Second of two parts
At this spring's GHRUG International Technology Conference, HP 3000 advice flowed freely. One community services provider, Brian Edminster of Applied Technologies, gave attendees a tour of how open source helped his firm beat an impossible HP 3000 project deadline.
Open source software can keep HP 3000s online and productive, even in the face of industry requirement changes and new government regulations. Edminster told of a 3000 installation processing Point of Sale transactions, a customer which faced new PCI compliance demands. He was tasked with finding a solution to the new credit card compliance rules late in 2005 — with a January 2006 deadline.
“What we were struggling with was not that uncommon,” he explained. “The solution of choice was a version of the package OpenSSH, an open source implementation of a secure shell.” OpenSSH offers publicly exchanged authentication, encrypted communication for secure file transfers, a secure shell command line, port forwarding. “It’s amazing how much you get, and it’s available for many operating systems.”
OpenSSH protects from “man in the middle” security attacks by using DNS resolution, another open source utility that Bixby has wired into MPE/iX. Edminster recommended “the definitive guide to OpenSSH, commonly known as ‘the snail book’ from O’Reilly Press, Second Edition.”
That 3000 site working on its POS security requirements enabled DNS resolution across its enterprise, so Edminster was able to use a handy MPE/iX script written by Jeff Vance, retired from HP, called DNSCHECK. “It’s a beautiful piece of scripting that checks, step by step, all the things necessary for name resolution to work” on an HP 3000.
OpenSSH uses cryptological software to pad out blocks of data which are being transferred. The HP 3000’s random number generation routines are “not so good” for this, Edminster explained. Random number routines must have a much longer cycle length of repeats than MPE/iX provides. MPE has no random number generation built into its kernel, unlike other operating environments. The solution is “the Entropy Gathering Daemon, which is already packaged up by Ken Hirsh with his port of OpenSSH,” Edminster reported.
Open source solutions to the POS project included ZLIB, a compression library included in the Posix implementation on the HP 3000. The ZLIB on the 3000 is version 1.1.3; consultants insisted on a newer 1.2.3 version for needed security. “I just downloaded it from the ZLIB Web site, and executed the MAKE command. It’s probably the simplest package you can port on the HP 3000.”
The collection of PCI security tools from open source resources had to be integrated with the existing HP 3000 application. STR Software, which now specializes in communication packages and message delivery, has a POS/3000 package. “In spite of the fact that it was written in SPL, and almost 20 years ago, they worked with us to make the modifications necessary to allow us to integrate this new secure communication protocol,” Edminster said.
He warned that the port of OpenSSH for the HP 3000 includes a remote shell module that doesn’t work very well, “due to the peculiarities of the Posix implementation on the HP 3000. So we had to think outside the box, which is something you must do sometimes — for open source software that didn’t port completely, or only has the basic functionality working.”
Edminster wrote a simple shell script to execute the few remote commands OpenSSH required. “It was executed once a minute by cron,” the open source scheduler utility included in MPE/iX. What we ended up with was a retail replacement project which we were given a month late to start, but we met by the completion date with the use of open source software.”