IBM AIX v7 and Windows Server 2008 R2 Highest Security Marks
Nine out of 10 — 90% — of the 470 respondents to ITIC’s 2010-2011 Global Server Hardware and Server OS Reliability survey rated the security of Microsoft’s Windows Server 2008 R2 and IBM’s AIX v7 as “Excellent” or “Very Good.” This was the highest security ratings out of 18 different Server Operating System distributions (See Exhibit below). Three-quarters or 75% of survey participants gave HP UX 11i v3 “Excellent” or “Very Good” security ratings; this was the third highest ranking of the 18 major server OS distributions polled. This was followed by Ubuntu Server 10 and Debian GNU/Linux 5, which tied for fourth. Seven out of 10 survey participants — 71% — of those polled ranked the two most popular open source distributions’ security as “Excellent” or “Very Good.” Red Hat Enterprise Linux v 5.5 and Novell SuSE Linux Enterprise 11, the two most widely deployed Linux distributions trailed Debian and Ubuntu but were nearly tied with each other in security rankings. Just over two-thirds — 67% — of Red Hat users rated its security as “Excellent or Very Good” while 66% of survey participants judging Novell SuSE Linux Enterprise 11 security to be “Excellent” or “Very Good.”
Some 58% of Apple Mac OS X 10.6 survey respondents rated its security as “Excellent” or “Very Good,” putting it at the bottom of the pack, beating only Oracle’s Solaris 10 which was rated “Excellent” or “Very Good” by 63% of respondents.
, which in the past two years has been notching modest gains among corporate users,
Also noteworthy was the fact that only a very small percentage of respondents gave thumbs down “Poor” or “Unsatisfactory” security grades to their server operating system vendors. In this category, Apple had the highest percentage of respondents – 7% — who gave its Mac OS X 10.6 both “Poor” and “Unsatisfactory” marks. This might appear puzzling to some since Apple’s users have long touted the security of the platform. Apple users have long boasted about the fact that there are far fewer viruses and malicious code written targeting Macs compared to Windows. However, now that Apple is once again re-emerging as a significant presence in corporate networks, the Mac OS X 10.6 will no longer enjoy the “security by obscurity” that it claimed as a standalone consumer OS. Macs, iPhones, iPads and tablets are becoming mainstream staples as business tools. Hence, the number of exploits, including such malware as worms, Trojans and bots that target the Mac is increasing commensurately. Apple will have to respond accordingly with tighter security.
Survey Methodology
ITIC and our survey partner GFI Software conducted an independent Web-based survey of 470 corporate IT mangers and C-level executives worldwide from November 2010 through February 2011. The survey’s objective was to poll corporate customers on the reliability of 14 of the most popular server hardware platforms and 18 of the top server OS distributions.
Survey participants came from 23 countries worldwide; approximately 83% hailed from North America. The survey consisted of multiple choice questions and one essay question. ITIC supplemented the Web survey two dozen first person customer interviews. In order to maintain objectivity, ITIC accepted no vendor sponsorship monies.
Solid Security is Essential to Network Reliability
Solid security is an essential element for every network environment. The server operating system upon which corporate middleware and software e.g., databases, word processing applications, spreadsheets and other mainstream line of business (LOB) applications run is the cornerstone of the entire network computing environment. As the saying goes, “the chain is only as strong as the weakest link.” Server and their operating systems literally run the business and incorporate a significant percent of organizations’ sensitive data and intellectual property (IP). If server OS security is flawed, buggy or easily hacked, the entire business and its operations are potentially at risk.
Each GFI/ITIC survey invariably serves up some unexpected responses. And in this survey the biggest came in the responses regarding server operating system security.
The biggest of these, of course, was Microsoft, which like the Bible’s Prodigal Son, has returned home to rejoicing and rave reviews. Over the past decade Microsoft has struggled to shed the stigma that Windows is a porous server OS, perennially plagued with security flaws and easily compromised. It is now nine years since Microsoft publicly launched its Trustworthy Computing Initiative which was designed to make all of the company’s software inherently more secure by default and by design. Based on the survey responses, Microsoft has succeeded – particularly with Windows Server 2008 R2.
Of particular note, Windows Server 2003, Windows Server 2008 and Windows Server 2008 R2 are the only three operating systems out of the 18 different server OSes in the GFI/ ITIC poll in which the majority of the respondents indicated that the security has improved over the past 3 years. This is an 18 percent improvement over Windows Server 2008 and a 30 percent jump in the number of survey participants who gave a similar rating to Windows Server 2003.
It is equally true in analyzing the responses that the Windows Server OS was the platform that most needed to strengthen and shore up its security. Based on the results of prior ITIC surveys as recently as 2008, user perception was that Windows Server security lagged behind nearly all of the other server OSs by a substantial margin.
Other Server Operating Systems Stay the Course
In all of the other 15 distributions, the majority of survey participants indicated that the security of the other server OS platforms “has remained the same.”
If Windows Server 2008 R2 is the Prodigal Son, then IBM’s AIX v 7.1 is the “Good Son” which has consistently delivered superlative security year after year, always garnering top ratings for overall reliability and security in each of the annual ITIC Reliability surveys. The 2010-2011 Global Server Hardware and Server OS Reliability poll was no exception. IBM tied for first place with nine out of 10 respondents – 90% — giving AIX v 7.1 an “Excellent” or “Very Good” rating. Many of the IBM security managers ITIC interviewed, cited the consistency and inherent ‘bullet proof” nature of the server OS source code and the fact that IBM is quick to discover, inform them and issue a fix when a security issue does arise.
Other distributions like HP’s UX, Red Hat Enterprise Linux , Novell SuSE Linux Enterprise and Apple’s Mac OS X 10.x also received high security marks and praise from customers.
The results of ITIC’s latest 2010-2011 Global Server Hardware and Server OS Reliability survey indicated that organizations of all sizes and across all vertical markets feel that it is critical that they monitor the server OS and associated server-based line of business (LOB) applications for vulnerabilities. A 51 percent majority of businesses feel that the security of the OS has an impact on the overall security and reliability of the network. Specifically, 60% of respondents indicated they place equal importance on monitoring the vulnerabilities of all network components followed by 56% that rated the OS as crucial and 42% say they feel the security of their databases and other main LOB applications are pivotal to the overall security of their network computing environments.
Among the other security highlights in the ITIC/GFI 2010-2011 Global Server Hardware and Server OS Reliability Survey:
• In response to the question: “Estimate the impact or perceived impact that server OS security has on overall network reliability”
o 10% of respondents said “No impact, they are separate and distinct”
o 37% of participants said “minimal impact
o 21% said “moderate impact
o 17% said “significant impact
o 12% said “extremely crucial, server OS and security are intertwined”

