Subject: Do the Q know what VMS is?
Date: Fri, 03 Mar 2000 22:18:32 -0500
From: "Glenn C. Everhart" <Everhart@gce.com>
Organization: GenCybEng
CC: everhart@gce.com
Newsgroups: comp.os.vms
In looking over some webpages for net systems, I noted nothing about
VMS at all. At times I wonder how it is that Compaq (and Digital
before it) managed to advertise VMS so little, and to convey so
little of what VMS can do in its advertising.
Lessee now...
VMS:
* Runs on the fastest iron in the world
* Is built by a culture that is fanatic about quality. As a
result:
* VMS doesn't crash constantly; in fact it stays up
years at a time with practically no administration
effort required.
* VMS was designed with the kind of security that you have
to go to add-ins like Argus or SEOS in unix land to
have. There is no single "superuser" priv, nor are there
buffer overflow bugs all over.
* VMS has been to the wars in terms of attacks, and as a
result has become well and truly bulletproof. VMS
code gets inspected by scores of people before it hits
the streets for bugs and security holes, and security
or data corruption bugs are treated as show stoppers.
Consider: password guessing avoidance
password policy modules
password history
Images can be installed with identifiers
so an image can have its own security
profile.
Access controls on everything
VMS INSTALLS SECURE OUT OF THE BOX
Devices, files, memory, etc. etc...EVERYTHING
is protected by the control system
Fine grained ACLs available
Persona services available for servers that
need them.
Military security bits are a tiny mod on
the base OS
Audit trail that does not fill the disk
when turned on but is actually useful
In addition third party apps for VMS allow
* File hiding
* Soft as well as hard links
* Images can force privs to be dropped while open
* Access controls based on image, time, type of
open, user, location, and excess privs
* File access passwords
* Various single signon
* Clusters that really allow simultaneous accesses to
resources. (No SCSI reserve/release needed!) and
provide a large control domain, extensible over
wide areas. Apps don't need to do anything special
to have cluster aware file access and locking.
* Hierarchical storage available
* Some of the finest backup/restore software in the world
* Database performance that beats 32 bit databases badly.
(5 way joins 250 times faster than 32 bit dbms?)
* Scalable performance in Galaxy space, allowing 32 processors
or more to be used, automatically migrating processors
to load, able to migrate I/O to idle machines,
and able to work scalably even on apps that are not
highly partitionable.
* Friendly and powerful program development environment
* SOURCE LISTINGS AVAILABLE and INEXPENSIVE...no hidden
APIs, no questions about what is in the OS.
* Huge library of freely available software also available
for the OS
* Network stacks for TCP/IP, DECnet, Novell, SNA, and many
other protocols exist for VMS.
* I/O system so fast it makes it tough to qualify control
chips. (At least one SCSI chip needed NO-OPs
to be fed to it between ops to keep from
overpowering it.)
The foregoing is perhaps a bit disjointed but this covers a fair
bit of what one can say about VMS, for starters, without
particularly dumping on other OSs. (Of course if you care to
figure what OSs are not built by a culture fanatic about quality
or what OSs give evidence that someone is working on them by
the fact that new security holes are found weekly, you can do
so. I would not expect Compaq necessarily to do this.)
It would of course do a heck of a lot of good for VMS if there
were regular mention in advertising of some of the things it does
exceptionally well. If they'd let everyone in on the secret of
what VMS is and does, it could bring them sales and would much
help an industry which has gotten SO used to crappy (I'm being
polite) quality that consultants and the press talk about it
being impossible to write a secure OS or one that doesn't need
to be rebooted every day or so, and impossible to get software
engineers to do quality work. VMS gives the lie to such sentiments
and should stand as a reproach to people who entrust vital systems
to toy OSs (to use Peter Neuman's phrase from NISSC).
Glenn Everhart
I've seen ads that stress that VMS doesn't go down. That is fine
and true, but misses many of the other points above. The fact
that VMS has security to put mainframes to shame