Docstoc

Slide 1 - Connect Worldwide

Document Sample
Slide 1 - Connect Worldwide Powered By Docstoc
					How Much Does That
Computer Really Cost
The OpenVMS Advantage




Eddie Orcutt
Enterprise Solutions Architect
                 Agenda
• Introduction
  – What are we calculating & why
• Hard to Calculate Lifecycle Costs (Hidden)
  – Security Threat and Associated Costs
  – Manpower/Staffing Costs
• Total System Operational Costs
• TCO Comparisons
• Other Cost Factors
                            According to Ziff Davis Enterprise

       “While many purchasers of IT solutions evaluate
         the total lifecycle costs of the solutions they are
         considering, the initial cost to purchase the
         solution is normally the single, most dominant
         consideration. However, a lower cost for a
         solution across its lifecycle -- from purchase to
         decommission -- normally necessitates a higher
         initial price point. An additional consideration is
         that while the initial purchase cost is specific and
         must be spent, the calculation of the lifecycle
         savings that justify it is inherently less accurate. “


Tech Buyers Resource Library – Ziff Davis Enterprise
                            According to Ziff Davis Enterprise

       “While many purchasers of IT solutions evaluate
         the total lifecycle costs of the solutions they are
         considering, the initial cost to purchase the
         solution is normally the single, most dominant
         consideration. However, a lower cost for a
         solution across its lifecycle -- from purchase to
         decommission -- normally necessitates a higher
         initial price point. An additional consideration is
         that while the initial purchase cost is specific and
         must be spent, the calculation of the lifecycle
         savings that justify it is inherently less accurate. “

                                                       Until Now!
Tech Buyers Resource Library – Ziff Davis Enterprise
           WORLDWIDE SERVER MARKET (1996-2012)
    Operational Costs Rise Dramatically
      Spending
        ($M)
                      WW Spending on Servers, Power and Cooling, and Management/Administration
 $200,000


 $175,000

 $150,000

 $125,000


 $100,000


  $75,000


  $50,000
                                                            Hidden costs we will identify & quantify
  $25,000

        $0
                „96    „97    „98      „99    „00   „01   „02   „03   „04   „05   „06   „07   „08   „09   „10   „11   „12

      Power &         Mgmt &                 New Server
      Cooling         Administration         Spending


Source: IDC “Mission-Critical Computing and Unix Systems”, Oct 2009
Security Threats
      and
Associated Costs
              Security Patches Per Year
    100

     90
                  Lower is More Secure                         87.5

     80

     70                                                                     66.5

     60
                                                                                       46.8
     50                                                                                          Windows
     40                                                         36                               Linux
                                                                          28.8
     30      25                                                                                  OpenVMS
                                                                                     21.6
                        19       18
     20
             18         16            12
     10
             0.96     0.96                                     0.96       0.96        0.96
                                   0.96
      0
           Clients   Servers DB Servers                      Clients    Servers DB Servers

                       Patching Events per Year                 Vulnerabilities per Year

                                                                                               Average Number of Vulnerabilities per
                                                                                                         Patching Event

                                                                                                         Windows    Linux    OpenVMS

                                                                                              Clients         3.5    2.0        1.0
 OpenVMS is more than an order of magnitude                                                   Servers         3.5    1.8        1.0
 (>10X) more secure than competitor OSes                                                        DB
                                                                                                              2.6    1.8        1.0
                                                                                              Servers

Source: http://download.microsoft.com/download/1/7/b/17b54d06-1550-4011-9253-9484f769fe9f/TCO_SPM_Wipro.pdf
            Security Distribution Risk
  Days to fix security defect – Days of Risk - DoR

                   0              10             20            30             40             50               60

   OpenVMS                                             20
   Microsoft                                                 25
   Red Hat                                                                                    47
   Debian                                                               32
   MandrakeSoft                                                                                           56
   SUSE                                                                                                  54




   This is the average time in days to fix a defect (once discovered) and
   provide a patch kit to the customer

