[spongle]

It was a small company (family farm machinery outfit) but their requirement is far more common than a massive software deployment. There are literally millions of servers churning away on trivial jobs in people's offices etc.

Powershell allows automated maintenance and edge cases to be dealt with efficiently. DSC allows repeatable deployments i.e you can use it to represent all your basic tenets of a reliable secure system. You don't build a system then throw it in the field with fingers crossed that you remembered every step when you built it. I have personally written hundreds of pages on procedural documentation on this and I can now script up that knowledge easily.

RedHat is an option but the system is fragmented and randomly documented. Microsoft documentation is absolutely wonderful in comparison. Not only that, I can grab a competent sysadmin for the windows platform easily here in the UK. The Linux guys are few and far between and generally cowboys from experience (even at the £60k level).

Windows rarely needs rebooting unless you are doing something wrong. Not all updates need to be applied. We pick individual ones in scope with what is being deployed and used and push them out rather than use windows update. This is standard practice on servers. Desktops get windows updates on time as the attack window is usually way larger.

It is feasible not to update windows server if configured properly and if it's on a corporate LAN for example.

[xradionut]

Windows has monthly security updates that need to be taken seriously. This is probably more of an issue on the desktop than servers, but it's still the reason we meet on Patch Tuesdays to discuss testing and rollouts.

PowerShell is awesome for Windows/Exchange admins and SQL Server DBAs. But as a developer/admin/analyst, I still bump into it's limitations and have to either turn to C# or Python to accomplish my tasks. And PoSh is not cross platform.

Increasing the problem we have with Microsoft isn't the core technology, but the stupid management decisions over the last decade. For our small clients, licensing costs become a issue and the lack of trust in Azure means that there is plenty of opportunities for OSS.

[spongle]

Our senior tech guys do the patch Tuesday meeting but a big chunk of our kit is internet facing. If you're offline or behind a (decent content filtering) firewall then the impact is potentially lower or non existent.

Impact analysis is essential to discover whether or not the issue is serious.

Our dev team use powershell for all sorts of things from data processing and clean up to fuzzing. It's great because it tries to preserve both the Unix semantics and introduce and object model which means it bridges the world of raw data and COM etc which has traditionally been pretty sticky. It can be quite slow in some circumstances though which is my only concern (this is usually due to the fact strings are immutable on the CLR). I used python for a bit as well but it doesn't hit the spot for COM.

regarding cost, the only major issue for us is SQL Server licensing but we argued with them and waved a postgresql server around and got a hefty discount ;)

We don't use Azure at all mainly due to security concerns (we store financial data). I use it for a couple of side projects as it's cheaper than a couple of dedicated servers.

I've not encountered any major trust issues with Azure despite the whole NSA controversy. I don't get much love for OSS other than from people who want to cut costs and they usually don't pay up.

[telephonetemp]

How would you say PowerShell DSC compares to *nix tools like Puppet or Ansible?

[spongle]

It's equivalent to puppet from a conceptual point of view. Puppet is better library-wise but its had longer to mature. Not much in it though.