- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- new Poll: IPSEC support in HP TCPIP
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-13-2009 03:11 PM
05-13-2009 03:11 PM
Please vote for IPsec at the following site: -
http://www.openvms.org/stories.php?story=09/05/13/1922766
Thanks for setting that up Ian.
Cheers Richard Maher
PS. It's free! It allows you secure all (TCP/IP and UDP) traffic between hosts transparently! Host or Port level granularity! No more SSL coding at the application level! Comes with a host-based firewall capability! Secure your hand-held and portable communications today(ish)! Most of the code already exists and is able to make 8.4!
PPS. If you're going to vote "no" then why not just scratch your initials into a bus window, or spay-paint a wall like you normally do :-)
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-13-2009 05:33 PM
05-13-2009 05:33 PM
Re: new Poll: IPSEC support in HP TCPIP
OpenVMS.org Polls
If IPSEC support was available in HP TCPIP Services for OpenVMS
o You would deploy it on a production server within a year
o Be not interested because you already use another vendors IPSEC on OpenVMS
o Have no interest in using IPSEC on OpenVMS
o Don't know what IPSEC is
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-13-2009 06:18 PM
05-13-2009 06:18 PM
SolutionMy point being that you can design a poll to get the result you want, and it appears to me the result that is wanted is "Our customers show no interest in IPSec at this time".
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-13-2009 06:41 PM
05-13-2009 06:41 PM
Re: new Poll: IPSEC support in HP TCPIP
I certainly hope you're wrong. (Although I too would have like a less qualified "Yes" box)
I'm guessing any confusion with the questions, would have more to with the inexperience of the framers as pollsters rather than malicious intent or agenda.
OTOH, maybe they were told "that's what it'd take" and had to run with it :-(
Cheers Richard Maher
PS. Looking forward to once again saying a big *NO* to daylight saving in WA this week-end. (Hopefully for the last time!)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-13-2009 11:17 PM
05-13-2009 11:17 PM
Re: new Poll: IPSEC support in HP TCPIP
thanks for the pointer.
I just voted in favor, and I strongly advise every regular (and not so very regular) visitor here to do the same!
Proost.
Have one on me.
jpe
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-14-2009 12:30 AM
05-14-2009 12:30 AM
Re: new Poll: IPSEC support in HP TCPIP
re: pps... lol :-)
Regards,
John.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-14-2009 03:51 PM
05-14-2009 03:51 PM
Re: new Poll: IPSEC support in HP TCPIP
We recently put this question to HP Engineering directly, not because we want, need or even intend to use IPsec, but more as a sign of reduced investment, care and feeding, etc... in OpenVMS by HP.
In a nutshell, their answer was "show us the money". They pointed to the very low uptake of the EAK, and lack of feedback from customers stating that they wanted the product.
Rather than conduct a poll, I would urge anyone who is willing to pay for this product (even assuming that it will be "free" with an existing TCPIP license), to contact their account reps directly. A poll is not likely to be as effective as "if you don't implement IPsec, THIS customer will stop paying maintenance on TCPIP services and switch to one of the competing products".
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-14-2009 04:40 PM
05-14-2009 04:40 PM
Re: new Poll: IPSEC support in HP TCPIP
I will go over the same ground as I have done many times before in various forums.
1) Nobody is asking for some blue-sky thinking here or to invest in a huge startup project. IPSec is not just low-hanging fruit, it's a wind-fall sitting on the ground; all they have to do is pick it up! Unless of course, all of the money that's been poured into its development over the last 5+ years has produced something a tad less than merchantable quality. (In which case if I was the developer(s) or project manager(s) I too would be desperate to stop people asking what we've been doing all this time!)
2) What is the standard or average EAK download stats for say the last 10 VMS products released in this fashion? What is a "low uptake" and what are "they" comparing it to?
What was the Java EAK download stats? WSIT 3.0? RTR on Linux? IPv6? Clusters over IP perhaps?
Oh, I see; they don't have to jump through the same imaginary hoops as someone's pet project? I get it, VMS management only does this when they want to kill something.
"Global clusters over IP" has everyone asking for it, but "VPN my laptops and hand-helds" is an orphan? I think not.