Based on ITIC’s first person customer interviews, we determined that the biggest customer complaint was not with the inherent security of a specific server OS platform, but rather in finding fixes and getting technical service and support when the organization was stymied. In many of these particular instances, the organizations were very large enterprises and a common complaint was that searching for a fix was akin to finding “proverbial needle in a haystack.” Since the underlying reliability and security of nearly all the server operating systems and server hardware has improved, the majority of the more moderate and severe Tier 2 and Tier 3 outages are mainly due to integration and interoperability issues e.g., incompatible applications or drivers.

Conclusions and Recommendations
Server OS security is fluid and not static. No server operating system, application or hardware component is immune to penetration. Customer perception can and does change the minute a security flaw is found or malware is unleashed that successfully penetrates or threatens to compromise the security of any platform.
None of the server operating system vendors can rest on their laurels. Microsoft has made impressive security gains making Windows Server inherently secure by default, design and deployment, now it must endeavor to maintain the consistency of its security. Windows Server also has the biggest bull’s eye on its back since it is one of the most widely deployed server operating systems. Other server OS distributions, most notably Apple’s OS X 10.6x, which has so far managed to avoid falling prey to very major or public security holes, must likewise maintain its vigilance as the OS increases its presence in corporate enterprises.
Corporations also bear at least 50% of the responsibility for securing their respective environments. Even the most bulletproof server OS can be compromised and undone by configuration errors and failure to install and turn on OS security features. Organizations are also advised to conduct quarterly threat assessments of their environments. Staying current on the latest patches and fixes is also a must, as are regular updates of anti-virus applications and other security packages. Corporations should also review and update their security policies and procedures annually.
These results are especially important considered in light of the ongoing economic crunch which has caused companies to cut their IT budgets and reduce staff. As they strive to accomplish more with fewer resources, IT departments must rely even more heavily on their vendors to deliver more reliable and secure servers and server OS platforms.
Time is literally money. Even a few minutes of downtime – especially when a hack or a suspected security leak occurs — can result in significant costs and cause internal business operations to grind to a halt. Downtime as a result of a security breach can also undermine company’s relationship with its customers, business suppliers and partners. Reliability or lack thereof can potentially damage a company’s reputation and result in lost business.

Dell, HP, IBM and Stratus Technologies won high praise from corporate users for their prompt and efficient after market technical service and support in the latest ITIC 2010-2011 Global Server Hardware and Server OS Reliability survey.
The results came from a broad based survey that polled organizations worldwide on the reliability, security and technical service and support from among 14 of the leading server hardware platforms and 18 of the most widely deployed server operating system distributions.
As we said in an earlier discussion, each poll elicits some surprising and unexpected revelations. In this survey, users reserved their highest encomiums and most critical barbs for the server hardware vendors – both in terms of product performance and reliability and the service and support they receive from their respective vendors.
Among the mainstream hardware vendors with the largest market shares, users expressed the most satisfaction with Dell, HP and IBM service and support. Stratus Technologies, whose ftServer line specializes in high availability, also got customer kudos for delivering superior service and support.
Specifically, the results show that 76% of HP customers rated its service and support as Excellent or Very Good, followed by 72% of IBM corporate accounts who gave Big Blue servers Excellent or Very Good grades and 70% of Dell customers who said their technical service and support was Excellent or Very Good.
Equally important is the fact that only a very small minority of Dell, HP and IBM customers dinged those vendors with negative ratings for their technical service and support. Only three percent of IBM server users rated the company’s technical service and support as Poor and none called it Unsatisfactory. Among Dell users, only a very small two percent minority called technical service and support Poor and only one percent deemed it Unsatisfactory. Similarly, only three percent of HP server respondents called technical service and support Poor and only two percent rated it Unsatisfactory.
