Comparing Operating Systems for InterfacingWhite Paper

2 COMPARING OPERATING SYSTEMS FOR INTERFACING

When assessing the choice of interfacing options, integration engine vendors will chose varying operating systems with which their

application is deployed. This whitepaper addresses several different concerns when analyzing an operating system, and analyzes how

an integration engine can be impacted by the operating system. Points addressed include:

> Patches

> Security

> Downtime

> Load handling

> Hardware Costs

EXECUTIVE SUMMARY OF FINDINGSPatches: All operating systems have patches, and it is more critical than ever to make sure security patches are regularly applied to

protect PHI residing on hardware for all operating systems. Windows and Unix solutions alike have similar GUI based patching processes.

Security: In the most recent survey by Information Technology Intelligence Consulting (ITIC), Windows Server 2008 R2 achieved the

highest marks on security based on 468 C-level executive responses.

Downtime: 92% of Windows Server 2008 R2 users experienced one or no Tier 3 outage per server per year, scoring the highest in this

category among all operating systems.

Load handling

SAP, in a complex and demanding environment of over 3 million line items processed in an hour with over 30,000 users across ten servers,

showed equivalent performance of its Windows and Linux solutions.

Hardware Costs

> IBM AIX solutions are more than twice the cost of Microsoft Windows Server 2008 solutions for equivalent processing capabilities.

> In a variety of comparisons, solutions using Microsoft Windows Server 2008 had overall lower hardware costs by 45% as compared

to Unix/Linux solutions.

PATCHESAll operating systems issue patches. It is the responsibility of IT professionals to schedule the application of these patches. Many

patches are related specifically to the security of the system. With the protection of patient health information (PHI) at a critical level in

the healthcare IT industry, with fines reaching unprecedented amounts, it is more critical than ever to routinely apply security patches

for all operating systems.

For example, Red Hat Enterprise Linux Server (v. 6) released 33 patches1 related to security in the first three months of 2012. Of these

33, eight were tagged as critical. Red Hat is not alone in having this volume of patches, all operating systems are impacted. Similarly,

patch volumes for SUSE Linux Enterprise Server can be viewed on the Novell Patch Finder2 web-site.

COMPARING OPERATING SYSTEMS FOR INTERFACING 3

All operating systems have utilities to streamline the updating of patches. With Microsoft Windows Server, the Windows Update utility

allows the user to view all patches that have not been applied and selectively choose which ones will be applied. The patch process

is initiated with the click of a button. Other operating systems offer similar functionality. Windows and others also have command

line options for patching as well. In general a command line process would be similar to what is detailed on HP’s website, HP-UX 11.x

Patch Process3.

With modern utilities that automatically detect which patches need to be applied, sorting through the patch process is much simpler

than in the past. This simplified process is a great benefit given that the security threat to PHI in healthcare demands regular patching

for all security threats on a regular basis, regardless of the operating system.

SECURITYThe topic of security is closely related to the previous topic of patching, but also includes many other components related to access

and authentication. As mentioned above, the security of PHI is critical in healthcare and governed closely by the industry.

An independent assessment of server security is performed by Information Technology Intelligence Consulting (ITIC) on a regular basis4.

In the most recent analysis, the independent survey was conducted among C-level executives and IT managers at 468 corporations from

November 2010 through January 2011.

In the data seen below (Source: ITIC 2011)5, Windows Server 2008 R2 is ranked number one in the industry with respect to security.

Windows Server 2008 R2 was in a virtual tie with IBM AIX 7.1, with AIX receiving 1% of ‘Poor’ responses where Windows had none.

The independent security rankings for a variety of operating systems, including Windows, Unix, Linux, and Apple Mac can be viewed

in the chart.

Operating System Security

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

1 00%

Windows Server2008 R2

HP UX 11i v3IBM AIX 7.1 SuSE LinuxEnterprise 11

Red Hat Enterprise Linux

5.5

Unsatisfactory

Poor

Satisfactory

Good

Very Good

Excellent

4 COMPARING OPERATING SYSTEMS FOR INTERFACING

To further validate the security robustness of Microsoft Windows, a report by security firm Kaspersky titled the IT Threat Evolution can

be analyzed10. From the report:

•Microsoft products no longer feature among the Top 10 products with vulnerabilities. This is because the automatic updates

mechanism has now been well developed in recent versions of Windows OS.

