RE: Anyone know why the Alpha market is so so quiet?

-----Original Message-----
From: Arne Vajhøj [mailto:arne@xxxxxxxxxx]
Sent: July 7, 2007 8:13 PM
To: Info-VAX@xxxxxxxxxxxx
Subject: Re: Anyone know why the Alpha market is so so quiet?

Main, Kerry wrote:
Ok, so lets assume that you have a well run IT shop that ensures
all
applicable security patches are applied asap. Now, lets also
assume
you have a well run IT shop that tests all important applications
before they get rolled into production. This likely takes a few
days
with setup-scripting etc. Lets also assume your Operations staff
is
like 99% of most IT shops that do not really understand what is
running on all your systems in terms of things like Services that
require ActiveX or COM or any other low hanging things that might
be
open for patching.

Now, like any well run shop, you regularly visit the following RH
site to pick up the monthly Linux security patches:
https://www.redhat.com/archives/enterprise-watch-list/ (click
thread
for each month)

Now remember above note about OPS do not know much about any low
level service requirements for most applications and there are
hundreds of services on these many servers.

Ok, so looking at this RH web site:

In June 2007 alone, RH Linux had 29 *security* patches.

In May 2007 alone, RH Linux had 42 *security* patches.

So, please explain to me how the typical understaffed IT shop is
expected to follow their normal processes, review these 71
security
patches, test all their important applications with the
applicable
patches from this that apply from just this past 2 months.

And also do their normal day-to-day support, fire fighting jobs
that
is their primary role.

As some of us has tried to explain:

* OPS does not apply patches - system group does


And as I stated in a thread - OPS (Operations) = Systems Admin + Operators. Both work in Operations. I was not referring to Operators. IT culture typicall refers to OPS as the entire system admin / operator dept.

* the majority of systems are not patches because they live their
life far far away from the dangerous internet


Internet is least of your concerns. See laptop, PDA, memory stick notes.

* if they update systems it will very likely be a selective update
based on tiers


See my prev note about whether "buggies" will target web tier or data tier.

[snip ..]


It is the reality that Linux is marching into the data centers and
there does not seem to be a problem with patches.

Arne

Well, while I agree Linux (Windows) is having an impact on some of the smaller, "edge type", web app tier application environments, it is primarily because of perceived (not real) cost reductions and there is almost no one looking at this from a security or Operations perspective i.e. the bigger picture.

And of course the Dev and other non-Operations groups pushing Linux do not understand or care about the Operations impact, so if anyone in the Operations Dept raises a valid concern, the Dev or supporting OS religion group gets the "dino" label out.

Much like Windows, this current Linux trend was part of the distributed computing model from a number of years ago.

Bottom line is that today, companies are planning major centralized computing strategies (albeit with improved links to BU's) to reduce their overall costs. This is why server and DC consolidation is so hot. Even tier consolidation (App and DB on same OS) is happening now with prod's like SAP to minimize OS instances.

Hence, companies will soon be facing the "which platform is best suited to address our centralized computing strategies?"

And the question that will have to be asked "is a legacy one app, one server culture platform which has 5-20+ security patches per month going to be our preferred centralized future platform or will something else be better suited?"

Times are definitely changing (again).

What is old is new and what is new is old.

:-)

Regards


Kerry Main
Senior Consultant
HP Services Canada
Voice: 613-592-4660
Fax: 613-591-4477
kerryDOTmainAThpDOTcom
(remove the DOT's and AT)

OpenVMS - the secure, multi-site OS that just works.





.

Relevant Pages

  • RE: Anyone know why the Alpha market is so so quiet?
    ... That is usually not the case with large IT environments with ... But the conclusion is that Kerry arguments against Linux does not ... With 5-20 Linux security patches being released each ...
    (comp.os.vms)
  • Re: Security Patches to the Linux Kernel
    ... Security Patches to the Linux Kernel ... NSA's distro is certainly not ready for deployment without a lot of work, ...
    (Focus-Linux)
  • RE: on patches, for Linux, for Windows, for VMS.
    ... Subject: OT: on patches, for Linux, for Windows, for VMS. ... These new security patches need to be ...
    (comp.os.vms)
  • Re: Alpha remembrance day
    ... platforms that *average* 7-20 security patches per month? ... Actually I was thinking more along the lines of the x86 variants of Solaris or Linux. ... patches of course, whether or not they actually need to be installed ... support plan in place for them, the HW costs are usually a much smaller ...
    (comp.os.vms)
  • Re: How to Maintain an IIS Server?
    ... >>> I looked at the Microsoft Security Website. ... >> before a firewall and antivirus have been installed]. ... >> new patches that are missing, ...
    (microsoft.public.inetserver.iis.security)