RE: VMS cluster behind a *NIX firewall

---

• From: "Main, Kerry" <Kerry.Main@xxxxxx>
• Date: Fri, 3 Aug 2007 13:28:39 +0000

---

-----Original Message-----
From: bill@xxxxxxxxxxxxxxxxxxxx [mailto:bill@xxxxxxxxxxxxxxxxxxxx] On
Behalf Of Bill Gunshannon
Sent: August 2, 2007 8:49 AM
To: Info-VAX@xxxxxxxxxxxx
Subject: Re: VMS cluster behind a *NIX firewall

In article
<C72D63EB292C9E49AED23F705C61957BDD0910B208@xxxxxxxxxxxxxxxxxxxxxxxxxxx
t>,
"Main, Kerry" <Kerry.Main@xxxxxx> writes:

-----Original Message-----
From: Anton Shterenlikht [mailto:mexas@xxxxxxxxxxxxx]
Sent: August 1, 2007 7:25 AM
To: Info-VAX@xxxxxxxxxxxx
Subject: Re: VMS cluster behind a *NIX firewall

On Tue, Jul 31, 2007 at 08:45:34PM -0500, Paul Raulerson wrote:

It sounds to me like our friend here is involved in a "prove it!"

issue with

the VMS systems, and so getting them up and running is more

profitable than

worrying about SPOF issues right now; let the SPOF issues become

a problem

for the "unix people" would be my way of handling it. <grin>

that's about right

Anton,

Is the concern the network folks have related to non-TCPIP protocols

on the=

net or OpenVMS itself?

If it is network protocols, they are worried about, then setting up a

priva=

te VLAN for the cluster SCS traffic and restricting the primary NICs

to TCP=

IP only would solve that.

Sadly, that will not protect the bandwidth if they percieve the
protocol
as too "chatty". You would need an entire, separate physical network.
Which is, of course, also doable.

Huh?

VLANS are separate from the main network and easy to set-up. You use a separate NIC on the host side as well. What goes on a VLAN is not seen on the main network.

Can you explain why you think you need a "separate network?"

If they are worried about OpenVMS security, I guess that is a an

education =

problem.

[Can't help smiling on this - what they are doing is like protecting

a poli=

ce station by placing a rent-a-cop in front of it.]

:-)

Your opinion. The rest of the industry just doesn't see your "legacy"
product as offering any increase in security that it needs over Unix.
Of course, you have this notion that every Unix box ont he planet is
hacked at least 5 times a day and evidence to the contrary is just
swept aside.

Nope - never stated that.

Linux I stated had 5-20 security patches per month and that is a fact as evidenced on the RH security web site. Anyone can go there and count them up themselves.

UNIX no.

You are simply being to sensitive and feel you need to protect your preferred platform.

Here are a few security whitepapers that may be of interest to your

network=

folks:

http://h71028.www7.hp.com/ERC/downloads/4AA0-2896ENW.pdf
This whitepaper presents an overview of OpenVMS security and its role

in en=

terprise business continuity. The whitepaper supports the conclusion

that I=

T environments requiring elevated security capabilities need OpenVMS

now mo=

re than ever, whether on HP Integrity servers, AlphaServer systems,

or a co=

mbination of both. (November 2005)

http://h71000.www7.hp.com/openvms/whitepapers/TCS_2004.pdf
Techwise Research - This whitepaper provides a detailed comparison of

poten=

tial vulnerabilities and security-related cluster crashes for HP

OpenVMS, I=

BM AIX, and Sun Solaris Server Clusters. (June 2004)

A lot of old drivel from a biased source. It is doubtful it was
accurate
when written, but it is rather long int he tooth today. Surely you can
do better.

bill

Ok, so tell us where the report is in error.

Regards


Kerry Main
Senior Consultant
HP Services Canada
Voice: 613-592-4660
Fax: 613-591-4477
kerryDOTmainAThpDOTcom
(remove the DOT's and AT)

OpenVMS - the secure, multi-site OS that just works.


.

---

• Follow-Ups:
  • Re: VMS cluster behind a *NIX firewall
    • From: Bill Gunshannon

• References:
  • Re: VMS cluster behind a *NIX firewall
    • From: Bill Gunshannon

• Prev by Date: Re: decnet only works one way ?
• Next by Date: RE: Kerry needs a news readerRe: Stay on Alpha forever?
• Previous by thread: Re: VMS cluster behind a *NIX firewall
• Next by thread: Re: VMS cluster behind a *NIX firewall
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: AD forest layout recommendations ... Regardless of AD security, we are implementing separate network level ... from student machines. ... (microsoft.public.windows.server.active_directory) SecurityFocus Microsoft Newsletter #50 ... Subject: SecurityFocus Microsoft Newsletter #50 ... Specialist in Microsoft's Security Services Partner Program, ... Network Monitoring for Intrusion Detection ... Relevant URL: ... (Focus-Microsoft) << SBS News of the week - Sept 26 >> ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ... (microsoft.public.backoffice.smallbiz2000) Re: << SBS News of the week - Sept 26 >> ... > And he points to the info you need to put the file on the server in the ... > at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... An attacker can exploit these flaws in tandem via specially ... (microsoft.public.backoffice.smallbiz2000) << SBS News of the week - Sept 26 >> ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ... (microsoft.public.windows.server.sbs)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)