Sunday, October 24, 2021

Table of Contents

Executive Summary

Background on This Paper

Who Was Surveyed

Company & Respondent Profile

Reasons Why IT Managers
Are More Concerned
About Security Today

How Often RISC-Based Clusters
Crash Due to a Virus or Worm

Quantifying the Impact of Security-
Related Cluster Downtime

Total Cost of Security Findings

Respondents’ Opinions on
Differences in Operating
System Security

Independent Evaluations of
Operating System Security

Why OpenVMS is More Secure


Are Some RISC-Based Clusters More Secure Than Others?

A Detailed Comparison of Potential Vulnerabilities and Security-Related Cluster Crashes for HP OpenVMS, IBM AIX and Sun Solaris Server Clusters. (June 2004)

In February 2004, TechWise Research published a paper entitled: Total Cost of Ownership for Entry-Level and Mid-Range Clusters. That paper showed that HP OpenVMS/AlphaServer clusters average fewer hours of security-related downtime than IBM AIX/pSeries and Sun Solaris/Sun Fire clusters. TechWise Research decided to conduct a follow-up study to probe specifically into the area of cluster security. The purpose was to better understand the differences between HP, IBM and Sun cluster security costs, and the possible reasons why HP has an advantage over IBM and Sun in this area. The results from this follow-up research are summarized in this paper.

For this study, TechWise collected and/or analyzed data from four sources. First, availability data from the February 2004 study were examined in more detail, specifically in the area of crashes caused by security-related incidents. Second, we conducted follow-up executive telephone interviews with respondents from the February 2004 study. These in-depth discussions provided further insight into information regarding security issues and availability differences between the three types of clusters. Quotes and comments from respondents are included in this paper. Third, TechWise Research performed a detailed analysis of the CERT® Coordination Center’s database that tracks security vulnerabilities and threats. TechWise Research reviewed all the alerts that were issued between January 1, 2000 and December 31, 2003 to identify the number of security patches that have been released for HP OpenVMS, IBM AIX and Sun Solaris. Lastly, TechWise Research studied the Common Vulnerabilities and Exposures (CVE) database that was developed by the MITRE Corporation. This database was started in 1999 to provide standardized names and descriptions for information security vulnerabilities and exposures.

Overall Results:
The findings show that HP OpenVMS clusters average the fewest hours of security-related downtime, followed by Sun Solaris, and then by IBM AIX clusters which had the most. The difference between the cluster brands is significant. Sun and IBM clusters average three and five hours more of additional security-related downtime per year, respectively, compared to HP clusters. For many companies, the cost per hour of downtime is measured in the tens, if not hundreds of thousands of dollars. Over a three-year period, HP OpenVMS/AlphaServer clusters have the potential to save companies up to one million dollars, just in security costs, compared to Sun Solaris/Sun Fire and IBM AIX/pSeries clusters. These savings do not take into account any costs suffered when hackers corrupt or steal confidential information.

TechWise Research identified several reasons why HP OpenVMS/AlphaServer clusters offer the lowest Total Cost of SecurityTM (TCSTM):

  • First, Solaris and AIX contain a considerable amount of open source code that is widely available for hackers to access and exploit.

  • Second, between Jan. 1, 2000 and December 31, 2003, HP clusters required far fewer security patches than IBM and Sun clusters. An examination of the CERT® Coordination Center database revealed only 2 security-related patches for OpenVMS compared with 29 each for AIX and Solaris.

  • Third, the OpenVMS operating system has far fewer security vulnerabilities than the other two operating systems. A query of the MITRE Corporation’s CVE database showed only 5 security vulnerabilities listed for OpenVMS, compared with 89 for AIX and 157 for Solaris.

To receive a free copy of the full report, please provide the following information.  We will then send you an email with instructions how to obtain your report.

To prove you are not a bot, type the characters you see in this picture.

Request Paper     


© 1998-2014 TechWise Research, Inc. All rights reserved.
Page Last Updated: 07/19/2014