Source: http://download.microsoft.com/download/1/7/b/17b54d06-1550-4011-9253-9484f769fe9f/TCO_SPM_Wipro.pdf
                                 Security Risk
                              Vuns/day
5.000
4.500
         4.552
                                                    Lower is More Secure        What do the
4.000
3.500
                                 3.706
                                                                                previous slides
3.000                                                                           tell us?
2.500
2.000
                                                                   Vuns/day
1.500
1.000
0.500
0.000
                                                           0.053              OpenVMS has 69X – 85X
        Windows                  Linux                  OpenVMS               less outstanding defects
          Security Risk (# of Vunerabilities present every day)               on any given day than
                                                                              competitor OSes

 •On Windows servers there are an average of 4.5
 vulnerabilities present on any given day
 •On Linux servers there are an average of 3.7
 vulnerabilities present on any given day
 •On OpenVMS servers there are an average of .053
 vulnerabilities present on any given day
              Annual Cost of Security Patching
                                           (Per System – per event & per year)


 $1,200                                                                                            Average Number of Patching Events
                                 $1,020
                                                                                    System
 $1,000
   $800            $682                                                                          Windows          Linux    OpenVMS
                             $479            $383 $442   Clients
   $600     $416                          $371
   $400   $297            $344                           Servers                  Clients              25          18         0.96

   $200                                                  DB Servers
                                                                                  Servers              19          16         0.96
     $0
            Windows          Linux        OpenVMS
                                                                                  DB
                                                                                                       18          12         0.96
            Cost Per System per Patching Event                                    Servers



                                                                        $14,000        $12,276 $12,240
                                                                        $12,000
  As a more secure OS (significantly                                                $7,904
                                                                                                $7,764
                                                                        $10,000
  fewer patches to apply), OpenVMS is                                    $8,000
                                                                                   $7,425
                                                                                              $6,192
                                                                                                                                 Clients
  less expensive to patch than                                           $6,000
                                                                         $4,000                                                  Servers
  Windows and Linux                                                      $2,000
                                                                                                              $368
                                                                                                            $356 $424            DB Servers
  ($7,396 - $11,852 less)                                                    $0
                                                                                    Windows     Linux    OpenVMS

                                                                                  Total Patching Costs per Year per
                                                                                               System



Source: http://download.microsoft.com/download/1/7/b/17b54d06-1550-4011-9253-9484f769fe9f/TCO_SPM_Wipro.pdf for Windows/Linux
OpenVMS Cost Per system = R(C + P)
http://www.absolute.com/Shared/Whitepapers/ABT-AM-PPM-WP-E.sflb.ashx
Staffing
Cost
                                                    Staffing
 Clients – End Users supported per System Manager
 Servers – Servers managed per System Manager




   System                     Windows                          Linux                        OpenVMS


  Clients                  75:1 – 100:1                   30:1 - 40:1                       50:1 – 60:1


  Servers                   10:1 – 20:1                   30:1 – 40:1                       50:1 – 60:1

  DB
                            10:1 – 20:1                   30:1 – 40:1                       50:1 – 60:1
  Servers


http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2846915-2,00.html
Yankee group Report - 2005 North American Linux and Windows TCO Comparison, Part 1 – Windows/Linux
Computer World - http://itbenchmark.wordpress.com/2011/03/18/virtualization-and-adminserver-ratio/ 7-2010
OpenVMS - Source: NASA, MSFC – Huntsville Operations Support Center
http://www.lesscher.nl/Portals/0/ITems08/TCO%20ROI%20Overview.pdf
                                         Staffing Costs
                                                       (System Manager)



         $90,000
                                                    $87,000                                       US national average
         $80,000              $73,000     $75,000                                                 per year
                                                               $69,000     $69,000
         $70,000      $58,000

         $60,000                                                                                  Salary in some US
         $50,000                                                                                  cities may be higher
                                                                                     Servers
         $40,000
                                                                                     DB Servers
         $30,000
         $20,000
         $10,000
               $0
                         Windows               Linux             OpenVMS