The top two vulnerabilities, as listed in the article, are related to Java and include:

> Oracle Java Multiple Vulnerabilities: DoS-attack (Gain access to a system and execute arbitrary code with local user privileges)

and Cross-Site Scripting (Gain access to sensitive data). Highly Critical.

> Oracle Java Three Vulnerabilities: Gain access to a system and execute arbitrary code with local user privileges. Extremely Critical.

The article acknowledges that just a few years ago, Microsoft would have likely been all over the list, but that the company has taken

significant strides in the area of security. In addition, the comments are very harsh with regards to Java, stating that “you shouldn’t have

Java installed, unless you absolutely need it.”

DOWNTIMEFor integration engines, uptime is absolutely critical to keep clinical information flowing within and outside-of the providers of care.

Choosing an operating system which is reliable is key to a successful integration engine.

Throughout its history, Microsoft Windows has been marred by the perception of unreliability both in the desktop and server space.

However in the server space, Microsoft has been consistently closing the gap in reliability with its competitors during the past decade.

From the 2011 Global Server Hardware and OS Reliability Survey conducted by ITIC, Microsoft Windows Server showed significant

improvement just as it had in the previous survey of 2009. Laura DiDio, Principal at ITIC, commented4:

•“Microsoft’s Windows Server 2008 and Windows Server 2008 R2 served up the biggest surprise in the survey, scoring impressive

reliability gains and making it one of the top three most reliable, mainstream server OSs.”

92% of Windows Server 2008 R2 users experienced one or no Tier 3 outage per server per year, scoring the highest in this important

category. This was compared to 90% for IBM’s AIX 7.1, 86% of Novell SuSE Linux Enterprise Server 11 and 84% of Hewlett-Packard’s

HP-UX 11i v3. Tier 3 outages are rated as the most severe, typically lasting for four or more hours, involving data loss, and requiring

multiple members of the IT department to perform remediation4.

OperatingSystem UsersExperienced≤OneTier3Outage

Windows Server 2008 R2 92%

IBM AIX 7.1 90%

Novell SuSE Linux Enterprise Server 11 86%

Hewlett-Packard HP-UX 11i v3 84%

COMPARING OPERATING SYSTEMS FOR INTERFACING 5

The survey noted that one of the key reasons for Tier 2 and Tier 3 outages was due to trouble applying patches. This emphasizes the

importance of having a high availability solution for your integration engine so that even if there is trouble applying patches that no

connection downtime will be required.

LOAD HANDLINGHaving a robust operating system which can handle the load of an integration engine is required for the data demands of the healthcare

setting. Large providers are known to utilize a single server to run hundreds of connections and millions of daily messages on a single server.

To compare the load-handling of Linux versus Windows, one of the most complex and demanding global applications in existence

today in any market was utilized. Under extremely demanding circumstances, SAP compared the use of its global ERP application

running on Windows and Linux.

NON-HEALTHCARE LOAD BENCHMARK FROM SAP6

SAP is a global market leader in enterprise application software. SAP software applications are arguably some of the most demanding

applications across all industries that exist today. With SAP being one of the most intensive applications in the world, it only makes

sense to benchmark how different operating systems behave under these demanding circumstances.

To handle its loads, SAP customers can choose from Windows or Unix/Linux solutions. To prove the performance of each platform,

a demanding benchmark scenario was constructed. The environment consisted of over three million line items processed in a given

hour with over 30,000 users. The results are as follows:

