The next edition of Windows Server won't be released until next year, but there are Technical Previews available. The big new feature is in Active Directory Federation Services (ADFS) which allows users from foreign directories and databases to be authenticated by Active Directory domains. ADFS itself has been part of the OS since Windows Server 2003 R2 and enables two realms to establish mutual trust so users from one realm can use their credentials on the other in an entirely fuss-free manner.
There are already commercial solutions for authenticating Linux clients against an Active Directory domain controller, and it's possible (though convoluted) to do it using FOSS software. Active Directory uses LDAP and Kerberos which are both open standards. These need to be tied together with Samba and PAM and the domain controller will likely need tweaking also. In the new edition, this process ought to be much more streamlined.
Centralised authentication in a pure Linux environment can be achieved using the aforementioned protocols, or others such as SASL or NIS. All of these approaches have their advantages and drawbacks, and people coming from a Microsoft background may struggle to recreate the more advanced functionality of Active Directory.
It's important to note that Active Directory provides much more than just authentication, it handles all the related arcana too – trust, certificates, domains and group policies. Many of these are only relevant on Windows systems and the rest can be dealt with using other Linux tools. A common tactic in heterogeneous environments is to have non-Windows machines authenticate to a directory server running something other than AD but which is capable of syncing to and from it, a method known as deflected integration. Version 10 of Internet Information Services (IIS) is included in Windows 10, bringing with it support for HTTP/2.
Naturally, our top three Linux Webservers (Apache, nginx and lighttpd) have had support since not long after RFC7540 was published in May. And they were supporting SPDY, essentially the parent protocol of HTTP/2, prior to that. Before the 7.0 release, IIS was something of a laughing stock, being little more than a bloated web server that didn't allow more than 10 simultaneous connections.
It has grown up now though, incorporating a modular extension system and being much more scalable on multiprocessor systems. To improve performance IIS uses a kernel-level driver for processing HTTP requests. An IIS vulnerability discovered in April allowed attackers to achieve remote code execution on unpatched systems by exploiting this driver and its privileged status. Linux has had web server bugs too, but its architects know what does and does not belong in the kernel.
Linux remains the undisputed champion of the server world, which is why it runs most of the internet. We have world class web servers and databases, industrial grade distributions (such as Red Hat Enterprise Linux or the free CentOS) and the advantage of open source on our side. Linux virtual machines tend to be much cheaper than their Windows counterparts, and are certainly much more efficient thanks to its modular nature.
Windows IoT Pi Edition
Windows Server Core, introduced in 2008, provided a minimal Server OS sans the Explorer shell and many other features not required by most people. Continuing this theme, we now have Windows 10 IoT core, aimed at small Internet of Things devices. At present, builds are available for five devices including the Raspberry Pi 2.
This doesn't mean you'll be running Edge and have live tiles all over your Pi desktop. No indeed, you won't even have a Pi desktop, all code is written in Visual Studio on a Windows 10 machine and uploaded to the Pi. All of the available builds allow programs built on Windows' Universal App Platform to run, which means that they must be programmed in C#, C++ or JavaScript and with an XAML, HTML or DirectX presentation layer. You can connect to a Pi running Windows IoT Core using either PowerShell or SSH.
We're pretty far from impartial here, but we think that reducing the Pi to minion status in this way seriously detracts from its appeal. Being able to boot into a proper desktop (even if it is slow and clunky on the original Pi), or run code straight from the python interpreter, helps new coders appreciate that this diminutive board is very much a fully-functional computer.
Of course, if you're a seasoned embedded applications programmer then such a desktop is just going to get in your way. There are all manner of Linux distributions designed to be run on embedded devices, including Yocto Sancto and Angstrom. It's also worth mentioning that there are already a huge number of embedded devices already running Linux in one form or another: sat-navs, set-top boxes, the TVs which the latter are hooked up to, the list goes on. The latest tux-flavoured innovation in this area is Snappy Ubuntu Core, which is aimed at the cloud as well as Things.
- For a load of neat tips and tricks on Windows 10, buy: Windows 10 Beyond the Manual
