Tandemworld eNewsletter for April 2014
Gold Sponsor is
Silver Sponsor is
Tandemworld eNewsletter
for April 2014
Contents
XML, SOAP, or JSON processing by Nonstop applications using XML Thunder
Protect / Test / Repeat
Musings on NonStop! - April, ‘14
BrightStrand Managed Service
Third Data Corporation
NonStop Technical Boot Camp 2014
BITUG Education Day 19th May 2014 HP London Wood Street - Oracle skills to SQL/MX
BRITISH ISLES HP NONSTOP USER GROUP - Little SIG
CAIL - Options to increase NonStop relevance and opportunities
Ban Bottlenecks®
24 Years of “No-Surprises” OLTP
Gravic Publishes New White Paper on Shadowbase Solutions for the Cloud
Win 10% Off Your Next NonStop Project
Top Security Articles from "The Connection" magazine
comForte's presentation about the TARGET attack at GTUG
XYPRO NonStop Security Fundamentals Top 10 List – #4
OpenSSL vulnerability “Heartbleed” and how it affects comForte customers
Where we are in The World...
comForte at events near you in 2014
Pressure in the Value Chain
Computer Security Products can stop your OSS security from SEEPing away!
TANDsoft’s OPTA Solutions Suite Extends Application Capabilities without Program Modifications
Availability Digest Says, “Let’s Share Outage Information for the Benefit of All”
Current Subscribers 14
968XML, SOAP, or JSON processing by Nonstop applications using XML Thunder
XML Thunder is a designer and code generator for HP NonStop servers having the requirement to process or create XML, SOAP or JSON documents.
The product can quickly and easily generate application source code that implements XML, SOAP, JSON parsing and manipulation logic, both for new and existing applications.
The generated source code is optimized for the HP NonStop platform.
Please learn more at http://www.canamsoftware.com/Products/XML,SOAP,JSON/XMLThunder%E2%84%A2XMLSOAPJSONforCOBOLorC/XMLThunderforHPNonstop.aspx
Protect / Test / Repeat
Over my many years of experience in the Disaster Prevention business I have worked with hundreds companies. I have analyzed many strategies, all of them beginning with the absolute requirement to protect critical business data. Loss of data leads to lost customers, and ultimately a failed business.
I have to wonder, when a business loses its data, what is the likelihood that the business survives? There must be some hard facts out there I can share with you. I read quotes that say 80% of businesses fail in the year after a disaster. Is this really true, or is this just marketing fluff designed to scare up new customers? This is my area of expertise. I have worked closely with many companies around the world. Surely I should be able to give you some hard references you can trust.
I’ve looked across the hundreds of customers NTI has around the world, searching for cases where our customers have had a failure and have recovered. Yes, our customers have had datacenter failures, and yes they have recovered successfully. The problem is I can’t find any public cases I can tell you about. Our customers are not interested in discussing their challenges. Their infrastructures are proprietary and we are under confidential agreements to not discuss customer business.
It seems like every year one of our customers experiences a natural disaster, and recovers with zero business loss. How do they do it? By following our simple mantra:
“Protect/Test/Repeat”
· Protect your data. Replicate it sub-second to a faraway place.
· Test your applications and data on the backup platforms. Make sure it all works.
· Repeat often to make sure it all still works.
But if you implement an expensive DR solution (Hardware, software, backup facilities, staffing, etc.) is it worth it for the statistically insignificant chance that you may have a disaster? That depends on how much you value your business and if your management believes in the realities of failure post disaster. Yes disaster recovery can be expensive, but not as expensive as the disaster without the recovery.
Here are two statistics I can share with you:
1. Less than 1% of our customers have experienced a natural disaster, and all have successfully recovered.
2. More than 84% of our customers use their DR facilities to implement new software upgrades. They reroute business, upgrade the production platforms, and then switch traffic back. This gives them an opportunity to continually test their DR infrastructure while letting their IT staff perform upgrades during a normal business day. DRNet® enables true zero downtime upgrades.
DRNet® is world class NonStop Data Replication technology.
· Real-time Active/Active Data Replication
· Real-time Tandem to OPEN Data Replication
· Real-time File Synchronization
· Refreshingly Real-Time Support from Real Engineers
+1 (402) 968 3674
Musings on NonStop!
April, ‘14
The
opinions expressed here are solely
those of the now self-employed author
Page
views counted for posts to Real Time View have tripled over the past six
months. A steady climb up from 3,000 per month to 7,500 and more –
peaking in December, 2013, at 9,600 plus. After launching the blog in
August 2007, you can plot almost a straight line from that first month
to late last year. It may be a coincidence that the uptick in page views
coincided with the announcement by HP of plans for NonStop to support
the Intel x86 architecture, but then again, that may be too simple an
answer.
In my musings last month, I wrote about my latest wishes for NonStop. A
quick check of popular posts, based on stats obtained over a rolling 30
day window, shows it still in the top 10 list almost a month later – and
if you haven’t checked the post out as yet, go back and read
Yet three more wishes!
by cutting and pasting the link here:
http://itug-connection.blogspot.com/2014/02/yet-three-more-wishes.html
As I wrapped up that post I made one final observation and it had to do
with security, where I suggested with all that is happening in the world
today, is it time to revisit these and add securability? I only throw
this in as part of my final observations, for surely, if this truly is
an attribute helping to define the future for NonStop, then mixing
NonStop into hybrid blades, into hybrid clouds and potentially into new
technologies like Moonshot, assures a future for NonStop well beyond the
scope of what may be on our minds these days.
