Re: The Common System Interface: Intel's Future Interconnect

On Aug 30, 7:55 pm, "Main, Kerry" <Kerry.M...@xxxxxx> wrote:
From: Doug Phillips [mailto:dphil...@xxxxxxxxxxxx]
Kerry Main wrote:
have and what they
need In the future:

1. App = 50-60%
2. OS = 25-35%
3. Server HW - 10-15%

I really didn't want to get into this again, but let's talk about
those numbers. You say "relative importance to Cust's" of the App is
50-60% ?? I say relative importance of the App is 100% and the OS &
hardware (and I include workstations, printers and all other
peripherals and infrastructure) fall into the category of "necessary
evils." Your numbers more closely reflect the rough cost of acquiring
the ability to perform the application.

Lets not get silly here ok?


Hey, you started it.

Very few Cust's run an application by itself. There are OS customizations like batch
jobs, OS security on files, custom reports, DCL scripts (and their equivalent in UNIX
world), ISV customizations in terms of support utilities, pre and post processing jobs,
OS specific backups, data archiving, security auditing etc.


If those aren't "applications", then what are they? Which of the other
two classifications do they fit into: Operating Systems or Severs?
Calling Batch jobs, custom reports, DCL scripts, support utilities and
such "OS customizations" doesn't make them part of the OS. All of
those "applications" can be done on other operating system platforms,
too. If you're claiming VMS does security better than most other OS's,
I agree, but lose the straw-men and stick to your original point.

These are all typically heavily integrated with the primary App's. on that system.


Now you're breaking Apps into Primary and Secondary? How about
Tertiary. I always liked that word.

When looking at new OS platforms, Cust's understand that these are all considerations
that need to be taken into consideration.

Saying the application priority is 100% is a tad naive.


Saying otherwise shows a very narrow view of what the word
"application" means, and what IT is all about. If I'm naive, maybe
I'll grow out of it during the second 40 years I spend in this
business. If anything, I'm admittedly jaded. But I do understand
business management systems and applications.


Platform security, support, reliability, performance and all other OS/
hardware factors effect cost and are certainly important but they are
subordinate to and dependent upon the needs of the application.

You don't buy an application you can't run, and you don't buy a
platform that won't run your application. Before anyone else says it,
I'll say it first: "Duh!"

Never said anything otherwise .. are you trying to make a point in there somewhere?


Sorry, I thought you said that OpenVMS should be the platform of
choice for server consolidation... Hmm. Yep, that's what you said.
Found it in more than one of your posts. Now, read my statement again
and consider which platform runs the most applications. Maybe you'll
get it.


While #3 gets all sorts of attention in techie newsgroups, in the big
picture,
#1 and #2 are much more important to Cust's. With a massive glut in
available compute
cycles in most Cust's environment today, Cust's are not impressed
with fantastic new
computer speeds that will increase their glut of available compute
cycles even more.

Btw, this applies to all platforms.

Also, keep in mind that there is now a massive trend to consolidating
both servers and
DC's. This is a huge change from the distributed computing designs of
the last 10 years.

Imho, the question that will become increasingly important in the
future - "Can a company
afford OS platforms for their future centralized, very HA strategy
that have "one app,
one OS" App/ISV support cultures...

Well, unless you're considering something like ERP or an office
productivity suite a single app, then I guess I'd disagree.

Server consolidation is happening and will continue to happen, but if
OpenVMS doesn't run the applications that are being consolidated, why
would OpenVMS even be a consideration?

Consolidation within the same platform is what I was referring to. Unless it is a very
simple IT service or application, changing OS Platforms during any server consolidation
initiative raises the risk level from 2-3 to something like 7-8.


I see. So, you're no longer advocating OpenVMS as the consolidation
platform of choice?

The "one app, one OS" scene hasn't played in years. Nobody I can think
of today does that other than on existing older equipment that *will*
be consolidated as equipment is replaced (or for very specialized
applications on special purpose servers that *should* be kept
isolated.)

Again, you have obviously not been in real world Operations or IT environments
for awhile.


Well, today wasn't too long ago, was it? Plan to be here/there
tomorrow and as long after that as I can, too. Unless I'm dreaming and
I'll wake up and discover that I'm a plumber. Maybe I should have been
a plumber; there's no disagreement in the world about which way s***
flows. Anyway. I'd say if you know a lot of people still moving in the
"one app, one server" direction (except as I noted above), you're
stuck in some kinda time-warp.

