July 30, 2012
Security patches still floating HP-UX cloud
Migrating from the HP 3000 can be an act of faith. Once a vendor has closed down a business platform, the alternatives might look less certain to survive -- at least until a manager can survey the security of a replacement host. HP genuinely dimmed the lights on its MPE/iX activity when it stopped creating security patches. Windows XP is still getting these, but Microsoft has said they'll stop patching in 2017.
Apple's starting to join the previous-platform shutdown crew. Its new OS Mountain Lion is blasting across the downloading bandwidth -- the vendor said more than 3 million copies went out in the first four days of release. With every copy of Mountain Lion that's downloaded, or shipped out on new Macs, the older platform of Snow Leopard loses a step in Apple's march. Snow Leopard shipped out in 2009. Some managers are on watch, waiting to see when that leopard will lose its security spots.
HP continues to support two earlier releases of HP-UX with security patches. Two separate breaches were repaired last week. One vulnerability could be exploited remotely to create a Denial of Service (SSRT100878 rev.2). Another patch (SSRT100824 rev.3) addressed vulnerabilities which "could be exploited remotely to execute arbitrary code or elevate privileges." Samba and BIND opened the gates to these hacks. Both have been supported in MPE/iX, but it's been many years since Samaba or BIND had any access to a security patch on the 3000.
The Mac's OS is built out of the girders of such open-sourced, Unix-based tools and software. Now there's a rising current of change flowing through the Apple community around the two latest releases of the OS. Lion and Mountain Lion change so many things that older, more experienced Mac managers find themselves learning new interfaces and administration in a forced march -- all because Apple sees profit in making Macs behave like mobile phones and tablets.
Whatever's been learned about managing a Mac is now being depreciated with each new OS release. That kind of change is only the early stages of what a 3000 manager experienced when HP stopped creating MPE/iX or patching it for security. The Unix customers of Apple (Mac OS managers) and HP have one thing in common: continuous re-learning and patching of their environments. This will stretch an IT pro's skill sets. It can also stretch out a workday into work nights and weekends. Enterprise customers must always hope that their vendor doesn't get too enterprising about the profits from churn. Apple seems to be doubling down on a strategy that churns up security issues: cloud computing.
HP added this level of capability to MPE once during the history of the OS, when it grafted a Posix interface onto MPE/XL in 1992 to create MPE/iX. The Posix namespace provided instant familiarity to adminstrators who knew Unix admin commands and programs. But MPE/iX didn't stop behaving like administrators expected who wanted nothing to do with Posix. They didn't have to trick the 3000 into the polished and proven processes that established reliability and security.
Apple's iCloud is the default file storage location in that 3-million download OS version. The vendor really doesn't believe in things like a desktop for file management anymore. Let the cloud take care of finding things and keeping them up to date. In other words, let Apple's server farm security maintain the sanctity of personal and professional data.
This turn of events was triggered by the sudden fortunes of Apple's computing business. Mobile devices make up more than 75 percent of the largest capitalized company in the world today. With so many ways to carry a computer out of the office, Apple figures a cloud is the only chance to keep documents and personal data up to date. When a business takes off enough to double a stock price, a company will pivot to capture the opportunity.
The situation illustrates the challenges in staying on a fast track of technology. Apple's "doubling-down" on iCloud, according to its CEO. HP is making a bid for this kind of computing, too, but not by pushing all the chips to the center of its enteprise table. Cloudsystem is good for some businesses, but the top reason that 3000 managers cite for avoiding it: security concerns. HP's got a Enterprise Cloud Services-Continuity version that the vendor says "is part of what makes this an 'enterprise' cloud service."
Some of the security freature include Network Intrusion Detection and Prevention (NIDS/NIPS), firewall and VPN monitoring and management, two-factor authenticated access to privileged user accounts, operating system hardening, physical datacenter security (access by key card or biometric palm scanning, video surveillance, and on-site security personnel) and SIEM monitoring.
That last bit of ackronymn soup stands for Security Information and Event Monitoring, real-time analysis of security alerts generated by networks.
Quite a bit like the MPE/iX customers of just five years ago, us managers of Snow Leopard systems haven't got the latest iCloud, update-everywhere powers, the place where we can abandon our regard for file system skills. We are still getting security patches like the ones that HP-UX admins processed last week through HP-UX Software Assistant.
Every vendor will judge when securing older releases -- like Snow Leopard, MPE/iX or HP-UX B.11.11 -- stops making business sense. Trying to estimate that date is as tough as guessing the thoughts behind the inscrutable face of any cat, either leopard or lion. But knowing that end-of-security deadline is on its way is easy to predict. Every OS gets such a day to test the faith of its customers. And the changes a manager must adopt to keep pace with their OS could be so profound that staying current feels like adopting a new set of administration skills.
Use our search engine to find 20 years
of HP 3000 news and articles
The comments to this entry are closed.