                                           Staffing Cost




http://www.simplyhired.com/a/salary/search/q-windows+system+manager
http://www.simplyhired.com/a/salary/search/q-windows+db+system+manager
http://www.simplyhired.com/a/salary/search/q-linux+db+system+manager
http://www.simplyhired.com/a/salary/search/q-OpenVMS+system+manager
                           Staffing Costs
                                                   Example


  $200,000
  $180,000
  $160,000     $73,000

  $140,000
  $120,000                               $87,000

  $100,000                                                                               DB Servers
                                                                       $0                Servers
   $80,000
               $116,000
   $60,000
                                         $75,000                   $69,000
   $40,000
   $20,000
       $0
             Windows                   Linux                    OpenVMS

                 Staffing Cost (Example - 40 Servers, 10 DB Servers)
                                                                              System
                                                                                        Windows       Linux   OpenVMS
                                                                             Managers
                                                                             Servers
Number of System Managers and their costs to                                 (40)
                                                                                           2           1         1

manage 40 Application servers and 10 DB servers                              DB
                                                                             Servers
                                                                                           1           1         0
                                                                             (10)
OpenVMS ($69,000) is less expensive to manage
than Windows ($189,000) and Linux ($162,000)
System Operational Costs
                           Yearly Operational Costs
                                         (From Previous Example)
                $122,760
 $500,000                    $122,400
 $450,000                                                         As a more secure OS, VMS is
 $400,000
 $350,000                                                         significantly less expensive to patch
 $300,000
 $250,000
                                                                  than Windows and Linux -
                                                   DB Servers
 $200,000      $361,160
                           $310,560                Servers
                                                                  ($414,000 - $464,960 less)
 $150,000
 $100,000                                 $4,240
  $50,000
                                        $14,720
       $0
              Windows       Linux     OpenVMS

                Total Patching Costs per Year

For 40 application servers and 10 DB servers
                                                                             $73,000
                                                                $200,000                $87,000
                                                                $180,000
                                                                $160,000
                                                                $140,000
                                                                $120,000
                                                                $100,000
 With the highest server to system                               $80,000
                                                                                                     $0
                                                                                                             DB Servers
                                                                           $116,000
 Manager ratio, VMS requires fewer                               $60,000
                                                                 $40,000               $75,000     $69,000   Servers

 System Managers which reduces                                   $20,000
                                                                      $0
 personnel costs significantly -                                           Windows     Linux      OpenVMS

 ($93,000 - $120,000 less)                                                 System Management Costs per
                                                                                      Year
             Total Yearly Operational Costs
                                      (From Previous Example)

For 40 application servers and 10 DB servers


                                  $672,920
                                                               $594,960
      $700,000

      $600,000

      $500,000

      $400,000

      $300,000

      $200,000                                                                       $87,960

      $100,000

             $0
                            Windows                        Linux                OpenVMS

                                               Total Ownership Costs per Year




  OpenVMS is 6.7X more cost effective to operate than Linux and
  7.6X more cost effective to operate than Windows
      5 Year Lifecycle Operational Costs
                                     (From Previous Example)

For 40 application servers and 10 DB servers


                                  $3,364,600
                                                             $2,974,800
      $3,500,000

      $3,000,000

      $2,500,000

      $2,000,000

      $1,500,000

      $1,000,000                                                                   $439,800

        $500,000

              $0
                             Windows                      Linux               OpenVMS

                                               Total 5 Year Ownership Costs




  With OpenVMS you can cut $2.53M – $2.92M from the IT budget
  or provide this amount of business innovation back to your
  organization over the lifecycle of your system
     Patching Effort – Man-Hours per Year
                                               (From Previous Example)

  For 40 application servers, 10 DB servers


                                  564
                                                                                    This is the amount of time
    600
                475
                                                                                    System Managers spend
    500
                                                                                    annually doing remedial/patching
    400                                                                             work instead of providing
                                         292
    300                                                             Servers         innovation for the organization
                      194
    200                                                             DB Servers