Why is VMware so hot? Lots of CPU cycles are available, so Why not take 5-10 Windows
Biz applications and put them on a single Windows OS instance?


Sure, but you don't need VMware to do that for just run Windows apps.
If you want to *mix* OS' on the same server, then use it. Otherwise
it's just another layer of potential problems. BTW, Windows on Itanium
is *not* being advanced on-par with x86-64, or have you not noticed?

Because there is a One App, One OS culture and each group does not want their App
sharing the same OS resources as someone else's. Even if both Apps run on servers that
in their peak times only reach 10-15% CPU utilization. That's reality.


That's B*** S***. Not saying it's not what happens, but your "OS
culture" argument is B*** S***. It's not the "culture's" money, is it?
The "culture" isn't buying the servers, are they? You're talking about
a management problem that has nothing to do with "OS culture" or any
other technical reality.

John Santos story posted in this thread is a reality I've seen, too.
It's a management problem, and the problem is mostly related to
ignorance at the management level high enough to effect proper change.
I can point to periods in time where major marketing campaigns pushed
the ignorance forward, and the lack of advertising of better solutions
allowed the ignorance to grow.

Today, and in the recent past, it's Microsoft, but I remember one of
the first ad's I saw that caused me grief. Maybe some others remember
it: It was an IBM TV ad back in very early PC days. Two Monks got a
new PC, turned it on and one sat down and said something like "look,
if we (do whatever) we can get (some number) more barrels of wine this
year" or some such.

I couldn't believe how many of my clients (PDP-11 & others) afterwards
said something like: If they can do that on a PC maybe I should get
rid of this expensive equipment and buy an IBM PC. and: Why does it
take all this programming to get that kind of information from our
computer?

These were not stupid people, but it took an effort to undo the
damage. I told them to buy a PC if they wanted to, and I'd help them
understand how it worked. Some did so. Good marketing is powerful, and
ad-driven hype is hard to fight without help from the owners of the
good technology. (yes, that's an old dig, but if you actually read
what we're discussing, and what you've said about the windows-culture
mentality, you'll see how it is appropriate here.)


VMware shares are going through the roof right now and this is the absolute
biggest reason why this is happening. [Course, VMware does not actually reduce the
work to maintain all the various OS instances, but that's another discussion.]

and where the OS vendors release 5-20 security patches
per month?"

You really should stop using that argument, too. It's been rebutted in
many previous threads.

Windows and *nix are so much better today vs. the past, in every
aspect, that anyone paying even a little attention can predict that
they will only get better.

[Note that I referred to Linux and Windows, not UNIX]


And I said "*nix" not UNIX nor Linux. Reading your above fully quoted
post, I see the word UNIX, but I do *not* see the word Linux. I spoke
generically because there is no one UNIX or Linux, is there, but all
share a common theme, no?

Please, again your statement reflects only that you likely have an application focus
with little DC Operations experience. And likely one that has been bitten by all the
Linux and Windows hype. And likely not someone who has an environment with hundreds of
Wintel/Linux servers that need security patches every month.


Well, if by DC Operations experience you mean hands-on operation of
day-to-day data-center hardware, and add the word "recent" between
"little" and "DC", then you're right. Not since my Mainframe days. If
you mean any other level *above* that, you're wrong.

Yes, my focus is on applications. That includes *all* applications of
information technology and my focus isn't limited by the belief that
an application is just a program running on an operating system
running on a computer. A business (my mainstay, although I've spent
lot's of time working with governments and non-profits) is a system.
All of the parts must work together for it to run smoothly. Finding or
building the tools and putting them together to make that happen is
what I do. I prefer the SME environment because one can accomplish
more with less waste than in the LE world; I know that because I've
been there and sometimes still get dragged back in.

Your comments make be believe you have little recent experience with
well run organizations.


Here is the Linux RH web site for security patches:https://www.redhat.com/archives/enterprise-watch-list/

* [RHSA-2007:0875-01] Important: mysql security update, bugzilla
* [RHSA-2007:0860-01] Moderate: tar security update, bugzilla
* [RHSA-2007:0841-01] Critical: RealPlayer security update,
bugzilla
* [RHSA-2007:0671-01] Moderate: kernel security and bugfix update,
bugzilla
* [RHSA-2007:0673-01] Important: kernel security update, bugzilla
* [RHSA-2007:0672-01] Important: kernel security update, bugzilla
* [RHSA-2007:0829-01] Critical: java-1.5.0-ibm security update,
bugzilla
* [RHSA-2007:0777-01] Moderate: gdm security and bug fix update,
bugzilla
* [RHSA-2007:0765-01] Moderate: libgtop2 security update, bugzilla
* [RHSA-2007:0818-01] Critical: java-1.5.0-sun security update,
bugzilla
* [RHSA-2007:0817-01] Critical: java-1.4.2-ibm security update,
bugzilla
* [RHSA-2007:0731-01] Important: tetex security update, bugzilla