NumberofUsers

ProcessedLineItemsPerHour

OperatingSystem

SAPRelease

#ofServers

Total#ofCores TypeofApplicationServers

32,125 3,506,330 Windows Server 2008

R2 Enterprise on VMware ESX 5.0

SAP ERP 6.0 10 120

HP ProLiant BL460c G7, 2 processors/ 12 cores/24 threads,

Intel Xeon Processor X5675, 3.06 GHz, 64 KB L1 cache and

256 KB L2 cache per core, 12 MB L3 cache per processor,

96 GB main memory

16,000 1,756,000 SuSE Linux Enterprise Server 10 on VMware

ESX Server 4.0SAP ERP 6.0 7 56

Fujitsu PRIMERGY BX900 S1, 2 processors/8 cores/16 threads,

Intel Xeon X5560 2.80 GHz, 64 KB L1 cache and 256 KB L2 cache

per core, 8 MB L3 cache per processor, 36 GB main memory

While the configuration of the servers are not exactly the same, when analyzed by processing power both systems produce very similar

results. The Windows Server 2008 solution has roughly twice the processing power of the benchmarked Linux solution. With twice

the processing power, the Windows Server 2008 configuration was able to process 3.5 million line items in an hour which is twice that

achieved by the Linux configuration. So normalized for processing power, the two configurations perform almost exactly the same in

an extremely load intensive benchmark.

6 COMPARING OPERATING SYSTEMS FOR INTERFACING

HARDWARE COSTSThe cost of procuring hardware for different operating systems can vary substantially. Often times the hardware costs can be more than

the application running on the hardware, or at least be a very substantial part of the overall cost.

Hardware costs were compared in two different ways:

> A direct cost comparison between an IBM AIX system and a Dell Windows Server 2008 system

> An independent benchmark of the overall system cost based on the ability to process orders

DIRECT COMPARISON — AIX VERSUS WINDOWS SERVER 2008For comparison purposes, an analysis has been done to compare the costs of purchasing a comparable IBM AIX V7.1 solution versus

purchasing Dell hardware with Windows Server 2008 software. The total cost of procuring an application must be considered together

with the expense of the hardware and operating system software for which it will be deployed.

In the hardware comparison, the following requirements were targeted to have specifications as similar as possible:

> Form Factor

> Processor Speed

> Number of Cores

> System Memory

> Internal Storage

Both systems were configured at the vendor web-sites, IBM and Dell. No corporate discounts were applied. The prices shown reflect

what any visitor to the web-sites would receive as their price. The web-site links are:

IBM: http://www-03.ibm.com/systems/power/hardware/750/configs/8233e8b14a.html7

Dell: http://configure.us.dell.com/dellstore/8

The results from the web-sites are as follows:

IBMPOWER750EXPRESSSERVER DELLPOWEREDGERACKSERVER

Configuration: 8233-E8B14 Configuration: R720xd

Form Factor: Rack-mount Server Form Factor: Rack-mount Server

Operating System: AIX V7.1 Standard Edition License Operating System: Windows Server 2008 R2 Standard Edition

Processor: POWER7 Processor: 2x Intel® Xeon

Speed: 3.2 GHz Speed: 3.3 GHz

Cores: 8 Cores: 8

System Memory: 32 GB System Memory: 32 GB

Internal Storage: 2 X 146 GB Internal Storage: 2 X 146 GB

Price: $31,946 Price: $7,552

COMPARING OPERATING SYSTEMS FOR INTERFACING 7

Using these non-discounted prices, the IBM AIX configuration is more than four times the price of the closest equivalent Windows

Server 2008 system. Corporate pricing agreements may impact this pricing comparison to some extent, but nevertheless these are

real costs that must be considered when choosing applications that are specific to a given operating system.

INDEPENDENT BENCHMARK — TRANSACTION PROCESSING PERFORMANCE COUNCIL (TCP)The Transaction Processing Performance Council (TPC) is an independent organization which measures the performance and price per

performance of transaction processing systems. Throughput, in TPC terms, is defined as how many new order transactions per minute

a system generates while executing all other transaction types.

TPC measures the number of orders that can be fully processed per minute and is expressed in tpmC. For a 710 tpmC, a system is

generating 710 new order transactions per minute while fulfilling the rest of the transaction mix workload.

TPC benchmarks are system-wide benchmarks, encompassing almost all cost dimensions of an entire system environment, including

terminals, communications equipment, software, computer system, backup storage, and three years maintenance cost. For example,

if the total system cost is $859,100 and the throughput is 1562 tpmC, the price per performance is derived by taking the price of the

entire system divided by the performance, which equals $550 per tpmC.