3) Your world may well revolve around what "We" do but when every other OS and IP Stack vendor from SUN to Microsoft to IBM to all flavours of Linux and Android and iPhone have implemented IPsec (and most of them years ago on IPv4) you'll forgive me for dismissing the argument as being akin to the horse that won't drink. The ability to encrypt and authenticate all communication between hosts or just some ports on different hosts is not something I see as being limited in its application these days, even in intranets.
Why bother with IPv6 at all for Pete's sake? Where were you when they were presumably wasting more money on that redundant rubbish? Big EAK hit? BTW, IPsec is a *mandatory* component for those claiming IPv6 compliance.
What's that you say?
"We don't put VMS on the network and expose it to nastiness, VMS is a local shop for local people!" We don't need a firewall on VMS, we don't need secure communications, we just buy a whole lot of *nix boxes for the real world stuff and lock VMS up in a room :-(
> Rather than conduct a poll,
Oh, I see, the jury's back but no one likes the verdict? I also see Ian has adopted a similar tack in OpenVMS.org :-( Looks like John P was right after all.
Anyway, it maybe fun to watch me run around like Pavlov's Dog but seeing long suffering VMS customers have to do the same for even the most basic, essential e-business functionality helps explain why VMS is where it is today.
Why don't they stop all IPv6, no all VMS, development now? Hold on. . .Ooops!
Richard Maher
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-14-2009 04:59 PM
05-14-2009 04:59 PM
Re: new Poll: IPSEC support in HP TCPIP
I just had a look at: -
http://h71000.www7.hp.com/ebusiness/technology.html
And was once again surprised to find not 1, 2, or 3, but *4* web-browsers for VMS! Well I guess you just can't have too many of those.
Anyway what I couldn't find on the page was how much profit HP/VMS makes from the sale of these products, or the additional VMS units shipped on the back of them. You couldn't get your contacts to help me out and "Show me the money" could you?
Also, what were the EAK download stats for each of these web-browsers?
Regards Richard Maher
PS. What has changed in the last say 5 years since millions of license-payer dollars were allocated to IPsec development, and thousands of man-hours spent, and today where presumably that money will just be written off as "I bet ya no one was gonna use it anyway"?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-14-2009 05:19 PM
05-14-2009 05:19 PM
Re: new Poll: IPSEC support in HP TCPIP
Based upon number of support calls, the number of users of SSH & SFTP is orders of magnitude higher.
FTP over TLS (FTPS) hasn't been out long enough to measure, but we have had a few calls on it as well.
I would say that there is great demand for methods of securing user authentication and data exchange, which method ends up being the most popular in the long run is hard to say.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-14-2009 06:22 PM
05-14-2009 06:22 PM
Re: new Poll: IPSEC support in HP TCPIP
Don't shoot the messenger. You don't need to convince me! I believe HP should implement IPsec.
We had an opportunity recently, with HP Engineering on the other side of a table, in person (well, at least on HALO). We put the question of IPsec futures to them. I'm just giving you a summary of the answer we got.
That doesn't mean I believe it's a GOOD answer, nor that I think their justification is valid. That's just what they said. I can't answer your (rhetorical?) questions.
From my experience of getting stuff put into VMS, I've found that forum discussions or complaining to support folk, no matter how vociferous or compelling, don't tend to get results.
You need to find a (small) number of real live, paying customers, and get them to rattle account rep cages. That's far more likely to get the result you want than preaching fire and brimstone to the choir.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-15-2009 02:41 AM
05-15-2009 02:41 AM
Re: new Poll: IPSEC support in HP TCPIP
People in HP are watching the results and I'm collecting comments to pass on to.
I have no control over the decision but am attempting to provide a way of getting the VMS community feedback to the people that do make the decision.
Purely Personal Opinion
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-15-2009 02:55 AM
05-15-2009 02:55 AM
Re: new Poll: IPSEC support in HP TCPIP
there may also be traction for this in the lottery gaming market as suppliers like GTECH are looking to offer online products to complement existing terminal based lottery software, they can do IPSec on VMS's rival platforms...
perhaps HP might run that by them ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-17-2009 12:58 PM
05-17-2009 12:58 PM
Re: new Poll: IPSEC support in HP TCPIP
It looks like IPSEC will be the future and when mandated I will need to implemented it yesterday. I hope OpenVMS Management will be on board and ready to ship.
