[Info-vax] How would you load balance excess webserver traffic between multiple OpenVMS servers?

kemain.nospam at gmail.com kemain.nospam at gmail.com
Tue Jan 12 19:29:04 EST 2021 

>-----Original Message-----
>From: Info-vax <info-vax-bounces at rbnsn.com> On Behalf Of ultr...--- via
>Info-vax
>Sent: January-12-21 6:30 PM
>To: info-vax at rbnsn.com
>Cc: ultr... at gmail.com <ultradwc at gmail.com>
>Subject: Re: [Info-vax] How would you load balance excess webserver traffic
>between multiple OpenVMS servers?
>
>On Tuesday, January 12, 2021 at 5:00:04 PM UTC-5, Jan-Erik Söderholm wrote:
>> Den 2021-01-12 kl. 22:49, skrev ultr... at gmail.com:
>> > On Tuesday, January 12, 2021 at 8:52:52 AM UTC-5, Simon Clubley wrote:
>> >> On 2021-01-11, D W <ultr... at gmail.com> wrote:
>> >>> On Monday, January 11, 2021 at 1:21:26 PM UTC-5, Simon Clubley
>wrote:
>> >>>> On 2021-01-11, Stephen Hoffman <seao... at hoffmanlabs.invalid>
>wrote:
>> >>>>>
>> >>>>> If you're thinking about a Parler-class app for instance, there
>> >>>>> are already some discussions of what's involved there that are
>> >>>>> going on else-network and which you may want to review?even if
>> >>>>> you're not re-hosting Parler, the problems are broadly similar at
>scale.
>> >>>>>
>> >>>>
>> >>>> Ok, _that_ possibility never occurred to me when I read Bob's
>> >>>> original post. Do you know something that the rest of us are unaware
>of ?
>> >>>
>> >>> maybe :)
>> >>>
>> >>>>
>> >>>> I would not recommend VMS as it stands today for such a
>> >>>> high-profile and potentially hostile environment.
>> >>>>
>> >>>
>> >>> you would prefer linux or windows? I thought OpenVMS was made for
>hostile environments.
>> >>>
>> >> As mentioned already, Linux has a number of security and isolation
>> >> features that VMS is lacking.
>> >>> Putting each user in a RWED controlled box along with appropriate
>> >>> ACLs I would assume would outclass any other solution out there,
>> >>> as long as VSI has terminated all of their C strings properly. :)
>> >>>
>> >> If that's what you think security is all about in 2021 Bob, then
>> >> you simply don't have a clue about what is involved.
>> >>
>> >> BTW, you don't even have to go through security, you can go around it.
>> >> That's exactly what I did and all the protections and ACLs would
>> >> have made absolutely no difference.
>> >>
>> >> To everyone else: I keep warning you about security researchers
>> >> possibly taking a serious interest in probing VMS at some point in
>> >> the future and about everything that could come from that.
>> >>
>> >> If Bob sets up some kind of conservative social networking
>> >> environment using VMS (which it is a poor choice for anyway), then
>> >> that is _exactly_ what is going to happen.
>> >> Simon.
>> >>
>> >> --
>> >> Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
>> >> Walking destinations on a map are further away than they appear.
>> >
>> > actually this is for a medium sized company who just got hit with a
>> > ransomware attack. They are tired of the hacks and expense of trying
>> > to defeat this crap. I know someone who is high up there and told him I
>may be able to design an OpenVMS solution to eliminate ransomware and
>malware attacks. They want to move their webserver in house to avoid
>shutdowns that Amazon and others are threatening.
>> >
>> > My idea was to set up and Apache or WASD webserver since Purveyor is
>> > no longer functioning on the front end and using a decnet over IP
>> > connection over an SSH tunnel connect to a back end server running
>> > RDB or some DB and to also send those web requests to the BE OpenVMS
>> > server via the decnet over IP encrypted connection using Snergy DBL
>> > to process them for speed and security. Also I was going to cluster the two
>systems together over the decnet over IP tunnel since the two boxes would
>reside in two different buildings right next to each other so if one building
>burned the other would failover. This would be relatively cheap and secure
>solution eliminating ransomware and malware attacks while providing 24/7
>uptime I thought - until Hoffman just telling me it will not work.
>> >
>> > So I guess OpenVMS can't stop ransomware attacks either?
>> >
>> What are you waiting for? If you have the solution and a paying
>> customer, then just go for it!
>>
>> You will not get any ransomeware attacks (not any successfull ones at
>> least) on your VMS servers. But you need some frontend systems, not?
>> Where are the users accessing/using this web solution located?
>> Inhouse or out on the internet?
>>
>> In what way are Amazon (AWS?) "and others" threatening with shutdowns?
>
>have you been on vacation? Research Parler and other bans. Smaller business
>are starting to talk about pulling their web services back in house.

Well, business ethics "should" always be a part of any new business opportunity. 

However, just because something is technically possible, does not mean it is something that a company should ethically do. 

Unfortunately, where $'s are concerned, business ethics all to often takes a back seat.

Re: moving cloud solutions back in-house. This has been starting to happen increasingly as companies realize the real costs of outsourcing (aka public cloud solutions). Many are moving to private cloud on-prem solutions, but with new service models that provides similar or better services as Cloud providers in terms of provisioning, workload orchestration, smart ticketing (Service desk integration), higher customized security solutions that are integrated with their own NOC's and service desks, synthetic transaction monitoring with service desk integration etc.

Re: OpenVMS high volume solutions.

Most companies designing a high-volume web site would never use just the basic tools one gets with any native OS platform. They would customize and often use third party tools and/or COTS products to enhance the overall security and/or technical aspects of the target solution. 

This would be the same approach using OpenVMS in any high-volume opportunity.

As an example, additional security and/or TCPIP and/or web products for the OpenVMS server components of a new high-volume solution might be to use: 

- WASD Web Server
<https://wasd.vsm.com.au/wasd_root/>

- System Detective from PointSecure
<https://pointsecure.com/products/system-detective/>

- PointAudit from PointSecure
<https://pointsecure.com/products/pointaudit/>

- Multinet TCPIP from Process Software 
<http://www.process.com/products/multinet/whats_new.html>

- Multinet VMS Authentication Module (LDAP, AD, Radius integration)
<http://www.process.com/products/vam/index.html>

- ISE Job Scheduling and backups in multi-platform environment
<https://www.i-s-e.com/>

Regards,

Kerry Main
Kerry dot main at starkgaming dot com





-- 
This email has been checked for viruses by AVG.
https://www.avg.com

More information about the Info-vax mailing list