Little did I know just those few short weeks ago that indeed, security
would raise its head once more and that parties providing SSL support
would be scrambling to check out their vulnerability. However, there’s a
lot of publicity elsewhere on this topic, I suspect, possibly even in
this issue of Tandemworld.net so what I would like to return to is the
other part of the reference. In particular to mixing NonStop into hybrid
blades, into hybrid clouds and potentially into new technologies like
Moonshot, assures a future for NonStop. At midsize systems, and bigger,
IBM has been writing about hybrids for some time including packages of
Xeon processors bundled into the mainframe chassis and when IBM
announced the zEnterprise™ 114, back in July, 20111, at that time it
positioned this system as IBM’s premier midrange “systems of systems”
platform for integrated, centrally managed workload deployment. It
described this system with:
- Unique hybrid design integrates Mainframe, POWER7® and IBM System x® technologies in a single unified, centrally managed system ...
- Designed for data and right-sized as an entry level hybrid mainframe server with increased flexibility, scalability and performance in a lower cost package …
- Consolidate an average of 30 distributed servers or more on a single core, or an average of 300 in a single footprint, delivering a virtual Linux server for under US $1.45 day …
Even as
the zEnterprise™ 114 will be replaced by the zEnterprise BC12 (effective
June 30 of this year), it extends the tradition by IBM of splitting its
mainframe line in two; with the larger, high-end models continuing to be
called Enterprise Computers (EC) and the smaller, mid-range models
called Business Computers (BC). The point here is that IBM is
persevering with hybrid configurations along the lines of (an looking
very similar to) what is highly probable with the latest shared
infrastructure BladeSystem chassis from HP at some point – and this will
likely include NonStop with its planned support for the Intel x86
architecture.
But what is the driving the business case? Why would IBM and HP
customers be looking for solutions like these and would they in any way
support eventual integration with cloud computing? The immediate answer
is cost – when IBM claims it can deliver “a virtual Linux server for
under US $1.45 day: CIOs will most definitely listen. After all, as the
NonStop community knows full well, driving out costs is of paramount
importance for all CIOs. However, there’s also a recognition within IBM
that there are processors better suited to some workloads than others –
in a hybrid world, transactions can be best served according to their
services-need footprint, not the least being driven by the language and
tools needed.
It will take the commitment by solutions vendors, of course, before
hybrid computing evolves in a useful manner for NonStop. Applications
designed for NonStop systems tended to be “monolithic” even as they were
optimized for operating on a Massively Parallel Processing (MPP)
shared-nothing architecture. Breaking NonStop applications apart and
supporting components running outside of NonStop only began appearing as
SOA and Web services took hold. And it was with the push to SOA that
some solutions vendors saw an opportunity and pounced.
In talking with HP product managers it became clear to me that at the
forefront of the transition from purely a services model, familiar to
all who have implemented SOA, to a hybrid computing model, has been
OmniPayments, Inc. It wasn’t as much about bottom line costs, although I
suspect they were part of the equation. “While costs remain a concern
for any vendor developing solutions for NonStop there’s other
considerations as well, particularly for those vendors looking to
embrace modern frameworks and technologies,” said OmniPayments, Inc.
Yash Kapadia.
“Perhaps the most important consideration of all is to leverage the best
platform for the right function, a circumstance that is often
overlooked,” acknowledged Yash. “When it comes to OmniPayments, we have
embraced hybrid computers for some time after we turned to Linux
platforms in support of our operational dashboards. Our decision to rely
on Java for implementing these dashboards made the choice of Linux easy.
When it comes to transaction processing, and even the BI and Analytics
that follows, we ensure these are well supported by NonStop systems and
our choice of C/C++ as the development language made this choice just as
easy for us.”
Should HP shared infrastructure (think, InfiniBand!) BladeSystems,
packed with homogeneous x86-populated blades, appear in the near future
then I suspect other solutions vendors will hop onto the hybrid
bandwagon – from where I stand and with the components coming from HP,
this looks altogether a cleaner solution that what is currently on offer
from IBM, and likely to see costs driven down even further. IBM as yet
will not commit to running just a single chip technology preferring to
keep its mainframes on more costly proprietary POWER-based chipsets. In
time, this could be their undoing as the numbers for x86 servers being
shipped edges ever closer to 99%!
And with that, I will return to the topic of the uptick in interest in
the NonStop community blog, Real Time View. Check out the very latest
post
Heroics that may be tolerated … by following this link:
http://itug-connection.blogspot.com/2014/04/heroics-that-may-be-tolerated.html
for
more on the above matter, including hybrids, and don’t be deterred from
posting your own comments – after all, this is perhaps the best way for
the NonStop community to be heard!
Richard Buckle
Founder and CEO
Pyalla Technologies, LLC
Email:
richard@pyalla-technologies.com
Following my blogs? My web publications? My discussion Groups?
Check out (copy and paste to your browser):
Real Time View
at
http://www.itug-connection.blogspot.com/
…. And check out the Group on LinkedIn, Real Time View
comForte Lounge at http://comfortelounge.blogspot.com/
…. And check out the Group on LinkedIn, comForte Lounge
Realtime.ir at http://realtime.ir.com/
….