The high ratings users gave HP and IBM is perhaps not surprising since service and support is a core competency that represents roughly 50% of each company’s respective annual revenue. The most common complaints voiced about HP support was that updates are difficult to roll out because they come out sporadically and there is a constant need to check HP’s website for the newest updates. IBM customers were mainly satisfied with the alacrity and quality of Big Blue’s support, but some did complain that it “was too expensive.”
Over eight-out-of-10 or 84% of Stratus ftServer customers gave the company’s technical service and support an Excellent or Very Good rating. Significantly, none of Stratus’ customers said the technical service and support was Poor or Unsatisfactory. Stratus, based in Maynard, MA and which is among the last of the small, independent server vendors, won rave reviews from mid-market and enterprise customers for the depth and breadth of its technical service and support and the willingness of its support staff. “In the rare instances when we have occasion to call Stratus support, they are extremely responsive and always willing to do whatever it takes to resolve the issue,” said an IT director at a mid-Atlantic enterprise.
User Support Concerns
ITIC conducted over two dozen first person interviews with IT managers and C-level executives in order to delve more deeply into issues like technical service and support that positively or negatively impact reliability. Based on those conversations, we determined that with rare exceptions the biggest customer complaint was not with the inherent performance, reliability or security of a specific server hardware or server OS platform, but rather in finding a fix and getting technical service and support when an IT department is stymied.
This is especially problematic for enterprises that have large, complex enterprises and multiple remote locations. This means that network administrators spend more time ferreting out the cause of the outage before they can even begin to search for a fix.
Since the underlying reliability and security of nearly all the server operating systems and server hardware has improved, the majority of the more moderate and severe Tier 2 and Tier 3 outages are mainly due to component failures, integration and interoperability issues e.g., incompatible applications or drivers.
Interestingly, the service and support issues that most irked IT managers were the sometimes lengthy waits for replacement component parts for their servers and incompatibilities among the server hardware, server OSs and third party applications. The latter point left many IT managers scrambling to escalate support issues to get the fix in a reasonable amount of time.
An IT administrator at an SMB construction firm and a self-described “Dell fan boy” commented, “I have always found Dell’s support to be good… but over the last year to year and a half I have had some problems getting parts or servers in a timely fashion. I ordered two servers last year that the sales rep quoted 2-3 weeks to arrive. It took almost 3 months to get the servers and only after having to escalate the order more than once.”
The long lead time in ordering and receiving replacement parts was not limited to Dell. Many IT managers voiced the same complaint about other vendors, although there did not seem to be a groundswell of consensus that the lead times to receive replacement parts affected one vendor more than any other.
Network administrators like the manager at an SMB manufacturing firm, lamented the lack of an overarching toolset that could be used for more synergistic security and system monitoring. He noted that while there are some overlapping tools that can be deployed for the server OS, the server hardware and the networking gear, there is “no comprehensive “offering.
“It would certainly be nice to have a common portal to manage & monitor all aspects of security and reliability among all hardware/OS platforms. This may not make sense for large organizations, but for the SMBs, where all of these systems are managed by the same team (or individual), it would be a dream,” he said. “We just don’t have the manpower to keep an eye on everything 24×7. The sooner we can react to issues, the better our business operates,” he added.
A VP of IT and security at a midsized organization in the Northeast observed that size does matter when it comes to technical service and support. “Most of the big server vendors provide adequate support if you have 50+ servers and you can escalate past first level support quite easily.”
So how do SMBs who lack the budgets and the clout of their enterprise counterparts manage? The survey responses and customer interviews reaffirmed the fact that SMBs are heavily reliant on managed service providers (MSPs) or consultants to solve thorny reliability issues.