I don't know about everyone else but the request on my time is such that unless our customer is asking for it I have very little time to expore every new thing. It's only when they ask that I better have the answer ready.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-17-2009 03:01 PM
05-17-2009 03:01 PM
Re: new Poll: IPSEC support in HP TCPIP
Not sure what the critical mass needed would look like, but for the benefit of the VMS-only HP customers let me point out that "HP" haven't figured out IPsec requirements today or yesterday, they've *known* it was absolutely needed years ago. It's right there in HP UX and has been for almost *10 years*! (Not sure about HPUX chronology but a quick glance through ITRC has the earliest post on 25/9/2000 talking about IPsec availability in version 10.4 or a production-grade realease in HPUX 11.0)
Just found a interesting HP/UX web-page regarding IP with the catch phrase "Delivering the promise"
http://h20338.www2.hp.com/hpux11i/cache/324347-0-0-0-121.html
Little do they know that HP/VMS have a similar program, but ours is tailor made for the amount development taking place on VMS at the moment and for the calibre of the user-base; it's called "Breaking the promise" :-(
And for John G and other's appologizing for having the temerity to discuss such things in a public forum, here's one where it looks like HPUX IPsec project management actually
encourage public forum feedback:-
http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=866391
I wonder what the EAK take-up for IPsec on HPUX was? I wonder what hoops HP's valued customers were made to jump through there?
Your problem is not with HP as a whole, they're fully on board, your problem is with HP/*VMS* management!
Just search ITRC for IPsec to see all sorts of lively development and system management discussion. (Then there's Linux, SUN, IBM, Apple, Microsoft, all with IPsec. Android? iPhone? - Good to go!)
Regards Richard Maher
BTW. here's another coup of useful links: -
http://www.ipv6ready.org/?page=faq
http://www.ipv6ready.org/?page=phase-2-about
Now clearly TCP/IP Services for OpenVMS will find it impossible to obtain Stage 3 IPv6 Ready status and qualification without IPsec, but how is it able to still be listed for the Gold Logo at all? All you have to do is pass a test in the labs and never release anything?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-17-2009 03:37 PM
05-17-2009 03:37 PM
Re: new Poll: IPSEC support in HP TCPIP
>And for John G and other's appologizing for
>having the temerity to discuss such things
>in a public forum,
Probably no point in responding because you're refusing to try to understand my message :-(
I am NOT apologising for OpenVMS engineering! I think their stance on IPsec is stupid, short sighted and unjustified. Can I make it clearer than that?
However, rather than just rant and abuse anyone even perceived to have a contrary opinion, I have actually DONE SOMETHING about it by speaking directly to the people who make the decisions. What I posted was their response, and a suggestion about a potentially more productive way to achieve your objective.
I've told HP that I would like IPsec to be released, but I can't tell them that we actually need it because at this time we don't have any plans to use it. Sorry if you're offended by that.
Richard, how you ever expect anyone to listen to you when even those in full agreement cop abuse and sarcasm is beyond me!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-17-2009 08:21 PM
05-17-2009 08:21 PM
Re: new Poll: IPSEC support in HP TCPIP
We managed to keep an OpenVMS drop box alive and still in service by purchasing Process Software's SSH. The poor support for a rich TCP/IP stack on lower version of VMS has not helped. Salaries for strong Linux or Unix skills exceed those for VMS. I spend a lot of time now managing Linux clusters solving problems which just cannot happen on VMS.
So IPSEC on OpenVMS ? Why ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-17-2009 08:22 PM
05-17-2009 08:22 PM
Re: new Poll: IPSEC support in HP TCPIP
GTECH is certainly not the only one looking for such functionality, and with IPsec having reached ubiquitous-status in recent years (everywhere outside of VMS that is) the option of deploying IPsec for mutual-authentication and encryption is gaining a lot of traction.
As the Financial Services Technology Consortium put it in its January 2005 report, "Better institution-to-customer authentication would prevent attackers from successfully impersonating financial institutions to steal customers' account credentials; and better customer-to-institution authentication would prevent attackers from successfully impersonating customers to financial institutions in order to perpetrate fraud."
Home-Banking, Online-Trading, and Online-Gaming, are all areas I expect to see IPsec become much more prevalent in, as well as the traditional branch-offices, mobile-salesmen, or employees working-from-home market. With Android and iPhone both supporting IPsec, the hand-held VPN market is also set to explode!