The ten most recent benchmarks conducted by TPC are shown9:

System Price/tpmC OperatingSystem

HP ProLiant Blade BL685c G7   $0.51 Microsoft Windows Server 2008 R2 Enterprise

HP ProLiant DL380 G7   $0.65 Microsoft Windows Server 2008 R2 Enterprise 

HP ProLiant DL580 G7   $0.49 Microsoft Windows Server 2008 R2 Enterprise

IBM Power 780 Server 9179-MHB   $1.38 AIX Version 6.1  

Cisco UCS C250 M2 Extended-Memory $0.58 Oracle Linux w/Unbreakable Enterprise Kernel R2  

Sun Fire X4800 M2 Server   $0.89 Oracle Linux w/Unbreakable Enterprise Kernel R2  

SPARC SuperCluster with T3-4 Servers   $1.01 Oracle Solaris 10 09/10  

IBM Flex System x240   $0.53 Red Hat Enterprise Linux 6.2  

IBM System x3850 X5   $0.59 SUSE Linux Enterprise Server 11 SP1 for X86_64  

IBM System x3850 X5   $0.60 SUSE Linux Enterprise Server 11 SP1 for X86_64  

On average, the Unix/Linux systems demand a premium price per processing power:

Windows Server 2008 R2 Average $0.55

Unix / Linux Average $0.80

Premium for Unix / Linux 45%

As was shown in the previous section with the direct comparison of AIX, systems with IBM AIX command a considerable premium over

Windows Server 2008. And in general, Unix or Linux hardware will be more expensive than a comparatively robust Windows Server

2008 system.

8 COMPARING OPERATING SYSTEMS FOR INTERFACING

Both the direct price comparison and the industry benchmarks by TPC demonstrate a greater value through utilizing Windows

hardware. Corepoint Integration Engine operates on the Microsoft Windows platform so that customers can take advantage

of the competitive pricing and availability of hardware.

REFERENCES1. Red Hat Customer Portal, https://rhn.redhat.com/errata/rhel-server-6-errata.html, Red Hat Enterprise Linux Server (v. 6)

General Advisories

2. Novell Patch Finder, Version 2.4.8, http://download.novell.com/patch/finder/#familyId=7261&productId=&dateRange= &startDate=&endDate=&priority=&distribution=&architecture=&keywords=&xf=7261&xp=7261_40184&xp=7261_32103, SUSE Linux Enterprise Server

3. HP AllianceONE Partner Program, http://h21007.www2.hp.com/portal/site/dspp/menuitem.863c3e4cbcdc3f3515b49c108973a801?ciid=8a62dda253345110VgnVCM100000275d6e10RCRD, Patching HP-UX 11.x systems

4. Information Technology Intelligence Consulting (ITIC), http://www.iaps.com/2010-2011-server-reliability-survey.html, 2010-2011 Server OS Reliability Survey

5. Information Technology Intelligence Consulting (ITIC), http://www.wservernews.com/images/os_reliability_survey_results.jpg, Rate the security of your operating system(s)

6. SAP — Published Benchmark Results, http://www.sap.com/solutions/benchmark/sd3tier.epx, SAP SD Standard Application Benchmark Results, Three-Tier Internet Configuration

7. IBM Power 750 Express Configuration, http://www-03.ibm.com/systems/power/hardware/750/configs/8233e8b14a.html, 8233-E8B14 AIX Edition

8. The Dell Online Store, http://configure.us.dell.com/dellstore/config.aspx?oc=bectk3-le&c=us&l=en&s=biz&cs=555&model_id=poweredge-r720xd, PowerEdge R720xd Rack Server

9. Transaction Processing Performance Council (TPC), http://www.tpc.org/tpcc/results/tpcc_results.asp?print=true&OrderBy= SUBMITTED&SortBy=DESC&version=, TPC-C — All Results — Sorted by Date Submitted — Version 5 Results As of 20-Jun-2012 8:17 PM GMT

10. IT Threat Evolution report, Security firm Kaspersky, http://thenextweb.com/microsoft/2012/11/02/microsofts-security-team-is-killing-it-not-one-product-on-kasperskys-top-10-vulnerabilities-list/, Microsoft’s security team is killing it: Not one product on Kaspersky’s top 10 vulnerabilities list

FOLLOW US:

Corepoint Health