- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: new Poll: IPSEC support in HP TCPIP
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-14-2009 06:22 PM
тАО05-14-2009 06:22 PM
Re: new Poll: IPSEC support in HP TCPIP
Don't shoot the messenger. You don't need to convince me! I believe HP should implement IPsec.
We had an opportunity recently, with HP Engineering on the other side of a table, in person (well, at least on HALO). We put the question of IPsec futures to them. I'm just giving you a summary of the answer we got.
That doesn't mean I believe it's a GOOD answer, nor that I think their justification is valid. That's just what they said. I can't answer your (rhetorical?) questions.
From my experience of getting stuff put into VMS, I've found that forum discussions or complaining to support folk, no matter how vociferous or compelling, don't tend to get results.
You need to find a (small) number of real live, paying customers, and get them to rattle account rep cages. That's far more likely to get the result you want than preaching fire and brimstone to the choir.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-15-2009 02:41 AM
тАО05-15-2009 02:41 AM
Re: new Poll: IPSEC support in HP TCPIP
People in HP are watching the results and I'm collecting comments to pass on to.
I have no control over the decision but am attempting to provide a way of getting the VMS community feedback to the people that do make the decision.
Purely Personal Opinion
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-15-2009 02:55 AM
тАО05-15-2009 02:55 AM
Re: new Poll: IPSEC support in HP TCPIP
there may also be traction for this in the lottery gaming market as suppliers like GTECH are looking to offer online products to complement existing terminal based lottery software, they can do IPSec on VMS's rival platforms...
perhaps HP might run that by them ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-17-2009 12:58 PM
тАО05-17-2009 12:58 PM
Re: new Poll: IPSEC support in HP TCPIP
It looks like IPSEC will be the future and when mandated I will need to implemented it yesterday. I hope OpenVMS Management will be on board and ready to ship.
I don't know about everyone else but the request on my time is such that unless our customer is asking for it I have very little time to expore every new thing. It's only when they ask that I better have the answer ready.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-17-2009 03:01 PM
тАО05-17-2009 03:01 PM
Re: new Poll: IPSEC support in HP TCPIP
Not sure what the critical mass needed would look like, but for the benefit of the VMS-only HP customers let me point out that "HP" haven't figured out IPsec requirements today or yesterday, they've *known* it was absolutely needed years ago. It's right there in HP UX and has been for almost *10 years*! (Not sure about HPUX chronology but a quick glance through ITRC has the earliest post on 25/9/2000 talking about IPsec availability in version 10.4 or a production-grade realease in HPUX 11.0)
Just found a interesting HP/UX web-page regarding IP with the catch phrase "Delivering the promise"
http://h20338.www2.hp.com/hpux11i/cache/324347-0-0-0-121.html
Little do they know that HP/VMS have a similar program, but ours is tailor made for the amount development taking place on VMS at the moment and for the calibre of the user-base; it's called "Breaking the promise" :-(
And for John G and other's appologizing for having the temerity to discuss such things in a public forum, here's one where it looks like HPUX IPsec project management actually
encourage public forum feedback:-
http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=866391
I wonder what the EAK take-up for IPsec on HPUX was? I wonder what hoops HP's valued customers were made to jump through there?
Your problem is not with HP as a whole, they're fully on board, your problem is with HP/*VMS* management!
Just search ITRC for IPsec to see all sorts of lively development and system management discussion. (Then there's Linux, SUN, IBM, Apple, Microsoft, all with IPsec. Android? iPhone? - Good to go!)
Regards Richard Maher
BTW. here's another coup of useful links: -
http://www.ipv6ready.org/?page=faq
http://www.ipv6ready.org/?page=phase-2-about
Now clearly TCP/IP Services for OpenVMS will find it impossible to obtain Stage 3 IPv6 Ready status and qualification without IPsec, but how is it able to still be listed for the Gold Logo at all? All you have to do is pass a test in the labs and never release anything?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-17-2009 03:37 PM
тАО05-17-2009 03:37 PM
Re: new Poll: IPSEC support in HP TCPIP
>And for John G and other's appologizing for
>having the temerity to discuss such things
>in a public forum,
Probably no point in responding because you're refusing to try to understand my message :-(
I am NOT apologising for OpenVMS engineering! I think their stance on IPsec is stupid, short sighted and unjustified. Can I make it clearer than that?