    100                                                 25.7
                                                                                    OpenVMS System Managers can
                                                29.3
                                                                                    spend 12X – 15X more time on
      0
             Windows             Linux         OpenVMS                              innovation (less time on
                 Patching Effort - Man-Hours per Year
                                                                                    patching)


 •Windows – Server + DB Server time is 669 hours or 3.8 months
 •Linux – Server + DB Server time is 856 hours or 4.9 months
 •OpenVMS – Server + DB Server time is 55 hours or 0.31 months


Source: http://download.microsoft.com/download/1/7/b/17b54d06-1550-4011-9253-9484f769fe9f/TCO_SPM_Wipro.pdf for Windows/Linux
OpenVMS – Patch Set up time + (Number of Systems x patch time) * patches per year
             5-Year Life Cycle Patching Effort
                               (Man-Hours Total From Previous Example)

  For 40 application servers, 10 DB servers


                                2820
                                                                                    This is the amount of time
    3000
               2375
                                                                                    System Managers spend over
    2500
                                                                                    the 5-year lifecycle of the server
    2000                                                                            doing remedial/patching work
                                         1460
    1500
                                                                                    instead of providing innovation
                                                                    Servers
                       970
                                                                    DB Servers
                                                                                    for the organization
    1000

     500                                        146.7 128.7                         Windows - 31% Wasted Time
       0                                                                            Linux - 41% Wasted Time
              Windows            Linux          OpenVMS                             OpenVMS – 2.6% Wasted Time
               Patching Effort - Man-Hours Over 5-Years



 • Windows – Server + DB Server time is 3345 hours or 19.2 months
 • Linux – Server + DB Server time is 4280 hours or 24.6 months
 • OpenVMS – Server + DB Server time is 275 hours or 1.58 months


Source: http://download.microsoft.com/download/1/7/b/17b54d06-1550-4011-9253-9484f769fe9f/TCO_SPM_Wipro.pdf for Windows/Linux
OpenVMS – Patch Set up time + (Number of Systems x patch time) * patches per year
TCO Comparison
     5-Year TCO Server Configuration
   Prices are US list                        Windows                         Linux*                           OpenVMS
                                   BL620 with 8-cores                   BL620 with 8-cores               BL860i2 with 8-cores
                                   32 GB Memory                         32 GB Memory                     32 GB Memory
                                   2 – 146GB Internal Disks             2 – 146GB Internal Disks         2 – 146GB Internal Disks
   10 DB Servers                   RAID 1                               RAID 1                           RAID 1
                                   Dual Port FC HBA                     Dual Port FC HBA                 Dual Port FC HBA
                                   Windows 2008 R2                      RHEL 5                           OpenVMS BOE


                                           $398,965                            $328,635                          $448,809
                                   BL460 with 4-cores                    BL460 with 4-cores CPU          BL860i2 with 4-cores
                                   16 GB Memory                          16 GB Memory                    16 GB Memory
   40 Application Servers          2 – 146GB Internal Disks              2 – 146GB Internal Disks        2 – 146GB Internal Disks
                                   RAID 1                                RAID 1                          RAID 1
                                   Dual Port FC HBA                      Dual Port FC HBA                Dual Port FC HBA
                                   Windows 2008 R2                       RHEL 5                          OpenVMS BOE


                                            $874,365                          $592,085                        $1,077,644

       List Price                        $1,273,330                           $920,720                        $1,526,453

 All configurations used 42U Racks, Rack PDUs, C7000 Blade Enclosures, ProCurve 6120 Ethernet Blade Switches and B-
 Series 8/12 FC Switches and 5-Year 24x7 Warranty on HW & SW

* Linux SW Warranty only 3-year 24x7
        5-Year TCO Comparison
                                     (From Previous Example)
For 40 application servers, 10 DB servers


                        $4,637,930
   $5,000,000                                                                 Totals
   $4,500,000                                $3,895,520                       Bolded         OpenVMS is:
   $4,000,000