And check out the Group on LinkedIn, realtime.ir
ATMmarketplace at
http://www.atmmarketplace.com/blogger.php?id=130763
buckle-up at http://www.buckle-up-travel.blogspot.com/
…. And check out the SubGroup on LinkedIn, Pyalla Track Days
BrightStrand Managed Service
BrightStrand International provides an array of NonStop Services to its customer base. Its consultants have the skill and experience that make it the premier service deliverer in the NonStop sector. Services are tailored to individual customer needs to reduce costs and risk whilst getting the best from the environment.
BrightStrand delivers a Fully Managed Service to many of its customers. BrightStrand take account of the particular needs of the customer and offer a variety of options. BrightStrand currently supplies managed services; ranging from standby ad hoc onsite cover through to fully managed with secure datacentre hosting, systems management, operations, 24/7 support and remote support.
Each service is tailored to meet customer needs to provide a focused but low cost and flexible solution to meet your changing business requirements.
A Managed Service can include all or some of the following elements, as required by the customer:
· Systems and Operations Management
· 24 x 7 Cover
· Performance and Tuning / Capacity Planning
· Database Design and Administration
· Communications Subsystems
· Web Services
· Security Reviews
· IBM WebSphere MQ Series environments.
· NonStop Integrity and Blade Migrations
· Operation System Upgrades
· System Healthchecks
· Specialist Consultancy
· Disaster Recovery and Service Continuity Planning
· Multi-platform options
BrightStrand Service Managers and consultants are ITIL and PRINCE2 accredited and therefore all have an excellent understanding of service delivery best practices and risk management/avoidance. BrightStrand delivers services where possible using customer processes and procedures ensuring a fully integrated solution to provide better response, improved reporting and faster communication.
For further details call BrightStrand today on +44 (0)141 204 4046 or email sales@brightstrand.com.
Third Data Corporation
High Performance Switching and Secure Data Storage
888-301-2431 / sales@thirddata.com
Third Data Corporation provides numerous products which can reside on HP Nonstop and other HP and Non-HP hardware platforms. In addition we provide custom high performance software design and development for our clients.
FastBuild Switch
– When building a switch be it ATM-POS, Wire Transfer, EFT, Medical, or any other type of data that needs to get from one place to another, you are usually faced with three choices. Take an existing package and modify your system to match it. Get the vendor to “enhance” their system to meet your needs. Write a new system from scratch. The FastBuild Switch integrates with your existing system, or if you are building from scratch gives you a great start. The switch is also built around the latest HP technology to maximize performance. It integrates several of our other products to maximize cost savings and security in a fault tolerant manner. In a cross platform environment it also runs on other non-Guardian HP supplied platforms.SecureStore
– If you are security conscience trying to become compliant (PCI, HIPAA, etc) then you know that you can not leave sensitive data readily viewable. SecureStore does three things for you. The data is encrypted so that you can become compliant. The data is compressed so that your hardware costs are reduced. As part of disaster recovery your data is sent to multiple locations so it will be available when you need it. As a bonus for those having trouble with Guardian 4K limits there is no record size. It supports Big Data with up to 18 Exabytes. It can also integrate with SQL systems (SQL MX/MP, Oracle, Postgres etc).NxLib
– NxLib provides a platform and utility libraries for developing a high performance multi-threaded applications on NonStop Guardian. The platform provides threading, queuing and network capabilities. This enables development of an application written single threaded style to perform as multi-threaded. Extensible command processing and help are supported. Development time can be cut to a fraction of the time it would normally take. This results in fast application development with consistent look and feel across multiple projects.NxWeb
– A high performance web server which provides support for NxLib applications. It also can be used without NxLib. It provides for secure connections, virtual domains, full http support and interfaces to pathway and IPC communications.NxFile+
– NxFile+ provides compression and encryption to Enscribe structured files. The files are configured through a GUI interface and the results are provided seamlessly to your applications, typically without any code changes. In addition this provides for dynamic key changes on the fly so data stored at-rest may have its encryption keys changed as required. Because the records can be compressed prior to encryption, it’s also possible to have records which significantly exceed the 4k record size limitations.NxSSL
– NxSSL is an SSL proxy which may be used to provide SSL encryption and authentication services to TCP/IP connections. It provides full support for certificates and multiple encryption standards. It has been carefully tuned to provide the highest performance available for any NonStop SSL connection.NxUndelete
– Files accidentally deleted can be a real problem. Even when a backup is available, it is frequently a significant effort to retrieve it from a backup tape. NxUndelete implements a recycle bin function on the the HP NonStop system. Files deleted may be easily recovered using its GUI interface.NonStop Technical Boot Camp 2014
Registration is open! https://www.regonline.com/builder/site/?eventid=1496544
Early Bird price: $1095 (expires June 1st)
Regular price: $1295
(FYI – Hotel rooms at Hayes Mansion are limited, so make your reservation now!)
These 28 NonStop Partners have committed to exhibiting at the Boot Camp!
|
ACI |
Ascert |
|
Attunity |
BlackWood Systems |
|
Canam Software |
Carr Scott |
|
comForte |
ESQ |
|
ETI-NET |
Gravic |
|
HP Services |
Lusis Payments |
|
Marshall Resources |
Merlon |
|
Network Concepts |
Network Technologies |
|
NuWave |
Oracle |
|
Prognosis by Integrated Research |
QSA |
|
Resource 1 |
TANDsoft |
|
Third Data |
TIC |
|
Tributary Systems |
Voltage Security |
|
WebAction |
XYPRO |
Did you see all the Partners you want to talk with? Please take this short, anonymous survey to help us plan for a fantastic NonStop Event:
https://www.surveymonkey.com/s/VVZDNZD
The Partner SIG looks forward to reuniting with Customers and HP this fall!