Survey Methodology
ITIC conducted an independent Web-based survey of 470 corporate IT mangers and C-level executives worldwide from November 2010 through February 2011. The survey’s objective was to poll corporate customers on the reliability of 14 of the most popular server hardware platforms and 18 of the top server OS distributions.
The survey participants came from 23 countries worldwide; approximately 83% of the respondents hailed from North America. The survey consisted of multiple choice questions and one essay question. ITIC supplemented the Web survey two dozen first person customer interviews. In order to maintain objectivity, ITIC accepted no vendor sponsorship monies.
Nonetheless, downtime, regardless of the reason, still disrupts network operations, costs the corporation time and money and raises the risk of litigation. Additionally, any extended amount of downtime (and these days even a 15 or 20 minute outage can be classified as lengthy) will almost certainly cause service disruptions that can have a domino effect on business partners, customers and suppliers.
This underscores the importance of timely and efficient technical service and support, which can make the difference between minutes or hours of downtime. It is not hyperbole to state that technical service and support is one of the pillars – along with product features, performance, security and scalability — that solidifies or undermines the overall reliability of the network infrastructure.
Conclusions and Recommendations
Vendors’ ability to deliver top notch technical service and support – including a quick response with updates, fixes and patches to known flaws and security vulnerabilities – has a direct impact on overarching network reliability. Technical service and support – good and bad – also distinguishes and differentiates vendors from their competitors. How promptly, efficiently and courteously a vendor responds to its customers definitely plays a role in an organization’s planned purchases and upgrades.
Vendors who provide shoddy service, or have been inattentive to their customers’ requests for information on products and pricing or who fail to effectively respond in times of crisis, may find that such behavior backfires. A vendor that ignores its clients needs once the contract has been signed, may find themselves unable to upsell to those users or tossed out of the account completely when the contact expires. At the very least, such vendors can expect that service contract renewals will be imperiled.
Competition is fierce among hardware and server operating system vendors. Users have choices and they know it. In 21st Century networks, time is literally money. Fast action and superior service and support can save or cost a corporation thousands or even millions of dollars for every minute of downtime.

