Controls which programs can run in which CPUs and who can log on from which ports.

The NonStop server has an interface to a user-supplied Command Monitoring Process named $CMON. While the $CMON program is not HPE-supplied, it’s recommended that every NonStop system use a $CMON either written by the customer or supplied by a third-party (such as the XYGATE supported $CMON module). When a $CMON is present, messages are sent to the $CMON to verify logon requests and process start requests. The $CMON process can provide many functions for both security and performance reasons:

  • Control the CPU and the priority of the request
  • Control who can logon to a specific ports
  • Verify a userid’s request to run a requested program
  • Audit the request
  • Ensure that the location and priority of all processes is only controlled via $CMON

Note that not having a $CMON presents a serious risk because, if a $CMON is not present, an unauthorized $CMON could be added to the system. The unauthorized $CMON might be used simply to monitor the system or it could be designed with malicious intent (such as stopping, denying or slowing services).


  • Auditing of pre-logon Guardian user IDs or aliases
  • Terminal device logon restrictions
  • Double-logon to sensitive user IDs
  • Parameter customization by user IDs
  • PORT entries in the CMACL file to control access based on the user’s remote TCP/IP address as well as ASYNC / LAN addresses
  • Complete end-to-end program execution audits
  • Placement and use of resources as defined, by user, requesting program and other criteria
  • Ability to make virtually all processes follow $CMON directives on CPU use and priority Incoming Port Controls


It’s recommended that every NonStop system use a $CMON.


Contact Sales