HP OpenVMS Systems

ask the wizard
Content starts here

Secure Network Communications?

» close window

The Question is:

Hi Wizard,
I have an interesting problem that I'd be very keen to hear your response to...
A customer has four alphaservers running VMS 7.1. They have clients who connect
 to the systems over frame relay links using Telnet. However, the information
 sent over these links is often sensitive and so they have been looking for a
 replacement for Telne
t for some time. So the question is... Does Stunnel work effectively on VMS?
 This is quite a large scale operation, often having hundreds of telnet
 connections open at any one time. Are there any real-world examples of Stunnel
 performing admirably under t
hese circumstances? I've been looking everywhere and I can't even find good
 documentation on OpenSSL under VMS. Any clues to the above questions, or clues
 to other avenues to pursue?...

The Answer is :

  Use an encrypting datalink or (more commonly) an encrypting IP tunnel.
  Various of these IP tools are available -- since you are using IP, you
  will want to locate a tunnel package for your client or for an IP router
  on your client network(s), and you will want to locate a server for your
  target host or an IP router on your target network.
  OpenSSL and related network encryption packages are referenced in
  the OpenVMS FAQ.  If you have questions or such on the sites or the
  documentation that are referenced in the FAQ, please contact the
  maintainers of the FAQ-referenced sites directly.
  There exists Stunnel information and source code available from the
  Stunnel.org website, and there does appear to be an OpenVMS port of
  Stunnel around -- the OpenVMS Wizard has located an Stunnel V3.8 port
  available from the Encompass Compaq User's Group (formerly DECUS),
  and other ports and/or other/later versions may well be available.
  The Stunnel package reportedly uses encryption that is compatible with
  OpenSSL and related encryption schemes "on the wire".
  Neither OpenVMS nor the TCP/IP Services package provide datalink-level
  encryption capabilities at present, though the OpenVMS Wizard will
  forward your request to the product managers of these areas.

answer written or last revised on ( 11-JUN-2001 )

» close window