   $3,500,000
                                                                                             49% less than
                      $3,364,600
                                                                                             Linux
   $3,000,000
                                                                        Operational Costs
   $2,500,000                               $2,974,800     $1,966,253                        57% less than
                                                                        IT Server Costs
   $2,000,000                                                                                Windows
                                                            $439,800    IT DB Server Costs
   $1,500,000
                                                           $1,077,644
   $1,000,000          $874,365
                                            $592,085
     $500,000                                               $448,809
                       $398,965             $328,635
           $0
                      Windows                Linux         OpenVMS

                                   5-Year TCO Comparison




OpenVMS is $1.92M less expensive than Linux and $2.67M less
than Windows over a 5 year lifecycle period
            IT‟s biggest challenge
The growing gap between business demands and IT‟s ability to
deliver
    OpenVMS provides                                 Explosive growth in
    the monetary and                                 business applications
    human payback to
                                                     and supporting
    close this gap
                                                     infrastructure
                                                            versus

                                                     IT’s investment to
                                                     enable more effective
                                                     service delivery

       Applications               Infrastructure             IT management
 • Enterprise upgrades
                             • 2x servers every 5 years   • Limited budget growth
 • New architectures
                             • 2x storage every year      • Tribal organizations
   (SOA)
                             • Virtualization             • Manual processes
 • Rich media applications
Other Costs
                 Other Cost Factors
     Server
                         OpenVMS Servers                                    X86 servers
    Lifecycle
                                  5 years                                       3 years

 X86 servers are typically replaced by a customer every 3 years whereas
 OpenVMS servers are replaced by a customer at a minimum every 5
 years

       The Result?                   $6,000,000
                                                      $5,911,260                  3.0X
                                                                                                  Totals
                                                                   $4,816,240
                                                                                                  Bolded
                                     $5,000,000                                       2.4X
In a 5 year lifecycle you will       $4,000,000
                                                  $3,364,600

have to buy an x86 hardware                                    $2,974,800
                                                                                             Operational Costs
                                     $3,000,000
2 times, further increasing the                                                 $1,966,253
                                                                                             IT Server Costs
                                     $2,000,000
costs of an x86 solution. You                     $1,748,730
                                                               $1,184,170
                                                                             $439,800        IT DB Server Costs
                                                                             $1,077,644
will have to buy OpenVMS             $1,000,000
                                                   $797,930
                                                                $657,270        $448,809
hardware only once.                         $0
                                                  Windows       Linux       OpenVMS

                                                       5-Year TCO Comparison
         Consequences of not Patching
                                              (Downtime & Downtime Costs)

 According to Absolute Software ½ of your systems will become infected!
                     Restore Times
                        17.08
                                                                         With a per server restore time of:
    20       13.25
    15
    10
     5                                               Restore Times
                                      0
     0
         Windows      Linux     OpenVMS

              Restore Times (Hours)


                                                                                        Infection Costs ($)
                                                                                    $36,300
                                                                        $40,000
                                                                        $30,000
    Equates to the following costs per                                                        $18,401
                                                                        $20,000
    server per year:                                                    $10,000
                                                                                                                    Infection Costs ($)
                                                                                                             $0
                                                                             $0
                                                                                  Windows      Linux    OpenVMS

                                                                                   Infection costs ($) per Server

* There are no known viruses for OpenVMS
Yankee group Report - 2005 North American Linux and Windows TCO Comparison, Part 1 – Windows/Linux
       Consequences of not Patching
                                    (Downtime Costs From Previous Example)

 According to Absolute Software ½ of your systems will become infected!
                            Infection Costs ($)
                      $907,500
      $1,000,000
                                                                                                   Yearly Restore costs
       $800,000                     $460,025
       $600,000
       $400,000                                                          Infection Costs ($)
       $200,000                                        $0
              $0
                    Windows          Linux        OpenVMS

                    Infection costs per Year ($) - 25 Servers                                     For 40 application servers, 10 DB servers
                                                                                                  With 25 of them infected

