unsupported distribution of course is a double-edge sword. The con being that if we encounter some type of catastrophic bug or issue, we are mostly on our own. If it's a bug introduced by updates, the most we can do is report the problem to the community and monitor it closely. Considering the severity of the issue (and if it is caught in testing/QA), we may choose not to deploy the update(s) to production. However, this could result in systems with security risks. At least that has been my understanding, which could be completely unfounded and wrong!

I also am not super familiar with zero-day updates and how they are handled in the CentOS world, but I plan to do more research on that topic.

The plus side may also be that it's.. well.. unsupported.. Meaning we aren't paying for support and (maybe) saving money. Thinking back on the 10 years I have been at this company, we've hardly ever used the support provided by SUSE. So maybe it wouldn't be so bad after all?

I was wondering if anyone here would maybe be able to share their experiences with using CentOS in their professional environments. Is my fear completely unfounded or should I continue to proceed with a certain degree caution?

tunk
Posts: 625
Joined: 2017/02/22 15:08:17

Re: Using CentOS In Large Enterprise

Post by tunk » 2019/11/25 15:46:54

I think the biggest drawback with CentOS is that there's no
updates during point releases: e.g. RHEL 7.7 was released
2019-08-06, and CentOS 7.7 2019-09-17 (this is an extreme,
usually it's shorter). You could use RHEL for your servers
and CentOS for the kiosk-like clients.

User avatar
TrevorH
Forum Moderator
Posts: 27156
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Using CentOS In Large Enterprise

Post by TrevorH » 2019/11/25 16:19:49

Those figures do not account for the fact that all the updated packages hit the CR repo fairly quickly. That means that already-installed systems can be updated ASAP and then you are just waiting for updated iso images. I believe that 7.7 CR was released about a couple of weeks after RHEL 7.7 so the delay is not as much as it would appear.
CentOS 6 will die in November 2020 - migrate sooner rather than later!
CentOS 5 has been EOL for nearly 3 years and should no longer be used for anything!
Full time Geek, part time moderator. Use the FAQ Luke

aks
Posts: 2859
Joined: 2014/09/20 11:22:14

Re: Using CentOS In Large Enterprise

Post by aks » 2019/11/25 18:39:14

Well there's several things here.
1. If people pay for support, some (AFAIK, an undisclosed amount, but clearly from RH's earning calls, quite a lot) of money sort of "flows" back to the community to make all of Linux better, which helps everyone.
2. The truly big thing here is if you hit a bug that is critical to the business and does not hit a whole bunch of people (i.e.: the majority don't actually use that functionality), then you're unlikely to get a quick fix. If your system is generating millions of dollars an hour and is no longer working, that's millions of dollars an hour (well of potential revenue,) lost. Of course you could pay somebody to fix the specific thing that's important, and then release it to the community at wide (that's the community bit of CentOS). Mainly, CentOS depends on RH's QA, although it could be the case that problems are made in the actual build (well in theory anyway) - CentOS and RH builds are not necessarily 100% the same.
3. Zero days hit everybody, regardless. The very nature of zero days is that nobody is prepared as the story is unknown. If you're truly worried about zero days, get some insurance (which will be expensive than support contracts I image).
4. I started using RH and then RHEL in fairly large organisations. I mainly do "start-up" size companies now, as I prefer the flexibility and all those kinds of things now. All of those start-ups I've been involved with (some successful, some not so successful) have used CentOS somewhere and I've not had a problem that I could not solve - albeit that it may have taken time (and time is money). Had a support contract (depending on the details involved) I *may* have been able to solve the issues faster.
5. As I am at start-up size companies, I'm lesser of a target than any large company, that can afford it (bigger target as it where). The security issues generally are not stuff that's been announced in (say) the last couple of months, much later things - so I don't really care if this thing is actually broken (security wise) in production, so long as I know about it and then I can do some things to manage it. Do I care about (choosing something at random), row hammer? No. I can see all the physical things and know the "air gap" between the machine and anybody else (also called "physical security). If I'm in the cloud, then it's AWS/Azure/GCP etc. problem (that's part of the cloud model). If I'm in the cloud and do (in some manner) get h9ot by row hammer and can prove it, what am I going to do? Take on <insert name of cloud provider> who is so much bigger (lawyer and money wise) than me. Sorry David, you usually don't beat Goliath. I guess I think you need to consider the risk, consider the likelihood of impact and the cost of mitigation.
<rant>
Apart from all of that, you work for a company that can afford it, stop being d**ks and join the human race/help everybody as it helps you too.
</rant>

Post Reply

Return to “CentOS Social”