Kathy Wood
NonStop Partner SIG/Vendor Chair
BITUG Education Day 19th May 2014 HP London Wood Street
Repurposing your Oracle skills to SQL/MX
In today’s “internet of things” world then the explosion of devices, data and processing continues to grow at a rapid pace. The world is “always on” and people expect to transact over the internet anytime, anywhere on anything. Smartphones and associated “apps” are near ubiquitous, we see mobile telephony transitioning to IP-based services as part of Long Term Evolution (LTE). Vehicle manufacturers have plans to “smart enable” cars beyond the fault diagnosis “dial home” capabilities.
So what does this mean and why are BITUG putting on an education class based upon those with Oracle skills?
Whether you are collecting CDRs for billing, authorising micro, standard retail or large value payments then the impact of the Internet and Globalisation means a 24x7 processing requirement. If you are looking at subscriber databases for who can do what and to what value or if you are creating customer relationship databases then once again the new world is 24x7.
If you are a manufacturer then both your production and supply chain and associated application processing is 24x7.
If you are a travel company in flights or rail then not only searches but bookings are 24x7.
24x7 in an always on, internet of things, “I want it now” world means no downtime, planned or unplanned. It means scaling seamlessly to accommodate growth without having to re-architect applications. It means taking advantage of modern application technologies, web services and service oriented architectures. It means no maintenance windows or outages to make configuration changes.
In the database world the challenge is to support both scalability and availability. Big SMP NUMA servers have allowed well designed databases to grow. HA Clusters have minimised the impact of maintenance and reconfiguration activities as well as providing resilience to minimise service impact for unplanned outages. Real Application Clusters try to combine some of the scalability and availability characteristics into one database engine. However the pressures of distributed locking mechanisms still curtail having both scalability and availability and produce a “brick wall” effect between 2 & 4 nodes. In the “always on, internet of things” what if you need more?
Debra Labanowski is an Oracle DBA and Oracle certified instructor. Debra will discuss, contrast and compare Oracle with SQL/MX, positioning SQL/MX from an Oracle skillset point of view. This is a great opportunity to see how to utilise your company’s current skills but with the capability to provide additional scalability and availability not available with traditional Oracle DBMS offerings. For solutions architects and database administrators then this is a must have to provide an additional arrow in your quiver of options. It’s a free session hosted at HP London Wood Street in conjunction with BITUG. All catering will be supplied during the event. Places are limited so please register on-line here:
http://www.eventbrite.co.uk/e/bitug-little-sig-2014-education-day-tickets-6009409305
The nearest underground stations to HP London Wood Street are St. Pauls, Barbican or Moorgate. The office location can be found here:
BRITISH ISLES HP NONSTOP USER GROUP
Little SIG
Tuesday 20th May 2014
HP Offices, 88 Wood Street London
|
Start Time |
Farringdon & Ludgate HP, 88 Wood Street, London |
|
09:00 |
Registration, Welcome and Coffee |
|
09:30 |
HP Keynote – David McLeod EMEA NonStop Director – HP |
|
10:30 10:50 |
Coffee |
|
10:50 |
Pathway Migration – Matt Whiteman – Standard Chartered Bank |
|
11:50 |
J Boss / Oracle to HP NonStop migration – Franz Koenig – HP |
|
12:50 13:50 |
Lunch |
|
13:50 |
MQ Futures – Rob Waldron – Barclays, Gerry Reilly – IBM, Rick Ploen – comForte |
|
14:50 |
HP NonStop Update – Iain Liston Brown – HP |
|
15:50 16:00 |
Roundup and Close |
CAIL - Options to increase NonStop relevance and opportunities
With expanding business demands and the need to evolve information services, there are appealing options to move forward -
A. CAIL Suite - Desktop software to improve NonStop information services with enhanced Connectivity, Security and Modernization capabilities
B. Reflection - Desktop software to enable NonStop to be more integral in the Enterprise and part of a Corporate Standard
C. CAIL Mobile - Create Apps quickly with information from all systems (including NonStop) in Enterprise Mobile initiatives
Security Note : Organizations using CAIL Suite are not affected by the ' Heartbleed ' vulnerability since all versions are based on the “0.9.8” branch of OpenSSL.
For more insights on improving information services, please visit www.cail.com or send a message to info@cail.com or call 800-668-5769 / 905-940-9000
Ban Bottlenecks®
24 Years of “No-Surprises” OLTP
At a recent conference we were surprised when a senior vendor tech took exception to a banner we were displaying. "No one can anticipate performance problems" he said. I just looked at him incredulously.
Nothing can be further from the truth. We at Transaction Design have spent the last 20+ years showing our clients how to anticipate and avoid problems. Yes, it requires a lot of data. Yes, it requires integrating the business data. Yes, it requires talking to the client teams, including systems, applications, operations, and the business side of the house. Yes, it requires correlating all that information.
And yes, it requires someone very knowledgeable to actually look at the information, make informed judgments, and do projections. That's where we come in.
Most shops have the tools. They also have the talent within their staff. But those staff usually are stretched too thin. They simply don't have the time to collect, correlate, project and review the information from each system each month.
That's why they sign up for Ban Bottlenecks. Our service does all the "dirty work." We collect, correlate, project, analyze, present, and discuss what we find. We'll create an elegant, comprehensive report which we don't expect you to look at, because we do.