But to know why I'm so passionate about IPsec have a look at: -
http://manson.vistech.net/t3$examples/demo_client_web.html
Username: TIER3_DEMO
Password: QUEUE
Tier3 does not currently support (code for) SSL on the server side, therefore those that need an encryption and authentication capability currently have to stick a product like Stunnel in the way, or IPsec to a router or other IPsec supporting OS behind the firewall. Similarly with the hotTIP functionality described in detail at
http://manson.vistech.net/t3$examples/Tier3_031.pdf
But intrinsic IPsec in VMS is extremely desirable not just for Tier3/hotTIP but for any application that wants to communicate over TCP/IP (*and UDP*) Sockets. Port 443 is *not* the only game in town! Why should every application have to re-code and re-invent SSL support when with IPsec a System Manager can simply say "I want secure, authenticated, communications between these hosts and those; all Mail, Telnet, HTTP, FTP and every other application protocol you'd like."?
It's all good! And it's already done: -
http://h71000.www7.hp.com/openvms/products/ipsec/index.html
All they have to do is support it just like HP-UX, IBM, Microsoft, SUN, Apple, Linux. . .
Regards Richard Maher
PS. John, I'd very much like to know the names of the people "making the decisions"!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-18-2009 01:08 AM
05-18-2009 01:08 AM
Re: new Poll: IPSEC support in HP TCPIP
The results are publically visible.
Comments here and elsewhere will be collected and passed on to people in HP who have asked about this.
Purely Personal Opinion
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-18-2009 02:45 AM
05-18-2009 02:45 AM
Re: new Poll: IPSEC support in HP TCPIP
Please also be advised that Process Software will be holding a Webinar on IP Security on Wednesday, May 27th discusiing IPsec (among other things): -
http://www.openvms.org/stories.php?story=09/05/13/1331735
When forced by HP/VMS management to choose between HP-UX or an alternative IP Stack provider, I suggest that you look seriously at Multinet and one of the *many* Linux-based IPsec solutions.
Cheers Richard Maher
PS. Personally, I'd see the upcoming HP Tech-Forum as an ideal opportunity for HP to re-commit to the VMS client-base by re-committing to IPsec with TCP/IP services. What better way to prove to doubting customers that VMS is still in safe hands and that their business infrastructure is safe with HP/VMS!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-18-2009 09:38 AM
05-18-2009 09:38 AM
Re: new Poll: IPSEC support in HP TCPIP
What would you get if you did more with IPSEC? How about no-password logins using the Computer Access Card as the starting point. You would be surprised how many sites want that. (No, maybe you wouldn't be surprised.) Attachmate s/w could extract the RSA key from the card, but its in the wrong format completely - IPSEC. So our OpenSSH won't take it. Drives me nuts because I am bound in regulation about how I can approach the problem. But even with something so simple as the ability to convert OpenSEC keys to IPSEC or vice versa, I could take that ball and run with it for miles!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-18-2009 05:04 PM
05-18-2009 05:04 PM
Re: new Poll: IPSEC support in HP TCPIP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-20-2009 12:27 AM
05-20-2009 12:27 AM
Re: new Poll: IPSEC support in HP TCPIP
Results
If IPSEC support was available in HP TCPIP Services for OpenVMS
You would deploy it on a production server within a year 85.87% (79)
Be not interested because you already use another vendors IPSEC on OpenVMS 4.35% (4)
Have no interest in using IPSEC on OpenVMS 4.35% (4)
Don't know what IPSEC is 5.43% (5)
I will pass this on with the collected comments to HP.
Purely Personal Opinion
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-20-2009 12:41 AM
05-20-2009 12:41 AM
Re: new Poll: IPSEC support in HP TCPIP
If IPSEC support was available in HP TCPIP Services for OpenVMS
You would deploy it on a production server within a year 83.05% (98)
Be not interested because you already use another vendors IPSEC on OpenVMS 4.24% (5)
Have no interest in using IPSEC on OpenVMS 5.08% (6)
Don't know what IPSEC is 7.63% (9)
Maybe you have a cached page?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-20-2009 03:17 AM
05-20-2009 03:17 AM
Re: new Poll: IPSEC support in HP TCPIP
I'm now seeing the figures you posted.
However the overall pattern is the same.
Purely Personal Opinion