OpenServer contrasts with SCO's UnixWare in that its memory requirements and CPU support are more akin to the needs of small and mid-sized businesses. We found it odd that OpenServer 6 is priced by the number of users, actual CPUs and memory, instead of the industry standard per-user or per-CPU core(s) model.
OpenServer 6 exhibited no difficulty in identifying the hardware on any of the server platforms we used for testing. There is no specific provision for 64-bit processors, but OpenServer 6 found and used our dual and multi-CPU 64-bit machines, tapping those processors via x86/32-bit emulation. USB printers aren't correctly supported, but SCO says it is addressing that issue. Not fully supporting a pxE boot or other network installation in this version of the operating system is a shortcoming.
User administration initially struck fear into us, as we found that a user can be created with any password length above three characters. Subsequently, we found that when users change their passwords, those selections can be highly constrained through the SCO Security Profile Manager utility to suit high standards for password dictionary attack prevention that the underlying SVR5 supports. OpenServer 6 lets administrators force passwords with added characters, numbers and randomness.
The only real change to the standard open source bundle (which typically comprises Apache, Tomcat, Java, Java Server Pages, Mozilla, SAMBA, PostGreSQL and MySQL) included with OpenServer 6 is that Apache 2.0.3 is installed to serve up help files that are HTML representations of actual Open Server 6 system documents. This annoying implementation, however, has "localhost" references that tie the use of these HTML files to those browsing the documents on the host only, therefore there is no remote administrative access to them. The documents also incorrectly describe how to get SCO's DocView, a help/file viewer, to work.
Security measures
OpenServer 6 uses a hardened kernel but we could find no documentation on the hardening method. We noted and tested that the kernel has run-time loadable drivers, which might make it vulnerable to malicious drivers.
The integral firewall employs network address translation and specific port admittance control and does stateful inspection. The underlying programs are BSD-licensed IP Filters (ipf). All of the components of IP Filters are there, save for the ipftest module, which while useful, is a testing application that's better replaced by other external penetration testing applications.
The OpenServer 6 default firewall rules are good. No threatening holes are left open in default settings as our tests demonstrated.
Security for applications and processes is aided by an implementation of multi-tiered privilege hierarchy for users and processes, a trend that we've seen in RedHat Advanced Server, SuSE Linux Enterprise Server and other recent operating system releases. As an example, different commands such as the file/folder permissions-giving chmodstet/cb command can be added or removed from an executable's permission list for individual users, unfortunately not for groups, making large systems administration potentially tedious (as it must be done by user, not groups).
Many system commands with security implications are covered, but we were unable to find a method to add to OpenServer's 6 comprehensive list. While easy to manage, this root or user selection process for security permissions is limiting.
SCO's OpenServer now supports IPSec-based VPN connections. We found that VPN setup was simple and the feature easy to use. This permits encrypted VPN sessions for remote worker or remote branch connectivity support, if intervening firewalls permit this connectivity.
It's also possible to make and mount an encrypted file system either for application or personal (not group) use. We created an encrypted file system, mounted the file system, then populated it with files. We discovered that on our fastest test platform (see "How we did it" below), the file system encryption didn't have much of an effect on system performance, even when we spawned more than 100 concurrent read/write file actions with a script.
In addition to the new file encryption method, a commercialised version of the Veritas File System called VxFS 5 (also called Journaled File System) becomes the default root file system. VxFS supports very large file sizes, as well as up to 8 exabytes stored within it - resources permitting, and SCO quotes 1T byte as a maximum. We also could mount NFS V3, AFS (Acer Fast file system), as well as the usual FAT, FAT 16 and Windows NT File System.
OpenSSL and OpenSSH are now supported with OpenServer 6, and we tested the server performance with an OpenSSL-backed, non-optimised Apache server using Spirent Communications' Avalanche gear. This test, which builds rudimentary SSL transactions and page reads over a 10 minute period, exercises a system's CPU, its cache management, and its ability to build and maintain secure Web-based, HTTP transactions.
Compared with its 32-bit alternatives, SCO OpenServer 6 performed well. For example, OpenLinux 6 maintained 54,208 transactions per minute over 10 minutes compared with Novell's SLES 9.0, which registered 57,961 per minute in that same time period.
However, as might be expected it was badly beaten in our tests by the 64-bit operating systems kernels from Sun Solaris, Novell/SuSE Linux Enterprise Server and Red Hat Advanced server, which all achieve performance numbers between 59 per cent and 133 per cent higher than the numbers OpenServer 6 posted in our tests.
We also tested OpenServer 6 on our Polywell 2200s 64-bit dual AMD64 platform (in 32-bit mode as mentioned) with two other performance tests that measure its ability to build and hold network connections. In these tests, OpenServer 6 was almost on par with the numbers Red Hat Enterprise Linux 4 (32-bit) posted both in terms of the maximum number of open TCP connections it could maintain (OpenServer hit 89,519 connections compared with RHEL 4's 90,745), as well as the maximum number of TCP connections per second it could register (OpenServer could hold 1,664 connections per second compared with RHEL 4's 1,890). But again, compared with RHEL 9's performance in 64-bit mode, OpenServer 6 falls well behind.
OpenServer 6 offers many of the popular niceties of Linux competition editions. And with its built-in Unix legacy, it will offer a familiar feel to some. But the lack of a 64-bit kernel, a comparatively high price, small oddities and strange licensing model should certainly raise issues with this product.

How we did it
We tested the SCO OpenLinux 6.0 server on several systems for compatibility ranging from an HP-DL140 server with two 3.06Ghz Intel Xeon CPUs and 1G byte memory, through our common test platform, a Polywell 2200s/2 machine comprising two 2.8Ghz Advanced Micro Devices' Athlon 64 CPUs with 4G byte dynamic RAM.

We tested connectivity with OpenServer's SAMBA 3.0.13 SMB-connectivity method with and tested it with Windows XP, 2000 and 98/SE clients, as well as Mac (Powerbook G4 and dual G4 desktop) running MacOS X10.3 and 10.4. We also connected via FreeBSD.
We tested VxFS to see how its speed compared with NFS V3, as well as Windows NT File System and found VxFS faster than all three. We also extensively tested encrypted file systems, and found that it had little real effect on system performance, even when we spawned many I/O transactions with shell scripts.
We also tested OpenServer 6 with our SSL transaction tests, using OpenSSL as a backend to the Apache server supplied by SCO. These tests spawn large blocks of users within the Spirent Web Avalanche appliance and then request SSL page builds (via http get requests) to verify the page is built while spawning new sessions from the built-user-list. This exercises encryption, builds large numbers of concurrent instances of SSL-backed sessions, and eventually exercises disk cache and disk cache coherency. All this emulates basic Web server functionality. We had to modify certain configuration files that pointed to correct file locations, but otherwise did not modify settings associated with Apache performance to do the test.
Additionally, to measure the operating system's ability to build and hold network connections, we ran tests to determine the number of transactions processed per second, as well as the maximum number of TCP connections per second, the operating system could establish and maintain.

Henderson is principal researcher for ExtremeLabs of Indianapolis. He can be reached at [email protected]. Laszlo Szenes contributed to this story.


OpenServer 6 offers many of the popular niceties of Linux competition editions. And with its built-in Unix legacy, it will offer a familiar feel to some. But the lack of a 64-bit kernel, a comparatively high price, small oddities and strange licensing model should certainly raise issues with this product.