Then we talk to you about it. We walk you through our report during a WebEx session, highlighting our findings and concerns, asking for your concerns and plans, and discussing your business plans. And then we do it again, each month, because things change. Application software, OS software, the business, the network, all of it can and will change.
Our job is to help you stay ahead of all the change.
Contact us for a free proof of concept!
1.415.256.8369
Gravic Publishes New White Paper on Shadowbase Solutions for the Cloud
Gravic recently published a new white paper, Shadowbase® Solutions for the Cloud. We discuss hybrid cloud architectures and the role that Shadowbase replication solutions can play in hybrid cloud computing for critical applications, showing how they can lower your IT costs, improve fault tolerance of your applications, and increase flexibility. With the advent of cloud computing, Shadowbase solutions play a pivotal role in integration of the cloud with private (internal) IT infrastructure, allowing for hybrid approaches that assign critical processing to highly available private systems such as HP NonStop servers (among others), and noncritical processing to the public cloud. This concept is gaining momentum as the means to exploit the benefits of cloud computing, while avoiding the pitfalls (such as loss of control of data security and the availability of the computing infrastructure). There are many types of hybrid architecture supported by Shadowbase software that allow critical systems to take advantage of cloud computing by offloading noncritical functions to the cloud infrastructure.
Gravic Publishes Article on Crunching Big Data
Gravic published an article, Crunching Big Data, by Paul J. Holenstein, EVP, in the March/April 2014 Connect publication, The Connection, and the Spring 2014 Issue of Connect Converge. In this article, we look at several technologies that interact to extract valuable business information from “the noise” of big data. Big data offers the opportunity for businesses to obtain real-time business intelligence that they could never reach in the past from their typical internal systems. A big data analytics engine can mine social media, the press, email, blogs, videos, and a variety of other data sources to determine what customers are thinking, to plan new products, to find the strengths and weaknesses of competitors, to monitor fraud and cyber-attacks, and for many other purposes. Shadowbase replication capabilities can play a significant role in delivering inputs and outputs to key processes for analyzing big data. Wherever there is a need to transfer data from a source to another target, regardless of the nature of those devices, Shadowbase software solutions can be placed into service to get the job done efficiently and reliably.
Gravic Presents at GTUG, SATUG, and MENUG Spring Events
This month Gravic attended Connect Germany and GTUG, and, it was a special trip as we flew into Frankfurt a few days early to fully enjoy the beautiful German Spring with our good friend Werner Alexi. We drove a circuitous route and visited many sites on the way to Hamburg. Notable stops included a visit to Burg Eltz, a medieval castle nestling in the hills above the Moselle River between Koblenz and Trier, the 100-m Effelsberg radio telescope, Dom Köln (Cologne Cathedral), Roman ruins in Köln, Zollverein Coal Mine Industrial Complex in Essen, Burg Vischering moated castle in Lüdinghausen, and the Miniatur Wunderland large HO-scale train layout in Hamburg. We enjoyed many nice restaurants, cafés, and beer halls along the way. We were especially impressed with the birthplace (and history of the concoction) of Eau de Cologne, and gazing at the wedding-vow locks on all the bridges brought a smile to our faces – what a wonderful tradition!
Our two presentations were:
· Fingers Crossed? Matching Your Business Continuity Solution to Your Business Risk
· Leveraging Data Replication Technology for Business Continuity, Data Integration, and Application Integration
If you are interested in discussing our presentations’ content or having us present them to your staff, please contact us. Congratulations to Marian Tcholakov of Borica Bankservice and Ralf Johannhörster of IBM who won our Kindle Fire prize drawings. Please visit our Facebook page to see photos from the event.
Also in April, Gravic presented at the SATUG Tradeshow and Conference at the Emerald Casino Hotel in Vanderbijlpark, South Africa. David McLeod of HP gave the keynote presentation outlining the HP update and roadmap, and David Chalmers of HP gave an overview of data centers for a new style of IT. Tumelo Phetlu of Vodacom was the lucky winner of our Kindle Fire prize. If you missed our presentation, Avoid the Risks of Application Downtime – Moving to Continuous Availability Business Continuity Architectures, and are interested in discussing the presentation’s content or having us present it to your staff, please contact us.
Gravic presented at the MENUG Inaugural Chapter Event on March 31 at the Hilton Dubai Jumeirah Resort in Dubai, UAE. There were many opportunities to meet and network with local HP representation and hold impromptu meetings and product discussions with prospective customers. Delegates represented Qatar, Kuwait, The Kingdom of Bahrain, the UAE, Saudi Arabia, and Oman. Based upon the success of this event, MENUG looks to be a strong user group which will provide great opportunities for future technology exchanges between vendors, customers, and HP. Rakesh Jha of Burgan Bank won our Kindle Fire prize.
For more information, please visit: www.gravic.com/shadowbase. Interested parties may contact us at +1.610.647.6250 or SBProductManagement@gravic.com to discuss their specific situation and to learn more about the solutions we offer.
Please Visit Gravic at these Upcoming Spring Events
Please stop by Gravic’s booth or table at these upcoming tradeshows and meetings to speak with us about your data replication and data integration needs or just to say hello. We look forward to attending and presenting at the following events:
NENUG Spring Meeting, Andover, MA, 24 April
N2TUG Meeting, Dallas, TX, 8 May
HP Discover 2014, Las Vegas, NV, 10-12 June
http://www.linkedin.com/company/gravic-inc./shadowbase-data-replication-305119/product
http://www.facebook.com/pages/Gravic-Shadowbase/116969767814
https://plus.google.com/b/117288516055822969721/117288516055822969721/posts
Trademarks mentioned are the property of their respective owners.