                                                                                     Infection Costs ($)
                                                                             $4,537,500
                                                                $5,000,000
                                                                $4,000,000              $2,300,125
  5 year lifecycle restore costs                                $3,000,000
                                                                $2,000,000
                                                                                                                                   Infection Costs ($)
                                                                $1,000,000                            $0
                                                                        $0
                                                                             Windows      Linux   OpenVMS

                                                                       Infection costs for 5 Year ($) - 25 Servers
* There are no known viruses for OpenVMS
http://www.absolute.com/Shared/Whitepapers/ABT-AM-PPM-WP-E.sflb.ashx
Yankee group Report - 2005 North American Linux and Windows TCO Comparison, Part 1 – Windows/Linux
      Consequences of not Patching
                                        (Downtime From Previous Example)

 According to Absolute Software ½ of your systems will become infected!
                             Restore Times
                                  427
      500
                   331                                                                   Yearly Restore Time
      400
      300
      200                                                          Restore Times
      100                                         0
         0
              Windows          Linux        OpenVMS
                                                                                         For 40 application servers, 10 DB servers
             Yearly Restore Time (Hours) for 25 Servers
                                                                                         With 25 of them infected


                                                                                        Restore Times
                                                                                        2135
                                                                2500
                                                                             1656
                                                                2000
       5 year Lifecycle Restore Time                            1500
                                                                1000
                                                                                                                                Restore Times
                                                                 500                               0
                                                                   0
                                                                         Windows     Linux     OpenVMS

                                                                       Restore Times (Hours) over 5 Years
* There are no known viruses for OpenVMS
http://www.absolute.com/Shared/Whitepapers/ABT-AM-PPM-WP-E.sflb.ashx
    Average Costs per Data Breach

                                                                                                                                Average
                                                                                                                                organizational cost
                                                                                                                                of a data breach,
                                                                                                                                2008-10




http://www.symantec.com/content/en/us/about/media/pdfs/symantec_ponemon_data_breach_costs_report.pdf?om_ext_cid=biz_socmed_twitter_facebook_marketwire_linke
din_2011Mar_worldwide_costofdatabreach
              Average Data Breach Costs
                                                                (by Cost Activity)




                                                                                                                       Average data breach
                                                                                                                       cost by cost activity,
                                                                                                                       2008-10




http://www.symantec.com/content/en/us/about/media/pdfs/symantec_ponemon_data_breach_costs_report.pdf?om_ext_cid=biz_socmed_twitter_facebook_marketwire_linke
din_2011Mar_worldwide_costofdatabreach
                          Customer Churn Rates


                                                                                                                                Abnormal churn
                                                                                                                                rates following
                                                                                                                                data breaches by
                                                                                                                                industry
                                                                                                                                classification,
                                                                                                                                2009-10




Customer turnover in direct response to breaches remains the main driver of data breach costs

http://www.symantec.com/content/en/us/about/media/pdfs/symantec_ponemon_data_breach_costs_report.pdf?om_ext_cid=biz_socmed_twitter_facebook_marketwire_linke
din_2011Mar_worldwide_costofdatabreach
Backup Slides
                           VMS Security Model


                                                                    Reference Monitor Concept




http://h71000.www7.hp.com/doc/84final/ba554_90015/ba554_90015.pdf
              VMS Security

•OpenVMS was designed from day one with the aim of
making a “crash proof” system

•4 access modes – user / supervisor / exec/ kernel

•Isolates trusted system code from un-trusted user code

•“Firewall” system components to limit the impact of bugs
     VMS Security – Hierarchical Protection Domains
                                                    (Protection Rings)


                                                             Kernel – executes the VMS kernel including
                     User
                                                                      memory management, interrupt
                Supervisor                                            handling and I/O
                 Executive
                                                             Executive – executes many system service
                   Kernel                                            calls including file and record
                                                                     management services

                                                             Supervisor – executes other system
                                                                     services and user commands
                                                                     (DCL)

                                                             User – executes user programs and utilities
                                                                     such as compilers, editors, linkers
                                                                     and debuggers
               Linux and Windows

