:grump. On 12/16/09 5:03 PM, "Alan Altmark" <alan_altm...@us.ibm.com> wrote:
> So. You had to push the Do Not Push button? ;-) You are painting with a > too-wide brush. "Better" is in the eye of the beholder. When choosing an > ESM, you need to assess, aside from cost: *sigh* While your points are well argued, I spend a lot of time actually using both product suites, and have recently done a point-by-point examination of both the IBM suite and the CA suite in question. I'm not out to bash either company -- I have no great love for CA or CA products -- but this is one case where the IBM offering is just not yet as well integrated nor as complete. CA (as the last in a chain of companies) has had a lot longer to actually get VM:Manager working and polished during the time while IBM was pretty much ignoring CMS management tooling, and it really, really shows. It's possible to implement anything with either one, but I would measure "better" in this case by how much additional stuff I need to layer on top of a product to make it easy to use and understand. I need to write or purchase a lot more additional stuff to make the IBM suite easy to use and understand. To your specific point about ESMs, for my recent comparison, I needed to write about 2200 lines of EXECs to do a set of functions using VM:Secure. Providing the same checklist of functions with DIRM and RACF required more than 27,000 lines of additional code, and two additional program products, both of which required a special bid process to run on IFLs. > - Functionality. If you need mandatory access controls, then RACF is, to > the best of my knowledge, the only choice. Except the IBM backup and tape products don't pay any attention to RACF whatsoever. Neither does DIRMAINT for authorization. You're in a maze of twisty little config files, none alike. Yes, I wrote requirements. IBM even read them. SMOP. Someday. Play the Alan "show us the business case" tape. Curtain. Two encores. Film at 11. > - Command syntax. Not. :-) I give high marks to VM:Secure for CMS > bigots. RACF is definitely MVS-centric in that respect, though mechanisms > are available to let you alter the syntax of the commands. If you add an > admin front-end like Tivoli zSecure, you significantly reduce your contact > with raw RACF commands and utilities. But command syntax should be the > last thing you worry about. (EXECs can hide a lot of sins.) I *can* do all those things, but for something that commands the price of either set of products, I shouldn't have to write or rewrite the user interface to make it consistent and comprehensible. If I wanted to invent a wheel, I'd be chipping at wood blocks, not buying software. I'd also question how much effort it takes to implement zSecure in a usable way -- it needs a LOT of extra effort and thought to reach any kind of configuration simplicity. Been there, done that, got the glitter jacket with the diamond piano ring. Not for the faint of heart, or for the n00b. > Here's > a good Best Practice: Buy the one that best fits your needs! :-) Buy the one that violates the Principle of Least Astonishment in the fewest ways. :egrump.
