Ignorance is bliss right? Not when it comes to budgets, your health, relationships, that wart developing on your face…well, maybe in a lot of things ignorance isn’t bliss now that I think about it but certainly not when it comes to your corporate edge which is our topic of discussion. It’s the firewall stupid (play on Clinton campaign in 1992).
What’s obvious is that Open Source & free software now rule the world (yes PFSense too). It’s official and you heard it here…not first since I’m not the only one declaring victory but you certainly heard it here folks…Open Source is winning, continues to win and has for all intents and purposes…won.
You might be asking…why have they supposedly won and who cares? Why, because it’s cheaper, faster, better, more stable and more widely deployed. You…you dear reader should care. Humor me for a bit as I’ll also humor you, prepare to be enlightened (ahhhhhhhhhhhhhhh).
Microsoft whom some may consider a “gold standard” of “enterprise” or “business class” has had to play with Open Source and Free software (GNU, Linux, UNIX, etc) for a long…long time, in galaxies far…far away, longer than you might be aware. Since 2002 they’ve had their #F compiler under the Apache license and in 2009 they released Linux Kernel drivers so Linux would perform better on their hyper-v platform forcing them to bow down t0 the GNU GPL (General Public License). Yes…Microsoft had to click “accept” to proceed and they couldn’t squawk about the terms! – (Reference 1, Reference 2). Before 2002 in fact they had “Unix Services” built into Windows NT back in 1999 (Reference). Wow…did you know the “NT” in “Windows NT” means “New Technology”? Don’t laugh…that set the stage for the NTFS file system that’s still in place today!
Now…why would Micro$oft care about Linux, UNIX or BSD if Micro$oft is such a titan of tech? Think about it for a moment. What market is Micro$oft trying to capture? Where are the lemmings of the world all blazing paths to? That digital cliff we call Cloud…that’s the answer. Cloud! Who owns the cloud? Amazon for the most part. At the core of the cloud is virtualization and there are many virtualization platforms also known as “hypervisors“. Where has the innovation come from? Virtualization that made the Cloud possible at scale. When you think Cloud you don’t typically think Microsoft. When you think Microsoft you think…Microsoft Office, Windows Server, Outlook, SharePoint, criminals, thieves, extortionists perhaps but not “cloud”. Cloud is not Microsoft however with Azure ole’ Micro$oft is trying to make you think they’re a cloud company. Sure…they are, I can admit that because they have the money to be. If you think about this further what would happen if Microsoft didn’t support Linux or FreeBSD on their Microsoft Hypervisor based Azure infrastructure? That’s right, Azure would be stunted to the 30% market share Windows Servers have on the Internet, they’d be their own best customer. Yes, 70% or more of the Interwebs is run by open source and often free software. Some are of the opinion it’s 97% of the Internet run by Open Source or Free Software but I doubt the method of evaluation they use so we’ll just stick with 70% (Reference). The majority of widely distributed hypervisors all run the Linux kernel or something other than Windows (KVM, VMWare, OpenVZ, Xen, etc).
PFSense runs FreeBSD so what’s Microsoft saying about BSD and particularly PFSense made by Netgate?