Uses 2 rings – Supervisor and User

http://en.wikipedia.org/wiki/Ring_(computer_security)
http://h71000.www7.hp.com/doc/84final/ba554_90015/ba554_90015.pdf
               VMS System Layering
                                     Command Language Interpreter   Development Tools
       •Privileged Images                                           •Text editors
       •Protected shareable images             RMS &
                                                                    •Macro
       •Protected subsystems              System Services
                                                                    •Compilers
       •Privileged server                                           •Linker
        processes                         System Services


Run Time Library
(General)                                  System-wide                     User
•Math library                               Protected
•String handling                          Data Structures
•Screen management
•Misc LIB functions
                                              Process &
 Run Time Library                          Time Management
                                                                       Assorted Utilities
 (Language-specific)                                                   •COPY
 •CRTL                                        Kernel                   •HELP
 •FORTRAN                                                              •DIRECTORY
 •PASCAL                                                               •SORT
 •BASIC                                     Executive
                                           Supervisor
                             OpenVMS Security
   Privileges:
  OpenVMS has 39 separate user privileges that are divided in 7 categories. Privileges
  restrict the use of certain system functions to processes created on behalf of authorized
  users.


       1.    None: No privileges
       2.    Normal: Minimum privileges to use the system effectively
       3.    Group: Potential to interfere with members of the same group
       4.    Devour: Potential to consume noncritical systemwide resources
       5.    System: Potential to interfere with normal system operation
       6.    Objects: Potential to compromise object security
       7.    All: Potential to control the system


  These restrictions protect the integrity of the operating system's performance and, thus, the
  integrity of service provided to users.


http://h71000.www7.hp.com/doc/84final/ba554_90015/ba554_90015.pdf
                     Vulnerability Graph




Source DEFCON16 presentation
                 Vendor Vulnerability Rank
                  2005            2006            2007            2008          2009         2010
         0



         2
                                                                                                    Apple
                                                                                                    Oracle
                                                                                                    Microsoft
         4
                                                                                                    HP
                                                                                                    Adobe Systems
         6                                                                                          IBM
                                                                                                    Vmware
                                                                                                    Cisco
         8                                                                                          Google
                                                                                                    Mozilla Oraganization

       10


                                          Rank of Top-10 Vendors with Most Vulnerabilities
       12



     Ranking of the Top-10 vendors with most vulnerabilities per year. Oracle
     also includes vulnerabilities from Sun Microsystems and BEA logic
Source http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf
                  Security Distribution Risk is
                          Increasing
                   DoR – Days of Risk




http://blogs.csoonline.com/days_of_risk_in_2006
  Server to System Manager Ratio
      From ComputerWorld:

      “One enterprise IT manager told us the ratio for physical servers was roughly
      50:1, another working for a government organisation said 15-20:1, and an IT
      director at a research and development outfit noted that in a mid-size
      organisation a system administrator could maintain 10-14 servers per week or if
      their role was merely maintenance (i.e. no projects, no debugging, etc) then
      they could look after 25-35 servers per week.”




http://www.computerworld.com.au/article/352635/there_best_practice_server_system_administrator_ratio_/
              Server to System Manager
                         Ratio
        400

        350
                                                                                             Standard Ratios
        300
                                                                                             are highlighted
        250
                                                                                             (RED bar) in
        200
                                                             Microsoft FTE Ratios Basic      graph
        150                          118.2                   Microsoft FTE Ratios Standard
                                               87.5
        100
                            59                        55.3   Microsoft FTE Ratios
                    46.3
         50 10.8                  10                         Rationalized

          0




     Basic: No Automation
     Standard: Some Automation
     Rationalized: Considerable Automation


From: Microsoft Best Practices Report - 2009
 OpenVMS Systems Require Fewer
       Human Resources


From Harvard Research Group:

Of those users surveyed, 63% said that fewer people are required to run their
OpenVMS servers compared to their non-OpenVMS servers … OpenVMS
servers are much easier to manage and therefore reduce the TCO by
requiring less staff than the competition to keep them up and running.
                              Security Concerns

 From: gigasite - January 5, 2011


“With Microsoft just closing the door on its largest patch year yet, 2011 is not
starting out in a positive direction,” Storms said.

