[Info-vax] Moving away from OpenVMS

[johnson.eric at gmail.com]

> I don't know ATA over Ethernet (or iSCSI). 
> What's the security model with them? 
> Does it credibly map onto a VMS security
> model , or does the storage have one 
> level of authentication which entitles any 
> authenticated client to get at all the blocks?

Darn. I created confusion with my quick broad stroke comparison to ATA over Ethernet.  It's not something to use here. I liked that they took a traditional (legacy?) protocol and put new life into it by effectively redirecting it over a commodity medium - Ethernet.  When you start using 10 gig and wring out the latency, good things can happen. 

But still - you asked about the security model and how would that work. In my view, each Linux side process would have a corresponding VMS side process to represent it in the VMS cluster. The one to one client/server process relationship makes it easier to preserve an existing security model. So if the code invokes SYS$GET_SECURITY then that function on the x86 side would be forwarded to the corresponding buddy process for execution on VMS. 

> they [sector 7] (allegedly) already have 
> (for fee) versions of SYS $CONNECT 
> and a wide variety of VMS-derived stuff. 

You are certainly right that they offer that. The difference in what I'm proposing is that the sector7 style solution is effectively creating a new cluster. Whereas what I'm describing gives you concurrent real time access to your current cluster and the data it has access to. It's the same difference between adding a node to a cluster versus starting a new one. 

I think that some systems may do better transitioning to a newer system with an "add a node to the cluster" model versus "let's make a new cluster". That premise may be wrong though. 

EJ