Oracle must move quickly and decisively to customers’ anxiety and restore confidence in the database maker’s technical service and support organization – particularly with respect to the company’s Sun Microsystems’ software and hardware assets. The latest independent ITIC/ GFI Software (formerly Sunbelt Software) 2011 Global Server Hardware and Server OS Reliability Survey, polled 468 businesses worldwide found It found that Oracle products received the lowest ratings for the quality of its service and support of any of the major vendors. Users gave Oracle products, service and support mixed ratings.

Three out of 10 organizations rated Oracle products, technical service and support as Excellent or Very Good. A nearly equal number of survey participants – 26 percent gave Oracle’s offerings a Good rating, while 25 percent graded it as just Satisfactory. Nearly two out of 10 of the organizations polled, gave Oracle’s products, services and support a negative rating; with 13 percent judging it Poor and the remaining six percent giving it an Unsatisfactory rating.
Oracle Reliability, Service and Support by the Numbers

 
The reliability of Oracle’s Solaris operating system and the company’s x86 and SPARC servers remains fairly strong and competitive, though their uptime and reliability do not match the leaders in those categories.
Specifically, 71 percent of customers running Oracle Solaris 10 on SPARC servers reported they experienced one or fewer minor unplanned Tier 1 outages per server, per annum; while 79 percent of users running Oracle Solaris on x86 based server hardware recorded one or fewer Tier 1 per server annual unplanned outages.
While those reliability figures are very respectable they lag well behind the 85 percent of IBM AIX 7.1; 84 percent of Novell SuSE Linux Enterprise 11 users; 84 percent of Debian GNU Linux 4.0 and 5.0 users; 82 percent of HP UX 11i v.3 and Ubuntu Server 9 and 10 users who reported one or fewer unanticipated per server, per annum minor Tier one incidents.
Oracle Solaris 10 (on x86 servers) and Oracle Solaris 10 (on SPARC servers) logged similarly respectable statistics for the most severe Tier 3 outages, with 85 percent of x86 based Solaris users and 80 percent of Solaris SPARC based users indicating they had experienced one or fewer per server, per annum Tier 3 outages of four hours or longer duration.
However, once again the Oracle Solaris OS Tier 3 performance trailed rivals HP UX 11i v3 (86 percent), IBM (all versions of AIX – v5.3, v6.1 and v7.1 – 88 percent), Microsoft (Windows Server 2003, Windows Server 2008 and Windows Server 2008 R2 – 90 and 92 percent), Novell SuSE Linux Enterprise 11 (86 percent); and Ubuntu Server 9 and 10 (87 percent).
Even Apple Mac OS X 10.6, a recent entrant into the corporate server OS market, managed roughly equivalent Tier 3 server outage statistics (83 percent of users reporting one or less than one per server, per annum outage) to the Oracle Solaris server operating system platforms.
The survey participants were in accord that the majority of their unplanned Tier 1, Tier 2 and Tier 3 server outages were due to integration, interoperability and technical service and support issues rather than any inherent flaws in the underlying platforms themselves, the vendors’ ability to respond quickly and efficiently when problems arise becomes a crucial component that positively or negatively impacts the length and severity of a server OS or server hardware outage.
It was clear both in customers’ responses to the Web-based multiple choice questions, as well as the anecdotal essay comments and first person customer interviews, that many enterprise customers are unhappy with Oracle service and support.
Users Say Oracle Service and Support Slips

