[Info-vax] How would you load balance excess webserver traffic between multiple OpenVMS servers?

Tue Jan 12 16:49:56 EST 2021

On Tuesday, January 12, 2021 at 8:52:52 AM UTC-5, Simon Clubley wrote:
> On 2021-01-11, D W <ultr... at gmail.com> wrote: 
> > On Monday, January 11, 2021 at 1:21:26 PM UTC-5, Simon Clubley wrote: 
> >> On 2021-01-11, Stephen Hoffman <seao... at hoffmanlabs.invalid> wrote: 
> >> > 
> >> > If you're thinking about a Parler-class app for instance, there are 
> >> > already some discussions of what's involved there that are going on 
> >> > else-network and which you may want to review?even if you're not 
> >> > re-hosting Parler, the problems are broadly similar at scale. 
> >> > 
> >> 
> >> Ok, _that_ possibility never occurred to me when I read Bob's original 
> >> post. Do you know something that the rest of us are unaware of ? 
> > 
> > maybe :) 
> > 
> >> 
> >> I would not recommend VMS as it stands today for such a high-profile 
> >> and potentially hostile environment. 
> >> 
> > 
> > you would prefer linux or windows? I thought OpenVMS was made for hostile environments. 
> >
> As mentioned already, Linux has a number of security and isolation 
> features that VMS is lacking.
> > Putting each user in a RWED controlled box along with appropriate ACLs 
> > I would assume would outclass any other solution out there, as long as VSI has terminated all of their C strings properly. :) 
> >
> If that's what you think security is all about in 2021 Bob, then you 
> simply don't have a clue about what is involved. 
> 
> BTW, you don't even have to go through security, you can go around it. 
> That's exactly what I did and all the protections and ACLs would have 
> made absolutely no difference. 
> 
> To everyone else: I keep warning you about security researchers possibly 
> taking a serious interest in probing VMS at some point in the future and 
> about everything that could come from that. 
> 
> If Bob sets up some kind of conservative social networking environment 
> using VMS (which it is a poor choice for anyway), then that is _exactly_ 
> what is going to happen.
> Simon. 
> 
> -- 
> Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP 
> Walking destinations on a map are further away than they appear.

actually this is for a medium sized company who just got hit with a ransomware attack. They are tired of the hacks and expense
of trying to defeat this crap. I know someone who is high up there and told him I may be able to design an OpenVMS solution to
eliminate ransomware and malware attacks. They want to move their webserver in house to avoid shutdowns that Amazon and others are threatening.

My idea was to set up and Apache or WASD webserver since Purveyor is no longer functioning on the front end and using a decnet over IP
connection over an SSH tunnel connect to a back end server running RDB or some DB and to also send those web requests to the BE
OpenVMS server via the decnet  over IP encrypted connection using Snergy DBL to process them for speed and security. Also I was going 
to cluster the two systems together over the decnet over IP tunnel since the two boxes would reside in two different buildings right next
to each other so if one building burned the other would failover. This would be relatively cheap and secure solution eliminating ransomware and
malware attacks while providing 24/7 uptime I thought - until Hoffman just telling me it will not work.

So I guess OpenVMS can't stop ransomware attacks either?