Win 10% Off Your Next NonStop Project
NuWave Technologies has been consulting and developing software for the HP NonStop space since 1999. They believe that IT projects should be done in the most efficient manner possible without sacrificing quality, affordability, or excellent customer service.
NuWave has:
§ Decades of HP NonStop experience
§ Proven success in completing projects on-time and on-budget
§ A high customer satisfaction rating
Why use limited resources to complete a project when NuWave could do it in less time and at a savings to you? Now you can enter to win 10% off your next NonStop project with NuWave!
Projects include application migration, application modernization, GoldenGate implementation, and custom NonStop software development. Take a look at the descriptions of NuWave's services and read one of their customer success stories.
Top Security Articles from "The Connection" magazine
XYPRO's Rob Lesan on Security Event Exit Processes (SEEPs) – what, how and why?
What can you do with a SEEP? What are the three types of NonStop SEEP? How do they work? Why do you need them? This article explains all this, and more.
Read the full article here...Want to know even more? Read Ken Scudder's latest NonStop Security Fundamentals Entry #4 on Dynamic Object Security
Voltage Security's Mark Bower and XYPRO's Andrew Price on Data Centric Security - Addressing Security Gaps Across the Enterprise
Data-Centric Security – 2013 saw a record number of data breaches. 2014 brings even more challenges for IT and security administrators looking to keep their sensitive data secure. This short article elaborates on those challenges and introduces a holistic, data-centric solution.
Read the full article here...Stay Connected with XYPRO
FacebookLinkedIn Group
BlogSpot
YouTube
comForte's presentation about the TARGET attack at GTUG
At the recent GTUG event in Hamburg, Thomas Burg, CTO of comForte, gave a presentation on the attack on TARGET.
He talked in detail about how the attack was carried out and which lessons can be learned for protecting HP NonStop systems.
One of the key points is that most HP NonStop systems today are not secure and/or compliant with industry standards like PCI when it comes to the protection of data-at-rest.
See the full presentation on Slideshare at … The Attack on TARGET
XYPRO NonStop Security Fundamentals Top 10 List – #4
Because high-availability and fault-tolerant systems need strong security
Alright, we’ve reached #4 on our list of Top 10 NonStop Security Fundamentals—items #5 to #10 are posted on XYPRO’s website and LinkedIn page.
Previously, in the #5 entry, we discussed how to strengthen access management using Role-based Access Control (RBAC). RBAC was about managing users’ access rights—now let’s take the discussion a step further and talk about securing NonStop system resource objects, such as volumes, subvolumes, files, devices, subdevices, processes and subprocesses. How to protect those objects takes us to the #4 item in our Top 10 List:
#4: Dynamically secure all NonStop system resource objects
Safeguard provides the ability to tightly restrict access to Guardian operating system objects, but can become a major management challenge to administer. OSS operating system objects can be secured with standard UNIX “rwx” security or with POSIX ACLs, but these approaches also create a lot of management overhead, have significant shortcomings and do not result in a totally secure system.
To fully secure NonStop system resource objects and reduce administrative workload, we recommend these steps:
1. Click here to continue reading the rest of this article...
For additional information on related authorization capabilities, read the Connection article "An Intorduction to the SEEP"
Stay tuned to the XYPRO blog site—next up on our list is NonStop Security Fundamental #3.
Also, get notified automatically when new XYPRO blogs come out by following XYPRO on LinkedIn or Twitter.
OpenSSL vulnerability “Heartbleed”
and how it affects comForte customers
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
comForte's incidence response team investigated the Heartbleed bug and its implications on comForte's products very quickly after the bug was detected.
If you are using HP NonStop SSL, to the best of comForte's knowledge, you are NOT affected by the “Heartbleed” OpenSSL bug. Please see here for details. Please note that comForte can and does not make any official statements for or on behalf HP.
If you are using any comForte product EXCEPT for the TOP product, you are also NOT affected. Please see here for details.
If you are using the comForte TOP product, you ARE affected. Please see here for details. [Update 11Apr2014:] A new version of TOP which is no longer vulnerable is available for download via the usual process.
For more information please go to our website at openssl-heartbleed.
comForte also informed all of its customers, prospects and partners of the situation. See the full email at email-with-details-about-heartbleed.
Where we are in The World...
