One of the advantages of OpenVMS touted by some of its supporters (and don't get me wrong, I'm certainly a supporter) is its relatively low patch release numbers. As I collect patches for publication in the Patch Syndication feeds, I thought I'd verify just how true this claim is.
Here is a table showing the numbers of patches released over the last 18 months for the various architecture/version combinations:
Architecture | Version | Patches | Ave/Month |
---|---|---|---|
VAX | 6.2 | 1 | 0.1 |
VAX | 7.2 | 0 | 0.0 |
VAX | 7.3 | 10 | 0.6 |
Alpha | 6.2 | 1 | 0.1 |
Alpha | 7.2 | 0 | 0.0 |
Alpha | 7.2-1 | 0 | 0.0 |
Alpha | 7.2-1H1 | 0 | 0.0 |
Alpha | 7.2-2 | 0 | 0.0 |
Alpha | 7.2-6C2 | 0 | 0.0 |
Alpha | 7.3 | 0 | 0.0 |
Alpha | 7.3-1 | 0 | 0.0 |
Alpha | 7.3-2 | 60 | 3.3 |
Alpha | 8.2 | 59 | 3.3 |
Alpha | 8.3 | 29 | 2.6 1 |
I64 | 8.2 | 43 | 2.4 |
I64 | 8.2-1 | 57 | 3.2 |
I64 | 8.3 | 52 | 4.7 1 |
Note 1: Version 8.3 has only been out for 11 months as of this writing.
So, while the average patch count per month is about 3 to 4 (at least for the actively maintained versions), it's still quite a large number of patches for an administrator to deal with, particularly if there are multiple versions or architectures running at the site.
OpenVMS certainly has its advantages, but a low number of patches doesn't appear to be one of them.
Posted at June 11, 2007 2:28 PMIt's good to see actual evidence. What's the equivalent numbers for more popular operating systems like windows, linux, unix (various) ?
3 to 4 a month seems low. Can you extract figures by installation rating?
For production systems the policy is to install the previous patch bundle (UPDATE kit) when the new one comes out.
Posted by: Ian Miller at June 11, 2007 8:05 PM
Why should numbers for other operating systems be relevant? The fact is, there are a number of patches each month for all operating systems, and the administrators of those systems need to evaluate and apply those patches to production.
Yes, I can come up with numbers for each installation rating, but more interesting from a view to keeping production up and running is the number of patches that require reboots.
When I'm administrating systems, I've tended to group patches into quarterly updates with the exception being when a problem occurs often enough to impact production uptime. Then they get applies asap.
Posted by: Jim Duff at June 11, 2007 10:20 PM
The reason for asking about comparing numbers of patches for other O.S. is that some say VMS has fewer patches and fewer patches for critical problems.
Your point about how many patches require a reboot is certainly relevant, however if the patches are being installed during a scheduled maintenance period then some downtime may be acceptable. Not having to reboot does make the process safer even if the application has to be restarted.
Your table can be used to introduce facts into the debate - most recently the 8086 v patches thread on cov.
Posted by: Ian Miller at June 14, 2007 2:11 AM
I run Windows 2K here, and on reviewing my patch history for the last eighteen months, I count 69 patches. That's an average of 3.8 a month, which is a comparable rate to most OpenVMS releases and actually better than I64 V8.3 and the projected rate for Alpha 8.3 after 18 months...
Posted by: Jim Duff at June 14, 2007 11:13 AM
So Windows 2K would fall into the release time of VMS V7.2, wouldn't it?
I'm running Windows XP X64 edition at home, and I count 47 patches in the last 12 months.
At my last employer, I still have a workstation I access and it's running Windows XP. In the last 18 months, I see 63 patches to Windows itself. I see 17 patches to Microsoft Office in that same period. It's interesting to note that there have been no patches with dates since February on that system. I suspect this is because they control what updates are released and when they are released. I can't comment on which require a reboot since Microsoft Outlook (connecting to an Exchange server) won't allow me to go more than 5 days (on average) without restarting my workstation anyway.
With VMS, I used to apply patches when I had time to examine the text file with them. Often the patches were for features we didn't use, so they wouldn't be applied. I'd gather a number at once, determine the order of application, apply them during the day (without rebooting between any of them,) and then reboot in the eventing (remotely) when no one was using the system. I don't recall ever having a problem. (Actually most of the patches I applied were on systems in some other part of the country.)
Posted by: Tad Winters at June 15, 2007 5:04 AM
Tad, I'm sure your first sentence is implying that OpenVMS 7.2 had zero patches in the timeframe we are looking at and Windows had numerous. I'd suggest the only reason for this is that OpenVMS 7.2 is not being supported. Additionally, I did not differentiate between kernel patches and layered product patches in the table, so separating Windows and Office hardly seems comparable.
Posted by: Jim Duff at June 15, 2007 10:18 AM
I argue your counting.
Just counted 30 in total for 8.3 AXP, of which:
* 1 is a summary of current ECO level, or: what's in the latest consolidated UPDATE patch (and what's not).
* 1 is an consolidated update containing a number of patches supplied before (and that can be downloaded separately).
* 5 are patches of OS products that you won't need if you don't use these, or won't need since you're in a different timezone.
* 10 are patches for non-OS products (like compilers and related stuff like FMS and TDMS) you won't need if you don't use them.
That leaves only 8 real OS patches: UPDATE (of which only one (RMS) is level 1) and the 7 not included in that patch, where 2 are level 1 rated. Or, if you want to be specific, 16 patches on the OS, of which 3 have a rating of 1.
Put it another way:
in 11 months, there are 3 patches raeted "critical", 17 non-crtitial ones and 10 patches to OS-related and other products. None of these are security related, AFAIK (I would have to read the notes)
For the Windows XP, SP2 machine I'm working on now, where the OS was installed 14 months or so ago, I have installed 137 patches of which 110 were "security updates" for the OS and directly related products (IE, for instance). On this susyetm, I have no patches installed for products like Office.
I have to check my other Windows systems but I think the count would be similar.
Time related, I'd say: for Windows there have been about five times as much patches installed than have been supplied for VMS.
Posted by: Willem Grooters at June 19, 2007 2:27 AM
Willem, as I said in my reply to Tad, I didn't separate patches into classes. I just said "this is how many in 18 months." Windows has "UPDATE" patches too; they are called "Service Packs". That none came out in the timeframe makes no difference. I just would have counted them as another patch. My point is that 3 to 4 a month a large number to deal with in a large production environment. Today, I will be accessing a computer running Windows XP. I will perform the same count on it and post the numbers.
Posted by: Jim Duff at June 19, 2007 10:21 AM
Comments are closed