1.3 What Is a Deployment Environment?

Unix was developed in the 1970s to be an operating system for minicomputers that were being used simultaneously by several different people. Many of the features of the Unix environment can be traced back to this intended deployment environment.

In the three decades that have followed, Unix has been repurposed to many different kinds of deployment environments. One of the reasons for the operating system's success is that the design necessary to satisfy the original deployment requirements provided the operating system with great flexibility.

Today Unix is widely used in at least five different deployment environments:

Multiuser, shared systems

This is the original Unix deployment environment?a single computer that is simultaneously shared by several people. Shared systems are still common in universities, in some businesses, and among some Internet service providers. Thin-client Unix systems such as Sun Microsystems' SunRay systems make use of a shared system driving multiple client displays.

The key difference between the shared systems of the 1970s and the shared systems of today is merely size. In the 1970s, the typical shared Unix system had 32 or 64 KB of RAM, had a disk pack of perhaps 5 MB of storage, and comfortably supported between 3 and 5 simultaneous users. Today's typical multiuser systems have between 64 MB and 4 GB of RAM, hundreds of GBs of disk storage, and multiple cooperating CPUs, and can comfortably support between 3 and 500 simultaneous users. Larger servers may have more than 40 GB of RAM, disk storage in terabytes, and over 100 processors.

One-user Unix workstations

Unix workstations for the individual user were popularized in the 1980s by Sun Microsystems and Digital Equipment Corporation (now part of Hewlett-Packard). These workstations typically had large bitmapped displays running the X Window system, allowing a single person to open several windows for shell sessions or other processes. A one-user system could be entirely self-contained, or it can access resources such as disks and printers over the network.

Today, the vast majority of Unix and Unix-like systems are one-user workstations. These include most of the computers running the Mac OS X operating system, as well as numerous Intel-based laptop and desktop systems running the Linux and FreeBSD operating systems. HP, Sun, IBM, and SGI are all vendors making one-user Unix workstations of various kinds.

Unix servers

Unix servers are typically powerful computers on the Internet that provide information services to other computers. Unix servers can provide many kinds of service, including email service, web service, domain name service, file service, and so on. In contrast to other operating systems, in Unix it is common to use a single Unix server to provide many different services simultaneously.

The Unix heritage of multiuser design makes it well-suited to providing Internet services in a secure and reliable fashion. Unlike other operating systems, which may run all network servers from a single privileged account, it is common on Unix systems to configure a virtual user for each service that will be provided. Because Unix was designed to prevent individual users from interfering with other users or disrupting the operating system, if one of these virtual users is compromised or fails, the extent of damage can be limited.

Although there are fewer Unix servers than Unix workstations, many more people use Unix servers on a daily basis than they do Unix workstations. This is because many of the Internet's most popular sites are run on Unix systems.

Mobile Unix systems

Although laptops and even some desktops frequently move around, today the term "mobile Unix" is generally reserved for handheld systems with occasional wireless connectivity that are designed to run a small number of applications. A typical mobile Unix system of 2003 is a handheld computer with 64 MB of RAM and a StrongARM microprocessor running a stripped-down Linux distribution.

Although mobile Unix systems seem puny by today's standards, it is important to realize that these computers are more powerful than most workstations and multiuser servers were in the early 1990s. Mobile Unix systems can have a GB or more of storage and support network connections of 11 Mbps or faster, potentially making them formidable attack platforms as well as useful personal systems.

Embedded Unix systems

The term "embedded Unix" is typically used to describe a Unix system that is deployed on a single-purpose computer or "appliance." Although the appliance application itself might be managed, the embedded Unix operating system is designed to be management-free. Typical embedded Unix systems are firewall appliances, home routers, and computers designed for automobiles.

The key differences between these deployment environments are the policies and the amount of auditing that is provided. The underlying principles of Unix security are largely the same for all of these systems.

    Part VI: Appendixes