Subject: Do the Q know what VMS is? Date: Fri, 03 Mar 2000 22:18:32 -0500 From: "Glenn C. Everhart" Organization: GenCybEng CC: everhart@gce.com Newsgroups: comp.os.vms In looking over some webpages for net systems, I noted nothing about VMS at all. At times I wonder how it is that Compaq (and Digital before it) managed to advertise VMS so little, and to convey so little of what VMS can do in its advertising. Lessee now... VMS: * Runs on the fastest iron in the world * Is built by a culture that is fanatic about quality. As a result: * VMS doesn't crash constantly; in fact it stays up years at a time with practically no administration effort required. * VMS was designed with the kind of security that you have to go to add-ins like Argus or SEOS in unix land to have. There is no single "superuser" priv, nor are there buffer overflow bugs all over. * VMS has been to the wars in terms of attacks, and as a result has become well and truly bulletproof. VMS code gets inspected by scores of people before it hits the streets for bugs and security holes, and security or data corruption bugs are treated as show stoppers. Consider: password guessing avoidance password policy modules password history Images can be installed with identifiers so an image can have its own security profile. Access controls on everything VMS INSTALLS SECURE OUT OF THE BOX Devices, files, memory, etc. etc...EVERYTHING is protected by the control system Fine grained ACLs available Persona services available for servers that need them. Military security bits are a tiny mod on the base OS Audit trail that does not fill the disk when turned on but is actually useful In addition third party apps for VMS allow * File hiding * Soft as well as hard links * Images can force privs to be dropped while open * Access controls based on image, time, type of open, user, location, and excess privs * File access passwords * Various single signon * Clusters that really allow simultaneous accesses to resources. (No SCSI reserve/release needed!) and provide a large control domain, extensible over wide areas. Apps don't need to do anything special to have cluster aware file access and locking. * Hierarchical storage available * Some of the finest backup/restore software in the world * Database performance that beats 32 bit databases badly. (5 way joins 250 times faster than 32 bit dbms?) * Scalable performance in Galaxy space, allowing 32 processors or more to be used, automatically migrating processors to load, able to migrate I/O to idle machines, and able to work scalably even on apps that are not highly partitionable. * Friendly and powerful program development environment * SOURCE LISTINGS AVAILABLE and INEXPENSIVE...no hidden APIs, no questions about what is in the OS. * Huge library of freely available software also available for the OS * Network stacks for TCP/IP, DECnet, Novell, SNA, and many other protocols exist for VMS. * I/O system so fast it makes it tough to qualify control chips. (At least one SCSI chip needed NO-OPs to be fed to it between ops to keep from overpowering it.) The foregoing is perhaps a bit disjointed but this covers a fair bit of what one can say about VMS, for starters, without particularly dumping on other OSs. (Of course if you care to figure what OSs are not built by a culture fanatic about quality or what OSs give evidence that someone is working on them by the fact that new security holes are found weekly, you can do so. I would not expect Compaq necessarily to do this.) It would of course do a heck of a lot of good for VMS if there were regular mention in advertising of some of the things it does exceptionally well. If they'd let everyone in on the secret of what VMS is and does, it could bring them sales and would much help an industry which has gotten SO used to crappy (I'm being polite) quality that consultants and the press talk about it being impossible to write a secure OS or one that doesn't need to be rebooted every day or so, and impossible to get software engineers to do quality work. VMS gives the lie to such sentiments and should stand as a reproach to people who entrust vital systems to toy OSs (to use Peter Neuman's phrase from NISSC). Glenn Everhart I've seen ads that stress that VMS doesn't go down. That is fine and true, but misses many of the other points above. The fact that VMS has security to put mainframes to shame