Last year, Microsoft issued a record 106 security bulletins to patch a record
266 vulnerabilities.




http://gigasite.wordpress.com/page/2/
                                Security Concerns
      NetworkWorld – April 12, 2011


                                                                                        Affected software runs the
                                                                                        gamut. There are patches for all
                                                                                        supported versions of Windows,
                                                                                        including XP, Vista, Windows 7,
                                                                                        Windows Server 2008 R2 and
                                                                                        even the non-GUI WS2008
                                                                                        Server Core version.




       Record-breaking Microsoft patch day affects all versions of Windows
       17 security patches fix a whopping 64 holes
http://www.networkworld.com/community/blog/microsoft-massive-patches-affect-all-versions-of-windows?source=NWWNLE_nlt_daily_pm_2011-
04-12
                             Security Concerns

   From: PCWorld Business Center – June 1, 2010


Sources from within Google are claiming that the online search and
advertising giant is implementing an official transition away from the
Microsoft Windows operating system. According to the reports, the culture
shift is intended to reduce security concerns.




http://www.pcworld.com/businesscenter/article/197692/google_dropping_windows_over_security_good_luck_with_that.html
          Are Antivirus Programs The
                    Answer?

   From: SiteApproved
   Problems With Anti-virus Programs Found



 … Vulnerabilities found recently in McAfee, Symantec, and Trend Micro
 software could let hackers compromise and even control computers running
 certain versions of their products. While most antivirus software is distributed
 via a network download, making it difficult for a hacker to get to the code,
 these flaws further highlight the problems with the antivirus industry's
 traditionally reactive approach to protection, …



http://siteapproved.com/securityhackpop.htm
          Are Antivirus Programs The
                    Answer?

   From: ZDNet – February 25, 2011
   Microsoft fixes hole in its antivirus engine



 … "The update addresses a privately reported vulnerability that could allow
 elevation of privilege if the Microsoft Malware Protection Engine scans a
 system after an attacker with valid log-on credentials has created a specially
 crafted registry key," the advisory says. "An attacker who successfully
 exploited the vulnerability could gain the same user rights as the
 LocalSystem account. …



http://siteapproved.com/securityhackpop.htm
            Are Opensource OSes the
                   Answer?
   From: hackinthebox
   Open-source Could Mean an Open Door for Hackers – July 2010

 The ability to access the code of open-source applications may give
 attackers an edge in developing exploits for the software, according to a
 paper analyzing two years' worth of attack data.

 The paper, to be presented this week at the Workshop on the Economics of
 Information Security, correlated 400 million alerts from intrusion detection
 systems with known attributes of the targeted software and vulnerabilities.
 The data supports the assertion that flaws in open-source software tend to
 be attacked more quickly and more often than vulnerabilities in closed-source
 software, says Sam Ransbotham, assistant professor at Boston College's
 Carroll School of Management and the author of the paper.

http://www.hackinthebox.org/index.php?name=News&file=article&sid=36578
              Is Server Virtualization the
                       Answer?
                                                                   Vulnerability disclosures over the past
                                                                   decade for virtualization
                                                                   products provided by the following
                                                                   vendors:

                                                                   • Citrix
                                                                   • IBM
                                                                   • Linux VServer
                                                                   • LxCenter
                                                                   • Microsoft
                                                                   • Oracle
                                                                   • Parallels
                                                                   • RedHat
                                                                   • VMware


                                                                    The use of hypervisor technology
                                                                    by malware and rootkits installing
                                                                    themselves as a hypervisor below
                                                                    the operating system can make
                                                                    them more difficult to detect
                                                                    because the malware could
                                                                    intercept any operations of the
                                                                    operating system …
http://www-304.ibm.com/businesscenter/fileserve?contentid=207480

				
DOCUMENT INFO