Linux Server Management considerations
Tags: Landscape , Management , Server
Two must-have Linux server management features
Linux server management is an integration of cybersecurity and business objectives. Linux server management at scale is a vastly different activity from interacting with a terminal on one machine. The best Linux server management tools universally offer a server management GUI within a web browser. Implementation details matter, especially in a pay-for-compute world. Sysadmin tools that don’t have a lightweight footprint increase overall compute costs. Some of the most popular open source and free Linux server management tools scale poorly, when managing more than one machine. Requiring system administrators to perform the same tasks repetitiously across several machines increases the time it takes to manage the entire estate. Beyond inefficiency, manual administration also introduces risks associated with human error. Server management should be automated as much as possible, through policy-aware tooling that can define when different groups of machines get patched.
In short, the two most desirable attributes for your Linux server management tools are:
- Lightweight: the Linux server management software should not compete with your workload for memory, disk, and processor resources
- Scalable: the server dashboard should allow you to manage a large fleet as easily as one machine
Landscape is a lightweight and scalable Linux server management solution, available as a service or as a self-hosted edition.
Linux server management has evolved
There are three distinct pillars of the Linux server management ecosystem in 2022:
- Reactive solutions addressing problems that exist now
- Organisational solutions defining policies for users, networks, and machines
- Preventive solutions mitigating, or avoiding problems in advance
There has been explosive interest in IT management tools over the last several years, as a number of companies emerged with products focusing on those pillars. There is no shortage of products in these areas:
- Reactive solutions encompass application performance monitoring (APM) products, which are commonly referred to as observability tools or monitoring tools
- Organisational solutions encompass identity and access management, and provisioning
- Preventive solutions focus on vulnerability and patch management, policy enforcement, and compliance
“I suppose it is tempting, if the only tool you have is a hammer, to treat everything as if it were a nail.”Abraham Maslow, 1966
CISOs have been bombarded with golden hammer marketing from companies promising silver bullet fixes through third-party vulnerability management and patch management solutions. Beyond comparing how lightweight and scalable various Linux server management tools are, how can CISOs objectively compare these products and identify what server dashboard is best suited for their organisation?
Go to the source, for the best Linux server management dashboard
It is important to know who the key players are when vulnerabilities are identified, communicated, prioritised, and patched. Common Vulnerabilities and Exposures (CVEs) have been recorded by Mitre since 1999, and are consumed by the United States’ National Vulnerability Database. A CVE contains information about the impacted product’s name, its version, and the name of the vendor. Canonical’s CVE reports show recent CVEs for software that can run on Ubuntu. Canonical assigns CVE priority based on many factors, including but not limited to severity, risk, install base, software configuration, and active exploitation. If a CVE’s resolution aligns with Canonical’s ongoing efforts to proactively improve security features in Ubuntu, this will be reflected in Canonical’s priority rating. When a security issue is fixed in an official Ubuntu package, an official Ubuntu Security Notice (USN) is posted.
A system is not truly reliable if it isn’t secure, and unpatched vulnerabilities at scale are a tremendous liability for any organisation. Every year a new Fortune 500 business claims the crown for the worst data leak or data breach stemming from unpatched security vulnerabilities. Last December, sysadmins scrambled to patch a very serious vulnerability in Apache Log4j 2. CISOs and DevSecOps teams alike are openly wondering: how do I ensure my organisation doesn’t wear this crown on our watch?
The simplest answer is to go directly to the source. Inserting intermediaries between your organisation, and the entities identifying, communicating, prioritising, and patching your software has questionable value. Don’t lose the benefits from the depth of analysis Canonical performs, as a CVE is evaluated and resolved with a USN, by using a vulnerability and patch management solution that is USN agnostic.
Manage Ubuntu with Landscape
Landscape is Canonical’s monitoring and management tool for Ubuntu. Beyond security and vulnerability patching, Landscape is also an essential component of many organisations’ broader compliance strategies. Self-hosted Landscape is free for limited personal or evaluation use. All machines with an active Ubuntu Pro subscription can use Landscape SaaS or self-hosted Landscape at no additional cost. Both editions of Landscape are included with Ubuntu Pro on AWS, Azure and GCP.
Compare the differences between Landscape SaaS and self-hosted Landscape. When you are ready, follow the self-hosted Landscape quickstart guide, or sign up for Ubuntu Pro, and get full control over your Ubuntu estate.