Join XYPRO at these upcoming Events in 2014
|
MRTUG April 30th, 2014 HP Offices, Downers Grove, IL More Info |
N2TUG May 8th, 2014 Addison Improv Comedy Theatre Addison, TX More Info |
|
|
ACI
Exchange EMEA May 13-16, 2014 Lisbon, Portugal www.aciworldwide.com |
DUST May 20th, 2014 Phoenix, Arizona |
|
|
ACI Exchange Americas June 3-6, 2014 Salt Lake City, Utah www.aciworldwide.com |
HP Discover June 10-12, 2014 Las Vegas, NV, www.hp.com |
|
|
ACI Exchange
AP August 5-6, 2014 Sydney, Australia www.aciworldwide.com |
|
VNUG Conference September 9-10, 2014 Aronsborg, Balsta, Sweden www.vnug.biz |
|
PCI SSC North American
Community Meeting September 10-11, 2014 Orlando, Florida www.pcisecuritystandards.org |
|
PCI SSC European Community Meeting October 8-9, 2014 Berlin, Germany www.pcisecuritystandards.org |
|
HP NonStop Technical Bootcamp November 16-19, 2014 San Jose, CA www.hp.com |
PCI SSC Asia Pacific Community Meeting November 18-19, 2014 Sydney, Australia www.pcisecuritystandards.org |
Stay Connected with XYPRO
FacebookLinkedIn Group
BlogSpot
YouTube
comForte at events near you in 2014
Join us at these events:
|
NENUG Spring Meeting |
24 April 2014 |
Andover, MA, USA |
|
N2TUG |
8 May 2014 |
Dallas, TX, USA |
|
FINTUG |
22 May 2014 |
Helsinki, Finland |
|
HP Discover 2014 |
10-12 June |
Las Vegas |
|
VNUG |
9-10 Sept 2014 |
Stockholm, Sweden |
|
PCI Community Meeting, North America |
9-11 Sept 2014 |
Orlando, FL, USA |
|
EBUG Knowledge Forum |
29-30 Sept 2014 |
London, UK |
|
PCI Community Meeting, Europe |
7-9 Oct 2014 |
Berlin, Germany |
|
CONNECT Advanced Technical Boot Camp |
16-19 Nov 2014 |
San Jose, USA |
|
PCI Community Meeting, Asia Pacific |
19 Nov 2014 |
Sydney, Australia |
And there is more, join the security discussion in the HP NonStop [Tandem] Security Group on LinkedIn.
Last but not least, follow us on ...
comForteLounge BlogSpot
comForteLounge LinkedIn Group
comForteLounge Twitter
comForte on YouTube
Pressure in the Value Chain
Today’s market exerts immense pressure on financial institutions and
their operations. The economic climate, client expectations, emerging
competitors and new channels, alongside ever increasing amounts of
security and industry level legislation combine to create a perfect
storm that financial institutions have to chart through. In short,
pressure is coming from all aspects of the card payment value chain.
Each of these individually inflict pain, but collectively they feed each other, creating a cycle of pressure that means the process of operating payment systems is often one of running to stand still. Estimates have suggested that in many cases upwards of 85% of IT spend on retail payment systems is linked to maintenance and mandate uplifts. Meaning that very little of the money spent delivers new features, functions or value for the operating organization.
The need to reduce costs is core to the thinking of most financial institutions at the moment. Budgets are reducing but the need to retain and acquire new customers is probably higher than ever before. Not only do financial institutions need to keep customer volume high they also need to make acquisition and retention of the ‘right’ customers critical for long term success. In addition, new layers of security to prevent the organization being exposed to external attack are being introduced on a consistent basis. At face value, the demands – reduce costs, increase security, attract and retain clients – seem contradictory. Yet they are real and have to be achieved.
Externally financial institutions are faced with challenges, demands and pressure from a developing set of sources. The card schemes and secondary legislators are increasing compliance and mandate pressure as well as driving down income streams. As already referenced, the costs of maintaining mandates and uplifts alone accounts for a significant spend in outmoded, legacy architected systems.
Modern architectures however, such as TANGO, release the pressure on organizations and provide the environment to address the myriad challenges of today and the future head on, moving payment systems from overhead status to that of a revenue generator. In addition the TANGO solution can be run on any number of configurations one of which is the HP NonStop, running the latest Blades technology.
Financial institutions should consider refreshing their payments system to one which provides the availability and transaction assuredness that is the fundamental of any payments system. Providing the flexibility and adaptability to address the business challenges that operators of such systems face in the rapidly moving world of the 21st Century.
For more information about TANGO contact Brian Miller at brian.miller@lusispayments.com or visit http://www.lusispayments.com
Lusis Payments, North America
Brian Miller
(415) 829-4577
Brian.Miller@lusispayments.com
San Francisco, CA
Computer Security Products can stop your OSS security from SEEPing away!
CSP delivers the most comprehensive solution for OSS security, with:
- File Integrity Checking
- Compliance Reporting
- Auditing and Real-time Alerts
- User Management and Session Control
- Protect-UX File Permissions Management
CSP’s solutions leverage the built-in Safeguard, Guardian and OSS controls to provide robust and effective security. Find out how you can plug the gaps with CSP at
www.cspsecurity.com and www.protect-ux.com
TANDsoft’s OPTA Solutions Suite Extends Application Capabilities without Program Modifications
TANDsoft specializes in interception technology, a range of techniques used to alter or augment the behaviors of applications, operating systems, or other software components by intercepting function calls or system calls. One result of TANDsoft’s expertise is the OPTA suite of interception and trace utilities. OPTA allows developers to write custom code to easily extend HP Nonstop application capabilities. Best of all, no application code changes are required. OPTA supports all NonStop application types and platforms (TNS, TNS/R, and TNS/E) with an accompanying reduction in development, testing, and support costs. OPTA solutions include:
Process Stack Monitor: Use this OPTA utility in development and testing environments to analyze an application’s stack usage for memory shortages ( stack overflows ) within the call stack. Programmers get a clear snapshot of all their programs on one screen and can evaluate trace files globally or one file at a time. Programs don’t abend, unscheduled downtime is avoided, and users aren’t inconvenienced.
OPTATrace Online Process Tracer and Analyzer: OPTA-Trace seamlessly intercepts and traces procedure calls made to the NonStop Kernel operating system. Among other uses, it captures and records transaction flows and statistics, prevents deadlock situations, detects memory leaks, sets system procedure breakpoints, and adds user exits to procedure invocations.