Satisfaction with Oracle’s technical service and support in its Oracle database core competency, the former Sun Solaris operating system and x86-based and SPARC hardware lagged far behind longtime rivals like IBM, Microsoft and HP.
Only 31 percent of the respondents gave Oracle an “excellent” or “very good” rating for product performance, service and support. This is in sharp contrast to the over 75 percent of survey participants who gave rivals HP and IBM and 70 percent of Dell users who gave those vendors “excellent” and “very good” marks for their hardware product performance, service and support.
And in Oracle’s core competency databases, both IBM’s DB2 and Microsoft’s SQL Server scored significantly higher satisfaction ratings among survey respondents. Over 80 percent of those polled gave IBM DB2 and Microsoft SQL Server “excellent” or “very good” ratings compared to the 43 percent of respondents who gave the Oracle DB an “excellent” or “very good” rating.
Some of the anecdotal user comments about Oracle support were scathing by any measure:
“Our Sun support has become even more abysmal since crazy Larry purchased them; it’s hard to believe,” remarked an IT manager at a large healthcare organization with over 100 servers.
The VP of IT at a large insurance company was equally critical. “We’re paying top dollar for Oracle Premier Service and support – which keeps going up – and we have little or nothing to show for it other than a big bill,” he said.
Such comments unfortunately were not the exception.
Oracle also registered the highest percentage of dissatisfied users: 20 percent or one-in-five respondents judge Oracle (Sun) hardware products, service and support to be “poor” or “unsatisfactory.” By contrast only a small five percent minority of HP users, four percent of Dell customers and less than two percent of IBM users rated those companies’ hardware offerings to be “poor” or “unsatisfactory.”

Another factor playing a pivotal part in 2011 market dynamics is how Oracle will manage, support and integrate the Sun Microsystems’ offerings into its own product portfolio. This includes the aforementioned Sun Solaris OS, x86-based and SPARC server hardware and the open source MySQL database. Despite repeated public assurances from Oracle executives that it will continue to support and develop MySQL and even provide integration with other Oracle offerings, users are still wary. The Solaris and SPARC installed base of customers are equally restive and frankly skeptical based as much on what they haven’t seen in last 12 months since Oracle completed the Sun acquisition.

Conclusions

Oracle must act quickly and decisively to shore up and improve service and support for all its major products. Otherwise, customers – particularly the already ravaged and diminished Sun Microsystems Solaris, MySQL, and SPARC and x 86 server installed base will continue to decline and defect. They will be encouraged by rival vendors, particularly IBM, HP and Microsoft, who will continue to aggressively capitalize on user confusion and dissatisfaction to entice corporations to their respective platforms.

IBM and Microsoft are very well positioned at present and over the next 12 months. IBM’s AIX server operating system, DB2 database platform and System x and Power Systems communities are solid, stable and very loyal. The fact that 72% of survey respondents to ITIC’s January 2010 Database survey said they hadn’t switched DB platforms in the last three years and the fact that it’s harder for very large enterprises in market segments like banking, financial and insurance (traditional IBM strongholds) to switch because of the legacy investment, bodes well for the company. Many of these enterprises have mature DB environments that are likely to remain stable for many years to come.

In Microsoft’s case the ongoing, tangible improvements to both the Windows Server 2008 R2 and SQL Server 2008 R2 platforms make them extremely robust, reliable enterprise ready solutions. Microsoft’s close partnership with server hardware vendors Dell and HP provides Windows Server with a solid foundation that bolsters the overall reliability of the OS. Microsoft also has a very strong developer community, combined with a vibrant reseller channel, puts Microsoft in a good position to expand its presence into SME and enterprise organizations.

By contrast the Oracle customer base and associated developer communities – particularly Open Source developers – remain extremely skeptical and wary. 

Oracle also faces other challenges that could hamper its efforts to ameliorate its all-important technical service and support issues. The company’s myriad acquisitions over the last five years could continue to be an unwelcome distraction and hamper efforts to rapidly respond to customers and developers.  That said, on the plus side, Oracle’s financials continue strong.  The company continues to see strong demand for new software license renewals and maintenance plans. Oracle posted has quarterly earnings growth of 28.30 percent and quarterly revenue growth of 46.50 percent in its latest financials. It’s profit margins are a healthy 21.18 percent and return on assets stand at 21.88 percent.

The key to Oracle and any vendor’s continued success is to put customers first. According to the findings in our survey, Oracle would be wise to fix its service and support problems fully and quickly.