However, rather than just rant and abuse anyone even perceived to have a contrary opinion, I have actually DONE SOMETHING about it by speaking directly to the people who make the decisions. What I posted was their response, and a suggestion about a potentially more productive way to achieve your objective.
I've told HP that I would like IPsec to be released, but I can't tell them that we actually need it because at this time we don't have any plans to use it. Sorry if you're offended by that.
Richard, how you ever expect anyone to listen to you when even those in full agreement cop abuse and sarcasm is beyond me!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-17-2009 08:21 PM
тАО05-17-2009 08:21 PM
Re: new Poll: IPSEC support in HP TCPIP
We managed to keep an OpenVMS drop box alive and still in service by purchasing Process Software's SSH. The poor support for a rich TCP/IP stack on lower version of VMS has not helped. Salaries for strong Linux or Unix skills exceed those for VMS. I spend a lot of time now managing Linux clusters solving problems which just cannot happen on VMS.
So IPSEC on OpenVMS ? Why ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-17-2009 08:22 PM
тАО05-17-2009 08:22 PM
Re: new Poll: IPSEC support in HP TCPIP
GTECH is certainly not the only one looking for such functionality, and with IPsec having reached ubiquitous-status in recent years (everywhere outside of VMS that is) the option of deploying IPsec for mutual-authentication and encryption is gaining a lot of traction.
As the Financial Services Technology Consortium put it in its January 2005 report, "Better institution-to-customer authentication would prevent attackers from successfully impersonating financial institutions to steal customers' account credentials; and better customer-to-institution authentication would prevent attackers from successfully impersonating customers to financial institutions in order to perpetrate fraud."
Home-Banking, Online-Trading, and Online-Gaming, are all areas I expect to see IPsec become much more prevalent in, as well as the traditional branch-offices, mobile-salesmen, or employees working-from-home market. With Android and iPhone both supporting IPsec, the hand-held VPN market is also set to explode!
But to know why I'm so passionate about IPsec have a look at: -
http://manson.vistech.net/t3$examples/demo_client_web.html
Username: TIER3_DEMO
Password: QUEUE
Tier3 does not currently support (code for) SSL on the server side, therefore those that need an encryption and authentication capability currently have to stick a product like Stunnel in the way, or IPsec to a router or other IPsec supporting OS behind the firewall. Similarly with the hotTIP functionality described in detail at
http://manson.vistech.net/t3$examples/Tier3_031.pdf
But intrinsic IPsec in VMS is extremely desirable not just for Tier3/hotTIP but for any application that wants to communicate over TCP/IP (*and UDP*) Sockets. Port 443 is *not* the only game in town! Why should every application have to re-code and re-invent SSL support when with IPsec a System Manager can simply say "I want secure, authenticated, communications between these hosts and those; all Mail, Telnet, HTTP, FTP and every other application protocol you'd like."?
It's all good! And it's already done: -
http://h71000.www7.hp.com/openvms/products/ipsec/index.html
All they have to do is support it just like HP-UX, IBM, Microsoft, SUN, Apple, Linux. . .
Regards Richard Maher
PS. John, I'd very much like to know the names of the people "making the decisions"!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-18-2009 01:08 AM
тАО05-18-2009 01:08 AM
Re: new Poll: IPSEC support in HP TCPIP
The results are publically visible.
Comments here and elsewhere will be collected and passed on to people in HP who have asked about this.
Purely Personal Opinion
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-18-2009 02:45 AM
тАО05-18-2009 02:45 AM
Re: new Poll: IPSEC support in HP TCPIP
Please also be advised that Process Software will be holding a Webinar on IP Security on Wednesday, May 27th discusiing IPsec (among other things): -
http://www.openvms.org/stories.php?story=09/05/13/1331735
When forced by HP/VMS management to choose between HP-UX or an alternative IP Stack provider, I suggest that you look seriously at Multinet and one of the *many* Linux-based IPsec solutions.
Cheers Richard Maher
PS. Personally, I'd see the upcoming HP Tech-Forum as an ideal opportunity for HP to re-commit to the VMS client-base by re-committing to IPsec with TCP/IP services. What better way to prove to doubting customers that VMS is still in safe hands and that their business infrastructure is safe with HP/VMS!