Recycle Bin: Add Recycle Bin to your system for fast file retrieval. Purged files are stored in Recycle Bin until you decide to restore them or to delete them permanently. When Recycle Bin fills up, it automatically cleans out enough space to accommodate the most recently deleted files. Files can be compressed, and different Recycle Bin sizes can be specified as a percentage of the disk capacity.
Low Pin Optimizer: Managed ineffectively, NonStop Low-PIN (0 through 254) processes disrupt application environments and create operational bottlenecks. Low-PIN Optimizer automatically redirects and balances low-PIN process creation across a server’s CPUs to ensure efficient allocation of system resources. It reduces low-PIN process creation failures by monitoring low-PIN processes in each CPU. When a CPU maximizes its low-PINs, process creations are redirected to a CPU with available low PINs.
EMS Alerts Online Startup and Termination Capture Utility: EMS Alerts traces an application’s startup and termination calls via EMS messages. When an application starts, EMS Alerts will display the Startup, Assign, and Param messages plus the process Defines used by the executing application. Prior to application termination, EMS Alerts will generate an EMS message as well as invoke a trigger for follow-on processing via a customer-provided user exit. Custom metadata can be added to application program object files.
In addition to OPTA, TANDsoft solutions include: the OPTA2000 virtual clock- and time-zone simulator; FileSync for automatic file synchronization, replication, and data deduplication; Command Stream Replicator, which logs and automatically replicates TMF-audited/unaudited FUP, SQL/MP and SQL/MX DDL structure and other environment changes to target systems; AutoLib, which automatically loads a user library or a DLL for executing processes; the Enscribe-2-SQL and TMF-Audit Toolkits and the new Enscribe-2-SQL Data Replicator, all of which offer flexible, affordable alternatives to more expensive conversion products or manual conversion techniques; E2S-Lite, which permits efficient, low-cost Enscribe modifications without the need to change a program’s source code; and SDI (Sensitive Data Intercept) for Enscribe and SQL/MP.
TANDsoft products require no application source-code modifications, are available for all HP NonStop servers, and support major third-party applications. Free trials are available.
Visit www.tandsoft.com, or contact Jack Di Giacomo at +1 (514) 695-2234.
Our Enscribe to SQL Migration Forum on LinkedIn is at 185 members and
counting.
Availability Digest Says, “Let’s Share Outage Information for the Benefit of All”
Much of what we do as engineers is to design systems to avoid or minimize the chance and impact of outages. Despite our best efforts, outages still happen. In such cases, it is vital that we share with others the lessons we learn rather than hide them. This month’s Availability Digest discusses the information that should be included in any outage report – a detailed description of the event, how it was recognized, the outage’s scope and severity, and what remediation restored service. The report also should include the personnel involved along with their decision-making processes, both utilized and rejected. “Let’s Share Information…” describes direct cause, contributing cause, and root cause analyses. Such content is just too valuable to be kept secret.
Other Digest articles in our April issue:
Heartbleed – The Worst Vulnerability Ever - Heartbleed is a flaw in the OpenSSL cryptographic software library, which provides communication security over the Iinternet. It allows attackers to read memory data from both client and server devices to obtain private keys, passwords, and user names. It then exploits the information to decrypt communications to and from these devices, to attack user accounts on other web sites, and to impersonate the infiltrated website. Estimates indicate that 17% of all secure web sites use the flawed version of OpenSSL.
Iowa’s Data Center Taken Down by Fire – a fire took down the U.S. state of Iowa’s primary data center. The state had a choice to make – fail over to the backup data center or attempt to restore the primary data center. It chose the latter, and restoration was successful. What Iowa excelled at during this event was it efforts to communicate with government agencies, individuals, and the media. Regularly updating those impacted by the outage is a practice more organizations should adopt.
So! You Want to Mine Bitcoins? – Bitcoin mining is the way in which new bitcoins are minted (digitally, that is). Mining involves packaging bitcoin transactions into blocks and appending them to the bitcoin block chain that records every bitcoin transaction. For each block the miner adds to the block chain, he is rewarded with 25 bitcoins, worth about $15,000 USD in recent bitcoin value ($600 USD per bitcoin). So why isn’t everyone mining bitcoins? This Digest article describes the experience of backup service iDrive, which put 600 of its servers to work on this seemingly lucrative venture.
@availabilitydig – The Twitter Feed of Outages - This article highlights some of the @availabilitydig tweets that made headlines in recent days. If you currently are not following @availabilitydig, consider making our Twitter presence a daily read.
The Availability Digest offers one-day and multi-day seminars on High Availability: Concepts and Practices. Seminars are given both onsite and online and are tailored to an organization’s specific needs. We also offer technical and marketing writing services as well as consulting services for achieving high availability. Digest Managing Editor Dr. Bill Highleyman will present “DDoS Attacks – The Latest Availability Threat” at NENUG (New England NonStop User Group) on Thursday, April 24th, in Andover, Massachusetts USA.
Published monthly, the Digest is free and lives at www.availabilitydigest.com. Please visit our Continuous Availability Forum on LinkedIn. We’re at 624 members and counting. Follow us on Twitter @availabilitydig.
Find out more about us at
www.tandemworld.net
+44 (0) 20 8304 7979
We would like to thank the sponsors of the April 2014 eNewsletter
Gold Sponsor
Silver Sponsor
To enquire about Sponsorship opportunities for the Tandemworld Newsletter please click here.
Current Subscribers 14968
Our company, Tandemworld, accepts no
liability for the content of this email, or for the consequences of any
actions taken on the basis of the information provided.
To Unsubscribe or Change your Subscription Please click here