Security patches afloat for UX, for a price
June 10, 2014
If an IT manager had the same budget for patches they employed while administering an HP 3000, today they'd have no patches at all for HP's Unix replacement system. That became even more plain when the latest Distributed Denial of Service (DDoS) alert showed up in my email. You never needed a budget to apply any patches while HP 3000s were for sale from the vendor. Now HP's current policy will be having an impact on the value of used systems -- if they're Unix-based, or Windows ProLiant replacements for a 3000. Any system's going to require a support contract for patches.
For more than 15 years, HP's been able to notify customers when any security breach puts its enterprise products at risk. For more than five years, one DDoS exploit after another has triggered these emails. But over the past year, Hewlett-Packard has insisted that a security hole is a good reason to pay for a support contract with the vendor.
The HP 3000 manager has better luck in this regard than HP's Unix system owners. Patches for the MPE/iX environment, even in their state of advancing age, are distributed without charge. A manager needs to call HP and be deliberate to get a patch. The magic incantation when dealing with the Response Center folks is to use transfer code 798. That’ll get you to an MPE person. And there's not an easy way for an independent support company to help in the distribution, either. HP insisted on that during a legal action last spring.
In that matter, a support company -- one that is deep enough to be hiring experts away from HP's support team -- was sued for illegal distribution of HP server patches. HP charged copyright infringement because the service company had downloaded patches -- and HP claimed those patches were redistributed to the company's clients.
The patch policy is something to budget for while planning a migration. Some HP 3000 managers haven't had an HP support contract since the turn of this century. Moving to HP-UX will demand one, even if a more-competent indie firm is available to service HP-UX or even Windows on a ProLiant system. See, even the firmware patches aren't free anymore. Windows security patches continue to be free -- that is, they don't require a separate contract. Not even for Windows XP, although that environment has been obsoleted by Microsoft.
HP, like Oracle (owners of Sun) and other OS manufacturers, have chosen to restrict updates, patches, and now firmware to only those customers that have a current support agreement. Indie support companies can recommend patches; in fact, they're a great resource for figuring out which patch will fix problems without breaking much else. But customers are required to have their own support agreement in order to download and install such patches and updates.
Even following the links in the latest HP emails landed me in a "you don't have a support agreement to read this" message, rather than the update about DDoS exposure. It's more than the patches for migration platforms that HP's walled away from the customer base. Now even the basic details of what's at risk are behind support paywalls.
The extra cost is likely to be felt most in the low to midrange end of the user community. Dell's not getting caught up in what HP calls an industry trend to charge for repairing malformed software or OS installations that get put at risk. Dell offers unrestricted access to BIOS and software updates for its entire server, storage, and networking line.