In 2014 there is a tutorial helping you to run FreeBSD and deploy it on Azure while still saying it’s not officially supported: Reference
In 2015 more yakety yak from Microsoft about Microsoft loving Linux (a bit of throw up in my mouth just now…). It’s actually a nicely done technical piece on why Microsoft is investing heavily in FreeBSD. Yes, that’s not a typo, they are investing real money into something that’s free (what planet am I living on?). They also state how committed they are to FreeBSD. “I hope you take away the understanding that Microsoft is committed to Linux and FreeBSD as 1st class guest operating systems in your datacenter”. It’s actually a bit of a back handed compliment because in true Microsoft form they take all the credit for making both Linux and FreeBSD first class in part…a truly ridiculous and outrageous comment from one of the referenced articles; a leopard doesn’t change its spots (as they say). In defense of Linux and FreeBSD (as if they need any defense) the only reason Microsoft had to get it’s mits on BSD code is to make the operating systems run optimally on hyper-v. Linux and BSD are and always will be a first class OS that run just fine outside of hyper-v! Reference 1, Reference 2
In 2017 Microsoft now officially supports OpenBSD on Azure (Reference) and they have a brand new how to for running OpenBSD in Azure. They make the claim that FreeBSD has been supported since 2014: Reference
In 2017 you can get an officially supported and hosted BSD VM from the Azure Markeplace. This image is “provided by Microsoft Corporation”…they compile the image and lay in their modules for hyper-v into it: Reference
A few other things Microsoft says about BSD (and BSD OS’s like “FreeBSD” which PFSense is built on, etc):
“OpenBSD is thought of as the most secure UNIX-like operating system by many security professionals, as a result of the never-ending comprehensive source code audit.”
“OpenBSD integrates cutting-edge security technology suitable for building firewalls and private network services in a distributed environment.”
“OpenBSD benefits from strong ongoing development in many areas, offering opportunities to work with emerging technologies and an international community of developers and end users.”
* Also note on that reference link the author recommends some other OpenBSD firewall and not FreeBSD PFSense…Microsoft is still making lots of mistakes (LULZ).
Everyone should take note here. BSD, FreeBSD, OpenBSD…any other BSD based OS’s are prime time and have been. Microsoft has been saying so since 2014 (better late than never I guess). They are the most secure, “cutting-edge” and the best in class.
What Microsoft says about why it’s important for them to be compatible with BSD is interesting, notice the company Netgate keeps – Reference:
“One of our primary reasons for making these investments in FreeBSD on Hyper-V was to enable FreeBSD VMs to run in Azure, as Hyper-V is the virtualization platform for Azure. You may be wondering, “Why is it so important for FreeBSD to run in Azure?” Many top-tier virtual appliance vendors base their products on the FreeBSD operating system. Over the past 2 years, we’ve worked closely with Citrix Systems, Array Networks, Stormshield, Gemalto and Netgate to bring their virtual appliances to the Azure Marketplace, and we’re continuing to work with a long list of others for future offerings.”
Note, “Many top-tier virtual appliance vendors base their products on the FreeBSD operating system”. They’ve worked closely with a few companies like Citrix that most enterprises deem “enterprise” and in the same breath they also then mention “Netgate”. Netgate makes PFSense…that runs FreeBSD. Microsoft worked closely with Netgate? Really? Thanks Microsoft…I guess…
The point is this:
Microsoft admitted Netgate is a “top-tier” appliance vendor. The only appliance Netgate makes is PFSense! Thus, Microsoft is saying that Netgate and PFSense are top-tier. Microsoft has dumped millions, tens of millions if not hundreds of millions to make Open Source OS’s work on Azure primarily because with respect to cloud that’s where the money is (hosing Open Source and Free Software in the cloud). If they didn’t, their Azure Cloud would be stunted in growth and would lose money. Although we didn’t need Microsoft to validate our opinions it’s nice to use as proof to those less enlightened. Are you now an enlightened digital soul? PFSense is top-tier, enterprise and business class…clearly; and has been for a long time.
It can no longer be argued by those who would sully the good name and character of Open Source and Free software that they’re “home grown” or “not business class”. They can no longer defame the power of PFSense as being less than Cisco, SonicWall, WatchGuard, etc. Open Source, Free Software, FreeBSD, and PFSense are legit > mic drop > boom.
If you’ve enjoyed this commentary like it and share it!
If you’re thinking about better edge protection, load balancing, redundant WAN connections, fail over firewalls, non restrictive VPN connection licensing, intrusion detection, country blocking, DNS block listing, and the multitude of cutting-edge protective services PFSense can bring to your organization reach out to us for more information! We can help you secure your infrastructure for less or further secure it for less.
Connect with us on LinkedIn or feel free to peruse our other fine blog post offerings discussing other IT security related subjects.
Comments or questions are welcome.