I see no "critical" kernel patches, do you? I guess Java still has
some problems (Surprise!) and there's a RealPlayer patch I'm sure
everyone needs. Ok, maybe I'll dig into some of them deeper to see
what they're all about, but probably I won't because (here it comes)
none of them apply to anything I'm using on my servers.

Now click on "thread" for each month and go back as many months as you want. Each
and every month, there are 5-20 security patches (sometimes many more).

Why not create a graph from 2003-2007 to show how the number of security patches
released each month has gone down? [hint - you won't like the trend]

What's to rebut?

Yes, not every security patch applies to all systems, but most shops have no idea
what all the services their development and production systems are using, and each
readme file on the security patch is often vague (for good reason) as to all of the
associated details around each patch. And many of these one line patch links are bundled
security patches as well.

So, saying the Windows (and Linux) server issues are getting any better is really
laughable and is really only an indication of someone bitten by the hype bug.

Microsoft still also releases numerous security patches each and every month. Here is
a recent example:

http://www.eweek.com/article2/0,1895,2127475,00.asp (May 2007)
Microsoft has released patches for 19 vulnerabilities, 14 of which are critical, hitting
at holes in Excel, Word, Office, Exchange, Internet Explorer, cryptographic technology
and the whopper of them all, the zero-day vulnerability in the DNS Server's use of RPC.


That was from May, so I hope you've installed that on all of your
Windows servers by now. Looks like most of the patches have to do with
IE and MIME and email attachments and such. Oh, and other layered
products that I don't have running on any of my servers.

One thing I have to say in Microsoft's favor: they aren't afraid to
call even a minor potential security bug a "security patch" and when
there is a real security threat they make it clear that it is
important. Many of the bugs are ones they've discovered themselves, it
seems, so it's real decent of them to let everyone have those patches.
Real easy to install, too.

[and yes, you do need explorer on your Windows servers]


But you should only use it for external access from a server for the
Microsoft update site, which seems pretty secure, and actually you
don't really need IE for that: you can go to the site with Firefox or
a brand-x browser and download the patches. I'm sure you must have
known that.

http://www.theinquirer.net/?article=41698(August 2007)
SOFTWARE GIANT Microsoft has issued patches for nine security flaws, including six
critical ones.

.. "Four of the patches keep hackers from breaking into computers through Web pages and
are rated critical. [snip] The other three updates are rated important and one of them
is for the "super secure" Vista OS."


Stay off of those porn sites from the server, please. And, I don't
have any servers running Vista. Do you?

My advice to Cust's - think like Wayne Gretzky (ok, he's a hockey
player) and the way
He became a great player .. "Do not skate to where the puck is, but
where it will be in
the next play sequence .."

:-)

The puck looks to me like it's still heading towards x86. The article
you reference supports this argument better than most I've read.
Thanks.

Once the hype bug has bitten someone, it is tough to get them back to reality.


You've shown that to be true. You seem to ignore the facts presented
in the very article you referenced.

Hey, I know what it is like. Back in mid 90's, in addition to being an OpenVMS Ambassador,
I used to also be part of the Digital Windows NT Wizards Program. At that time, there were
many monthly Windows security patches, but even back then the std response was "hey, its
getting better and soon Windows will take over the world.." (ok, even then I did not believe
all of the hype, but the hype bug is tough to shake.)


Well, having lived through that myself, and seeing as how I'm still
having to deal with the Windows "culture" I can see for myself that
Windows2003 *is* better than Windows2000 which was better than Windows
NT 4.0 etc and I won't even get into the advancements in the desktop
world. No hype. Just lots of experience.


Regards

Kerry Main
Senior Consultant
HP Services Canada
Voice: 613-592-4660
Fax: 613-591-4477
kerryDOTmainAThpDOTcom
(remove the DOT's and AT)

OpenVMS - the secure, multi-site OS that just works.

I agree with that 100% but the gap *is* closing not matter how loudly
you protest.

If you reply to this and I respond, I'll do some major snipping. This
is getting to be ridiculous. Anyway, time to hit the sack. I've made
enough typo's and sufficiently butchered the King's English for this
day.


.